Information Disclosure Guidelines for Safety and Reliability of IaaS / PaaS
|
|
- Crystal Parrish
- 8 years ago
- Views:
Transcription
1 Information Disclosure Guidelines for Safety and Reliability IaaS / PaaS Condition 1: Objective information disclosure Information disclosure would be made in a unit each IaaS/PaaS. Condition 2: Definition IaaS/PaaS IaaS/PaaS is defined in this guideline as follows. IaaS (Infrastructure as a Service) means which fer hardware resources, such as servers, hard disks and storages, necessary for ASP, SaaS or PaaS. In a broader sense, it means which include data centers. PaaS (Platform as a Service) means which fer system resources, development and operation resources and network facilities in a narrower sense, while meaning which include data centers and IaaS in a broader sense. IaaS and PaaS are collectively called hosting. Items for Information Disclosure Description / Time Date the Information Year, month, date information disclosure (in Western calendar) the Information Disclosure Disclosure Place business enterprise / Business Business Name business Formal name business enterprise (trade name) enterprise Overview enterprise Website business URL homepage business enterprise enterprise Established Year / Established year business enterprise (in Western calendar) Years in Business Years in the business Office (enterprise Address, postal code head fice business enterprise place) Number fices (domestic, overseas) Business Principal business Overview principal business business enterprise overview overview Human resources Management Representatives Name representative Background representative (age, academic, career, certificate etc.) Executive Number executive Employees Number employees Number regular employees (single basis) Financial Conditions Financial Sales Sales the entire business enterprise (Consolidated base) (unit: Yen) Data Ordinary prit Ordinary prit the entire business enterprise (Consolidted base) (unit: Yen) Capital Capital the entire business enterprise (Consolidated base) (unit: Yen)
2 Equity ratio Ratio equity capital the entire business enterprise (Consolidated base) (unit: %) Financial Listing on stock Whether or not business enterprise is listed on stock market, name Reliability markets market if listed Situation on financial Select appropriate situation from the following; (1) accounting audit by audit / Finan- accounting auditor, (2) audit by accounting adviser, (3) financial data cial data based on checklist according to small and mid-sized enterprise accounting, or (4) none the above Mandatory publication Whether or not financial statements is published mandatorily financial statements Capital relationship / Business connections Capital Shareholder composition Names large shareholders (largest 5) and ratio stock holding each relationship shareholder Business Main dealing financial Name main dealing financial institution connections institution Name industry Names industry organizations, economic organizations and others and/or which enterprise belongs non-governmental organizations which enterprise belongs Compliance Organization-syste m Rulemaking and documentation rules Full-time section and meeting committee structure Policies on the information security Policies on the complaint procedure relating to IaaS / PaaS Policies on the Business Continuity Policies on the Risk Management Presence or absence full-time section and meeting committee structure which is responsible for compliance, name section and meeting committee if present Presence or absence documents such as basic policies, organizational rules, manuals etc. on the information security, names documents if present Presence or absence documents such as basic policies, organizational rules, manuals etc. on the complaint procedure relating to IaaS /PaaS service, names documents if present Presence or absence documents such as basic policies, plans, manuals etc. on business continuity, names documents if present Presence or absence documents such as basic policies, plans, manuals etc. on risk management, names documents if present Basic features Service Name Name IaaS/PaaS service that disclosed information overview Start date Year, month, date service launch IaaS/PaaS service that disclosed information (If major renewal has occurred between service launch and application, sate year, month, date the renewal) Basic types Limitation on service customization Select appropriate type from the following; system platform service, development/runtime platform service, application platform service, hardware platform service, or network platform service Range application customization (It not defined or to be discussed separately, describe so)
3 (System (Hardware (Network Quality Service Types lines and bandwidths Provided OS Server maintenance ASP / SaaS Support Network provision for the connections by administrators Backup and restore Other (Development and execution (Application Support for stware development Services for domain name management Type line such as dedicated line (including VPN)and Internet Type band provided, description band guaranty if present Presence or absence provision virtualized OS Describe OS that serves as single OS (Windows, Unix, Linux, etc.) Description such as server OS initialization, patch update for OS, etc. Description such as search, authentication, clearing/billing, security, location data, timestamp, media, language conversion, etc. Description access methods such as remote desktop, SSH, etc. Description backup service, restore service at system failure, etc. Description administrative application service, clearing service, representative service, consulting service etc. Provision Java, Servlet, Perl, PHP, Ruby, C/C++ and other open source development environments etc. Description for IP address management, domain acquisition/management, DNS