UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer

Size: px
Start display at page:

Download "UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer"

Transcription

1 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Revised Critical Infrastructure Prtectin Reliability Standards Dcket N. RM Statement f Thmas F. O Brien Vice President & Chief Infrmatin Officer PJM Intercnnectin, L.L.C. January 28,

2 PJM Intercnnectin is pleased t prvide these initial cmments in respnse t the Cmmissin s inquiry n the Cyber Security Supply Chain Best Practices. My cmments will address sme f the unique challenges, current PJM actins, and a set f recmmendatins t further advance the supply chain cybersecurity issues. I serve as the Vice President and Chief Infrmatin Officer fr PJM. In this rle, I versee all aspects f PJM s infrmatin technlgy and enterprise infrmatin security. My rle has been t ensure we are implementing technlgy t meet ur respnsibilities as an RTO in a secure and reliable manner. I appreciate the Cmmissin s fcus n the imprtance f supply chain cybersecurity issues. Supply chain risk is a genuine threat that needs t be carefully cnsidered and managed. The cmplexity and breadth f supply chain cybersecurity risk includes end-t-end management f the supply and distributin f hardware, firmware, system sftware, applicatin sftware and services. Effectively identifying and managing the cybersecurity risks within the supply chain is imprtant. There are clear and dcumented examples acrss several supply chains and distributin channels f embedded attacks in hardware, system sftware, applicatin sftware, and services. A risk-based apprach will drive the greatest value by ensuring that we address the highest risks first. Managing the supply chain frm a cybersecurity perspective des create sme unique challenges: The supply chain is highly distributed and des nt fall under any single regulatry jurisdictin, which ptentially culd subject hardware, sftware, and service vendrs t diverse standards frm multiple critical infrastructures and regulatry agencies: The supply chain des nt lend itself t creating the necessary cllabratin and accuntability t ensure issues are managed by thse best able t manage the risk; An ineffective regulatry prgram can create a false sense f security and divert resurces frm fcusing n activities which are mst within the custmer s cntrl; and Ineffective management f the supply chain fr addressing cybersecurity issues culd lead t increased utility csts withut a crrespnding significant benefit t the end user. Thus, it is critically imprtant that we address supply chain cybersecurity risks in an efficient and cst-effective manner PJM is addressing the cybersecurity supply chain issues that the Cmmissin has identified within the cntext f ur verall security prgram. Our prgram has advanced significantly and has demnstrated tangible benefits in terms f advancing the cybersecurity f ur systems thrugh the PJM prcurement prcess. Nevertheless, PJM recgnizes the need fr further enhancements as we manage the threats. Our cllabratin with sftware, hardware, and services vendrs has shwn that 2

3 as ne mves up the supply chain, cybersecurity supply chain practices are incnsistent and therefre must cntinue t evlve and imprve. By way f example, sme f PJM s current activities that are fcused n enhancing cybersecurity f ur systems thrugh ur prcurement prcess and ther internal prcesses include: Our participatin in DHS classified briefings t better understand the cybersecurity threats including supply chain threats; Mdificatins t ur vendr review prcess as part f ur prcurement prcesses t ensure that risk and cybersecurity best practices are carefully cnsidered prir t cntract apprval; Analysis f cyber and physical security cntrls fr majr vendrs f high risk systems t ensure that their internal security practices are sufficient t reduce unintentinal defects as well as intentinal infiltratin f malware and backdrs; Develpment f cmmn security requirements that will be part f ur request fr prpsal prcess and technlgy implementatins; PJM buying nly frm authrized resellers, aviding used prducts t reduce the risk f cunterfeit and tainted prducts; PJM requiring cntractrs and vendrs t underg PJM s backgrund screening prcess irrespective f the criticality f that access; Engaging third parties fr advanced security penetratin testing n an annual basis and when majr systems are released int prductin envirnments; Advanced 24x7 security event mnitring tls and cntrls t detect ptentially malicius netwrk activity that wuld result frm tainted prducts; File system mnitring fr high-risk systems t ensure that changes n file systems crrespnd t authrized changes; Establishment f a sftware management gvernance team t ensure that all sftware is authrized prir t installatin and has gne thrugh a security review; Participatin in the Cyber Risk Infrmatin Sharing Prgram (CRISP), which prvides detectin f ptentially malicius traffic that may result frm natin state infiltratin f supply chains. In light f the cmplexity, the existing disparate industry standards, the immaturity f supply chain cybersecurity practices amng vendrs, and the absence f well-established practices in supply chain cybersecurity, PJM prpses that, at this time, a directive t NERC t develp a standard in this area may nt be the best use f time and resurces t address this issue. Standard drafting is 3

