Administrative Policies and Procedures POLICY FOR USE AND ACCESS TO ENTERPRISE DATA CENTER FACILITIES

Size: px
Start display at page:

Download "Administrative Policies and Procedures POLICY FOR USE AND ACCESS TO ENTERPRISE DATA CENTER FACILITIES"

Transcription

1 Administrative Policies and Procedures POLICY FOR USE AND ACCESS TO ENTERPRISE DATA CENTER FACILITIES Department: Information Technology Services Policy Number: Effective Date: Revision Date: June 11, 2008 POLICY: UW Medicine data centers house servers supporting computing systems which provide patient care and administration services, and are a critical resource. Data centers provide both physical and network infrastructure as well as security protections for critical systems. Accreditation agencies also require strong data center protections, including strong access controls. Data centers resources are likely to be limited in one or more areas, such as cooling, power, or weight. Therefore, all servers placed into and access to enterprise data centers will be reviewed, prioritized, and approved in advance according to their level of critical impact (mission critical) to the medical center(s) by UW Medicine IT Services (ITS). Any changes in access to or the hardware of approved systems must also be reviewed and approved by ITS. Access to data centers will be granted only to those with a clear need as approved by ITS, in accordance with the procedures defined below. Individuals granted access must agree to electronic or paper access controls and video surveillance, as required by UW Medicine and its accreditation agencies. This policy applies only to enterprise data centers. DEFINITIONS: Enterprise data centers support major enterprise information systems critical to the mission of UW Medicine. For reliability, enterprise data centers have redundant power, cooling, and networking, and are designed for resistance to earthquakes. Systems in enterprise data centers are designed and installed to be managed and monitored on a 24/7 basis remotely. Physical access to enterprise data centers are restricted and monitored, and networks are protected against intrusions. Procedures governing these facilities are designed to meet financial audit, HIPAA and other regulations. Primary data centers handle the most critical of enterprise systems and are in close proximity to patient care facilities to minimize disruptions from communications failures. Secondary data centers service less critical enterprise systems. Enterprise data centers are listed in Appendix 1. Local data centers support departmental and some smaller enterprise systems and are managed by the facility and/or ITS. These data centers vary in quality and are smaller in capacity and size. Local data centers may lack redundancy for power, cooling, or networking, and may not control access or protect networks. If systems in these facilities contain patient information, they must meet appropriate regulatory requirements, including compliance to appropriate security policies. Local data centers include NW078 in UWMC and BEH39 at HMC. System Criticality refers to the level of importance of the system for the continued operation of UW Medicine, its hospitals, patient care activities, and/or the School of Medicine. Criticality levels range from 1 (most critical) to 5 (least critical).

2 Level 1 Information systems or supporting systems critical to the normal operations of UW Medicine s Immediate Critical Patient Care activities, where a downtime of 0-4 hours is highly disruptive. Level 1 systems must be fully redundant in at least two physically separated enterprise data centers, and a single system must be able to operate independently in a single data center. Emergency manual procedures for a level 1 system are difficult to implement. Examples: Critical to Patient Care - ORCA PROD, PACS, Lab, Critical Support Systems - DNS servers (network name resolution), and Active Directory (access/authentication) systems. Level 2 Information systems or supporting systems that are Essential to Patient Care or provide Essential Support to UW Medicine activities where a downtime of up to 24 hours would be operationally feasible and for which good manual down time procedures beyond that are difficult to implement without directly impacting critical patient care activities. Level 2 systems should be redundant. Examples: Essential to Patient Care - Hospital Capacity, Docusys, Registration demographics, Essential Support Public Safety, Safety Monitoring, communications support. Level 3 Information systems or supporting systems that are Important to UW Medicine s business where a downtime of up to 72 hours would be disruptive to normal operations. Level 3 systems are not required to be redundant. Examples: EPIC patient scheduling, system, system and infrastructure monitoring systems, certain Research systems. Level 4 Information systems or supporting systems where a downtime of 3 days or more can be tolerated before resumption of Normal Operations. Test and Development systems that are designed to function in a fail-over capacity also fall into this level. Examples: Patient billing, PMM, Rosebud. Level 5 Information systems used only for Research, Isolated Development or Test, and Departmental Scheduling or other purposes where the restoration of the system is not required for normal operations. Examples: Sum Total, ORCA Dev, ORCA Test, Spacelabs Test, Research PROCEDURE The detailed procedure for managing the placement of hardware into an enterprise data center is in an accompanying document. Items covered in the procedure include review by UW Medicine Oversight and ITS Project Intake committees. Individuals or departments requesting data center resources must submit a request to one or more medical center review committee(s) and if approved forwarded for consideration at project intake or IT Services Oversight Committee (ITSOC). Review shall include, but not limited to the following: The power and cooling requirements of the system hardware. PHI data stored on or access required by the system. Access to existing shared/critical systems (i.e., HL7, shared data bases, web servers, etc.) The network requirements of the system. The backup and storage requirements of the system. Projected growth over the expected lifetime of the system and its impact on hardware. System design for fault tolerance, redundancy, and emergency operations. The nature of the software, including its criticality to patient care, support for emergency operations, HIPAA, etc. Available data center resources. Funding to support data center costs of the hardware. 2

