PHYSICAL SECURITY & ENVIRONMENTAL SECURITY
|
|
- Gervais Chambers
- 8 years ago
- Views:
Transcription
1 PHYSICAL SECURITY & ENVIRONMENTAL SECURITY General Overview Physical security elements are safeguards enacted t ensure nly authrized individuals have access t varius physical lcatins, such as crprate facilities, data warehuses, cmputer peratin centers, and any ther critical areas. Additinally, physical security als cnsists f the varius measures put in place fr prtecting rganizatinal assets, ranging frm peple, prperty, t any number f tangible gds, services r prducts. And with many rganizatins tday utsurcing critical functins t data centers, managed services prviders, and dcument strage facilities - just t name a select few - physical security has nw becme a critical cmpnent f ne's risk assessment and risk management framewrk. Knwing where yur assets are and hw they are prtected is paramunt. But it's just as imprtant t have physical security cntrls in place at ne's crprate ffice, satellite ffices, and any ther imprtant lcatins. And anther imprtant cmpnent f physical security are the supprting envirnmental security cntrls in place. Specifically, envirnmental security elements are the essential measures utilized t prtect physical surrundings frm damaging elements, such as fire, water, smke, electrical surges, spikes, and utages, alng with any ther hidden dangers. Envirnmental safeguards are critical in that they - alng with physical security, ensure the safety f the emplyees, cmpany prperty, and all ther pertinent physical elements near the facility. The subsequent Physical Security & Envirnmental Security plicy and prcedures dcument includes all necessary measures fr ensuring adequate safeguards are in place at all facilities cnsidered critical frm an rganizatinal perspective. The scpe f this plicy and prcedure dcument includes the fllwing types f facilities: Crprate ffice and reginal, satellite ffices. Data centers, c-lcatin facilities, and managed service prviders, dcument strage prviders, warehuses, etc. Any ther physical facility fr which the subsequent plicy, prcedures, and checklists culd be adapted t, and ultimately used fr.
2 Physical Security & Envirnmental Security Plicy and Prcedures Title [cmpany name] Physical Security & Envirnmental Security Plicy and Prcedures Versin Versin 1.0 Date Language Individual and/r Department Respnsible fr Distributin f Dcument Individual and/ r Department Respnsible fr Timely Update f Dcument Develped by: Subject Apprval Date Purpse f Dcument TBD English [cmpany name] Infrmatin Technlgy Department [name and title] [cmpany name] Use f Sftware TBD T implement cmprehensive Physical Security & Envirnmental Security plicies, prcedures, and practices whereby all emplyees and ther intended parties are readily aware f the rganizatin s Physical Security & Envirnmental Security plicies. Distributin f Dcument Disbursed t all emplyees f [cmpany name] and available by request t all ther intended parties.
3 1.0 Overview In accrdance with mandated rganizatinal security requirements set frth and apprved by management, [cmpany name] has established a frmal Physical Security & Envirnmental Security plicy and supprting prcedures. This plicy is t be implemented immediately alng with all relevant and applicable prcedures. Additinally, this plicy is t be evaluated n a(n) [annual, semi-annual, quarterly] basis fr ensuring its adequacy and relevancy regarding [cmpany name]'s needs and gals. 1.0 Purpse This plicy and supprting prcedures are designed t prvide [cmpany name] with a dcumented and frmalized Physical Security & Envirnmental Security plicy that is t be adhered t and utilized thrughut the rganizatin at all times. Cmpliance with the stated plicy and supprting prcedures helps ensure the safety and security f the [cmpany name] I.T. system resurces and all supprting assets. Assets are defined as the fllwing: Smething that is deemed t be tangible r intangible and that is capable f being wned, perated, maintained, and cntrlled t prduce a stated value. 1.0 Scpe This plicy and supprting prcedures encmpasses all system resurces and supprting assets that are wned, perated, maintained, and cntrlled by [cmpany name] and all ther system resurces, bth internally and externally, that interact with these systems. Internal system resurces are thse wned, perated, maintained, and cntrlled by [cmpany name] and include all netwrk devices (firewalls, ruters, switches, lad balancers, ther netwrk devices), servers (and the perating systems and applicatins that reside n them, bth physical and virtual servers) and any ther system resurces and supprting assets deemed in scpe. External system resurces are thse wned, perated, maintained, and cntrlled by any entity ther than [cmpany name], but fr which these very resurces may impact the cnfidentiality, integrity, and availability (CIA) f [cmpany name] system resurces and supprting assets. 1.0 Plicy [Cmpany name] is t ensure that the Physical Security & Envirnmental Security plicy adheres t the fllwing cnditins fr purpses f cmplying with the mandated rganizatinal security requirements set frth and apprved by management: Cnstructin The applicable facilities are t be cnstructed in a manner that ensures the adequate prtectin f all [cmpany name] system resurces and supprting assets. Specifically, this requires that the fllwing elements meet and/r exceed all lcal, state, federal and cuntry regin specific mandated guidelines pertaining t cnstructin f a cmmercial facility: Designed and built with the use f apprved architectural, mechanical, electrical and/r engineering drawings. Safe and secure fundatin and fting that meets all stated zning requirements.