server management, etc. Mail Services Description for Web mail, mailing list, etc. Web Services Description for Web server, FTP server, Web account, access control, access log analysis, access log acquisition, blog, BBS etc. Others Description for API, DB server, etc. Server Description for shared server, dedicated server, etc. Storage Description storage hosting service Rental equipment Presence or absence trouble-shooting service, regular operation service, operation/maintenance support service for rental equipments, description if present Services for integrated Description fered by integrating virtual resources (virtual resource machine, server, storage, network etc.) Load balancer Description load balancer service Network device Description to provide network equipment such as router, switch, etc. Service availability Actual value service availability If actual value cannot be described by an unavoidable reason, the reason and target value must be described Pattern number type service in Information Security Guideline and counter measured reference value History service suspension accidents Management Method detection equipment failure and system delay service performance (point detection, detection interval, detection method such as screen display check) Method to understand service performance (point detection, detection interval, detection method such as screen display check)
4 Change / termination Prices for the / Cancellation Amount used Reinforcement service performance Acquirement Certification / Implementation Audits Treatment personal information Vulnerability assessment Interval on verifications backup data integrity Maintenance for backup data History award or commendation Service level agreement (SLA) Prior notice the change or termination Response and alternative for the change or termination References relating to the change or termination Charging methods Pricing structure / Prices Method payment Penalty for cancellation the contract Term for the prior notice cancellation from users Number users Number agencies Presence or absence system reinforcement determination criteria or plan Outline technical measure (load balancing, network routing, compression etc.) if determination criteria or plan is present Acquirement Privacy mark, ISMS (JIS Q etc.), ITSMS (JIS Q etc.), presence or absence audit report created upon ASCR18 (SAS70 in US). Provide name certification or audit if the above is present Clear indication purposes collecting personal information Presence or absence vulnerability assessment Readiness assessment criteria and procedure to take countermeasure, outline state countermeasure taken Backup execution interval Generations backup data(describe the number generations) Interval verification backup History awards received relevant to IaaS/PaaS service Whether or not SLA relevant to this certification items is attached to contract Time and method prior notice to users (Describe time prior notice using such units as 1 month prior, 3 months, 6 months, and 12 months) Presence or absence basic policies on response and alternative, outline if basic policies are present Presence or absence response to users at contract termination (introducing alternative service etc.), outline response if present Presence or absence responsibility to return information assets (user data etc.) at contact termination Presence or absence point contact (including one for regular complaints), name and opening hours point contact if present Charging methods measured rate portion and fixed rate portion respectively Amount initial cost, monthly charge, minimum contract duration * Details such as price chart for each service can be attached as appendix Methods payment such as credit card payment, electronic money payment, etc. Presence or absence cancellation penalty (which user must pay), amount penalty fee if present Presence or absence term for the prior notice cancellation from users, due date if present (describe how many days/months prior the notice should be made) Number or user licenses for IaaS/PaaS service that disclosed information (identify if this is the number concurrent users or actual users) Number agency IaaS/PaaS service that disclosed information
5 Data Location the Location saved customer data (place where data exists) when IaaS/PaaS Management data service is provided (describe country name) Data center used Number data centers used when IaaS/PaaS service is provided System Operation (Operation PaaS, Security) Operation PaaS Security (Platform, Storage) Security (Network) Live-or-death monitoring Presence or absence live-or-death monitoring, monitoring target if live-or-death monitoring is carried out (platform, storage etc.), and monitoring interval, monitoring time, notification time each live-or-death monitoring target Fault monitoring Presence or absence fault monitoring Time Synchronization Method time synchronization system Anti-virus Presence or absence antivirus measure, if present, update interval pattern file (time from vendor release) Administrator authentication Presence or absence formal procedure to register/remove administrator privileges (although the content is not disclosed, submission standards which describe procedures etc. is required as examination documents for certification) Record (Log) Usage users, whether or not record exception handling and security event (log etc.) is taken, how long record (log) is kept if taken Management Presence or absence standards administration method ID and IDs and passwords password (although the content is not disclosed, submission standards which describe administration method etc. is required as examination documents for certification Security Patch Presence or absence standard that defines how to acquire security patch Management information, assessment method, decision criteria, update procedure, update