3 Systems not supporting active applications must be removed from enterprise data centers. Data centers should not be used to hold retired systems because of limited resrouces. Should data center facilities become limited, priorities and considerations for the placement of hardware will include, but are not limited to: An emergency situation requiring hardware maintenance and/or replacement. An operational replacement of hardware where the replacement s characteristics for power, cooling, and weight are equal to or less than that it replaces. This may not be allowed if both the existing and replacement hardware must be available concurrently. Level of the project under Washington Department of Information Systems (DIS) and the Information Systems Board (ISB) which have been previously reviewed by ITS and UW Medicine. Criticality of the system for patient care and/or administration. Priority of the project as dictated by UW Medicine. Once approved by oversight committees, installation of computing systems must be performed and/or approved by UW Medicine ITServices Data Center and Security/Infrastructure staff. To insure the integrity of the data centers, required reviews include: Proper documentation of hardware, and network configurations, and applications. Approved security practices. Identification of responsible parties. Physical placement of servers. Physical hookup of power and network. System monitoring Racks, UPS, cooling and other requirements specific to the data center. In accordance with UW Medicine SEC10 and other relevant security policies, individuals or departments who violate the use and/or access to data centers may be subject to one or more of the following: Shutdown of systems until breach is resolved. Termination of access to the data center. Removal of systems that fail to comply with the policy. Termination of employment for individuals violating the policy. CROSS REFERENCES ITS Project Intake Procedure ITS Data Centers Policies and Procedures ITS Security Review Policy and Procedures (http://security.uwmedicine.org/policies) ITS Basic Data Center Policies ITS Server Placement Request Form ATTACHMENTS Enterprise Data Centers 3

4 REVISIONS Chief Information Officer: Date: VP Medical Affairs Chief Operating Officer: Date: 4

5 Enterprise Data Centers (as of April, 2008) 1) UWMC Surgery Pavilion (SP1004) [primary data center] in use 2) HMC NJB Building [primary data center] opening early ) UW Technologies 4545 Building [secondary data center] in use 4) Sabey, Tukwila [secondary data center] in use 5) UW Towers [secondary data center] planned late

Planning and Administering Windows Server 2008 Servers

Planning and Administering Windows Server 2008 Servers Planning and Administering Windows Server 2008 Servers MOC6430 About this Course Elements of this syllabus are subject to change. This five-day instructor-led course provides students with the knowledge

More information

Data Center Application and Equipment Hosting Services Effective April 1, 2009 Revised March 7, 2011

Data Center Application and Equipment Hosting Services Effective April 1, 2009 Revised March 7, 2011 Information Technology Data Center Application and Equipment Hosting Services Effective April 1, 2009 Revised This document outlines the services NUIT provides from the central data centers to host applications

More information

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006 Department of Information Technology Data Center Disaster Recovery Audit Report Final Report September 2006 promoting efficient & effective local government Executive Summary Our audit found that a comprehensive

More information

M6430a Planning and Administering Windows Server 2008 Servers

M6430a Planning and Administering Windows Server 2008 Servers M6430a Planning and Administering Windows Server Servers Course 6430A: Five days; Instructor-Led Introduction This five-day instructor-led course provides students with the knowledge and skills to implement,

More information

Date Revised: January 25, 2008; January 23, 2009; March 17, 2010; January 7, 2011; February 27, 2012; July 30, 2013 Date of Last Cyclic Review:

Date Revised: January 25, 2008; January 23, 2009; March 17, 2010; January 7, 2011; February 27, 2012; July 30, 2013 Date of Last Cyclic Review: Policy Level: Policy Title: Policy Number: UW Medicine Compliance PP-20a - Access Management 20a Date Established: September 28, 2007 Date Revised: January 25, 2008; January 23, 2009; March 17, 2010; January

More information

Managing and Maintaining Windows Server 2008 Servers (6430) Course length: 5 days

Managing and Maintaining Windows Server 2008 Servers (6430) Course length: 5 days Managing and Maintaining Windows Server 2008 Servers (6430) Course length: 5 days Course Summary: This five-day instructor-led course provides students with the knowledge and skills to implement, monitor,