4 Prper utilities in place, such as sewer, water, gas, electric, fire prtectin fire preventin, and ther applicable utilities as warranted. Apprpriate insurance in place, such as general liability, wrkers cmpensatin, and ther applicable insurance cverage. Architecturally and structurally sufficient t meet all needs f [cmpany name]. If necessary, authrized persnnel within [cmpany name] are t cntact the apprpriate party fr cnfirmatin f the afrementined elements. Physical Security Prtectin Measures The applicable facilities are t have adequate physical prtectin measures in place cnsisting f the fllwing elements, as applicable: Lcatin: Gegraphically lcated in a secure area, with apprpriate markings and indicatins cmmensurate with its use. Nte: Sme facilities require clear identificatin as t what they are and their purpse, while thers facilities deliberately hide their identificatin. Ultimately, this determinatin is t be made by management f the applicable facility. Cnstructin: Slid cnstructin with minimal r n physical penings that culd weaken the physical structure and/r allw unauthrized access. Additinally, all drs and main entry and egress pints (windws, bay drs, rf entry pints, undergrund access pints, shipping and receiving entry areas, etc.) are t be deemed f adequate physical cnstructin. Physical Barricades: Physical elements that serve as barricades fr prtecting the physical grunds. This is a requirement fr any data center r c-lcatin facility fr which [cmpany name] system resurces and supprting assets reside in. Additinally, apprpriate gates, fences and ther physical devices are t be utilized as necessary. Access Cntrl Prtectin: One r mre f the fllwing prtectin measures regarding physical access: Electrnic Access Cntrl (ACS), bimetrics (i.e., iris, palm reader, facial recgnitin), and/r traditinal lck-and-key measures. Nte: Fr any windws, bay drs, rf entry pints, undergrund access pints, shipping and receiving entry areas, and any ther entry and egress areas that d nt utilize ACS, bimetrics, r lck-and-key, they are t be secured with adequate prtectin measures, such as using internal lcks, latches, r ther apprved devices r mechanisms. Additinally, all access cntrl pints are t be securely clsed and lcked when nt in use r are unattended. Access via Electrnic Access Cntrl (ACS), and bimetrics (i.e., iris, palm reader, facial recgnitin) is nly granted t authrized individuals - thse wh have gne thrugh the prper prvisining prcess. Custmer Infrmatin: An imprtant cmpnent f ensuring that adequate physical security prtectin measures are in place is keeping track f all persnnel that enter and leave a facility. Thus, all critical custmer infrmatin, such as vital statistical infrmatin (i.e., name, cmpany affiliatin, cntact infrmatin, date and time f entrance and departure, etc.) is t be captured, recrded, stred, and archived.
