Chapter 7 Business Continuity and Risk Management
|
|
- Angela Stone
- 8 years ago
- Views:
Transcription
1 Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity management t sustain the peratin f critical business services fllwing a disaster r adverse event. 1. Agencies must maintain a business and disaster recvery plan with respect t infrmatin technlgy. Business and disaster recvery plans shall be prvided t the Office f the State CIO. 2. Agencies, thrugh their management, must implement and supprt an apprpriate infrmatin technlgy business cntinuity prgram t ensure the timely delivery f critical autmated business services t the State s citizens. 3. A management team cmpsed f representatives frm all the agency rganizatinal areas has primary leadership respnsibility t identify infrmatin technlgy risks and t determine what impact these risks have n business peratins. 4. Management must als plan fr business cntinuity, including disaster recvery, based n these risks and dcument cntinuity and recvery strategies and prcedures in a defined business cntinuity plan that is reviewed, apprved, tested and updated n an annual basis Business cntinuity planning framewrk Assessing the BCP Risk Purpse: T require that State agencies manage infrmatin technlgy risks apprpriately as required in GS Agencies shall identify the ptential risks that may adversely impact their business in rder t develp cntinuity and recvery strategies and justify the financial and human resurces required t prvide the apprpriate level f cntinuity initiatives and prgrams. 2. Agencies shall cnduct business risk impact analysis activities that include the fllwing: Define the agency s critical functins and services. Define the resurces (technlgy, staff and facilities) that supprt each critical functin r service. Identify key relatinships and interdependencies amng the agency s critical resurces, functins and services. Estimate the maximum elapsed time that a critical functin r service can be inperable withut a catastrphic impact. (See als Statewide Glssary fr Recvery Time Objective) Estimate the maximum amunt f infrmatin r data that can be lst withut a catastrphic impact t a critical functin r service. (See als Statewide Glssary fr Recvery Pint Objective) Dcument any critical events r services that are time-sensitive r predictable and require a higherthan-nrmal pririty (fr example, tax filing dates, reprting deadlines, etc.). 111
2 Identify any critical nn-electrnic media required t supprt the agency s critical functins r services. Identify any interim r wrkarund prcedures that exist fr the agency s critical functins r services. GUIDELINES The fllwing items shuld be cnsidered: Estimate the decline in effectiveness ver time f each critical functin r service. Estimate financial lsses ver time resulting frm the inperability f each critical functin r service. Estimate tangible (nn-financial) impacts ver time resulting frm the inperability f each critical functin r service. Estimate intangible impacts ver time resulting frm the inperability f each critical functin r service Business cntinuity and risk assessment Business cntinuity planning framewrk Develping the BCP Purpse: T require that the apprpriate level f infrmatin technlgy business cntinuity management is in place t sustain the peratin f critical infrmatin technlgy services t supprt the cntinuity f vital business functins. 1. Management shall develp a business cntinuity plan (BCP) that cvers all f the agency s essential and critical business activities and that includes references t prcedures t be used fr the recvery f systems that perfrm the agency s essential and critical business activities. 2. At a minimum, an agency s business cntinuity plan must: Help prtect the health and safety f the emplyees f the State f Nrth Carlina. Prtect the assets f the State and minimize financial, legal and/r regulatry expsure. Minimize the impact and reduce the likelihd f business disruptins. Create crisis teams and respnse plans fr threats and incidents. Include cmmunicatin tls and prcesses. Require that emplyees are aware f their rles and respnsibilities in the BCP and in plan executin. Include training and awareness prgrams. Require simulatins and tabletp exercises. Have a dcumented plicy statement utlining: Framewrk and requirements fr develping, dcumenting, and maintaining the plans. Requirements fr testing and exercising. Review, sign-ff and update cycles. 112
3 Require senir management versight and apprval. Assess the prfessinal capability f third parties and ensure that they prvide adequate cntact with the agencies. Review dependence n third parties and take actins t mitigate risk assciated with dealing with third parties. Prvide directin n synchrnizatin between any manual wrk data and the autmated systems that ccur during a recvery perid. Set frth prcedures t be fllwed fr restring critical systems t prductin. 3. Training and awareness prgrams shall be undertaken t ensure that the entire agency is cnfident, cmpetent and capable and understands the rles each individual within the agency must perfrm in a disaster/r adverse situatin. 