interval at normal time, emergency response, etc. Firewall Presence or absence firewall Network Intrusion Presence or absence detection mechanism unauthorized server intrusion Detection System by illegal packet or non-privileged user Network monitoring Reporting time when a failure occurs in the network (dedicated line etc.) between enterprise and contract user Virus check Presence or absence to , download file, and access to files on servers, update interval pattern file (time from vendor release) if measure is present User authentication Presence or absence personal authentication (Web, server) and user authentication by ID/password through authentication platform, method authentication if present Record (Log) Network usage, whether or not record exception handling and security event (log etc.) is taken, how long record (log) is kept if taken Defence against Presence or absence taken for spoing where a third party Spoing pretends to be a user company, method authentication if present Other security Describe freely for information leak and data encryption. Housing ( Location servers ) Building Name data center Beginning year the Data center Building for data centre or not Formal identification name or abbreviated name the data center indicated in the above item No, 75 <*> * the term abbreviated name here means A, B, C... or 1, 2, 3,,, etc. Year from which data center began its business Select whichever is closer between building dedicated to data center and fice building
6 Electric power facilities Fire extinguishing systems Protection against thunders Air conditioning facilities Security Location Country name, regional block name (if Japan, e.g. Kanto, Tohoku) Describe notable geographical advantages if any (e.g. altitude, ground condition etc.) Earthquake resistant Earthquake resistance value (seismic intensity) structures Building structure relevant to earthquake (quake-absorbing structure, quake-damping structure etc.) Uninterruptible Presence or absence to establish uninterruptible power supply power supply (UPS installation etc.), minimum power supply duration if present, (UPS) and relevance with start-up time emergency power supply Power supply route Whether or not 2 or more power supply routes via different substations are secured (except UPS and emergency power supply) Emergency power Presence or absence emergency power supply (private power generation), supply continuous operating time without refuelling if present, and de- scription emergency power supply operation measure (method continuous fuel supply etc.) Fire extinguishing Presence or absence automated fire extinguishing system, whether or systems in the not it is gas-based fire extinguishing system (whether it is halon gas type Server Room or new gas type) if present Fire sensor / alarm Presence or absence fire detection system and smoke detection system system Protection against Presence or absence for direct lightening stroke direct thunders Protection against Presence or absence for induced lightening stroke, value induced lightning maximum endurable voltage if present (optional) from thunders Adequate air conditioning facilities Control people's entry and leaving Stock recording media Other Service support Service desk (Complaints desk) Coverage / support Guarantee and continuity the security Business hours and dates Liability and amount the limit the accident Description air conditioning facilities (upward blowing air conditioning on the floor, individual air conditioning dedicated for computer, water-cooling/air-cooling, other devices etc.) Presence or absence entry and leaving record, how long record is kept if present Presence or absence surveillance camera, operating hours and monitoring range surveillance camera, how long videos are kept, and availability alternation prevention feature if present Presence or absence personal authentication system Presence or absence cabinet with key lock or stock room to keep medium such as magnetic tape, optical media, etc. Presence or absence stock control procedure document Other notable security Business days and hours (open hours) Availability outside hours response Support coverage Contact method (phone/fax, etc.) Presence or absence document stating liability data center provider at accident occurrence and compensation coverage policy, name document if present
7 Prior notice temporary closures by such as maintenances Time prior notice to users (Describe time prior notice using such units as 1 month prior, 3 months, 6 months, and 12 months) Methods prior notice to users Presence or absence emergency maintenance with shorter notification period than described above Presence or absence notification at failure occurrence Notification and report Services Notification systems accidents and disasters Periodical reports Presence or absence regular reporting to users
Information Disclosure Guidelines for Safety and Reliability of ASP / SaaS
Information Disclosure Guidelines for Safety and Reliability of ASP / SaaS *1 For items of disclosure, if presence or absence is asked, answer is or absent. *2 If one of items is not disclosed, certification
More informationInformation Disclosure Guidelines for Safety and Reliability of Data Centers (Second
Information Disclosure Guidelines for Safety and Reliability of Data Centers (Second Edition) Condition 1: Objective of information disclosure Information disclosure would be made in a unit of each data
More informationOPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,
More informationby New Media Solutions 37 Walnut Street Wellesley, MA 02481 p 781-235-0128 f 781-235-9408 www.avitage.com Avitage IT Infrastructure Security Document
Avitage IT Infrastructure Security Document The purpose of this document is to detail the IT infrastructure security policies that are in place for the software and services that are hosted by Avitage.
