Southwest Area Regional Transit District Information Security Plan 2012

Size: px
Start display at page:

Download "Southwest Area Regional Transit District Information Security Plan 2012"

Transcription

1 Southwest Area Regional Transit District Information Security Plan 2012 Board Approved pending October 2012

2 Table of Contents 1 Introduction Objectives and Purpose Authorized Officials Information System Owner and Designated Support Contacts Policies and Procedures Access Control Awareness and Training Security Assessment and Authorization Contingency Planning Identification and Authentication Maintenance Physical and Environmental Protection Personnel Security System and Services Acquisition System and Information Integrity Strategic Goals and Objectives Information System Monitoring Visitor Control Security Processes Implement Physical and Environmental Protection for Mission Critical Information Systems Enhance User Authentication References Terms and Acronyms Appendix A Security Control Table Appendix B Acknowledgement of Information Security Policy Appendix C HHSC Data Use and Business Associate Agreement October 2012

3 1 Introduction Computer information systems and networks are an integral part of business at Southwest Area Regional Transit District (SWART). SWART has made a substantial investment in human and financial resources to create these systems and realizes the importance of creating effective administrative, technical and physical safeguards in order to protect customers non-public information. Information security is the protection of technology resources and data from a wide range of threats to ensure business continuity and minimize business risks. SWART will continue to implement policies, procedures and controls to ensure information security is achieved. 1.1 Objectives and Purpose The SWART Information Security Plan provides policies, procedures and security controls currently implemented and identifies information security areas which SWART will address in the near future. The policies and procedures have been established in order to: Ensure the security and confidentiality of our customer s information Protect investment against any anticipated threats or hazards to the security or integrity of our customer information Protect against unauthorized access within SWART systems to or use of customer information that could result in substantial harm or inconvenience to any of our customers Reduce business and legal risk Protect the good name of the agency 2 Authorized Officials The following is a list SWART s authorized officials and Third Party Support Contacts to ensure that all information security policies and plans are followed: Organization Name Title Phone Number SWART Sarah Cook General Manager SWART Cynthia Z. Administrative Specialist Rodriguez SWART Sylvia Uriegas Financial Specialist SWART Chris Molnar Automation Director Jive (Support) Shah Software (Support) Intuit (Support Venture Technologies (Support) EPV Group Marty Loya Project Manager Table 1 Contacts 3 October 2012

4 3 Information System Owner and Designated Support Contacts Owner System Type Designated Third Party Support Contact Operational Status (Operational/Under Development/Major Modifications) (SWART) Accounting / Finance MIP Software Operational Infrastructure IT Support Networking, Servers, Routers, Venture Technologies, Operational 4 Policies and Procedures Scheduling and Dispatching Transportation Operations Software Shah Software Operational Intuit Operational Website Intuit Operational Telephone System JIVE Operational Table 2 Information Systems This section addresses the current policies and procedures with corresponding security controls (in [ ]) contained in NIST Special Publication Revision 3. See Appendix A for list of Security Controls. 4.1 Access Control Access Control Policy and Procedures [AC-1] This SWART Information Security Plan provides management, staff, employees, and contractors information on policies addressing secure information related to clients. The confidentiality and integrity of data stored on agency computer systems must be protected by access controls to ensure that only authorized employees have access. This access shall be restricted to only those capabilities that are appropriate to each employee's job duties. Any person who has access to client information is asked to review the SWART Information Security Plan and sign the Acknowledgement of Information Security Policy included in Appendix B Account Management [AC-2] All systems utilized by SWART have been set-up with separate admin and user accounts. Under this control, the Automation Director will perform the following: Responsible for the administration of access controls to all agency computer systems and will process adds, deletions, and changes Maintain a list of administrative access codes and passwords and keep this list in a secure area available only to the General Manager, Administrative Specialist and Financial Specialist 4 October 2012

5 With approval of General Manager and Automation Director will assign rights to programs and databases and ensure that employee has implemented acceptable password practices. Disable access to programs or database when employees are terminated Separation of Duties [AC-5] SWART has separated duties of individuals as necessary in order to assign information system authorization Automation Director The Automation Director and will supervise Information Security policies/procedures. The Automation Director is responsible for the administration of any security policy under the supervision of the General Manager and Administrative Specialist Manager. He or she will be assisted by a representative of the Third Party Support Contact listed for systems listed in Table 1 as required. The Automation Director with Guidance from the General Manager and the Administrative Specialist provides the following: Develop and maintain written standards and procedures necessary to ensure implementation of and compliance with security policy directives Provide appropriate support and guidance to assist employees to fulfill their responsibilities under any security policy directives Coordinate automation activities with the assistance of any other Third Party contractors. Ensure that only authorized key personnel have access to any external required electronic management systems specifically related to Texas Human Health and Services Commission for Medical Transportation. Ensure the confidentiality of passwords to external systems specifically related to Texas Human Health and Services Commission for Medical Transportation. Act as single point of contact for all software users regarding operational status of equipment and application software questions and troubleshooting. Maintain records of software licenses owned by SWART. Periodically (at least annually) scan agency computers to verify that only authorized software is installed Supervisors For each department within SWART, a Supervisor is assigned for the management of the department s staff. Supervisors will perform the following tasks: Ensure that all appropriate personnel are aware of and comply with the security policy 5 October 2012