More information

REMOTE INFRASTRUCTURE MANAGEMENT COURSE CURRICULUM

REMOTE INFRASTRUCTURE MANAGEMENT COURSE CURRICULUM On a Mission to Transform Talent REMOTE INFRASTRUCTURE MANAGEMENT COURSE CURRICULUM Table of Contents Module 1: Introduction to Hardware and Networking (Duration: 1.5 Weeks)...1 Module 2: Windows XP Professional

More information

Assuring High Availability in Healthcare Interfacing Considerations and Approach

Assuring High Availability in Healthcare Interfacing Considerations and Approach Assuring High Availability in Healthcare Interfacing Considerations and Approach High availability is a term used in the software industry to indicate that the application is available a high percentage

More information

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements Analyze the impact of Active Directory on the existing technical environment. Analyze hardware and software

More information

Planning and Administering Windows Server 2008 Servers

Planning and Administering Windows Server 2008 Servers Planning and Administering Windows Server 2008 Servers Course 6430 Five days Instructor-led Introduction Elements of this syllabus are subject to change. This five-day instructor-led course provides students

More information

PROJECT REQUEST REPORT UNIVERSITY OF WASHINGTON DATA CENTER

PROJECT REQUEST REPORT UNIVERSITY OF WASHINGTON DATA CENTER UNIVERSITY OF WASHINGTON OFFICE OF THE VICE PROVOST PLANNING AND BUDGETING Capital and Space Planning PROJECT REQUEST REPORT UNIVERSITY OF WASHINGTON DATA CENTER JULY 31, 2006 University of Washington

More information

Course 20409A: Server Virtualization with Windows Server Hyper-V and System Center Exam Code: Duration: 40 Hrs

Course 20409A: Server Virtualization with Windows Server Hyper-V and System Center Exam Code: Duration: 40 Hrs Course 20409A: Server Virtualization with Windows Server Hyper-V and System Center Exam Code: 74-409 Duration: 40 Hrs Course Outline Module 1: Evaluating the Environment for Virtualization This module

More information

Web Werks Data Center Achieves HIPAA Compliance Certification

Web Werks Data Center Achieves HIPAA Compliance Certification Web Werks Data Center Achieves HIPAA Compliance Certification Web Werks has Achieved HIPAA Compliance Certification Meeting the Security Standards Required to Maintain Healthcare Information. Web Werks

More information

Amendment for Electronic Medical Records System

Amendment for Electronic Medical Records System F 13 VII. STANDING COMMITTEE B. Finance, Audit and Facilities Committee Amendment for Electronic Medical Records System RECOMMENDED ACTION: It is the recommendation of the administration and the Finance,

More information

This white paper describes the three reasons why backup is a strategic element of your IT plan and why it is critical to your business that you plan

This white paper describes the three reasons why backup is a strategic element of your IT plan and why it is critical to your business that you plan This white paper describes the three reasons why backup is a strategic element of your IT plan and why it is critical to your business that you plan and execute a strategy to protect 100 percent of your

More information

a Disaster Recovery Plan

a Disaster Recovery Plan Construction of a Disaster Recovery Plan David Godwin, Sr. Sales Engineer March 18, 2014 Objectives Understand What Disaster Recovery is? Why is Disaster Recovery Needed? Effectively assist customers or

More information

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION MANAGEMENT AUDIT REPORT OF DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION REPORT NO. 13-101 City of Albuquerque Office of Internal Audit

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Course Outline: 6433 _ Planning and Implementing Windows Server 2008 Clustering

Course Outline: 6433 _ Planning and Implementing Windows Server 2008 Clustering Course Outline: 6433 _ Planning and Implementing Windows Server 2008 Clustering Learning Method: Instructor-led Classroom Learning Duration: 5.00 Day(s)/ 40 hrs Overview: This five day course is intended

More information

Planning and Administering Windows Server 2008 Servers 70-646

Planning and Administering Windows Server 2008 Servers 70-646 Hands-On Planning and Administering Windows Server 2008 Servers 70-646 Course Description This Hands-On course provides students with the knowledge and skills to implement, monitor, and maintain Windows

More information

Course Syllabus. Planning and Administering Windows Server 2008 Servers. Key Data. Audience. At Course Completion. Prerequisites. Recommended Courses

Course Syllabus. Planning and Administering Windows Server 2008 Servers. Key Data. Audience. At Course Completion. Prerequisites. Recommended Courses Course Syllabus Planning and Administering Windows Server 2008 Servers This five-day instructor-led course provides students with the knowledge and skills to implement, monitor, and maintain Windows Server