4 smething f a cttage industry with its wn set f challenges fcused n chice f specific wrds, actin required and issues surrunding enfrcement and penalties. Getting embriled in these issues prematurely may take away frm the kind f develpment f best practices guidance and crssindustry cmmunicatin that is needed at this stage f the prcess. Accrdingly, we wuld urge the Cmmissin t cnsider ther vehicles which culd range frm use f NERC s prcess fr the develpment f Guidance Papers (a prcess which has been used by the Critical Infrastructure Prtectin Cmmittee (CIPC) which is tasked t develp, peridically review, and revise security guidelines) t mre rganized Cmmissin-spnsred cmmunicatins bth within the electric industry as well as acrss industries. 1 A similar effrt fr cmmunicatin amng regulatrs f different sectrs especially impacted by cybersecurity, such as the financial and cmmunicatin sectrs in additin t the utility sectr, wuld als help t advance supply chain cybersecurity capabilities and ensure the sharing f best practices. As a result, ur recmmended path frward is t encurage crss sectr crdinatin and cllabratin with the prviders in the technlgy industry as ppsed t diverting fcus t the drafting f a technical standard at this pint in time. On the ther hand, we d believe there is a key FERC and NERC rle at this pint in time. Presently, there are a hst f standards and publicatins that need t be better crdinated and harmnized. These include: NIST SP Supply Chain Risk Management Practices fr Federal Infrmatin Systems and Organizatins. ISO Open Trusted Technlgy Prvider Standard (O-TTPS) - A standard f the Open Grup Vendrs that prvides a set f guidelines, recmmendatins and requirements that help assure against maliciusly tainted and cunterfeit prducts. Department f Energy s Cybersecurity Prcurement Language fr Energy Delivery Systems - This publicatin is a guidance dcument that prvides baseline cybersecurity prcurement language fr use by asset wners, peratrs, integratrs, and suppliers during the prcurement prcess. NIST Cyber Security Framewrk - Prvides guidance t help the energy sectr establish r align existing cybersecurity risk management prgrams t meet the bjectives f the Cybersecurity Framewrk released by the Natinal Institutes f Standards and Technlgy (NIST) in February ISO Standards Infrmatin Security Management Family f Standards. 1 The develpment f guidance dcuments in lieu f standards is specifically cntemplated in the charters f certain NERC Cmmittees including the CIPC. The full set f CIPC guidelines are available at: 4

5 We wuld suggest that FERC direct NERC t develp a guidance dcument (using the existing CIPC guidance dcument prcess utlined abve) as well as gather and synthesize key data n best practices in cybersecurity prcurement as well as wrk with NIST and ther agencies t ratinalize the abve standards and publicatins int a guidance dcument that wrks fr the electric industry in light f its rle as a buyer rather than manufacturer f these prducts. This shuld include cllabratin with IT vendrs and service prviders t understand the current state and t develp a radmap fr imprving vendr cybersecurity supply chain practices. The scpe f this effrt shuld include specific recmmendatins assciated with best practices in implementatin f the abve standards in the cntext f prcurement f sftware and hardware. Fr example, the guidance culd include: cncepts n the ability t validate the authenticity f sftware and patches that are being dwnladed; review f best practices assciated with the prcurement f hardware thrugh specialized supply chains; best practices in applicatin vulnerability management; and ther specific recmmendatins based n the risk analysis. Nevertheless, althugh PJM feels this guidance prcess fcused n detailing best practices as utlined abve is a mre apprpriate first step at this pint, shuld the Cmmissin decide that it desires t mve frward with a directive t NERC t develp a binding standard at this pint, we believe that the fcus and assignment shuld be n strengthening the current CIP standards. Under this scenari, the existing standards wuld be reviewed in light f best practices that have been identified t address the supply chain risk in the areas that registered entities cntrl with respect t preventin, detectin, and resilience. Finally, we nte the passage f recent legislatin that authrizes increased cmmunicatin and cllabratin between the industry and the relevant federal agencies. We believe the passage f this lng-verdue legislatin prvides the legal authrity fr FERC, wrking with DHS and NIST, t ensure greater reprting n cyber threats t the E-ISAC and imprved tw-way cmmunicatins. These effrts shuld be fcused n : Prviding transparency t cybersecurity risks embedded in cmmnly-used critical sftware applicatins and hardware; and Engaging with ther critical infrastructures and gvernment agencies (including ther federal and state regulatrs) t ensure unity f apprach. 5