5 Manned Access Cntrl Pints: Fr areas where individuals enter, register, and leave the applicable facility, actual persnnel are t be statined fr aiding and facilitating these prcesses. Additinally, visitr and emplyee prvisining and de-prvisining systems are t be in place that dcuments all essential access infrmatin. Placing f Equipment: Fr all system resurces and supprting assets lcated at a facility that handles (i.e., string, prcessing and/r transmitting) sensitive data, they shuld be lcated in physically secure areas, and islated as necessary, t avid unauthrized access. Additinally, cntrls are t be in place fr helping minimize the many physical and envirnmental threats as discussed thrughut this stated plicy and prcedures dcument. Vegetatin All vegetatin (i.e., grass, shrubs, plants, etc.) is t be apprpriately maintained at all time by either a licensed, bnded, and insured landscaping cmpany r by [cmpany name] landscape persnnel. Adequate maintenance f vegetatin nt nly imprves the appearance f a facility, it als ensures that intruders r ther suspicius peple r elements cannt cnceal themselves as easily. Security Alarm System A security alarm system is t be in place, peratinal at all applicable times as necessary, hard-wired and wireless mnitring (where applicable) fr all entry and egress pints thrughut the facility, and ther areas deemed vulnerable. Additinally, respnse and reslutin services fr the security alarm are t be a licensed, bnded, and insured third-party security alarm cmpany and/r lcal plice. Mrever, an apprpriate party at [cmpany name] is t be immediately ntified anytime an alarm has passed its maximum threshld whereby the third-party security alarm cmpany and/r the lcal plice have been cntacted. Alarm Pints Bth hard-wired cntact pints and wireless-alarm pints (where applicable) are t be utilized fr ensuring the security alarm system is cnnected t all critical entry and egress pints thrughut the facility and ther areas deemed vulnerable. The use f glass breakers, mtin detectrs, vice recgnitin elements, if used, are t be tied int the security alarm system using apprved measures. Cameras Mnitring Surveillance Recrding Archival Cameras are t be strategically placed thrughut the facility as deemed necessary and capable f capturing and recrding all activity. Additinally, this requires the use f mnitring devices whereby authrized persnnel can view all activity in real-time, while als recrding such activity. During nnbusiness hurs r when persnnel are nt available fr real-time viewing, recrding is t be in place that allws fr capturing any activity. Mrever, archival measure are t be in place (minimum f 90 days) fr retentin f data caught n camera. Threat Cnditins Plicy Because f the grwing threats facing rganizatins, a threat cnditins plicy is t be in place which cnsists f dcumented respnses and initiatives t undertake in the event f an actual threat. This may include, but is nt limited, t the fllwing: Threats f terrrism r hstage situatins.
6 Physical r envirnmental cnditins resulting in the structural integrity f a facility being cmprmised which culd ultimately endanger the lives f all ccupants. Pwer utages, utility issues. Technlgy threats and data cmprmises, such as Distributed Denial f Service Attacks (DDS), etc. Badge Identificatin Equipment Checks Any persns entering r leaving a facility are t be checked at anytime, and at the discretin f authrized persnnel, fr prperly identifying wh they are and fr items deemed suspicius that may be in their pssessin. Because many system resurces and supprting assets can be small in size, and als cstly, bag checks, bdy searches, pat dwns, and any ther checks deemed necessary, are t be emplyed. Remval f Prperty and Security f Equipment All prperty remved frm a facility is t be dne s with apprved methds nly, ne that allws fr dcumented prcess that recrds vital statistical infrmatin fr such prperty, whether it leaves indefinitely r is being returned at a later date (fr which it will then be required t be checked-in thrugh a dcumented prcess als). Specifically, prperty may nly be remved if apprved by authrized persnnel and is required t be returned (if applicable) under an agreeable and predetermined timeframe. Additinally, prperty, while still under the legal binding wnership f the applicable facility, is t be safeguarded at all times, must adhere t manufacture's perating plicies (if applicable), with apprpriate insurance in place fr prtecting such prperty. Cages Cabinets Vaults System resurces, such as cmputer and netwrking systems (bth the hardware sftware, and supprting assets) are t be placed in secure cages, cabinets, r vaults that meet r exceed strength, rigidity, and general safety standards as required by law and/r custmers. Additinally, physical access cntrls, such as electrnic access cntrl systems (ACS), cmbinatin lcks, punch key lcks, and/r traditinal lck and key are t be used fr prtectin f the applicable system resurces. Security Department and Security Staff As necessary, the applicable facility is t have in place a frmalized security department cnsisting f the fllwing: Operates 24x7 and is respnsible fr cntrlling and mnitring facility access and ensuring cmpliance with access prcedures. Is respnsible fr cntrlling the mvement f materials taken ut f the facility main entry and exit pints, issuing pht id access badges and visitr badges and retrieving them als, alng with administering the cmputerized access cntrl system t permit and terminate access. Dedicated n-site security staff 24x7 wh are respnsible fr prper peratins and maintenance f the physical security systems, lss preventin, material mvement, and security plicy and prcedures cmpliance. Dedicated n-site security staff 24x7 wh perfrm the fllwing functins: Respnse and reslutin t security alarms. Custmer assistance fr cage lckuts and escrts. Scheduled and unscheduled security inspectins.