4. The persn(s) designated as the agency business cntinuity plan (BCP) crdinatr(s) has the respnsibility f verseeing the individual plans and files that cnstitute the BCP and ensuring that they are current, meet these standards and are cnsistent with the agency s verall plan. At the directin f the State Chief Infrmatin Officer, an agency s BCP shall be reviewed annually by the Office f Infrmatin Technlgy Services and recmmendatins shall be made fr imprvement, if necessary. 5. The agency business cntinuity plan shall be tested annually, at a minimum. All critical applicatins shall be tested annually. GUIDELINES The fllwing methds are recmmended: Tabletp testing (walk-thrugh f business recvery arrangements using example interruptins). Simulatins (especially fr pst-incident / pst-crisis management rles). Technical recvery testing. Testing recvery at an alternate site. Testing f ht-site arrangements, cmplete rehearsal (testing rganizatin, persnnel, equipment, facilities and prcesses). Updating f plan as necessary. Additinal steps that may be taken include the repetitin f the test t validate any updated prcedure(s) and the additin r remval f applicatin backup prcedures. Agency management shuld define, dcument, and apprve what type f testing methdlgy t use Develping and implementing cntinuity plans including infrmatin security Business cntinuity planning framewrk Testing, maintaining and re-assessing business cntinuity plans Disaster Recvery and/r Restratin Purpse: T restre the perability f the systems supprting critical business prcesses and return t nrmal agency peratins as sn as pssible. The agency is respnsible fr maintaining its ability t recver in the event f an utage. Agencies must ensure that business cntinuity and/r disaster recvery plans are develped, maintained, tested n a prescribed basis and subjected t a cntinual update and imprvement prcess. Agencies shall cnduct the fllwing disaster recvery and/r restratin activities: 1. Define the agency s critical perating facilities and missin essential service(s) r functin(s). 113
4 2. Define the resurces (facilities, infrastructure, and essential systems) that supprt each missin critical service r functin. 3. Define explicit test bjectives and success criteria t enable an adequate assessment f the Disaster Recvery and/r Restratin Develping and implementing cntinuity plans including infrmatin security Sectin 02 Infrmatin Technlgy Risk Management Prgram Implementing a Risk Management Prgram Purpse: T ensure that state agencies manage risks apprpriately. Risk management includes the identificatin, analysis, and management f risks assciated with an agency s business, infrmatin technlgy infrastructure, the infrmatin itself, and physical security t prtect the state s infrmatin technlgy assets and vital business functins. 1. The State f Nrth Carlina recgnizes that each agency, thrugh its management, must implement an apprpriate Infrmatin Technlgy (IT) Risk Management Prgram t ensure the timely delivery f critical autmated business services t the state s citizens. 2. The risk management prgram must identify and classify risks and implement risk mitigatin as apprpriate. 3. The prgram must include the identificatin, classificatin, priritizatin and mitigatin prcesses necessary t sustain the peratinal cntinuity f missin critical infrmatin technlgy systems and resurces. 4. In general, risk is defined as a cnditin r actin that may adversely affect the utcme f a planned activity. Sme types f risk are as fllws: Business Risk The cst and/r lst revenue assciated with an interruptin t nrmal business peratins. Organizatinal Risk The direct r indirect lss resulting frm ne r mre f the fllwing: Inadequate r failed internal prcesses Peple Systems External events Infrmatin Technlgy Risk - The lss f an autmated system, netwrk r ther critical infrmatin technlgy resurce that wuld adversely affect business prcesses. Legal Parameters established by legislative mandates, federal and state regulatins, plicy directives and executive rders that impact delivery f prgram services. Reputatin General estimatin, by the public, n hw state services are delivered (integrity, credibility, trust, custmer satisfactin, image, media relatins, plitical invlvement.) Citizen Services - Prgram services mandated by charter, legislatin, r plicy that prvides fr the delivery f the state s business (educatin, human services, highways, law enfrcement, health and safety, unemplyment benefits, vital recrds, etc.) 114
5 GUIDELINES Agencies are encuraged t select and use guidelines that supprt industry best practices fr risk management relative t business cntinuity planning and security as apprpriate. Sme suggested guidelines are listed belw. Risk Management Prgram Activities: Agency risk management prgrams at a minimum shuld fcus n the fllwing fur types f activities: Identificatin f Risks: A cntinuus effrt t identify which risks are likely t affect business cntinuity and security functins and dcumenting their characteristics. Analysis f Risks: An estimatin f the prbability, impact, and timeframe f the risks, classificatin int sets f related risks, and priritizatin f risks relative t each ther. Mitigatin Planning: Decisins and actins that will reduce the impact f risks, limit the prbability f their ccurrence, r imprve the respnse t a risk ccurrence. Fr