6 Create appropriate performance standards, control practices, and procedures designed to provide reasonable assurance that all employees observe the security policy Supervisors will notify the Automation Director promptly whenever an employee leaves the agency so that his/her access can be revoked. Involuntary terminations must be reported concurrent with the termination. Supervisors will also notify the Automation Director when an employee needs access to programs or databases Contractors SWART will utilize SWART staff and has also hired contractors to perform IT services for the agency. These contractors will provide additional security controls within their own information system or technology. Automation Director Automation Director provides IT support services for all SWART internal servers, desktops and laptops. Automation Director will provide the following: Install and maintain appropriate antivirus software on all computers Respond to all virus attacks, destroy any virus detected, and document each incident. Ensure daily system backups are completed. Shah Software. SWART utilizes RouteMatch software for scheduling and dispatching transportation. RouteMatch Software will provide the following: Address user security policies by providing software enhancements Provide automatic daily database backups Provide software license management Ensure that software checks for unauthorized users by validating user accounts and passwords Help Desk support and troubleshooting Intuit Intuit provides SWART management and hosting of Services. Intuit will provide the following: Full installation and configuration of Services Help Desk support and troubleshooting Security and reliability 6 October 2012

7 Automation Director The Automation Director provides support and maintenance of SWART Website which is hosted at Intuit facility. The Automation Director along with Intuit provides the following: Secure website Administration functionality Secure Building Entry Customer Access Policies Customer Data Security Fire Control MIP Financial Software SWART has licenses and support for MIP Financial Software for managing finances and reporting. MIP Financial Software provides the following which is included in their support services: Application updates and upgrades including media for installation On-line backups Help Desk support and troubleshooting JIVE JIVE provides phone IT support services for SWART s phone servers. Services include the following: Maintain appropriate software updates/upgrades Address user security policies Help Desk support and troubleshooting Server support Least Privilege [AC-6] All applications accessed by SWART have an administrator login. The administrator has different privileges from the users. The following table describes the administrator privilege for each system: System Type Designated Third Party Administrator Privileges Support Contact Accounting / Finance Automation Director Set-up user accounts/passwords Set-up user module access Infrastructure Networking, Servers, Automation Director Perform operating system updates and maintenance 7 October 2012

8 Routers, Phone System Set-up and delete any user accounts and passwords Install required software Set-up security parameters on servers Set-up system backup process Scheduling Software Shah Software. Set-up user accounts/passwords Set-up user module access Provide application and database updates and maintenance Intuit and Automation Director Create and manage mailboxes Perform system updates and maintenance Perform system backups Update website for any required changes Website General Manager and Automation Director Website Servers Intuit Perform operating system updates and maintenance Table 2 Administrator Privileges Unsuccessful Login Attempts [AC-7] All applications being accessed by SWART management and staff require logins with passwords. The applications cannot be accessed until both username and password are correct and match. The password is encrypted and is never displayed to the user. If the user forgets their password, Automation Director will delete the current password and assign a new one to the user Concurrent Session Control [AC-10] All application being accessed by SWART management and staff are managed through user licenses. There is a limit on the number of concurrent sessions based on the number of available licenses Session Lock or Termination [AC-11] A security setting can be set-up in Shah Software. This security setting determines how many minutes after the last activity date and time logged for a session be considered abandoned and removed. After this time period, users must log back into the system Permitted Actions without Identification or Authentication [AC-14] Access to the internet is provided to employees for the benefit of SWART and its clients. Employees are able to connect to a variety of business information resources around the world. The following guidelines have been established for the using the internet and 8 October 2012

9 Employees using the Internet are representing the agency. Employees are responsible for ensuring that the internet is used in an effective, ethical, and lawful manner. Examples of acceptable use are: o Using Web browsers to obtain business information from commercial Web Sites o Accessing databases for information as needed. o Using the for business contact. Employees must not use the internet for purposes that are illegal, harmful to the agency or nonproductive. Examples of unacceptable use are: o Sending or forwarding chain [i.e., message containing instructions to forward the message to others. o Conducting personal business using agency resources o Transmitting any content that is offensive, harassing or fraudulent Ensure that all communications are for professional reasons and that they do not interfere with his/her productivity. Be responsible for the content of all text, audio, or images that she/he places or sends over the Internet. All communications should have the employee's name attached. Not transmit copyrighted materials without permission. Know and abide by all applicable SWART policies dealing with security and confidentiality of agency records. Avoid transmission of nonpublic customer information. If it is necessary to transmit nonpublic information, employees are required to take steps reasonably intended to ensure that information is delivered to the proper person who is authorized to receive such information for a legitimate use. File downloads from the Internet are not permitted unless specifically authorized by the General Manager, Automation Director or Administrative Specialist. All messages created, sent, or retrieved over the Internet are the property of the agency and may be regarded as public information. SWART reserves the right to access the contents of any messages sent over its facilities if the agency believes, in its sole judgment, that it has a business need to do so. All communications, including text and images, can be disclosed to law enforcement or other third parties without prior consent of the sender or the receiver Remote Access [AC-17] A Virtual Private Network (VPN) has been set-up to access the servers for maintenance and to access the MIP Financial Software and Shah Software application. Passwords are required to access the VPN Wireless Access [AC-18] A wireless access point is available in the SWART facility. It uses WEP encryption set-up and the password is managed by the Automation Director. There is guest account set-up. 9 October 2012