7 Enfrcement f n fd r drinks in certain areas. Enfrcement f n unauthrized phtgraphy plicy. Fire and safety patrl inspectins. Mnitr intrusin security alarm systems. Dispatch mbile security fficers t emergencies. Mnitring t prevent unauthrized access, such as tailgating. Assist all individuals wh have authrized access t enter the facility. Cntrlling access t the data center by cnfirming identity. Issue and retrieve access badges. Respnd t telephne and radi cmmunicatins. Lcal Law Enfrcement Cntact Infrmatin The psting f lcal law enfrcement cntact infrmatin (ther than 911 r ther emergency numbers) is t be in place whereby authrized persnnel can cntact authrities as necessary. This infrmatin shuld be made available t security staff and psted accrdingly in an area where it can be easily viewed by such security staff (such as their security rm). Mantrap Mantraps, which are cmmn in any facility that require entrance int sensitive areas, are t be used as necessary. This ften includes facilities such as data center, c-lcatin entities, managed services prviders and ther related entities. Facility Access Only authrized persnnel (i.e., emplyees, visitrs, cntractrs, and ther third party.) are allwed access t the applicable facility, with ne's access rights cmmensurate fr his her rles and respnsibilities. Additinally, a dcumented identificatin, prvisining and de-prvisining prcess and related prcedures are t be in place cnsisting f the fllwing measures: The use f a sftware utility, ticketing system, in cnjunctin with a hard-cpy lg reprt that captures all vital statistical access rights infrmatin, such as full name, cntact infrmatin, cmpany affiliatin, alng with date and time f entry and departure t and frm the facility, and any ther vital statistical infrmatin. Fr individuals wh have been granted an actual access cntrl badge - thus allwing t bypass many f the prvisining steps in place fr visitrs, cntractrs, and ther third party individuals - the sftware utility that allws access is t be reviewed n a regular basis. The regular review is t ensure that all terminated users d nt have access and access fr current users is cmmensurate with their rles and respnsibilities. Assignment f badge, card reader, r sme f ther clearly labeled frm f visible identificatin that indicates the type f persnnel they are (i.e., emplyees, visitrs, cntractrs, and ther third party), the type f access, duratin f access (if applicable). Nte: The requirement fr a "clearly labeled frm f visible identificatin" prevents unauthrized access and allws anyne within the facility t identify unescrted visitrs, ultimately helping in determining if access cntrls have been breached. Thus, visitrs, cntractrs, and ther third party individuals are t be escrted at all times, when applicable.
8 Fr areas deemed restricted, sensitive, classified, r any ther designatin whereby access is allwed nly t select, authrized persnnel, additinal access cntrl measures are t be in place (i.e., tw-factr authenticatin, bimetrics, etc.) fr prtecting [cmpany name]'s system resurces and supprting assets. Because many facilities have shipping, receiving, delivery, and lading areas that are used n a daily basis, these areas are t have secure access cntrl mechanisms in place, such as thse described earlier under "Physical Security Prtectin Measures." Additinally, fr facilities that have shipping, receiving, delivery, and lading areas, the fllwing prvisins are t be in place: Access restricted t authrized persnnel. Areas that are cnfined fr nly their applicable use, with n access allwed t ther parts f the facility withut undertaking prcess access cntrl measures. Incming and utging gds and prducts are t be inspected, tagged and labeled accrdingly, recrded, and registered with an apprved methd. Gds and prducts arriving at the facility are t be stred in designated areas, such as bins, hlding rms, r sme ther type f apprved methd. Gds and prducts leaving the facility are t have crrect transprtatin labels n them, and are t be stred in designated areas befre being picked up. All gds and prducts entering and leaving the facility are t be physically inspected fr any pssible security threats. Fr a facility that receives gd and prducts fr a custmer, a ntificatin prcess is t be in place whereby custmers are immediately cntacted and infrmed f packages. The entire identificatin, prvisining, and de-prvisining prcess is t be recrded and archived fr purpses f prducing audit recrds as needed, such as fr access cntrl breaches, daily peratinal review activities, and fr regulatry cmpliance requirements. Access Cntrl System Access cntrl systems, while imprtant fr physical security prtectin measures, ultimately ensure that nly authrized individuals have access t a particular facility, with access rights being cmmensurate with ne's rles and respnsibilities. As such, access cntrl systems are t be prvisined and deplyed fr any area requiring physical access int a facility - r within the facility - access t additinal areas. Additinally, the access cntrl systems are t be maintained by authrized individuals nly. Bimetrics Bimetrics, while als imprtant fr physical security prtectin measures, ultimately ensure that nly authrized individuals have access t a particular facility, with access rights being cmmensurate with ne's rles and respnsibilities. As such, bimetric devices are t be prvisined and deplyed fr any area requiring physical access int a facility - r within the facility - access t additinal areas. Additinally, the bimetric devices are t be maintained by authrized individuals nly. Example f bimetrics include, but are nt limited, t the fllwing: Fingerprint and Palm Readers Vice Recgnitin