mderate r high rated risks, mitigatin plans shuld be develped, dcumented and assigned t managers. Plans shuld include assigned manager s signatures. Tracking and Cntrlling Risks: Cllectin and reprting f status infrmatin abut risks and their mitigatin plans, respnse t changes in risks ver time, and management versight f crrective measures taken in accrdance with the mitigatin plan. Business Cntinuity Risk Management Prcesses: Fr business cntinuity risk management, the fcus f risk management is an impact analysis fr thse risk utcmes that disrupt agency business. Agencies shuld identify the ptential impacts in rder t develp the strategies and justify the resurces required t prvide the apprpriate level f cntinuity initiatives and prgrams. Agencies shuld cnduct business risk impact analysis activities that include the fllwing: Define the agency s critical functins and services. Define the resurces (technlgy, staff, and facilities) that supprt each critical functin r service. Identify key relatinships and interdependencies amng the agency s critical resurces, functins, and services. Estimate the decline in effectiveness ver time f each critical functin r service. Estimate the maximum elapsed time that a critical functin r service can be inperable withut a catastrphic impact. Estimate the maximum amunt f infrmatin r data that can be lst withut a catastrphic impact t a critical functin r service. Estimate financial lsses ver time f each critical functin r service. Estimate tangible (nn-financial) impacts ver time f each critical functin r service. Estimate intangible impacts ver time f each critical functin r service. Dcument any critical events r services that are time-sensitive r predictable and require a higherthan-nrmal pririty. (Fr example - tax filing dates, reprting deadlines, etc.) Identify any critical nn-electrnic media required t supprt the agency s critical functins r services. Identify any interim r wrkarund prcedures that exist fr the agency s critical functins r services. 115
6 Security Risk Prcess: The fcus f security risk management is an assessment f thse security risk utcmes that may jepardize agency assets and vital business functins r services. Agencies shuld identify thse impacts in rder t develp the strategies and justify the resurces required t prvide the apprpriate level f preventin and respnse. It is imprtant t use the results f risk assessment t prtect critical agency functins and services in the event f a security incident. The lack f apprpriate security measures wuld jepardize agency critical functins and services. Security risk impact analysis activities include the fllwing: Identificatin f the Federal, State, and Lcal regulatry r legal requirements that address the security, cnfidentiality, and privacy requirements fr agency functins r services. Identificatin f cnfidential infrmatin stred in the agency s files and the ptential fr fraud, misuse, r ther illegal activity. Identificatin f essential access cntrl mechanisms used fr requests, authrizatin, and access apprval in supprt f critical agency functins and services. Identificatin f the prcesses used t mnitr and reprt t management n whatever applicatins, tls and technlgies the agency has implemented t adequately manage the risk as defined by the agency (i.e., baseline security reviews, review f lgs, use f IDs, lgging events fr frensics, etc.). Identificatin f the agency s IT Change Management and Vulnerability Assessment prcesses. Identificatin f what security mechanisms are in place t cnceal agency data (Encryptin, PKI, etc.). Fr mre infrmatin n implementing a risk management prgram, including the Risk Management Guide and the Risk Assessment Questinnaire, please refer t the Risk Management Services page fund n the Enterprise Security and Risk Management Office (ESRMO) web site: Assessing security risks 4.2 Treating security risks 116
POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationSystems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationCASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles
More informationCMS Eligibility Requirements Checklist for MSSP ACO Participation
ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationSession 9 : Information Security and Risk
INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin
More informationInternal Audit Charter and operating standards
Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationAccident Investigation
Accident Investigatin APPLICABLE STANDARD: 1960.29 EMPLOYEES AFFECTED: All emplyees WHAT IS IT? Accident investigatin is the prcess f determining the rt causes f accidents, n-the-jb injuries, prperty damage,
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationBusiness Continuity Management Policy
The Public Trustee Business Cntinuity Management Plicy Octber 2015 Business Cntinuity Management Plicy Octber 2015 Page 1 f 6 Dcument Infrmatin Apprved Name Psitin Signature Date Mark Crftn A/Public Trustee
More informationRisk Management Policy AGL Energy Limited
Risk Management Plicy AGL Energy Limited AUGUST 2014 Table f Cntents 1. Abut this Dcument... 2 2. Plicy Statement... 2 3. Purpse... 2 4. AGL Risk Cntext... 3 5. Scpe... 3 6. Objectives... 3 7. Accuntabilities...