6 In shrt, we see this entire exercise, including this NOPR, as part f a cntinued evlutin f best practices and cllabratin acrss critical infrastructures and technlgy service prviders. At the same time, we recgnize that prtectin acrss all critical infrastructure sectrs is beynd FERC jurisdictin. As a result, it will be imperative t cntinue the brader engagement with the Department f Hmeland Security, NIST, ther critical infrastructure sectrs, technlgy prviders, and ther gvernment agencies t enhance ur management f the supply chain against cybersecurity threats. PJM stands ready t wrk with the Cmmissin, stakehlders, NERC, and thers in that prcess. 6

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

Change Management Process

Change Management Process Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses

More information

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 The Manitba Securities Cmmissin (the Cmmissin) is a divisin f the Manitba Financial Services Agency (MFSA). The ther divisin is the Financial Institutins

More information

Government of Malta. Reference: GMICT X 0004-1:2014 Version: 7.0. Effective: 07 January 2014

Government of Malta. Reference: GMICT X 0004-1:2014 Version: 7.0. Effective: 07 January 2014 Gvernment f Malta Reference: GMICT X 0004-1:2014 Versin: 7.0 Effective: 07 January 2014 This dcument is part f the http://ictplicies.gv.mt Underlined terms are defined in the Vcabulary. Purpse The purpse

More information

High Level Meeting on National Drought Policy (HMNDP) CICG, Geneva 11-15 March 2013

High Level Meeting on National Drought Policy (HMNDP) CICG, Geneva 11-15 March 2013 High Level Meeting n Natinal Drught Plicy (HMNDP) CICG, Geneva 11-15 March 2013 Plicy Dcument: Natinal Drught Management Plicy United Natins Cnventin t Cmbat Desertificatin (UNCCD) Fd and Agriculture Organizatin

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent

More information

Solution. Industry. Challenges. Client Case Study. Legacy Systems too Costly to Maintain. Supply Chain Advantage. Delivered.

Solution. Industry. Challenges. Client Case Study. Legacy Systems too Costly to Maintain. Supply Chain Advantage. Delivered. Supply Chain Advantage. Delivered. Client Case Study MEBC Supprts the Federal Aviatin Administratin Manage Prject Risk during Majr ERP Implementatin thrugh Independent Verificatin and Validatin (IV&V)

More information

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents

More information

April 29, 2013 INTRODUCTION ORGANIZATIONAL OVERVIEW PROJECT OVERVIEW

April 29, 2013 INTRODUCTION ORGANIZATIONAL OVERVIEW PROJECT OVERVIEW April 29, 2013 INTRODUCTION The Mid-Atlantic Reginal Air Management Assciatin, Inc (MARAMA) is seeking t engage a cntractr t assist in updating f MARAMA s current website sftware and mve the website t

More information

CDE Data Governance Program - CDE-Specific and SLDS (P20+) Programs

CDE Data Governance Program - CDE-Specific and SLDS (P20+) Programs CDE Data Gvernance Prgram - CDE-Specific and SLDS (P20+) Prgrams On September 27 th and 28 th, State Supprt Team (SST) Members Crey Chatis and Jeff Sellers visited Clrad t help CDE begin a Data Gvernance

More information

Agenda. o Purpose of IT Assessment o Scope of IT Assessment o Deloitte Recommendations o IBM Discussions o Research Data Center o Open Season

Agenda. o Purpose of IT Assessment o Scope of IT Assessment o Deloitte Recommendations o IBM Discussions o Research Data Center o Open Season Agenda Purpse f IT Assessment Scpe f IT Assessment Delitte Recmmendatins IBM Discussins Research Data Center Open Seasn Purpse f IT Assessment Determine if IT resurces are being utilized efficiently and

More information

Fraud Prevention Techniques for Higher Education

Fraud Prevention Techniques for Higher Education Fraud Preventin Techniques fr Higher Educatin Speakers: Brenda Buetw, Crwe Hrwath LLP Jennifer Richards, Crwe Hrwath LLP David English, Augustana Cllege Date: Octber 6, 2014 Sessin Gals Identify the different

More information

Major capital investment in councils. Good practice checklist for project managers

Major capital investment in councils. Good practice checklist for project managers Majr capital investment in cuncils checklist fr prject managers Prepared by Audit Sctland March 2013 b The Accunts Cmmissin The Accunts Cmmissin is a statutry, independent bdy which, thrugh the audit prcess,

More information

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm

More information

CTF-ENDORSED NF CLINICS: PRINCIPLES OF OPERATION

CTF-ENDORSED NF CLINICS: PRINCIPLES OF OPERATION Pilt Guidelines 2006 CTF-ENDORSED NF CLINICS: PRINCIPLES OF OPERATION Backgrund Children s Tumr Fundatin supprts research directed tward finding treatments fr neurfibrmatsis (NF) as well as effrts fcused