More information

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary

More information

DICTATION & TRANSCRIPTION. www.dolbey.com INFO@DOLBEY.com 800 878 7828

DICTATION & TRANSCRIPTION. www.dolbey.com INFO@DOLBEY.com 800 878 7828 DICTATION & TRANSCRIPTION www.dolbey.com INFO@DOLBEY.com 800 878 7828 Fusion Voice Digital Dictation The quality of a patient s chart relies upon the clinician s ability to effectively communicate findings,

More information

About using Microsoft SQL failover clustering with ITMS 7.1 SP2 or later

About using Microsoft SQL failover clustering with ITMS 7.1 SP2 or later About using Microsoft SQL failover clustering with ITMS 7.1 SP2 or later This section describes Microsoft SQL Server 2008 R2 failover clustering, a method of creating a high availability for your Symantec

More information

Outline. MCSA: Server Virtualization

Outline. MCSA: Server Virtualization MCSA: Server Virtualization Description Get hands-on instruction and practice implementing Microsoft Server Virtualization with Windows Server 2012 R2 Hyper-V and System Center 2012 R2 Virtual Machine

More information

Server Virtualization with Windows Server Hyper-V and System Center

Server Virtualization with Windows Server Hyper-V and System Center Server Virtualization with Windows Server Hyper-V and System Center About this Course This five day course will provide you with the knowledge and skills required to design and implement Microsoft Server

More information

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a

More information

OpenStack Private Cloud Hosting in an Tier 3 Data Centre. G-Cloud Lot 1 IaaS

OpenStack Private Cloud Hosting in an Tier 3 Data Centre. G-Cloud Lot 1 IaaS OpenStack Private Cloud Hosting in an Tier 3 Data Centre This is service provides a dedicated private cloud environment built on the open source technology, OpenStack. This is service provides a dedicated

More information

Introduction to Virtualization. Paul A. Strassmann George Mason University October 29, 2008, 7:20 to 10:00 PM

Introduction to Virtualization. Paul A. Strassmann George Mason University October 29, 2008, 7:20 to 10:00 PM Introduction to Virtualization Paul A. Strassmann George Mason University October 29, 2008, 7:20 to 10:00 PM 1 Data Center Transformation 2 Scope of Virtualization Services 3 Virtualization Evolution 4

More information

Security and Managed Services

Security and Managed Services iconnect Cloud Archive System Overview Security and Managed Services iconnect Cloud Archive (formerly known as Merge Honeycomb ) iconnect Cloud Archive offers cloud-based storage for medical images. Images

More information

20409-Server Virtualization with Windows Server Hyper-V and System Center

20409-Server Virtualization with Windows Server Hyper-V and System Center Course Outline 20409-Server Virtualization with Windows Server Hyper-V and System Center Duration: 5 day (30 hours) Target Audience: This course is intended for IT professionals who are responsible for

More information

HIPAA RISK ASSESSMENT

HIPAA RISK ASSESSMENT HIPAA RISK ASSESSMENT PRACTICE INFORMATION (FILL OUT ONE OF THESE FORMS FOR EACH LOCATION) Practice Name: Address: City, State, Zip: Phone: E-mail: We anticipate that your Meaningful Use training and implementation

More information

LEARNING SOLUTIONS website milner.com/learning email training@milner.com phone 800 875 5042

LEARNING SOLUTIONS website milner.com/learning email training@milner.com phone 800 875 5042 Course 6433A: Planning and Implementing Windows Server 2008 Length: 5 Days Published: September 07, 2011 Language(s): English Audience(s): IT Professionals Overview About this Course Level: 300 Technology:

More information

TABLE OF CONTENTS. 2006.1259 Information Systems Security Handbook. 7 2006.1260 Information Systems Security program elements. 7

TABLE OF CONTENTS. 2006.1259 Information Systems Security Handbook. 7 2006.1260 Information Systems Security program elements. 7 PART 2006 - MANAGEMENT Subpart Z - Information Systems Security TABLE OF CONTENTS Sec. 2006.1251 Purpose. 2006.1252 Policy. 2006.1253 Definitions. 2006.1254 Authority. (a) National. (b) Departmental. 2006.1255

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

The course covers Windows server 2008, Windows Server 2008 R2 and Windows Server 2008 R2 sp1.