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationAudit Committee Charter
Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm
More informationGUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN
Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm
More informationBusiness Continuity Management Policy
Business Cntinuity Management Plicy Versin: 1.0 Last Amendment: Apprved by: Library Cuncil f New Suth Wales Plicy wner/spnsr: Directr, Operatins and Chief Financial Officer Plicy Cntact Officer: Senir
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY Plicy N. 10014 Review Date Octber 1, 2014 Effective Date March 1, 2014 Crss- Respnsibility Vice President, Reference Administratin Apprver Executive Cuncil 1. 1. Plicy
More informationFY 2014 Senior Level (SL) and Scientific or Professional (ST) Performance Appraisal System Opening Guidance
Office f Executive Resurces Office f the Chief Human Capital Officer U.S. Department f Energy FY 2014 Senir Level (SL) and Scientific r Prfessinal (ST) Perfrmance Appraisal System Opening Guidance Table
More informationChange Management Process
Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses
More informationAvaya Business Continuity Plan Overview
Avaya Business Cntinuity Plan Overview 1 Crprate Business Cntinuity Prgram Mdel at Avaya At Avaya the versight f the Business Cntinuity Prgram belngs t the Crprate Business Cntinuity Management Team. This
More informationCDC UNIFIED PROCESS PRACTICES GUIDE
Dcument Purpse The purpse f this dcument is t prvide guidance n the practice f Risk Management and t describe the practice verview, requirements, best practices, activities, and key terms related t these
More informationAudit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd
Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew
More informationTHE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM
THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant
More informationRATIONALE TERMS OF REFERENCE FOR THE QUALITY COMMITTEE UNDER THE EXCELLENT CARE FOR ALL ACT. Authority
RATIONALE With the intrductin f the Excellent Care fr All Act, hspital bards must nw have a quality cmmittee that reprts t the bard. The template prvides sample terms f references fr rganizatins t adapt
More informationAppendix H. Annual Risk Assessment and Audit Plan 2013/14
Annual Risk Assessment and Audit Plan 2013/14 Internal Audit Department September 25, 2013 Table f Cntents Intrductin.. 3 Risk Assessment Prcess... 4 Page 2 Intrductin Each year, the Internal Audit Department
More informationFAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT
FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028
More informationSystem Business Continuity Classification
Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required
More informationUNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES
UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative
More informationService Level Agreement Distributed Hosting and Distributed Database Hosting
Office f Infrmatin Technlgy Services Service Level Agreement Distributed Hsting and Distributed Database Hsting Nvember 12, 2013 Service Descriptin Distributed Hsting and Distributed Database Hsting Service
More informationMSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER
MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationSystem Business Continuity Classification
System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality
More informationGravesham Borough Council
Classificatin: Part 1 Public Key Decisin: Please specify - N Gravesham Brugh Cuncil Reprt t: Perfrmance and Administratin Cmmittee Date: 12 Nvember 2015 Reprting fficer: Subject: Crprate Perfrmance Manager
More informationPADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700
PADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700 Plicy Title Versin Number Date Issued Critical Incident Management Plicy 2.0 Nvember 2007 Reviewed April 2010 June 2015 Definitin Critical incidents
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationBIBH Duty Statements and Governance chart reviewed and approved April 2014. BIBH Executive Governance & Management Arrangements
BIBH Duty Statements and Gvernance chart reviewed and apprved April 2014 BIBH Executive Gvernance & Management Arrangements BIBH COMMITTEE CEO - Paul O Cnnell Executive Secretary - Brian Firth Executive
More informationEJttilb Health. The University of Texas Medical Branch Audit Services. Audit Report. Epic In-Basket Management Audit. Engagement Number 2015-008
',. -... : t'f" ' EJttilb Health The University f Texas Medical Branch Audit Reprt Audit Engagement Number 2015-008 July 2015 nie University f Texas Medical Branch 301 University Bulevard, Suite 4.100
More informationnbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents.