10 4.2 Awareness and Training Security Awareness and Training Policy [AT-1] SWART provides information to management and staff on all security policies. Security policies include the following: Internet access and use Prevention of computer viruses Password management Access to data Physical security Copy rights and license agreements 4.3 Security Assessment and Authorization Security Authorization [CA-6] SWART issues a HHSC Data Use and Business Associate Agreement that must be signed by staff, contractors, vendors, consultants or anyone associated with confidential information. See Appendix C. 4.4 Contingency Planning Information System Backup [CP-9] SWART performs incremental backups each night through an in house backup device and the Automation Director keeps a backup tape at a remote location. The internet is used to send incremental backups to the offsite service. Backup sets are encrypted and only Excelerated Technology has the password to retrieve the backup. Automation Director will ensure that server backup is completed daily to offsite backup Information System Recovery and Reconstitution [CP-10] System Recovery will be performed from on-line backups. RouteMatch also retains a backup copy of transit database. Intuit performs the following system backup tasks: Enterprise-level backup-to-disk solution with offsite replication to protect data and reduce recovery time. Automatic offsite queuing of in the event of an outrage Battery backup solution to ensure uptime during power outages. 10 October 2012

11 4.5 Identification and Authentication Identification and Authentication [IA-2] SWART s information systems will uniquely identify and authenticate users accessing systems. Authentication of user identities is accomplished through the use of passwords. The Automation Director will maintain a list of administrative access codes and passwords and keep this list in a secure area available only to the General Manager and Administrative Specialist. Employees are responsible for their passwords and the following: Shall be responsible for all computer transactions that are made with his/her User ID and password Shall not disclose passwords to others. Passwords must be changed immediately if it is suspected that they may have become known to others. Passwords should not be recorded where they may be easily obtained. Should use passwords that will not be easily guessed by others Should log out when leaving a workstation for an extended period All passwords used by Information Systems are encrypted. 4.6 Maintenance System Maintenance Policy and Procedures [MA-1] All systems are maintained with current versions of operating system and anti-virus software. 4.7 Physical and Environmental Protection Physical Access Control [PE-3] Within the SWART facility, a separate room is used for the location of information systems Access Control for Output Devices [PE-5] SWART has established policies to protect computer hardware, software data and documentation from misuse, theft, unauthorized access, and environmental hazards. The directives below apply to all employees: Diskettes should be stored out of sight when not in use. If they contain highly sensitive or confidential data, they must be locked up. Diskettes should be kept away from environmental hazards such as heat, direct sunlight, and magnetic fields. Critical computer equipment, e.g., file servers, must be protected by an Uninterruptible Power Supply (UPS). Other computer equipment should be protected by a surge suppressor. 11 October 2012

12 Environmental hazards to hardware such as food, smoke, liquids, high or low humidity, and extreme heat or cold should be avoided. Since the Automation Director is responsible for all equipment installations, disconnections, modifications, and relocations, employees are not to perform these activities. This does not apply to temporary moves of portable computers for which an initial connection has been set up by Administrative Assistant II. Employees shall not take shared portable equipment such as laptop computers out of the agency building without the informed consent of their supervisor and/or General Manager. Informed consent means that the supervisor knows what equipment is leaving, what data is on it, and for what purpose it will be used. Employees should exercise care to safeguard the valuable electronic equipment assigned to them. Employees who neglect this duty may be accountable for any loss or damage that may result Fire Protection SWART facility has a smoke alarm and multiple fire extinguishers located in key areas in the facility. 4.8 Personnel Security Personnel Screening [PS-3] SWART has established policies and procedures for personnel screening when hiring and as employees. These policies and procedures are documented in the employee handbook and provided to all employees. The policies and procedures are the following: Upon employment, all employees consent for SWART to conduct criminal background checks. The criminal history background check shall include at a minimum, but not limited to, felony or misdemeanor conviction of an act of abuse, neglect or exploitation of children, the elderly or persons with disabilities as defined in Texas Family Code, as amended, Chapter 261 and the Texas Human Resources Code, as amended, Chapter 48; an offense under the Texas Penal Code, as amended, against the person; against the family; against public order or decency; against public health, safety or morals; against property; an offense under Chapter 481 of the Texas Health and Safety Code, as amended, (Texas Controlled Substances Act). SWART shall conduct an Internet Computerized Criminal History file (CCH) background check and a National and State Sex Offender Registry check, prior to an individual transporting any passenger under SWART contracts. This will include SWART personnel and any sub-contractor or sub-contractor employee who directly works in providing transportation services to passengers and clients. This information shall be maintained on file for review by authorized funding source representatives. SWART shall check for felony and misdemeanor convictions for the seven years prior to the hire date and annually thereafter. Individuals with any criminal conviction that falls within 12 October 2012