The course covers Windows server 2008, Windows Server 2008 R2 and Windows Server 2008 R2 sp1. Course 6433A: Planning and Implementing Windows Server 2008 OVERVIEW About this Course This five day course is intended for IT Professionals who are interested in the knowledge and skills necessary to

More information

METRO REGIONAL GOVERNMENT Records Retention Schedule

METRO REGIONAL GOVERNMENT Records Retention Schedule Program: Administration IS Administration provides strategic planning, direction, and central management oversight of the Information Services that includes the following programs: Desktop Support Services,

More information

Blackboard Managed Hosting SM Disaster Recovery Planning Document

Blackboard Managed Hosting SM Disaster Recovery Planning Document BLACKBOARD MANAGED HOSTING Blackboard Managed Hosting SM Disaster Recovery Planning Document Prepared By: MH Services Modified Date: March 2009 Revision: 1.8 1. OBJECTIVES... 3 2. SCOPE... 3 3. ASSUMPTIONS...

More information

Assuring high availability in healthcare interfacing

Assuring high availability in healthcare interfacing PRODUCT HIGHLIGHT HIGH AVAILABILITY Assuring high availability in healthcare interfacing High availability is a term used in the software industry to indicate that the application is available a high percentage

More information

Building your Server for High Availability and Disaster Recovery. Witt Mathot Danny Krouk

Building your Server for High Availability and Disaster Recovery. Witt Mathot Danny Krouk Building your Server for High Availability and Disaster Recovery Witt Mathot Danny Krouk Terminology Whoa! Resiliency High Availability RTO Round Robin Business Continuity A Spectrum, Not a Switch Backup

More information

Zero Data Loss Solutions for Data Center Consolidation. White Paper

Zero Data Loss Solutions for Data Center Consolidation. White Paper Zero Data Loss Solutions for Data Center Consolidation White Paper October 2010 Summary Driven by a need for greater operational efficiency, data-center consolidation will continue to be a top priority

More information

Server Virtualization with Windows Server Hyper-V and System Center

Server Virtualization with Windows Server Hyper-V and System Center Course 20409 Server Virtualization with Windows Server Hyper-V and System Center Length: Language(s): Audience(s): 5 Days English IT Professionals Level: 300 Technology: Windows Server 2012 Type: Delivery

More information

Business Continuity Planning for Schools, Departments & Support Units

Business Continuity Planning for Schools, Departments & Support Units Business Continuity Planning for Schools, Departments & Support Units 1 What is Business Continuity Planning? Examples Planning for an adverse, major or catastrophic event that would cause a disruption

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,

More information

The Difference Between Disaster Recovery and Business Continuance

The Difference Between Disaster Recovery and Business Continuance The Difference Between Disaster Recovery and Business Continuance In high school geometry we learned that a square is a rectangle, but a rectangle is not a square. The same analogy applies to business

More information

Sponsor Site Questionnaire FAQs Regarding Maestro Care

Sponsor Site Questionnaire FAQs Regarding Maestro Care Sponsor Site Questionnaire FAQs Regarding Maestro Care Data Security and Validation 1. Are the electronic source documents or computer systems specific to the site and/or developed by the site? a. Developed

More information

UCS Level 2 Report Issued to

UCS Level 2 Report Issued to UCS Level 2 Report Issued to MSPAlliance Unified Certification Standard (UCS) Report Copyright 2014 www.mspalliance.com/ucs info@mspalliance.com Welcome to the UCS report which stands for Unified Certification

More information

University of Wisconsin-Madison Policy and Procedure

University of Wisconsin-Madison Policy and Procedure Page 1 of 14 I. Policy II. A. The, the units of the UW-Madison Health Care Component and each individual or unit within UW-Madison that is a Business Associate of a covered entity (hereafter collectively

More information

Main Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications

Main Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications Main Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications Suggested Reference : Senft, Sandra; Gallegos, Frederick., 2009.

More information

Server Virtualization with Windows Server Hyper-V and System Center

Server Virtualization with Windows Server Hyper-V and System Center Course 20409B: Server Virtualization with Windows Server Hyper-V and System Center Course Details Course Outline Module 1: Evaluating the Environment for Virtualization This module provides an overview

More information

10215A Implementing and Managing Microsoft Server Virtualization

10215A Implementing and Managing Microsoft Server Virtualization 10215A Implementing and Managing Microsoft Server Virtualization About this Course This five-day course will provide you with the knowledge and skills to deploy and manage a server virtualization environment

More information

The remedies set forth in this SLA are your sole and exclusive remedies for any failure of the service.