9
GUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationData Protection Policy & Procedure
Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationPOLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationChapter 7 Business Continuity and Risk Management
Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationVersion Date Comments / Changes 1.0 January 2015 Initial Policy Released
Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationUnified Infrastructure/Organization Computer System/Software Use Policy
Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help
More informationA96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015
A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY
More informationInformation Security Incident Response Plan
Infrmatin Security Incident Respnse Plan Agency: Date: Cntact: 1 TABLE OF CONTENTS Intrductin... 3 Authrity... 4 Terms and Definitins... 4 Rles and Respnsibilities... 5 Prgram... 6 Educatin and Awareness...
More informationHow To Ensure Your Health Care Is Safe
Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t
More informationTechnical Writing - TheUsers Visa (SHR User Accunt)
POLICY Number: 7311-25-004 Title: Saskatn Health Regin User Accunt Plicy Authrizatin [ ] President and CEO [X] Vice President, Finance and Crprate Services Surce: Directr, Infrmatin Technlgy Services Crss
More informationSession 9 : Information Security and Risk
INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin
More informationImproved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1
Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues
More informationChristchurch Polytechnic Institute of Technology Access Control Security Standard
CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin
More informationHIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337
HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationDescription of Colocation Centre, Scope of Services
audimex Hsting Descriptin f Clcatin Centre, Scpe f Services Status: 26.10.2012 Chairman f the Supervisry Bard: Alexander Schmitz-Elsen, Managing Directrs: Dr. Stefan Berchtld, Markus Hövermann, audimex
More informationREQUEST FOR PROPOSAL SECURITY SERVICES
REQUEST FOR PROPOSAL SECURITY SERVICES Sectin I INTRODUCTION [Cmpany] is seeking prpsals frm qualified Cntractrs t prvide unifrmed security service fr [Cmpany] facilities at [Lcatin(s)]. This dcument is
More informationCHANGE MANAGEMENT STANDARD
The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the
More informationHouston Controls, Inc Safety Management System
Hustn Cntrls, Inc Dc N: Revisin Date: 3/16/2011 Revisin N. 1 Next Revisin Date: 3/16/2012 Preparatin: Safety Mgr Authrity: Dennis Jhnstn Issuing Dept: Safety Page: Page 1 f 11 Purpse The purpse f this
More informationTITLE: RECORDS AND INFORMATION MANAGEMENT POLICY
TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act
More informationFAYETTEVILLE STATE UNIVERSITY
FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty
More informationProcess for Responding to Privacy Breaches
Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationHow closely does your development follow HUD s Guidance on IPM? Complete the following checklist to assessment your pest management program.
1. Cmmunicate Plicies Cmmunicate wnership/ management s IPM plicies and prcedures t: All building ccupants Administrative staff Maintenance persnnel Cntractrs. Written pest cntrl plicy in place. Plicy
More informationRemote Working (Policy & Procedure)
Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer
More informationSystems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationWhite Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc. www.patrol-it.com
White Paper fr Mbile Wrkfrce Management and Mnitring Cpyright 2014 by Patrl-IT Inc. www.patrl-it.cm White Paper fr Mbile Wrkfrce Management and Mnitring Cpyright 2014 by Patrl-IT Inc. www.patrl-it.cm 2
More informationDATE APPROVED March 2011. Version Date Comments / Changes 1.0 March 2011 Initial policy released
Page 1 f 11 APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial plicy released 1. PURPOSE OF THIS POLICY T define the purpses fr which Crprate Purchase Cards are t be used
More informationSPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010
OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity
More informationDisplayNote Technologies Limited Data Protection Policy July 2014
DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f
More informationCompleting the CMDB Circle: Asset Management with Barcode Scanning
Cmpleting the CMDB Circle: Asset Management with Barcde Scanning WHITE PAPER The Value f Barcding Tday, barcdes are n just abut everything manufactured and are used fr asset tracking and identificatin
More informationFirst Global Data Corp.