13 the aforementioned categories shall not be allowed to participate in providing services unless authorized by funding sources. Employees, subcontractor, and subcontractor employees who provide transportation for passengers and/or clients shall notify SWART in writing immediately of criminal convictions (felony or misdemeanor) and or pending felony charges or placement on a Registry as a perpetrator. SWART will report information to funding source (as required) within 10 business days for determination if the CCH finding or reported incident will disqualify an operator from providing services under appropriate contract. SWART shall require each new employee, sub-contractor, or sub-contractor employee who provides transportation services and who has not resided or lived in Texas to sign a waiver attesting to the fact they have never been convicted of a felony or misdemeanor referenced in above paragraph or identified as a perpetrator. If they have been convicted, the nature and conviction date of the felony or misdemeanor must be disclosed. Annual MVR and criminal history checks will be conducted. SWART also conducts personal references and reserves the right to contact former employers. Request for DOT drug and alcohol testing information forms are also submitted to previous employers when applicants indicate they have worked for a DOT funded agency in the past. These references are used to verify whether drug/alcohol violations occurred in past employment. All safety sensitive staff (including drivers), as defined by the Federal Transit Administration, participate in an approved drug and alcohol testing program. The testing program includes drug testing as a condition of employment and drug and alcohol testing on a random basis at the FTA annual minimum random testing rates as set forth in the Federal Register as per 49 CFR Part (b) for drug and alcohol for all covered employees. As part of the orientation process, all SWART personnel are trained on the importance of reporting fraud or program abuse, sexual harassment, physical or verbal abuse as alleged by recipients or attendants during trips authorized by HHSC Personnel Termination [PS-4] The Automation Director will remove any employee accounts and passwords when an employee is terminated or resigns Access Agreements [PS-6] SWART issues a Data Use and Business Associate Agreement that must be signed by staff, contractors, vendors, consultants or anyone associated with confidential information. See Appendix C. 4.9 System and Services Acquisition Software Usage Restrictions [SA-6] Automation Director will: Maintain records of software licenses owned by SWART. Periodically (at least annually) scan agency computers to verify that only authorized software is installed. 13 October 2012

14 Ensure employee responsibilities related to software usage which includes the following: o Installation of software unless authorized by General Manager or Administrative Specialist is prohibited. Only software that is licensed to or owned by SWART is to be installed on SWART computers. o Copying of software must be authorized by General Manager or Administrative Specialist. o Download of software must be authorized by General Manager of Administrative Specialist System and Information Integrity Spam Protection All SWART systems have installed the latest version of Anti-Virus and Spam protection software. Intuit performs inbound filtering for spam, phishing attacks, viruses, and threats. Filtering occurs before s reaches Intuit mail servers. Antivirus protection is configured at the mailbox level. The following directives apply to all employees: Employees shall not knowingly introduce a computer virus into agency computers. Employees shall not load diskettes of unknown origin. Incoming diskettes shall be scanned for viruses before they are read. Any staff member who suspects that his/her workstation has been infected by a virus shall IMMEDIATELY POWER OFF the workstation and call the Administrative Assistant II. 5 Strategic Goals and Objectives This section sets the direction for future or near-term policies and procedures that SWART will implement in the next two years. It outlines three key areas of concentration that SWART will address for Information Systems and to continue protecting the information systems and data contained in each. 5.1 Information System Monitoring SWART Goal: Deploy monitoring devices, such as firewalls, to monitor events on the information system. Alerts can be generated from firewalls based on rules set on device to allow or deny network transmissions. 5.2 Visitor Control Security Processes SWART Goal: Control access to facility physical access to the information systems by authenticating employees and visitors before authorizing access to the facility. This can be accomplished by: 14 October 2012

15 Maintaining visitor access records (sign-in sheet) which include name/organization, signature, date and time of access, purpose of visit, and name/organization of person visited. Visitors are escorted to a designated area Cameras installed in key facility locations Installation of bar code readers for bar code scanning of employee badges or other devices to allow employees to enter facility and specific offices within SWART facility 5.3 Implement Physical and Environmental Protection for Mission Critical Information Systems SWART Goal: Move mission critical Information Systems to a Hosted Solution environment to facilitate the implementation of physical and environmental protection and associated physical and environmental controls. Mission Critical solutions are hosted at data centers which are secure, monitored and manned. This includes 24-hour security, Uninterrupted Power Supplies (UPS), diesel backup, fire protection, and off-site data backup facilities with geographical redundancy and mirrored potential. 5.4 Enhance User Authentication SWART Goal: Establish password organization-defined and restrictions including: Minimum password length Password composition such as case sensitivity, mix of upper-case letters, lower-case letters, numbers and special characters Enforce when new passwords are created Investigate roaming profile capability 15 October 2012