More information

Health Stream Portfolio (e.g. Mental health, drug & alcohol) and Contract of Employment

Health Stream Portfolio (e.g. Mental health, drug & alcohol) and Contract of Employment Psitin Descriptin Psitin Agency Reprts t Terms and Cnditins f Emplyment Classificatin/ Salary Stream Length f Psitin Lcatin Health Stream Lead Health Stream Prtfli (e.g. Mental health, drug & alchl) Primary

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

CMS Eligibility Requirements Checklist for MSSP ACO Participation

CMS Eligibility Requirements Checklist for MSSP ACO Participation ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.

More information

Occupational Therapy Working Group: Service Delivery review and Fee Review

Occupational Therapy Working Group: Service Delivery review and Fee Review Occupatinal Therapy Australia Victria Divisin Terms f Reference submissin Occupatinal Therapy Wrking Grup: Service Delivery review and Fee Review HDSG (TAC and VWA) July 2014 Occupatinal Therapy Australia

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

LINCOLNSHIRE POLICE Policy Document

LINCOLNSHIRE POLICE Policy Document LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

Gravesham Borough Council

Gravesham Borough Council Classificatin: Part 1 Public Key Decisin: Please specify - N Gravesham Brugh Cuncil Reprt t: Perfrmance and Administratin Cmmittee Date: 12 Nvember 2015 Reprting fficer: Subject: Crprate Perfrmance Manager

More information

IFRS Discussion Group

IFRS Discussion Group IFRS Discussin Grup Reprt n the Public Meeting February 26, 2014 The IFRS Discussin Grup is a discussin frum nly. The Grup s purpse is t assist the Accunting Standards Bard (AcSB) regarding issues arising

More information

Web Development the Next Steps

Web Development the Next Steps Web Develpment the Next Steps Significant prgress has been made n the redesign f the Western Washingtn University hme page. The ATUS Web Services team has wrked hard in cllabratin with the University Cmmunicatins

More information

ITU-T T Focus Group on Identity Management (FG IdM):

ITU-T T Focus Group on Identity Management (FG IdM): Internatinal Telecmmunicatin Unin ITU-T ITU-T T Fcus Grup n Identity Management (FG IdM): IdM Tutrial Part II Ray P. Singh Telcrdia Technlgies 732-699-6105 rsingh@telcrdia.cm ITU-T FG IdM Overview IdM

More information

ENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY Plicy N. 10014 Review Date Octber 1, 2014 Effective Date March 1, 2014 Crss- Respnsibility Vice President, Reference Administratin Apprver Executive Cuncil 1. 1. Plicy

More information

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance

More information

Captive outsourcing models

Captive outsourcing models Captive utsurcing mdels India TP hygiene wrkshp Presenter: Vishnu Bagri Octber 23, 2013 2013 Transfer Pricing Assciates Hlding B.V. BACKDROP + India has evlved as a premier utsurcing hub fr IT, ITES, engineering

More information

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

ITIL Release Control & Validation (RCV) Certification Program - 5 Days ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management

More information

Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

Communicating Deficiencies in Internal Control to Those Charged with Governance and Management Internatinal Auditing and Assurance Standards Bard ISA 265 April 2009 Internatinal Standard n Auditing Cmmunicating Deficiencies in Internal Cntrl t Thse Charged with Gvernance and Management Internatinal

More information

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012 Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.

More information

CDC UNIFIED PROCESS PRACTICES GUIDE

CDC UNIFIED PROCESS PRACTICES GUIDE Dcument Purpse The purpse f this dcument is t prvide guidance n the practice f Business Case and t describe the practice verview, requirements, best practices, activities, and key terms related t these

More information

Standardization or Harmonization? You need Both

Standardization or Harmonization? You need Both Standardizatin r? Yu need Bth Albrecht Richen and Ansgar Steinhrst Recently the CFO f a majr cnsumer electrnics cmpany stated, We dn t need standardizatin f ur wrldwide prcesses, we need harmnizatin. Is

More information

A National CERT what can it do for you?