Incident & Hazard Reprting Overview At nbn we are safe, disciplined and reliable. nbn is cmmitted t preventing injury, illness and envirnmental harm by prviding a safe and healthy wrking envirnment fr
More informationHow To Write An Ehsms Training, Awareness And Competency Procedure
Envirnmental, Health & Safety Management System (EHSMS) Dcument Number: 00122 Issue Date: 05/07/2014 Training, Awareness and Cmpetency Prcedure Revisin Number: 7 Prepared By: Stalcup, Bryce Apprved By:
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationFINANCIAL SERVICES FLASH REPORT
FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent
More informationOITS Service Level Agreement
OITS Service Level Agreement Objective A Service Level Agreement (SLA) describes the IT Service, dcuments Service Level Targets, and specifies the respnsibilities f the IT Service Prvider and the Custmer.
More informationHigh Level Meeting on National Drought Policy (HMNDP) CICG, Geneva 11-15 March 2013
High Level Meeting n Natinal Drught Plicy (HMNDP) CICG, Geneva 11-15 March 2013 Plicy Dcument: Natinal Drught Management Plicy United Natins Cnventin t Cmbat Desertificatin (UNCCD) Fd and Agriculture Organizatin
More informationMaintain a balanced budget primarily the General & Park Funds
EXHIBIT B City f Chic Budget Cntingency Plan P The purpse f the Budget Cntingency Plan is t establish a guideline and general apprach t respnd t adverse financial and ecnmic cnditins that culd negatively
More informationSources of Federal Government and Employee Information
Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities
More informationMANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016
MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 The Manitba Securities Cmmissin (the Cmmissin) is a divisin f the Manitba Financial Services Agency (MFSA). The ther divisin is the Financial Institutins
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationInformation Security Incident Response Plan
Infrmatin Security Incident Respnse Plan Agency: Date: Cntact: 1 TABLE OF CONTENTS Intrductin... 3 Authrity... 4 Terms and Definitins... 4 Rles and Respnsibilities... 5 Prgram... 6 Educatin and Awareness...
More informationCUSTOMER Information Security Audit Report
CUSTOMER Infrmatin Security Audit Reprt Versin 1.0 Date Wednesday, 18 January 2006 SafeCms Internet: www.safecms.cm Email: mailt:inf@safecms.cm 2001 Chartered Square Building. 20 th Fl, 152 Nrth Sathrn
More informationSymantec User Authentication Service Level Agreement
Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed
More informationUNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE
1. TITLE OF COMMITTEE UNIVERSITY INCIDENT PLANNING COMMITTEE University Incident Planning Cmmittee (IPC) 2. ESTABLISHMENT TERMS OF REFERENCE The University Incident Planning Cmmittee is established in
More informationMalpractice and Maladministration Policy
TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs
More informationLINCOLNSHIRE POLICE Policy Document
LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area
More informationFraud Prevention Techniques for Higher Education
Fraud Preventin Techniques fr Higher Educatin Speakers: Brenda Buetw, Crwe Hrwath LLP Jennifer Richards, Crwe Hrwath LLP David English, Augustana Cllege Date: Octber 6, 2014 Sessin Gals Identify the different
More informationPresentation: The Demise of SAS 70 - What s Next?