16 6 References The Federal Information Security Management Act of 2002 (FISMA) SWART Summary of Handbook Policies SWART Policies and Procedures June Terms and Acronyms DOT HHSC security control VPN WEP Encryption Department of Transportation Health and Human Services Commission Management, operational, and technical safeguards or countermeasures employed within an organizational information system to protect the confidentiality, integrity, and availability of the system and its information. Virtual Private Network - secure network that uses primarily public telecommunication infrastructures, such as the Internet, to provide remote offices Security protocol for wireless networks that encrypts transmitted data 16 October 2012

17 Appendix A Security Control Table Table 1 Security Control Classes, Families and Identifiers 17 October 2012

18 Appendix B Acknowledgement of Information Security Policy Acknowledgment of Information Security Policy This form is used to acknowledge receipt of, and compliance with, the Southwest Area Regional Transit District Information Security Policy. Procedure Complete the following steps: 1. Read the Information Security Policy. 2. Sign and date in the spaces provided below. 3. Return this page only to the Administrative Specialist. Signature By signing below, I agree to the following terms: i. I have received and read a copy of the Information Security Policy and understand the same; ii. I understand and agree that any computers, software, and storage media provided to me by the agency contains proprietary and confidential information about Southwest Area Regional Transit District and its customers or its vendors, and that this is and remains the property of the agency at all times; iii. I agree that I shall not copy, duplicate (except for backup purposes as part of my job here at Southwest Area Regional Transit District), otherwise disclose, or allow anyone else to copy or duplicate any of this information or software; iv. I agree that, if I leave Southwest Area Regional Transit District for any reason, I shall immediately return to the agency the original and copies of any and all software, computer materials, or computer equipment that I may have received from the agency that is either in my possession or otherwise directly or indirectly under my control. Employee signature: Employee name: Date: 18 October 2012

19 Appendix C HHSC Data Use and Business Associate Agreement Southwest Area Regional Transit District Medical Transportation Confidentiality Acknowledgement By signing this form, I agree that it is my responsibility to maintain the utmost of confidentiality regarding Medical Transportation, all services requested and/or provided, clients, client s information, etc. SWART represents and warrants that individuals identified below have demonstrated need to know and have access to Confidential Information pursuant to this Agreement and the Base Contract, and further, that each agree to be bound by the disclosure and use limitations pertaining to the Confidential Information contained in the Agreement. SWART must maintain an updated, complete, accurate and numbered list of Authorized Users at all times and supply it to HHSC, as directed, to the extent those identified below change. Should I have any questions or concerns regarding these standards, I will contact my immediate supervisor immediately. Employee Printed Name Title Employee Signature Date Office Use ONLY: # Seq. Date Received Staff Initials 19 October 2012

Information Technology Security Policies

Information Technology Security Policies Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral

More information

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3 Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information

More information

Estate Agents Authority

Estate Agents Authority INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in

More information

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Franciscan University of Steubenville Information Security Policy

Franciscan University of Steubenville Information Security Policy Franciscan University of Steubenville Information Security Policy Scope This policy is intended for use by all personnel, contractors, and third parties assisting in the direct implementation, support,

More information

Network and Workstation Acceptable Use Policy

Network and Workstation Acceptable Use Policy CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Delaware State University Policy

Delaware State University Policy Delaware State University Policy Title: Delaware State University Acceptable Use Policy Board approval date: TBD Related Policies and Procedures: Delaware State University Acceptable Use Policy A Message

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan SAMPLE TEMPLATE Massachusetts Written Information Security Plan Developed by: Jamy B. Madeja, Esq. Erik Rexford 617-227-8410 jmadeja@buchananassociates.com Each business is required by Massachusetts law

More information

Supplier IT Security Guide

Supplier IT Security Guide Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA

More information

a) Access any information composed, created, received, downloaded, retrieved, stored, or sent using department computers.

a) Access any information composed, created, received, downloaded, retrieved, stored, or sent using department computers. CAYUGA COUNTY POLICY MANUAL Section 11 Subject: Electronic messaging and internet 1 Effective Date: 5/25/10; Res. 255-10 Supersedes Policy of: November 28, 2000 Name of Policy: County Computer Hardware-Software

More information

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the

More information

APPROVED BY: Signatures on File Chief Information Officer APPROVED BY: Chief Financial Officer PURPOSE

APPROVED BY: Signatures on File Chief Information Officer APPROVED BY: Chief Financial Officer PURPOSE TITLE: COMPUTER USE POLICY PAGE 1 OF 5 EFFECTIVE DATE: 07/2001 REVIEW DATES: 02/2003, 09/2006 REVISION DATES: 03/2005, 03/2008 DISTRIBUTION: All Departments PURPOSE APPROVED BY: Signatures on File Chief

More information

SITECATALYST SECURITY

SITECATALYST SECURITY SITECATALYST SECURITY Ensuring the Security of Client Data June 6, 2008 Version 2.0 CHAPTER 1 1 Omniture Security The availability, integrity and confidentiality of client data is of paramount importance

More information

How To Protect Research Data From Being Compromised

How To Protect Research Data From Being Compromised University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...