The remedies set forth in this SLA are your sole and exclusive remedies for any failure of the service. (SLA) The remedies set forth in this SLA are your sole and exclusive remedies for any failure of the service. Network Internal Network The internal network includes cables, switches, routers, and firewalls

More information

Disaster Recovery Checklist Disaster Recovery Plan for

Disaster Recovery Checklist Disaster Recovery Plan for <System One> Disaster Recovery Plan for SYSTEM OVERVIEW PRODUCTION SERVER HOT SITE SERVER APPLICATIONS (Use bold for Hot Site) ASSOCIATED SERVERS KEY CONTACTS Hardware Vendor System Owners Database Owner

More information

Information System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls

Information System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls Information System Audit Arkansas Administrative Statewide Information System (AASIS) General Controls ARKANSAS DIVISION OF LEGISLATIVE AUDIT April 12, 2002 April 12, 2002 Members of the Legislative Joint

More information

Department of the Interior

Department of the Interior email, Enterprise Records and Document Management Program Enterprise earchive System Enterprise Content System Enterprise Forms System Enterprise Dashboard System DGI Government U.S. Department Big Data

More information

Planning and Implementing Windows Server 2008

Planning and Implementing Windows Server 2008 About this Course Planning and Implementing Windows This five day course is intended for IT Professionals who are interested in the knowledge and skills necessary to plan and implement a Windows and Windows

More information

Hanh Do, Director, Information Systems Audit Division, GAA. HUD s Controls Over Selected Configuration Management Activities Need Improvement

Hanh Do, Director, Information Systems Audit Division, GAA. HUD s Controls Over Selected Configuration Management Activities Need Improvement Issue Date March 24, 2011 Audit Report Number 2011-DP-0006 TO: Douglas A. Criscitello, Chief Financial Officer, F Mercedes M. Márquez, Assistant Secretary for Community Planning and Development, D Jerry

More information

All Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME

All Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME THE NEED FOR HIGH AVAILABILITY AND UPTIME 1 THE NEED FOR HIGH AVAILABILITY AND UPTIME All Clouds Are Not Created Equal INTRODUCTION Companies increasingly are looking to the cloud to help deliver IT services.

More information

NETWORK SERVICES FOR NON-STATE AGENCIES

NETWORK SERVICES FOR NON-STATE AGENCIES PRODUCT DESCRIPTION Product Number: 2382.05.15 NETWORK SERVICES FOR NON-STATE AGENCIES Effective Date: July 1, 2008 (Reviewed January 2014) Revision Date: January 2015 Version: 001.7 Product Manager: Brett

More information

Electronic Medical Records: Legal and Ethical Implications for Patients

Electronic Medical Records: Legal and Ethical Implications for Patients Electronic Medical Records: Legal and Ethical Implications for Patients Linda A. Simunek, RN, PhD, JD Executive Director, Doctoral Success Grant and Adjunct Professor in Law in Healthcare Education, Fischler

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

Services Providers. Ivan Soto

Services Providers. Ivan Soto SOP s for Managing Application Services Providers Ivan Soto Learning Objectives At the end of this session we will have covered: Types of Managed Services Outsourcing process Quality expectations for Managed

More information

Implementing Microsoft Windows 2000 Clustering

Implementing Microsoft Windows 2000 Clustering Course Outline Implementing Microsoft Windows 2000 Clustering Other Information MS2087 Days 3 Starting Time 9:00 Finish Time 4:30 Lunch & refreshments are included with this course. Ph: 1300 TO TRAIN 1300

More information

Data Center Knowledge, Vision Control

Data Center Knowledge, Vision Control Data Center Knowledge, Vision Control Objective Overview of the progressive trends in Data Centers, driven by Intelligent Infrastructure Solutions Data Center Layout Secured Storage Back up Core Backbone

More information

Tailored Technologies LLC

Tailored Technologies LLC 685 Third Avenue New York, NY 10017 Tel: (212) 503-6300 Fax: (212) 503-6312 Date: January 9, 2014 To: The Audit File of the Hugh L. Carey Battery Park City Authority From: Tailored Technology Observations

More information

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8. micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5

More information

Server Virtualization with Windows Server Hyper-V and System Center (20409) H8B93S

Server Virtualization with Windows Server Hyper-V and System Center (20409) H8B93S HP Education Services course data sheet Server Virtualization with Windows Server Hyper-V and System Center (20409) H8B93S Course Overview Obtain the skills you need to deploy and manage a Microsoft Server

More information

Implementing and Managing Microsoft Server Virtualization

Implementing and Managing Microsoft Server Virtualization Course 10215A: Implementing and Managing Microsoft Server Virtualization Course Details Course Outline Module 1: Evaluating and Planning for Virtualization Describe virtualization as it relates to server,

More information

Increasing Data Center Resilience While Lowering PUE

Increasing Data Center Resilience While Lowering PUE Increasing Data Center Resilience While Lowering PUE Nandini Mouli, Ph.D. President/Founder esai LLC mouli.nandini@gmail.com www.esai.technology Introduction esai LLC esai LLC: Is a Disadvantaged woman-owned