First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First
More informationHelicopter Landing Sites Planning, Implementation and Management
Directive # QH-HSD-039:2013 Effective Date: 01 July 2013 Review Date: 01 July 2016 Supersedes: Nil Landing Sites Planning, Implementatin and Management Purpse The purpse f this Health Service Directive
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationIn-House Counsel Day Priorities for 2012. Cloud Computing the benefits, potential risks and security for the future
In-Huse Cunsel Day Pririties fr 2012 Clud Cmputing the benefits, ptential risks and security fr the future Presented by David Richardsn Thursday 1 March 2012 WIN: What in-huse lawyers need Knwledge, supprt
More informationDISASTER RECOVERY PLAN TEMPLATE
www.disasterrecveryplantemplate.rg The bjective f a disaster recvery plan is t ensure that yu can respnd t a disaster r ther emergency that affects infrmatin systems and minimize the effect n the peratin
More informationensure that all users understand how mobile phones supplied by the council should and should not be used.
Mbile Phne Plicy & Guidance Intrductin This plicy is designed t safeguard bth the cuncil and users f mbile phnes supplied by Angus Cuncil. It aims t ensure that these are used effectively, fr their intended
More informationPlus500CY Ltd. Statement on Privacy and Cookie Policy
Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and
More informationSources of Federal Government and Employee Information
Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities
More informationTHE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM
THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant
More informationMalpractice and Maladministration Policy
TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs
More informationBLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS
BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin
More informationSaaS Listing CA Cloud Service Management
SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters
More informationRSA SecurID Software Token Security Best Practices Guide. Version 3
RSA SecurID Sftware Tken Security Best Practices Guide Versin 3 Cntact Infrmatin G t the RSA crprate web site fr reginal Custmer Supprt telephne and fax numbers: www.rsa.cm. Trademarks RSA, the RSA Lg
More informationInformation Security Policy
Purpse The risk t Charlestn Suthern University, its emplyees and students frm data lss and identity theft is f significant cncern t the University and can be reduced nly thrugh the cmbined effrts f every
More informationTree Permit Process Intake: (A) (B) (C) (D) (A combination of checklists may be applicable depending on the scope of work) Review:
Tree Permit Prcess Intake: 1. Applicants may btain the Tree Permit Applicatins frm the Envirnmental Resurces Divisin in the Planning and Zning Department lcated at 444 SW 2 nd Avenue, 3 rd Flr, Miami,
More informationState of Wisconsin. File Server Service Service Offering Definition
State f Wiscnsin File Server Service Service Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 2/16/2008 1.0 JD Urfer First pass 2/16/2008 2.0 Tm Runge Editing changes 2/19/2009 2.1 Tm
More informationState of California California Technology Agency. Software Management Plan Guidelines
State f Califrnia Califrnia Technlgy Agency Sftware Management Plan Guidelines Revised April 2011 Sectin 1 1.0 Overview INTRODUCTION TO SOFTWARE MANAGEMENT PLANNING The State Administrative Manual (SAM)
More informationThe Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future
The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents
More informationCMS Eligibility Requirements Checklist for MSSP ACO Participation
ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.
More informationService Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S
Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...