More information

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security

More information

APHIS INTERNET USE AND SECURITY POLICY

APHIS INTERNET USE AND SECURITY POLICY United States Department of Agriculture Marketing and Regulatory Programs Animal and Plant Health Inspection Service Directive APHIS 3140.3 5/26/2000 APHIS INTERNET USE AND SECURITY POLICY 1. PURPOSE This

More information

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Responsible Use of Technology and Information Resources

Responsible Use of Technology and Information Resources Responsible Use of Technology and Information Resources Introduction: The policies and guidelines outlined in this document apply to the entire Wagner College community: students, faculty, staff, alumni

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Information Resources Security Guidelines

Information Resources Security Guidelines Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Information Technology Security Procedures

Information Technology Security Procedures Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3

More information

MCOLES Information and Tracking Network. Security Policy. Version 2.0

MCOLES Information and Tracking Network. Security Policy. Version 2.0 MCOLES Information and Tracking Network Security Policy Version 2.0 Adopted: September 11, 2003 Effective: September 11, 2003 Amended: September 12, 2007 1.0 POLICY STATEMENT The Michigan Commission on

More information

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution. Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR

More information

BUSINESS ONLINE BANKING AGREEMENT

BUSINESS ONLINE BANKING AGREEMENT BUSINESS ONLINE BANKING AGREEMENT This Business Online Banking Agreement ("Agreement") establishes the terms and conditions for Business Online Banking Services ( Service(s) ) provided by Mechanics Bank

More information

How To Protect Decd Information From Harm

How To Protect Decd Information From Harm Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

IT - General Controls Questionnaire

IT - General Controls Questionnaire IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy TABLE OF CONTENTS PURPOSE... 4 SCOPE... 4 AUDIENCE... 4 COMPLIANCE & ENFORCEMENT... 4 POLICY STATEMENTS... 5 1. General... 5 2. Authorized Users... 5 3. Loss and Theft... 5 4. Illegal

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY MEMORANDUM TO: FROM: RE: Employee Human Resources MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY Please find attached the above referenced policy that is being issued to each

More information

Department of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS

Department of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS Department of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS 1. Purpose This directive establishes the Department of Homeland

More information

COLLINS CONSULTING, Inc.

COLLINS CONSULTING, Inc. COLLINS CONSULTING, Inc. TECHNOLOGY PLATFORM USE POLICY 53-R1 COLLINS CONSULTING, INC. TECHNOLOGY PLATFORM USE POLICY Confidential Collins Consulting, Inc. maintains, as part of its technology platform,

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

How To Protect The Time System From Being Hacked

How To Protect The Time System From Being Hacked WISCONSIN TIME SYSTEM Training Materials TIME SYSTEM SECURITY AWARENESS HANDOUT Revised 11/21/13 2014 Security Awareness Handout All System Security The TIME/NCIC Systems are criminal justice computer

More information

INFORMATION SECURITY PROGRAM

INFORMATION SECURITY PROGRAM Approved 1/30/15 by Dr. MaryLou Apple, President MSCC Policy No. 1:08:00:02 MSCC Gramm-Leach-Bliley INFORMATION SECURITY PROGRAM January, 2015 Version 1 Table of Contents A. Introduction Page 1 B. Security

More information

BERKELEY COLLEGE DATA SECURITY POLICY

BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY TABLE OF CONTENTS Chapter Title Page 1 Introduction 1 2 Definitions 2 3 General Roles and Responsibilities 4 4 Sensitive Data

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Reynoldsburg City Schools Computer and Technology Acceptable Use Policy Staff, Volunteers and Students

Reynoldsburg City Schools Computer and Technology Acceptable Use Policy Staff, Volunteers and Students Reynoldsburg City Schools Computer and Technology Acceptable Use Policy Staff, Volunteers and Students AUP Sections 1. Acceptable Use 2. Privileges 3. Internet Access 4. Procedures & Caveats 5. Netiquette

More information

Internet & Cell Phone Usage Policy

Internet & Cell Phone Usage Policy Internet & Cell Phone Usage Policy The Internet usage Policy applies to all Internet & Cell phone users (individuals working for the company, including permanent full-time and part-time employees, contract

More information

Pierce County Policy on Computer Use and Information Systems

Pierce County Policy on Computer Use and Information Systems Pierce County Policy on Computer Use and Information Systems Pierce County provides a variety of information technology resources such as computers, software, printers, scanners, copiers, electronic mail

More information

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9 1 of 9 PURPOSE: To define standards for appropriate and secure use of MCG Health electronic systems, specifically e-mail systems, Internet access, phones (static or mobile; including voice mail) wireless

More information

Responsible Access and Use of Information Technology Resources and Services Policy

Responsible Access and Use of Information Technology Resources and Services Policy Responsible Access and Use of Information Technology Resources and Services Policy Functional Area: Information Technology Services (IT Services) Applies To: All users and service providers of Armstrong

More information

Identity Theft Prevention Program Compliance Model

Identity Theft Prevention Program Compliance Model September 29, 2008 State Rural Water Association Identity Theft Prevention Program Compliance Model Contact your State Rural Water Association www.nrwa.org Ed Thomas, Senior Environmental Engineer All

More information

Appendix G District Email Policies and Procedures

Appendix G District Email Policies and Procedures Appendix G District Email Policies and Procedures I. Introduction Email has become one of the most used communications tools in both homes and work places and is now an integral part of all Joshua ISD

More information

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users Table of Contents... 1 A. Accountability... 1 B. System Use Notification (Login Banner)... 1 C. Non-... 1 D. System Access... 2 E. User IDs... 2 F. Passwords... 2 G. Electronic Information... 3 H. Agency

More information

Clear Creek ISD 084910 CQ (REGULATION) Business and Support Services: Electronic Communications

Clear Creek ISD 084910 CQ (REGULATION) Business and Support Services: Electronic Communications Clear Creek ISD 084910 CQ (REGULATION) SCOPE CONSENT REQUIREMENTS CHIEF TECHNOLOGY OFFICER RESPONSIBILITIES The Superintendent or designee will oversee the District s electronic communications system.