A National CERT what can it do for you? A Natinal CERT what can it d fr yu? Ian M Dwdeswell Qatar Cmputer Emergency Respnse Team (Q-CERT) 2 Presentatin Overview Wh we are What we d What we can d fr yu Questins 3 What is Q-CERT? The natinal cmputer

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Equal Pay Audit 2014 Summary

Equal Pay Audit 2014 Summary Equal Pay Audit 2014 Summary Abut the dcument The fllwing summary is an abridged versin f Ofcm s equal pay audit 2014. In the full versin f the reprt we set ut ur key findings, cmment n any issues arising

More information

Cross Agency Priority Goal Quarterly Progress Update

Cross Agency Priority Goal Quarterly Progress Update Crss Agency Pririty Gal Quarterly Prgress Update Shared Services Gal Leaders: Krysta Harden, Deputy Secretary, US Department f Agriculture; Dave Mader, Cntrller, Office f Federal Financial Management,

More information

CHANGE MANAGEMENT STANDARD

CHANGE MANAGEMENT STANDARD The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the

More information

MigrationWiz HIPAA Compliant Migration. Focus on data migration, not regulation. BitTitan Global Headquarters: 3933 Lake Washington Blvd NE Suite 200

MigrationWiz HIPAA Compliant Migration. Focus on data migration, not regulation. BitTitan Global Headquarters: 3933 Lake Washington Blvd NE Suite 200 MigratinWiz HIPAA Cmpliant Migratin Fcus n data migratin, nt regulatin. BitTitan Glbal Headquarters: 3933 Lake Washingtn Blvd NE Suite 200 Table f Cntents Kirkland, WA 98033 www.bittitan.cm sales@bittitan.cm

More information

Secretariat of the Joint Forum Bank for International Settlements CH-4002 Basel, Switzerland. Dear Secretariat of the Joint Forum,

Secretariat of the Joint Forum Bank for International Settlements CH-4002 Basel, Switzerland. Dear Secretariat of the Joint Forum, Secretariat f the Jint Frum Bank fr Internatinal Settlements CH-4002 Basel, Switzerland Dear Secretariat f the Jint Frum, The Glbal Federatin f Insurance Assciatins (GFIA), thrugh its 35 member assciatins,

More information

Job Classification Details Department Job Function Job Family Job Title Job Code Salary Level

Job Classification Details Department Job Function Job Family Job Title Job Code Salary Level Jb Classificatin Details Department Jb Functin Jb Family Jb Title Jb Cde Salary Level Chief Diversity Office Marketing, Cmmunicatins, & Outreach Cmmunicatin/Cnstituent Relatins Cmmunicatins Crdinatr PMP1

More information

PENETRATION TEST OF THE FOOD COMPUTER NETWORK

PENETRATION TEST OF THE FOOD COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE FOOD AND DRUG ADMINISTRATION'S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office fpublic

More information

Better Practice Guide Financial Considerations for Government use of Cloud Computing

Better Practice Guide Financial Considerations for Government use of Cloud Computing Better Practice Guide Financial Cnsideratins fr Gvernment use f Clud Cmputing Nvember 2011 Intrductin Many Australian Gvernment agencies are in the prcess f cnsidering the adptin f clud-based slutins.

More information

Cross Agency Priority Goal Quarterly Progress Update

Cross Agency Priority Goal Quarterly Progress Update Crss Agency Pririty Gal Quarterly Prgress Update Shared Services Gal Leaders: Krysta Harden, Deputy Secretary, US Department f Agriculture; Dave Mader, Cntrller, Office f Federal Financial Management,

More information

2008-2011 CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY

2008-2011 CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY 2008-2011 CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY OFFICE OF INFORMATION TECHNOLOGY AUGUST 2008 Executive Summary The mst recent CSU Stanislaus infrmatin technlgy (IT) plan was issued in 2003.

More information

Policy on Free and Open-source Software. Government Policy of Iceland

Policy on Free and Open-source Software. Government Policy of Iceland Plicy n Free and Open-surce Sftware Gvernment Plicy f Iceland Prime Minister s Office December 2007 Intrductin Free and pen-surce sftware is sftware based n a surce cde which the authrs chse t make public

More information

Licensing Windows Server 2012 for use with virtualization technologies

Licensing Windows Server 2012 for use with virtualization technologies Vlume Licensing brief Licensing Windws Server 2012 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents This

More information

Professional Leaders/Specialists

Professional Leaders/Specialists Psitin Prfile Psitin Lcatin Reprting t Jb family Band BI/Infrmatin Manager Wellingtn Prfessinal Leaders/Specialists Band I Date February 2013 1. POSITION PURPOSE The purpse f this psitin is t: Lead and

More information

Grant Application Writing Tips and Tricks

Grant Application Writing Tips and Tricks Grant Applicatin Writing Tips and Tricks Grants are prvided by gvernment (lcal, state and natinal), charitable trusts, and by cmmunity rganisatins (eg Ltteries, Rtary, etc). Each grant has a specific purpse,