More informationService List / Options
Service List / Optins Ontari Envirnmental & Safety Netwrk Ltd. 184 Sctt Street, St. Catharines, ON www.esn.net 1-888-271-2111 Water Twer, Bridge and Ship Restratin Lead Health and Safety Plan Drawings
More informationIn addition to assisting with the disaster planning process, it is hoped this document will also::
First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business
More informationImmaculate Conception School, Prince George Bring Your Own Device Policy for Students
Bring Yur Own Device Plicy fr Students Purpse This plicy utlines the acceptable use f electrnic devices t maintain a safe and secure educatin envirnment with the gal f preparing students fr the future,
More informationIMHU-HRM-A February 15, 2012 PAI SOP. Ft. Huachuca Personnel Asset Inventory - SOP
Ft. Huachuca Persnnel Asset Inventry - SOP I. Respnsible agencies are: Unit Battalin r separate cmpany S1 (S1) Brigade S1 Military Persnnel Divisin (MPD) Persnnel Autmatin Sectin (PAS) G1, AG, Military
More informationAdvanced SaaS Security Measures
BlueTie Business Email White Paper Advanced SaaS Security Measures Overview f BlueTie Security BlueTie, Inc. 220 Kenneth Drive Rchester, NY 14623 USA (800) BLUE TIE www.bluetie.cm TABLE OF CONTENTS Abstract...
More informationPrivacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.
Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive
More informationA Comparison of UK and Chinese Broking Regulation
A Cmparisn f UK and Chinese Brking Regulatin David Cupe Partner +44 (0)203 553 4884 david.cupe@ec3legal.cm The fllwing tables are a cmparisn f UK and Chinese brking regulatins including the Llyd s regulatins.
More informationWe will record and prepare documents based off the information presented
Dear Client: We appreciate the pprtunity f wrking with yu regarding yur Payrll needs. T ensure a cmplete understanding between us, we are setting frth the pertinent infrmatin abut the services that we
More informationnbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents.
Incident & Hazard Reprting Overview At nbn we are safe, disciplined and reliable. nbn is cmmitted t preventing injury, illness and envirnmental harm by prviding a safe and healthy wrking envirnment fr
More informationAddressing Drug and Device Recalls in Hospitals
Addressing Drug and Device Recalls in Hspitals Develped by participants at the meetings f the Califrnia State Bard f Pharmacy s Subcmmittee t Evaluate Drug Distributin in Hspitals January 2010 BOARD MEMBERS
More informationSupersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5
Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet
More informationNHVAS Mass Management Spot Check Checklist
Legal Entity Name f NHVAS Operatr: DTMR Representative: Lcatin: NHVAS Mass Management Spt Check Checklist Spt Check Date: Spt Check Number: DMS Number: 540/ The fllwing surces f evidence have been identified
More informationHillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network
2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal
More informationIT Help Desk Service Level Expectations Revised: 01/09/2012
IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+
More informationMulti-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021
Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada
More informationWHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy
WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin
More informationRSA Authentication Manager 5.2 and 6.1 Security Best Practices Guide. Version5
RSA Authenticatin Manager 5.2 and 6.1 Security Best Practices Guide Versin5 Cntact Infrmatin G t the RSA crprate web site fr reginal Custmer Supprt telephne and fax numbers: www.rsa.cm. Trademarks RSA,
More informationState Fleet Card Oversight Usage and Responsibilities
State Fleet Card Oversight Usage and Respnsibilities Intrductin The Department f General Services (DGS), Office f Fleet and Asset Management (OFAM) administers a statewide ne-prvider payment system cntract
More informationWhat Information Is Collected and How Is It Collected?
RCI PRIVACY NOTICE RCI Pacific Pty Ltd is cncerned abut privacy issues and wants yu t be familiar with hw we cllect, use and disclse infrmatin. This Privacy Ntice describes ur practices in cnnectin with
More informationCUSTOMER Information Security Audit Report
CUSTOMER Infrmatin Security Audit Reprt Versin 1.0 Date Wednesday, 18 January 2006 SafeCms Internet: www.safecms.cm Email: mailt:inf@safecms.cm 2001 Chartered Square Building. 20 th Fl, 152 Nrth Sathrn
More informationTOWN OF PAYSON WATER DEPARTMENT BACKFLOW PREVENTION PROGRAM CUSTOMER INFORMATION PACKAGE
TOWN OF PAYSON WATER DEPARTMENT BACKFLOW PREVENTION PROGRAM CUSTOMER INFORMATION PACKAGE TOWN OF PAYSON Backflw Preventin Prgram Develpers, Cntractrs and Paysn Residents: An apprved backflw preventin assembly
More informationName. Description. Rationale
Cmplliiance Cmpnentt Descriptin Ratinale Benefits List the Dmain List the Discipline List the Technlgy Area List Prduct Cmpnent Dcument the Cmpliance Cmpnent Type Cmpnent Sub-type DEEFFI INITION Hst-Based
More informationOITS Service Level Agreement
OITS Service Level Agreement Objective A Service Level Agreement (SLA) describes the IT Service, dcuments Service Level Targets, and specifies the respnsibilities f the IT Service Prvider and the Custmer.