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Best Practices For Department Server and Enterprise System Checklist

Best Practices For Department Server and Enterprise System Checklist Best Practices For Department Server and Enterprise System Checklist INSTRUCTIONS Information Best Practices are guidelines used to ensure an adequate level of protection for Information Technology (IT)

More information

Information Technology Cyber Security Policy

Information Technology Cyber Security Policy Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please

More information

Boston Public Schools. Guidelines for Implementation of Acceptable Use Policy for Digital Information, Communication, and. Technology Resources

Boston Public Schools. Guidelines for Implementation of Acceptable Use Policy for Digital Information, Communication, and. Technology Resources Boston Public Schools Guidelines for Implementation of Acceptable Use Policy for Digital Information, Communication, and Scope of Policy Technology Resources ACCEPTABLE USE POLICY AND GUIDELINES Boston

More information

Sample Policies for Internet Use, Email and Computer Screensavers

Sample Policies for Internet Use, Email and Computer Screensavers Sample Policies for Internet Use, Email and Computer Screensavers In many of its financial management reviews, the Technical Assistance Section has encouraged municipalities to develop and adopt policies

More information

ASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010

ASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010 ASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010 OBJECTIVE This Security Plan (the Plan ) is intended to create effective administrative, technical and physical safeguards for the protection

More information

Columbus Police Division Directive. I. Definitions. May 15, 1993 10.01 REVISED. Division Computer Systems

Columbus Police Division Directive. I. Definitions. May 15, 1993 10.01 REVISED. Division Computer Systems Columbus Police Division Directive EFFECTIVE NUMBER May 15, 1993 10.01 REVISED TOTAL PAGES Mar. 30, 2014 9 Division Computer Systems I. Definitions A. Executable File A program or file that automatically

More information

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011 City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011 Purpose and Intent The City of Boston recognizes the importance

More information

North Clackamas School District 12

North Clackamas School District 12 North Clackamas School District 12 Code: IIBGA-AR Revised/Reviewed: 3/06/08; 6/21/12 Orig. Code(s): SP IIBGA Guidelines for the Use of the District s Electronic Communication System Definitions 1. Technology

More information

Newark City Schools Computer Network, Internet And Bring Your Own Device (BYOD) Acceptable Use Policy and Agreement

Newark City Schools Computer Network, Internet And Bring Your Own Device (BYOD) Acceptable Use Policy and Agreement Newark City Schools Computer Network, Internet And Bring Your Own Device (BYOD) Acceptable Use Policy and Agreement The Newark City Schools is pleased to make available access to the Internet, and a Bring

More information

HIPAA Security Training Manual

HIPAA Security Training Manual HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,

More information

Administrative Procedure 3720 Computer and Network Use

Administrative Procedure 3720 Computer and Network Use Reference: 17 U.S.C. Section 101 et seq.; Penal Code Section 502, Cal. Const., Art. 1 Section 1; Government Code Section 3543.1(b); Federal Rules of Civil Procedure, Rules 16, 26, 33, 34, 37, 45 The District

More information

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help

More information

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...

More information

CHIS, Inc. Privacy General Guidelines

CHIS, Inc. Privacy General Guidelines CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified

More information

Odessa College Use of Computer Resources Policy Policy Date: November 2010

Odessa College Use of Computer Resources Policy Policy Date: November 2010 Odessa College Use of Computer Resources Policy Policy Date: November 2010 1.0 Overview Odessa College acquires, develops, and utilizes computer resources as an important part of its physical and educational

More information

Caldwell Community College and Technical Institute

Caldwell Community College and Technical Institute Caldwell Community College and Technical Institute Employee Computer Usage Policies and Procedures I. PURPOSE: The purpose of this section is to define the policies and procedures for using the administrative

More information

How To Write A Health Care Security Rule For A University

How To Write A Health Care Security Rule For A University INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a

More information

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee Software Policy Approved by School Committee General Statement of Policy The Medford Public Schools licenses the use of computer software from a variety of third parties. Such software is normally copyrighted

More information

13. Acceptable Use Policy

13. Acceptable Use Policy To view the complete Information and Security Policies and Procedures, log into the Intranet through the IRSC.edu website. Click on the Institutional Technology (IT) Department link, then the Information

More information

Department of Finance and Administration Telephone and Information Technology Resources Policy and Procedures March 2007