Presentatin: The Demise f SAS 70 - What s Next? September 15, 2011 1 Presenters: Jeffrey Ziplw - Partner BlumShapir Jennifer Gerasimv Senir Manager Delitte. SAS 70 Backgrund and Overview Purpse f a SAS
More information17 Construction environmental management plan (CEMP)
17 Cnstructin envirnmental management plan (CEMP) Bur Happld Cntents 17 Cnstructin Envirnmental Management Plan (CEMP) 17-1 17.1 Intrductin 17-1 17.2 Intrductin t EMS 17-1 17.2.1 Plicy 17-2 17.2.2 Planning
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationISO Management Systems. Guidance on understanding the benefits of an ISO Management System
ISO Management Systems Guidance n understanding the benefits f an ISO Management System Welcme & Intrductins 4031 University Drive, 206, Fairfax, VA 22030 3 Grant Square, 243, Hinsdale, IL 60521 www.radiancmpliance.cm
More informationProcess for Responding to Privacy Breaches
Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident
More informationIT CONTROL ENVIRONMENT ASSESSMENT AND RECOMMENDATIONS REPORT
Chairpersn and Subcmmittee Members AUDIT AND RISK SUBCOMMITTEE 6 AUGUST 2015 Meeting Status: Public Purpse f Reprt: Fr Infrmatin IT CONTROL ENVIRONMENT ASSESSMENT AND RECOMMENDATIONS REPORT PURPOSE OF
More informationHIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337
HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders
More informationHuman Resources Policy pol-020
Human Resurces Plicy pl-020 Versin: 2.00 Last amendment: Jul 2014 Next Review: Jul 2017 Apprved By: Cuncil Date: 04 May 2005 Cntact Officer: Directr, Office f Human Resurce Services INTRODUCTION The University
More informationSupersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5
Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet
More informationDatabase Services - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and Database Services t dcument: The technlgy services Database Services prvides t the custmer. The targets fr respnse times, service
More informationOFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager
JOB SPECIFICATION FUNCTION JOB TITLE REPORTING TO GRADE WORK PATTERN LOCATION IT & Digital Netwrk Services Analyst Netwrk Services Team Manager Band D Full-time Birmingham TRAVEL REQUIRED Occasinally ROLE
More informationOE PROJECT MANAGEMENT GLOSSARY
OE PROJECT MANAGEMENT GLOSSARY ACCEPTANCE CRITERIA : thse criteria, including perfrmance requirements and essential cnditins that must be met befre the prject deliverables are accepted. ACTIVITY: an actin
More informationChange Management Process For [Project Name]
Management Prcess Fr [Prject Name] i 1 Intrductin The is fllwed during the Executin phase f the Prject Management Life Cycle, nce the prject has been frmally defined and planned. 1.1 What is a Management
More information7/25/14 FAIRFAX COUNTY PUBLIC SCHOOLS SUPPORT EMPLOYEE PERFORMANCE ASSESSMENT HANDBOOK
7/25/14 FAIRFAX COUNTY PUBLIC SCHOOLS SUPPORT EMPLOYEE PERFORMANCE ASSESSMENT HANDBOOK A Resurce Fr Supprt Emplyees Cpyright 2014, Fairfax Cunty Public Schls http://www.fcps.edu/hr/epd/evaluatins/supprt.shtml
More informationFlorida Healthcare Coalition Task Force Healthcare Coalition Requirements
Flrida Healthcare Calitin Task Frce Healthcare Calitin Requirements HEALTHCARE COALITION REQUIREMENTS The fllwing is a list f requirements fr healthcare calitins (HCC) t cmplete if participating in grant
More informationHEALTH INFORMATION EXCHANGE GRANTS CRITERIA
1 HEALTH INFORMATION EXCHANGE GRANTS CRITERIA INTRODUCTION On August, 20 th, the federal Office f the Natinal Crdinatr fr Health Infrmatin Technlgy (ONC) released an pprtunity fr states t apply fr between
More informationProfessional Leaders/Specialists
Psitin Prfile Psitin Lcatin Reprting t Jb family Band BI/Infrmatin Manager Wellingtn Prfessinal Leaders/Specialists Band I Date February 2013 1. POSITION PURPOSE The purpse f this psitin is t: Lead and
More informationFAYETTEVILLE STATE UNIVERSITY
FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty
More informationService Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S
Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...
More informationTemplate on written coordination and cooperation arrangements of the supervisory college established for the <XY> Group/<A> Institution
COORDINATION AND COOPERATION ARRANGEMENTS EBA/RTS/2014/16 EBA/ITS/2014/07 Annex II Template n written crdinatin and cperatin arrangements f the supervisry cllege established fr the Grup/ Institutin
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationPrivacy Breach and Complaint Protocol
Privacy Breach and Cmplaint Prtcl Effective: December 31, 2012 Apprved by: Le McKenna, CFO 1.0 General Privacy breaches and privacy cmplaints will be handled in accrdance with this prtcl. This prtcl is
More informationJune 29, 2009 Incident Review Dallas Fort Worth Data Center Review Dated: July 8, 2009
The purpse f this dcument is t capture the events and subsequent respnse t the incident that tk place in the DFW datacenter n 29 June, 2009. I. Executive Summary On 29 June, an area f the Rackspace DFW
More informationInformation Technology Services. University of Maine System. Version 0.07. December 20, 2012
IT PROJECT MANAGEMENT OFFICE (PMO) CHARTER Infrmatin Technlgy Services University f Maine System Versin 0.07 December 20, 2012 Prepared by: Rbin Sherman Authrized by: [1] Table f Cntents EXECUTIVE SUMMARY...