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

Licensing Windows Server 2012 R2 for use with virtualization technologies

Licensing Windows Server 2012 R2 for use with virtualization technologies Vlume Licensing brief Licensing Windws Server 2012 R2 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 R2 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents

More information

Succession Planning & Leadership Development: Your Utility s Bridge to the Future

Succession Planning & Leadership Development: Your Utility s Bridge to the Future Successin Planning & Leadership Develpment: Yur Utility s Bridge t the Future Richard L. Gerstberger, P.E. TAP Resurce Develpment Grup, Inc. 4625 West 32 nd Ave Denver, CO 80212 ABSTRACT A few years ag,

More information

Colorado Health Benefit Exchange Board Advisory Group Selection Process, Timeline, Charters and Nominee Form

Colorado Health Benefit Exchange Board Advisory Group Selection Process, Timeline, Charters and Nominee Form Clrad Health Benefit Exchange Bard Selectin Prcess, Timeline, Charters and Nminee Frm Backgrund At the COHBE Bard meeting n April 9, 2012, staff shared a mem utlining a recmmendatin t frm vlunteer s (Health

More information

Process Improvement Center of Excellence Service Proposal Recommendation. Operational Oversight Committee Report Submission

Process Improvement Center of Excellence Service Proposal Recommendation. Operational Oversight Committee Report Submission Prcess Imprvement Center f Excellence Service Prpsal Recmmendatin Operatinal Oversight Cmmittee Reprt Submissin INTRODUCTION This Prpsal prvides initial infrmatin regarding a pssible additin t a service.

More information

Cyber Security Legislation Privacy Protections are Substantially Similar

Cyber Security Legislation Privacy Protections are Substantially Similar Cyber Security Legislatin Privacy Prtectins are Substantially Similar By Rb Strayer and David Beardwd The fur mst prminent cyber security legislative prpsals the Obama administratin s legislative text;

More information

Introducing the en.lighten partnership

Introducing the en.lighten partnership Intrducing the en.lighten partnership Facilitating supprt t cuntries t implement the transitin t efficient lighting This dcument serves t intrduce the en.lighten partnership thrugh which the UNEP/GEF en.lighten

More information

The National Cyber Security Policy

The National Cyber Security Policy The Natinal Cyber Security Plicy Ministry f Science, Technlgy and Innvatin f Malaysia (MOSTI) The Natinal Cyber Security Plicy Page 1 f 7 The Natinal Cyber Security Plicy Executive Summary Malaysia s jurney

More information

1 Focus Area: Water & Urbanization

1 Focus Area: Water & Urbanization 1 Fcus Area: Water & Urbanizatin Water & Urbanizatin addresses Integrated Urban Water Management (IUWM), fld risk management in cities, climate change and urban areas, management f newly urbanized areas,

More information

Information Technology Policy

Information Technology Policy Infrmatin Technlgy Plicy Custmer Applicatins Plicy ITP Number ITP-APP025 Categry Recmmended Plicy Cntact RA-itcentral@pa.gv Effective Date March 23, 2009 Supersedes Scheduled Review April 2015 This Infrmatin

More information

Crnwall Partners in Care

Crnwall Partners in Care Crnwall Partners in Care Mving Frward Versin 2.0 8 th January 2014 By Richard Mnk Crnwall Partners in Care August 2013 Page 1 f 6 CPIC mving frward This dcument has been created t help prvide a little

More information

Getting Started Guide

Getting Started Guide AnswerDash Resurces http://answerdash.cm Cntextual help fr sales and supprt Getting Started Guide AnswerDash is cmmitted t helping yu achieve yur larger business gals. The utlined pre-launch cnsideratins

More information

HEALTH INFORMATION EXCHANGE GRANTS CRITERIA

HEALTH INFORMATION EXCHANGE GRANTS CRITERIA 1 HEALTH INFORMATION EXCHANGE GRANTS CRITERIA INTRODUCTION On August, 20 th, the federal Office f the Natinal Crdinatr fr Health Infrmatin Technlgy (ONC) released an pprtunity fr states t apply fr between

More information

9 ITS Standards Specification Catalog and Testing Framework

9 ITS Standards Specification Catalog and Testing Framework New Yrk State ITS Standards Specificatin Develpment Guide 9 ITS Standards Specificatin Catalg and Testing Framewrk This chapter cvers cncepts related t develpment f an ITS Standards Specificatin Catalg

More information

Session 9 : Information Security and Risk

Session 9 : Information Security and Risk INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin

More information

COUNTY OF SONOMA AGENDA ITEM SUMMARY REPORT

COUNTY OF SONOMA AGENDA ITEM SUMMARY REPORT COUNTY OF SONOMA AGENDA ITEM SUMMARY REPORT Department: General Services Department Snma Cunty Water Agency Cntact: Dave Head Phne: 565-2089 REQUESTED BOARD ACTION: Bard Date: May 12, 2009 Clerk f the

More information

Audit Committee Charter

Audit Committee Charter Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm

More information

This report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd.