More information

NET ACCESS HIPAA COMPLIANT FLEXCloud

NET ACCESS HIPAA COMPLIANT FLEXCloud Page 0 2015 SOLUTION BRIEF NET ACCESS HIPAA COMPLIANT FLEXCloud A Managed Infrastructure Solution that Meets the Regulatory Demands of the Health Care Industry NET ACCESS LLC 9 Wing Drive Cedar Knolls,

More information

BUSINESS CONTINUITY PLANNING

BUSINESS CONTINUITY PLANNING Policy 8.3.2 Business Responsible Party: President s Office BUSINESS CONTINUITY PLANNING Overview The UT Health Science Center at San Antonio (Health Science Center) is committed to its employees, students,

More information

INFORMATION TECHNOLOGY POLICY

INFORMATION TECHNOLOGY POLICY COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE INFORMATION TECHNOLOGY POLICY Name Of : DPW Information Security and Privacy Policies Domain: Security Date Issued: 05/09/2011 Date Revised: 11/07/2013

More information

Developing a Comprehensive Disaster-Recovery Plan. Prepared for CENIC by USC Information Technology Services March 2010

Developing a Comprehensive Disaster-Recovery Plan. Prepared for CENIC by USC Information Technology Services March 2010 Developing a Comprehensive Disaster-Recovery Plan Prepared for CENIC by USC Information Technology Services March 2010 1 Why Business Continuity and Disaster Recovery? We want to provide continuous service

More information

Service Level Agreement and Management By: Harris Kern s Enterprise Computing Institute

Service Level Agreement and Management By: Harris Kern s Enterprise Computing Institute Service Level Agreement and Management By: Harris Kern s Enterprise Computing Institute Service Level Management Service Level Management deals with how user service requirements are understood and managed.

More information

Program: Management Information Systems. David Pfafman 01/11/2006

Program: Management Information Systems. David Pfafman 01/11/2006 Effective 04/20/2005 Page - 1 - POLICY: PURPOSE: It is the policy of to provide a plan to insure the accessibility of protected health information (PHI) in the event of data loss due to an emergency or

More information

THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER

THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER How to ensure a cloud-based phone system is secure. BEFORE SELECTING A CLOUD PHONE SYSTEM, YOU SHOULD CONSIDER: DATA PROTECTION.

More information

How can I deploy a comprehensive business continuity and disaster recovery solution in under 24 hours without incurring any capital costs?

How can I deploy a comprehensive business continuity and disaster recovery solution in under 24 hours without incurring any capital costs? SOLUTION BRIEF: CA INSTANT RECOVERY ON DEMAND How can I deploy a comprehensive business continuity and disaster recovery solution in under 24 hours without incurring any capital costs? CA Instant Recovery

More information

TELECOMMUNICATION SERVICES AND ENTERPRISE SECURITY

TELECOMMUNICATION SERVICES AND ENTERPRISE SECURITY EXECUTIVE DIGEST TELECOMMUNICATION SERVICES AND ENTERPRISE SECURITY INTRODUCTION This report, issued in March 2002, contains the results of our performance audit* of Telecommunication Services and Enterprise

More information

Data Center Services. Uncovering Colocation & Managed Hosting Opportunities

Data Center Services. Uncovering Colocation & Managed Hosting Opportunities Data Center Services Uncovering Colocation & Managed Hosting Opportunities Agenda What s in it for you? Market overview Product overview Selling colo/hosting Q & A 1 What s in it for you? New revenue stream

More information

MaximumOnTM. Bringing High Availability to a New Level. Introducing the Comm100 Live Chat Patent Pending MaximumOn TM Technology

MaximumOnTM. Bringing High Availability to a New Level. Introducing the Comm100 Live Chat Patent Pending MaximumOn TM Technology MaximumOnTM Bringing High Availability to a New Level Introducing the Comm100 Live Chat Patent Pending MaximumOn TM Technology Introduction While businesses have become increasingly dependent on computer-based

More information

StruxureWare TM Data Center Expert

StruxureWare TM Data Center Expert StruxureWare TM Data Center Expert Infrastructure management from rack to row to room to building Deploy in minutes, manage from anywhere, analyze instantly, integrate with other management systems. End

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

MS-6421A - Confgure and Troubleshoot a Windows Server 2008 Network Infrastructure

MS-6421A - Confgure and Troubleshoot a Windows Server 2008 Network Infrastructure MS-6421A - Confgure and Troubleshoot a Windows Server 2008 Network Infrastructure Table of Contents Introduction Audience At Clinic Completion Prerequisites Microsoft Certified Professional Exams Student