More informationCreating an Ethical Culture and Protecting Your Bottom Line:
Creating an Ethical Culture and Prtecting Yur Bttm Line: Best Practices fr Crprate Cdes f Cnduct Nte: The infrmatin belw and all infrmatin n this website is nt meant t be taken as legal advice. Please
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationRUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer
RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible
More informationUnified Communications
Office f Infrmatin Technlgy Services Service Level Agreement Unified Cmmunicatins Nvember 7, 2013 v2.2 Service Descriptin Unified Cmmunicatins Service Descriptin ITS Unified Cmmunicatins ffers a number
More informationTO: Chief Executive Officers of all National Banks, Department and Division Heads, and all Examining Personnel
AL 96-7 Subject: Credit Card Preapprved Slicitatins TO: Chief Executive Officers f all Natinal Banks, Department and Divisin Heads, and all Examining Persnnel PURPOSE The purpse f this advisry letter is
More informationSecurityNational Mortgage Company Vendor Management Program
SecurityNatinal Mrtgage Cmpany Vendr Management Prgram CONTENTS OVERVIEW... 1 VENDOR RISKS... 3 Strategic Risk... 3 Reputatin Risk... 3 Operatinal Risk... 3 Transactin Risk... 4 Credit Risk... 4 Cmpliance
More informationBusiness Continuity Management Systems Foundation Training Course
Certificatin criteria fr Business Cntinuity Management Systems Fundatin Training Curse CONTENTS 1. INTRODUCTION 2. LEARNING OBJECTIVES 3. ENABLING OBJECTIVES KNOWLEDGE & SKILLS 4. TRAINING METHODS 5. COURSE
More informationRevised October 27, 2011 Page 1 of 6
Keystne STARS Accreditatin Applicatin Philsphy The Keystne STARS prgram is Pennsylvania s QRIS which began in 2002. There are fur quality levels frm STAR 1 t STAR 4, each level building n the prir levels;
More informationCHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC.
CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC. PURPOSE The purpse f the Cmpensatin Cmmittee f the Bard f Directrs (the Bard ) f Upland Sftware, Inc. (the Cmpany
More information0820.02 Workers Disability Compensation Claims Procedures Issued: January 1, 1994 Revised: March 29, 2012
State f Michigan Administrative Guide t State Gvernment 0820.02 Wrkers Disability Cmpensatin Claims Prcedures Issued: January 1, 1994 Revised: March 29, 2012 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY:
More informationThe Town of Fort Frances
The Twn f Frt Frances PERFORMANCE APPRAISAL POLICY SECTION HUMAN RESOURCES REVISED August 2002 Reslutin N. Supercedes Reslutin N. Plicy Number 3.3 PAGE 1 f 9 1. PURPOSE: The purpse f supprt staff perfrmance
More informationDISASTER RECOVERY PLAN TEMPLATE
www.disasterrecveryplantemplate.rg The bjective f a disaster recvery plan is t ensure that yu can respnd t a disaster r ther emergency that affects infrmatin systems and minimize the effect n the peratin
More informationUBC Incident Response Plan V1.5
UBC Incident Respnse Plan V1.5 Cntents 1. Ratinale... 2 2. Objective... 2 3. Applicatin... 2 4. Reprting a Cmputer Security Incident... 2 5. Managing the Security Incident... 2 5.1. All Incidents... 2
More informationE-Business Strategies For a Cmpany s Bard
DATATEC LIMITED BOARD CHARTER / TERMS OF REFERENCE 1. CONSTITUTION The primary bjective f the Cmpany s Bard Charter is t set ut the rle and respnsibilities f the Bard f Directrs ( the Bard ) as well as
More informationMulti-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021
Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada
More informationState of California California Technology Agency. Software Management Plan Guidelines
State f Califrnia Califrnia Technlgy Agency Sftware Management Plan Guidelines Revised April 2011 Sectin 1 1.0 Overview INTRODUCTION TO SOFTWARE MANAGEMENT PLANNING The State Administrative Manual (SAM)
More informationFirst Global Data Corp.
First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First
More information