Department of Finance and Administration Telephone and Information Technology Resources Policy and Procedures March 2007 Department of Finance and Administration Telephone and Information Technology Resources Policy and Procedures March 2007 I. Statement of Policy The Department of Finance and Administration (DFA) makes

More information

Authorized. User Agreement

Authorized. User Agreement Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION

More information

AP 417 Information and Communication Services

AP 417 Information and Communication Services AP 417 Information and Communication Services Background Access and use of information and communication services (ICS) are an integral component of the learning and working environment. The ability for

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy I. Introduction Each employee, student or non-student user of Greenville County Schools (GCS) information system is expected to be familiar with and follow the expectations and requirements

More information

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University

More information

DEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE

DEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE 2 of 10 2.5 Failure to comply with this policy, in whole or in part, if grounds for disciplinary actions, up to and including discharge. ADMINISTRATIVE CONTROL 3.1 The CIO Bureau s Information Technology

More information

Health Insurance Portability and Accountability Act (HIPAA) Overview

Health Insurance Portability and Accountability Act (HIPAA) Overview Health Insurance Portability and Accountability Act (HIPAA) Overview Agency, Contract and Temporary Staff Orientation Initiated: 5/04, Reviewed: 7/10, Revised: 10/10 Prepared by SHS Administration & Samaritan

More information

Valdosta Technical College. Information Security Plan

Valdosta Technical College. Information Security Plan Valdosta Technical College Information Security 4.4.2 VTC Information Security Description: The Gramm-Leach-Bliley Act requires financial institutions as defined by the Federal Trade Commision to protect

More information

Ethical and Responsible Use of EagleNet 03/26/14 AMW

Ethical and Responsible Use of EagleNet 03/26/14 AMW Campus Technology Services Solutions Center Juniata College 814.641.3619 help@juniata.edu http://services.juniata.edu/cts Ethical and Responsible Use of EagleNet 03/26/14 AMW Preamble The resources of

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

Internet usage Policy

Internet usage Policy Internet usage Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is

More information

HMIS SECURITY PLAN of the PHILADELPHIA CONTINUUM OF CARE

HMIS SECURITY PLAN of the PHILADELPHIA CONTINUUM OF CARE HMIS SECURITY PLAN of the PHILADELPHIA CONTINUUM OF CARE This plan describes the standards for the security of all data contained in the Philadelphia Continuum of Care Homeless Management Information System

More information

All Users of DCRI Computing Equipment and Network Resources

All Users of DCRI Computing Equipment and Network Resources July 21, 2015 MEMORANDUM To: From Subject: All Users of DCRI Computing Equipment and Network Resources Eric Peterson, MD, MPH, Director, DCRI Secure System Usage The purpose of this memorandum is to inform

More information

ACCEPTABLE USE POLICY

ACCEPTABLE USE POLICY ACCEPTABLE USE POLICY F. Paul Greene Harter Secrest & Emery LLP 1600 Bausch & Lomb Place Rochester, NY 14604 585-231-1435 fgreene@hselaw.com 2016 HARTER SECREST & EMERY LLP THE FOLLOWING TEMPLATE WAS DESIGNED

More information

Procedure Title: TennDent HIPAA Security Awareness and Training

Procedure Title: TennDent HIPAA Security Awareness and Training Procedure Title: TennDent HIPAA Security Awareness and Training Number: TD-QMP-P-7011 Subject: Security Awareness and Training Primary Department: TennDent Effective Date of Procedure: 9/23/2011 Secondary

More information

Policy for the Acceptable Use of Information Technology Resources

Policy for the Acceptable Use of Information Technology Resources Policy for the Acceptable Use of Information Technology Resources Purpose... 1 Scope... 1 Definitions... 1 Compliance... 2 Limitations... 2 User Accounts... 3 Ownership... 3 Privacy... 3 Data Security...

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy 1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines

More information

Terms and Conditions of Use - Connectivity to MAGNET

Terms and Conditions of Use - Connectivity to MAGNET I, as the Client, declare to have read and accepted the terms and conditions set out below for the use of the network connectivity to the Malta Government Network (MAGNET) provided by the Malta Information

More information

Technology Department 1350 Main Street Cambria, CA 93428

Technology Department 1350 Main Street Cambria, CA 93428 Technology Department 1350 Main Street Cambria, CA 93428 Technology Acceptable Use and Security Policy The Technology Acceptable Use and Security Policy ( policy ) applies to all CUSD employees and any

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

Information Technology Acceptable Use Policy

Information Technology Acceptable Use Policy Information Technology Acceptable Use Policy Overview The information technology resources of Providence College are owned and maintained by Providence College. Use of this technology is a privilege, not

More information

Information Security Program Management Standard

Information Security Program Management Standard State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES

More information

Appendix A: Rules of Behavior for VA Employees

Appendix A: Rules of Behavior for VA Employees Appendix A: Rules of Behavior for VA Employees Department of Veterans Affairs (VA) National Rules of Behavior 1 Background a) Section 5723(b)(12) of title 38, United States Code, requires the Assistant

More information

California State University, Sacramento INFORMATION SECURITY PROGRAM

California State University, Sacramento INFORMATION SECURITY PROGRAM California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...

More information