More informationInformation Disclosure Reference Guide for Cloud Service Providers
Information Disclosure Reference Guide for Cloud Service Providers In Conjunction with "Guide to Safe Use of Cloud Services for Small-to-Mid-Sized Enterprises" April 2011 Information-technology Promotion
More informationBest Practices For Department Server and Enterprise System Checklist
Best Practices For Department Server and Enterprise System Checklist INSTRUCTIONS Information Best Practices are guidelines used to ensure an adequate level of protection for Information Technology (IT)
More informationWhy SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
More informationChapter 11 Cloud Application Development
Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How
More informationIT - General Controls Questionnaire
IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow
More informationSWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationHosted Testing and Grading
Hosted Testing and Grading Technical White Paper July 2014 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationHardware/Software Deployment Strategies. Introduction to Information System Components. Chapter 1 Part 4 of 4 CA M S Mehta, FCA
Hardware/Software Deployment Strategies Introduction to Information System Components Chapter 1 Part 4 of 4 CA M S Mehta, FCA 1 Hardware/Software Deployment Strategies Learning Objectives Task Statements
More informationAPPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
More informationResult of the Attitude Survey on Information Security
Presentation Result of the Attitude Survey on Information Security Conducted toward the companies Operating in Thailand February, 2009 Center of the International Cooperation for Computerization of Japan
More informationHIPAA RISK ASSESSMENT
HIPAA RISK ASSESSMENT PRACTICE INFORMATION (FILL OUT ONE OF THESE FORMS FOR EACH LOCATION) Practice Name: Address: City, State, Zip: Phone: E-mail: We anticipate that your Meaningful Use training and implementation
More informationInformation Technology General Controls Review (ITGC) Audit Program Prepared by:
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationWhitepaper - Security e-messenger
Whitepaper 1 Security e-messenger Contents 1. Introduction Page 3 2. Data centre security and connection Page 3 a. Security Page 3 b. Power Page 3 c. Cooling Page 3 d. Fire suppression Page 3 3. Server
More informationInformation Technology Security Procedures
Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationStorage Guardian Remote Backup Restore and Archive Services
Storage Guardian Remote Backup Restore and Archive Services Storage Guardian is the unique alternative to traditional backup methods, replacing conventional tapebased backup systems with a fully automated,
More informationSection 1 CREDIT UNION Member Information Security Due Diligence Questionnaire
SAMPLE CREDIT UNION INFORMATION SECURITY DUE DILIGENCE QUESTIONNAIRE FOR POTENTIAL VENDORS Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire 1. Physical security o Where is
More informationLas Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
More informationPROTECTION AND SYSTEM MAINTENANCE COMPUTER AND COMUNICATION SYSTEM OF EXECUTIVE COUNCIL OF AUTONOMOUS PROVINCE OF VOJVODINA.
PROTECTION AND SYSTEM MAINTENANCE COMPUTER AND COMUNICATION SYSTEM OF EXECUTIVE COUNCIL OF AUTONOMOUS PROVINCE OF VOJVODINA Milan Paroški 1, Nenad Petrović, Rade Ćirić 2 1 Provincial Authorities Administrative
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationISO 27001 COMPLIANCE WITH OBSERVEIT
ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk
More informationSystem Management. What are my options for deploying System Management on remote computers?
Getting Started, page 1 Managing Assets, page 2 Distributing Software, page 3 Distributing Patches, page 4 Backing Up Assets, page 5 Using Virus Protection, page 6 Security, page 7 Getting Started What
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationSRA International Managed Information Systems Internal Audit Report
SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...
More informationOFFICE OF THE STATE AUDITOR General Controls Review Questionnaire
OFFICE OF THE STATE AUDITOR Agency: * University Please answer all of the following questions. Where we ask for copies of policies and procedures and other documentation, we would prefer this in electronic
More informationMSP Service Matrix. Servers
Servers MSP Service Matrix Microsoft Windows O/S Patching - Patches automatically updated on a regular basis to the customer's servers and desktops. MS Baseline Analyzer and MS WSUS Server used Server
More informationDatabase Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG
Database Security Guideline Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG Table of Contents Chapter 1 Introduction... 4 1.1 Objective... 4 1.2 Prerequisites of this Guideline...