More information

Pervasive PSQL Meets Critical Business Requirements

Pervasive PSQL Meets Critical Business Requirements Pervasive PSQL Meets Critical Business Requirements Pervasive PSQL White Paper May 2012 Table of Contents Introduction... 3 Data Backup... 3 Pervasive Backup Agent... 3 Pervasive PSQL VSS Writer... 5 Pervasive

More information

BACKUP AND CONTIGENCY PLANS (DISASTER RECOVERY)

BACKUP AND CONTIGENCY PLANS (DISASTER RECOVERY) BACKUP AND CONTIGENCY PLANS (DISASTER RECOVERY) PURPOSE The purpose of this policy is to describe the backup and contingency plans, including disaster recovery planning, that will be implemented to ensure

More information

DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES

DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 Washington, DC 20420 Transmittal Sheet February 28, 2012 CLOUD COMPUTING SERVICES 1. REASON FOR ISSUE: This Directive establishes the Department of Veterans

More information

MS 20417 Upgrading Your Skills to MCSA Window Server 20102

MS 20417 Upgrading Your Skills to MCSA Window Server 20102 MS 20417 Upgrading Your Skills to MCSA Window Server 20102 P a g e 1 of 9 About this Course This version of this course, 20417A, utilizes pre-release software in the virtual machines for the labs. This

More information

Subject: County of Los Angeles Data Center Space Requirement

Subject: County of Los Angeles Data Center Space Requirement Subject: County of Los Angeles Data Center Space Requirement The County of Los Angeles, Chief Executive Office, Real Estate Division (CEO-RED) is issuing this Property Search for the purchase of a vacant,

More information

APPENDIX 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT

APPENDIX 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT TUGeneral TUSecurity TURequirements TUDesign TUIntegration

More information

M20409: Server Virtualization with Windows Server Hyper-V and System Center

M20409: Server Virtualization with Windows Server Hyper-V and System Center US Toll Free: 1-888-448-5669 M20409: Server Virtualization with Windows Server Hyper-V and System Center Tuition: $ 2,995.00 Duration: 5 Days Course Overview Obtain the skills you need to deploy and manage

More information

Finding a Cure for Downtime

Finding a Cure for Downtime Finding a Cure for Downtime 7 Tips for Reducing Downtime in Healthcare Information Systems EXECUTIVE SUMMARY THE COST OF DOWNTIME IN HEALTHCARE According to research by Healthcare Informatics: Every minute

More information

INNOVATE. MSP Services Overview SVEN RADEMACHER THROUGH MOTIVATION

INNOVATE. MSP Services Overview SVEN RADEMACHER THROUGH MOTIVATION INNOVATE THROUGH MOTIVATION MSP Services Overview SVEN RADEMACHER Agenda About us IT Challenges Our Approach Our Services Next Steps About Us SEAFAIR IT SOLUTIONS Pre-eminent Managed Service Provider Provide

More information

Best Practices in Healthcare IT Disaster Recovery Planning

Best Practices in Healthcare IT Disaster Recovery Planning BUSINESS WHITE PAPER Best Practices in Healthcare IT Disaster Recovery Planning Assessing your options for leveraging the cloud to enhance compliance, improve recovery objectives, and reduce capital expenditures

More information

Planning and Implementing Windows Server 2008

Planning and Implementing Windows Server 2008 CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Planning and Implementing Windows Server 2008 Course 6433: 5 days About this Course This course is intended

More information

MS 20417B: Upgrading Your Skills to MCSA Windows Server 2012

MS 20417B: Upgrading Your Skills to MCSA Windows Server 2012 MS 20417B: Upgrading Your Skills to MCSA Windows Server 2012 Description: This 5-day instructor-led course is designed primarily for people who want to upgrade their technical skills from Windows Server

More information

HP and Mimosa Systems A system for email archiving, recovery, and storage optimization white paper

HP and Mimosa Systems A system for email archiving, recovery, and storage optimization white paper HP and Mimosa Systems A system for email archiving, recovery, and storage optimization white paper Mimosa NearPoint for Microsoft Exchange Server and HP StorageWorks 1510i Modular Smart Array Executive

More information

Service Level Agreement Between: Computing and Informational Technology And The Finance and Business Operations Division

Service Level Agreement Between: Computing and Informational Technology And The Finance and Business Operations Division Service Level Agreement Between: Computing and Informational Technology And The Finance and Business Operations Division 1/9 1. Executive Summary This Service Level Agreement ( SLA ) is between Computing

More information