More informationTHOMSON REUTERS C-TRACK CASE MANAGEMENT SYSTEM SOFTWARE AS A SERVICE SERVICE DEFINITION FOR G-CLOUD 6
THOMSON REUTERS C-TRACK CASE MANAGEMENT SYSTEM SOFTWARE AS A SERVICE SERVICE DEFINITION FOR G-CLOUD 6 C-Track Case Management System (CMS) is a cnfigurable, brwser based case management system fr all levels
More informationEligibility to Operate Company Vehicle
COMPANY VEHICLE POLICY Plicy The purpse f this Plicy is t ensure the safety f thse individuals wh drive cmpany vehicles. Vehicle accidents are cstly t ur cmpany, but mre imprtantly, they may result in
More informationA.M. BEST RATING SERVICES, INC. RATING DIVISION INTERNAL POLICY AND PROCEDURE. Subject: Dissemination Number: CRPC Policy 5
A.M. BEST RATING SERVICES, INC. RATING DIVISION INTERNAL POLICY AND PROCEDURE Subject: Disseminatin Number: CRPC Plicy 5 Effective Date: Nvember 29, 2006 Revisin Date: January 04, 2016 Purpse: The purpse
More informationHow To Write A Disaster Recovery Plan
Dcument Preview This is nly a prtin f the entire, custmizable dcument. KEEP IN DISASTER RECOVERY PLAN and a cpy ff-site Disaster Recvery and Business Cntinuity Plan Fr Name f Cmpany Name Lcatin f Date
More informationNHS WEST NORFOLK CLINICAL COMMISSIONING GROUP SAFEHAVEN POLICY
NHS WEST NORFOLK CLINICAL COMMISSIONING GROUP SAFEHAVEN POLICY 1 DOCUMENT CONTROL SHEET Name f Dcument: Safehaven Plicy Versin: 1 File Lcatin / Dcument Name: Held by Senir Infrmatin Risk Owner (SIRO):
More informationElectronic Health Information Exchange. Volume 3: Business Rules General All Points of Service
British Clumbia Prfessinal and Sftware Cnfrmance Standards Electrnic Health Infrmatin Exchange Vlume 3: Business Rules General All Pints f Service Versin 0.2 2014-11-24 Security Classificatin: Lw Sensitivity
More informationIT Account and Access Procedure
IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1
More informationSystem Business Continuity Classification
Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required
More informationTITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents
TITLE: Supplier Cntracting Guidelines Prcess: FIN_PS_PSG_050 Replaces: Manual Sectins 6.4, 7.1, 7.5, 7.6, 7.11 Cntents 1 Abut university supplier cntracting... 2 2 When is a cntract required?... 2 3 Wh
More informationEmployees - recruitment, records and monitoring
Emplyees - recruitment, recrds and mnitring This guidance has been prduced t help rganisatins cmply with the Data Prtectin Act (DPA) when recruiting and emplying wrkers. It is relevant t public sectr emplyers,
More informationALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY. Approved by Governing Body on: 6 th May 2015
ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY Gvernrs Cmmittee: Finance and General Purpses Apprved by Gverning Bdy n: 6 th May 2015 Signed: (Chair f Cmmittee) Signed: (Headteacher) Date t be
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationAs with any occupancy, it is essential to implement standard property loss prevention programs in your warehouse facility. These programs include:
Causes include ht wrk, smking, inapprpriate cntractr actins, and arsn. Cntributing factrs include pr husekeeping, impaired fire prtectin, and inadequate respnse t fires. Implementing lss preventin prgrams
More informationPRIVACY POLICY Last revised: April 2015
PRIVACY POLICY Last revised: April 2015 ACD, LLC, and its affiliates (cllectively, we, us, ur ) understand that privacy is imprtant t ur cnsumers and want yu t make knwledgeable decisins abut the infrmatin
More informationFINANCIAL SERVICES FLASH REPORT
FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent
More informationServ-U Distributed Architecture Guide
Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v14.0.1.0 Page 1 f 16 Intrductin Serv-U
More information