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationTechnical Standards for Information Security Measures for the Central Government Computer Systems
Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...
More informationCounselorMax and ORS Managed Hosting RFP 15-NW-0016
CounselorMax and ORS Managed Hosting RFP 15-NW-0016 Posting Date 4/22/2015 Proposal submission deadline 5/15/2015, 5:00 PM ET Purpose of the RFP NeighborWorks America has a requirement for managed hosting
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationAPPENDIX 8 TO SCHEDULE 3.3
APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE
More informationCloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs
Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Guy Wiggins Director of Practice Management Kelley Drye & Warren
More informationSITECATALYST SECURITY
SITECATALYST SECURITY Ensuring the Security of Client Data June 6, 2008 Version 2.0 CHAPTER 1 1 Omniture Security The availability, integrity and confidentiality of client data is of paramount importance
More informationICT OPERATING SYSTEM SECURITY CONTROLS POLICY
ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...
More informationInformation Technology Branch Access Control Technical Standard
Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationSecurity Audit Survivor How to Remain On the Island in the Wake of the Piedmont Audit
Security Audit Survivor How to Remain On the Island in the Wake of the Piedmont Audit Marc D. Goldstone Vice President and Associate General Counsel Community Health Systems Gerald Jud E. DeLoss Gray Plant
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationIT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST
INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT
More informationEarth-Life Science Institute Tokyo Institute of Technology. Operating Guidelines for Information Security
Earth-Life Science Institute Tokyo Institute of Technology Operating Guidelines for Information Security 2013 1. Purpose The Operating Guidelines for Information Security (hereinafter, the Operating Guidelines
More informationItron Cloud Services Offering
Itron Cloud Services Offering WHITE PAPER TABLE OF CONTENTS Introduction... 3 Types of Services... 3 Software as a Service (SaaS)...3 Managed Services...3 On-site Managed Services...3 Benefits... 3 Infrastructure...
More informationTk20 Network Infrastructure
Tk20 Network Infrastructure Tk20 Network Infrastructure Table of Contents Overview... 4 Physical Layout... 4 Air Conditioning:... 4 Backup Power:... 4 Personnel Security:... 4 Fire Prevention and Suppression:...
More informationWhite paper Fujitsu s Initiatives through Fujitsu Cloud Standard Security Measures
White paper Fujitsu s Initiatives through Fujitsu Cloud Standard Security Measures Contents INTRODUCTION 2 OVERVIEW 3 PART 1 CONCEPT OF FJC DSS 4 1. Basic Concept of FJC DSS 4 (1) Background of FJC DSS
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationAstaro Services AG Rheinweg 7, CH-8200 Schaffhausen. Supplementary data protection agreement. to the license agreement for license ID: between
Astaro Services AG Rheinweg 7, CH-8200 Schaffhausen Supplementary data protection agreement to the license agreement for license ID: between...... represented by... Hereinafter referred to as the "Client"
More informationSOLITEC products or services for which a separate privacy policy is provided.
1 of 9 Privacy Policy This Privacy Policy explains what information SOLITEC Software Solutions GesmbH and its related entities ( SOLITEC ) collect about you and why, what we do with that information, how
More informationFORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference
FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS Workpaper Reference Date(s) Completed Organization and Staffing procedures used to define the organization of the IT Department. 2. Review the organization
More informationThe first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.
CIPS Overview Introduction The reliability of the energy grid depends not only on physical assets, but cyber assets. The North American Electric Reliability Corporation (NERC) realized that, along with
More informationThe Commonwealth of Massachusetts
A. JOSEPH DeNUCCI AUDITOR The Commonwealth of Massachusetts AUDITOR OF THE COMMONWEALTH ONE ASHBURTON PLACE, ROOM 1819 BOSTON, MASSACHUSETTS 02108 TEL. (617) 727-6200 No. 2008-1308-4T OFFICE OF THE STATE
More informationA Nemaris Company. Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher
A Nemaris Company Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher 306 East 15 th Street Suite 1R, New York, New York 10003 Application Name Surgimap Vendor Nemaris Inc. Version
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationUNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1
UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 As organizations unlock the true potential of meeting over the web as an alternative to costly and timeconsuming travel,
More informationHow To Use Egnyte
INTRODUCING ON DEMAND FILE SERVER FROM BT WHOLESALE APPLICATION STORE WHAT IS ON DEMAND FILE SERVER? The three most common technology challenges facing every small business are data storage, information
More informationInsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?