This report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd. Cmmittee: Date(s): Infrmatin Systems Sub Cmmittee 11 th March 2015 Subject: Agilisys Managed Service Financial Reprt Reprt f: Chamberlain Summary Public Fr Infrmatin This reprt prvides Members with an

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

Guidelines for Outsourcing, Offshoring, and Cloud Services

Guidelines for Outsourcing, Offshoring, and Cloud Services Preview Guidelines fr Outsurcing, Offshring, and Clud Services Frewrd Data security and data prtectin challenges arise in mst utsurcing and ffshring transactins, particularly where services are clud based.

More information

Risk Management Policy AGL Energy Limited

Risk Management Policy AGL Energy Limited Risk Management Plicy AGL Energy Limited AUGUST 2014 Table f Cntents 1. Abut this Dcument... 2 2. Plicy Statement... 2 3. Purpse... 2 4. AGL Risk Cntext... 3 5. Scpe... 3 6. Objectives... 3 7. Accuntabilities...

More information

(DRAFT) WISHIN DIRECT MARKETING PLAN Prepared by Kim Johnston June, 2011

(DRAFT) WISHIN DIRECT MARKETING PLAN Prepared by Kim Johnston June, 2011 Prepared by Kim Jhnstn Purpse Prvide a review f the market Give an verview f the market segments fr WISHIN Direct Outline the marketing and cmmunicatin activities fr WISHIN Direct Identify the cmmunicatin

More information

LEED Rating System Development

LEED Rating System Development LEED Rating System Develpment Why are the LEED rating systems being updated? The hallmark f LEED and its ability t affect market transfrmatin is its cntinuus imprvement cycle that enables the rating system

More information

Financial advisory and taxation services in Australia

Financial advisory and taxation services in Australia Financial advisry and taxatin services in Australia CPA Australia The Institute f Chartered Accuntants in Australia The Natinal Institute f Accuntants Intrductin: Access t financial and tax advice Cnsumers

More information

Vulnerability Management:

Vulnerability Management: Vulnerability Management: Creating a Prcess fr Results Kyle Snavely Veris Grup, LLC Summary Organizatins increasingly rely n vulnerability scanning t identify risks and fllw up with remediatin f thse risks.

More information

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain

More information

FEEDBACK FROM THE VICTORIA QUALITY COUNCIL INTERHOSPITAL PATIENT TRANSFER WORKSHOP

FEEDBACK FROM THE VICTORIA QUALITY COUNCIL INTERHOSPITAL PATIENT TRANSFER WORKSHOP FEEDBACK FROM THE VICTORIA QUALITY COUNCIL INTERHOSPITAL PATIENT TRANSFER WORKSHOP Results arising frm the survey f Participants at the Victrian Quality Cuncil (VQC) Interhspital Patient Transfer Wrkshp

More information

Service Description Implementing Kimble Professional Services Automation

Service Description Implementing Kimble Professional Services Automation Service Descriptin Implementing Kimble Prfessinal Services Autmatin Felber Cnsulting wrks with clients ranging frm large gvernment r private sectr rganisatins t small & mediumsized enterprises. We wrk

More information

The Whole of Government Approach: Models and Tools for EGOV Strategy & Alignment

The Whole of Government Approach: Models and Tools for EGOV Strategy & Alignment The Whle f Gvernment Apprach: Mdels and Tls fr EGOV & Alignment Adegbyega Oj (in cllabratin with T. Janwski and E. Estevez) United Natins University a@iist.unu.edu OVERVIEW 1. THE WG APPROACH 2. APPLICATION

More information

Job Profile Data & Reporting Analyst (Grant Fund)

Job Profile Data & Reporting Analyst (Grant Fund) Jb Prfile Data & Reprting Analyst (Grant Fund) Directrate Lcatin Reprts t Hurs Finance Slihull Finance Directr Nminally 37 hurs but peratinally available at all times t meet Cmpany requirements Cntract

More information

Loss Share Data Specifications Change Management Plan

Loss Share Data Specifications Change Management Plan Lss Share Data Specificatins Change Management Plan Last Updated: 2/27/2013 Table f Cntents I. Purpse... 3 II. Change Management Apprach... 3 III. Categries f Revisins... 4 IV. Help and Supprt... 6 Lss

More information

Mobile Telecom Expense Management

Mobile Telecom Expense Management Mbile Telecm Expense Management Quick Start Mbile Telecm Expense Management Intrductin The BT Mbile Telecm Expense Management Quick Start Service is part BT Managed Mbility Expenses* BT s suite f telecm

More information

Projects Director Report Guidelines. IPMA Level A

Projects Director Report Guidelines. IPMA Level A Prjects Directr Reprt Guidelines IPMA Level A Cntents 1. GENERAL PROVISIONS.. 2 2. PROJECT PORTFOLIO / PROGRAMME DESCRIPTION...2 3. PROJECTS DIRECTOR REPORT 5 4. ANNEXES..7 Authr Classificatin Status Electrnic

More information

RCPNC Grants for Creative Strategies and Pragtimatic Pragmatins

RCPNC Grants for Creative Strategies and Pragtimatic Pragmatins REQUEST FOR APPLICATIONS (RFA) The RCPNC is accepting grant applicatins fr prjects that use creative strategies t imprve crdinatin amng USDA-FNS Child Nutritin prgrams and ther nutritin assistance prgrams.

More information

Environment Protection Authority

Environment Protection Authority Envirnment Prtectin Authrity EPA Cmplaints Management Plicy Intrductin This plicy sets ut the purpse, principles and prcess fr hw custmer feedback, including cmplaints, will be managed in the EPA t imprve

More information

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew

More information

INFRASTRUCTURE TECHNICAL LEAD

INFRASTRUCTURE TECHNICAL LEAD 1. PURPOSE OF POSITION This psitin is respnsible fr the delivery f peratinal supprt and maintenance f the TDHB IT infrastructure envirnment. This rle is als pivtal in the develpment and delivery f infrastructure

More information

WHITE PAPER. Vendor Managed Inventory (VMI) is Not Just for A Items

WHITE PAPER. Vendor Managed Inventory (VMI) is Not Just for A Items WHITE PAPER Vendr Managed Inventry (VMI) is Nt Just fr A Items Why it s Critical fr Plumbing Manufacturers t als Manage Whlesalers B & C Items Executive Summary Prven Results fr VMI-managed SKUs*: Stck-uts

More information

Richmond Clinical Commissioning Group Report Summary

Richmond Clinical Commissioning Group Report Summary Richmnd Clinical Cmmissining Grup Reprt Summary Meeting Title: Gverning Bdy Date: 16 September 2014 Reprt Title: Better Care Fund Plan Agenda Item: 8 Attachment: D Purpse: (please delete /N as apprpriate)

More information

Implementing an electronic document and records management system using SharePoint 7

Implementing an electronic document and records management system using SharePoint 7 Reprt title Agenda item Implementing an electrnic dcument and recrds management system using SharePint 7 Meeting Finance, Prcurement & Prperty Cmmittee 16 June 2008 Date Reprt by Dcument Number Head f

More information

Small Business, Enterprise and Employment Bill: Insolvency fact sheets Contents

Small Business, Enterprise and Employment Bill: Insolvency fact sheets Contents 1 Small Business, Enterprise and Emplyment Bill: Inslvency fact sheets Cntents Directr Disqualificatin and Inslvency General Aims... 2 Administratin: sales t cnnected persns (prepack administratins)...

More information

How to Address Key Selection Criteria

How to Address Key Selection Criteria Hw t Address Key Selectin Criteria Yu've seen an jb pprtunity that yu're interested in, n a jbs bard r in the press and want t apply, but where d yu start? A key requirement fr jbs in Gvernment is t respnd

More information

How To Write An Itu-T Security Standards Manual

How To Write An Itu-T Security Standards Manual ITU-T Netwrk Security Initiatives Michael Harrp The Cttingham Grup Internatinal Telecmmunicatin Unin Overview f Presentatin ITU-T Shw the cntext f ITU-T security standards activities Highlight sme f key

More information

The Allstate Foundation Domestic Violence Program 2015 Moving Ahead Financial Empowerment Grant

The Allstate Foundation Domestic Violence Program 2015 Moving Ahead Financial Empowerment Grant The Allstate Fundatin Dmestic Vilence Prgram 2015 Mving Ahead Financial Empwerment Grant Due Date: September 1, 2015 Online applicatin: https://www.grantrequest.cm/sid_1010?sa=sna&fid=35296 The Allstate

More information

Software and Hardware Change Management Policy for CDes Computer Labs

Software and Hardware Change Management Policy for CDes Computer Labs Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces

More information