What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software
More informationCloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud
Cloud Computing Chapter 10 Disaster Recovery and Business Continuity and the Cloud Learning Objectives Define and describe business continuity. Define and describe disaster recovery. Describe the benefits
More informationUMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY
UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Originator: IT Performance and Capacity Management Policy Approval and Version Control Approval Process: Position or Meeting
More informationLauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L.
Document No: IG10d Version: 1.1 Name of Procedure: Third Party Due Diligence Assessment Author: Release Date: Review Date: Lauren Hamill, Information Governance Officer Version Control Version Release
More informationout of this world guide to: POWERFUL DEDICATED SERVERS
out of this world guide to: POWERFUL DEDICATED SERVERS Our dedicated servers offer outstanding performance for even the most demanding of websites with the latest Intel & Dell technology combining unparalleled
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationPrivacy Policy. Introduction. Scope of Privacy Policy. 1. Definitions
Privacy Policy Introduction This Privacy Policy explains what information TORO Limited and its related entities ("TORO") collect about you and why, what we do with that information, how we share it, and
More informationApproved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2
Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationCybersecurity Health Check At A Glance
This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not
More informationVendor Questionnaire
Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining
More informationConsensus Policy Resource Community. Lab Security Policy
Lab Security Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationRL Solutions Hosting Service Level Agreement
RL Solutions Hosting Service Level Agreement April 2012 Table of Contents I. Context and Scope... 1 II. Defined Terms... 1 III. RL Solutions Responsibilities... 2 IV. Client Responsibilities... 4 V. The
More informationMSP Center Plus Features Checklist
Features Checklist Your evaluation is not complete until you check out top vendors and the price. Here is a list prepared based customer queries. Features General Easy web interface with admin, technician,
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationThe Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
More informationVirtual Private Server Services Specific Terms and Conditions
Virtual Private Server Services Specific Terms and Conditions These Specific Terms and Conditions and ROOT General Terms and Conditions shall be interpreted and applied together as a single instrument
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationAPPENDIX 8 TO SCHEDULE 3.3
EHIBIT Q to Amendment No. 60 - APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT EHIBIT Q to Amendment No.
More informationUnless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document.
Privacy Policy This Privacy Policy explains what information Fundwave Pte Ltd and its related entities ("Fundwave") collect about you and why, what we do with that information, how we share it, and how
More informationVistara Lifecycle Management
Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationIT & COMMUNICATION MANAGED SERVICES CATALOGUE
YOUR QUALITY PARTNER FOR SOFTWARE SOLUTIONS IT & COMMUNICATION MANAGED SERVICES CATALOGUE Server & Application Support Network Support Cloud & Virtualisation Communication System IT Support Server & Application
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationOffice of Information Technology Hosted Services Service Level Agreement FY2009
Application Name: Application Agreement Start Date: 07/01/08 Customer Name: Customer Agreement Renewal Date: 06/30/09 SLA Number: HSxxxFY09A Service Description: This document describes the technical support
More information6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING
6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationOSU INSTITUTE OF TECHNOLOGY POLICY & PROCEDURES
Network Security 6-005 INFORMATION TECHNOLOGIES July 2013 INTRODUCTION 1.01 OSU Institute of Technology (OSUIT) s network exists to facilitate the education, research, administration, communication, and
More informationNetwork Documentation Checklist
Network Documentation Checklist Don Krause, Creator of NetworkDNA This list has been created to provide the most elaborate overview of elements in a network that should be documented. Network Documentation
More informationIT Security Standard: Computing Devices
IT Security Standard: Computing Devices Revision History: Date By Action Pages 09/30/10 ITS Release of New Document Initial Draft Review Frequency: Annually Responsible Office: ITS Responsible Officer:
More informationTANDBERG MANAGEMENT SUITE 10.0
TANDBERG MANAGEMENT SUITE 10.0 Installation Manual Getting Started D12786 Rev.16 This document is not to be reproduced in whole or in part without permission in writing from: Contents INTRODUCTION 3 REQUIREMENTS
More information