DATA SECURITY POLICY. Data Security Policy
|
|
- Gwendoline Lawrence
- 8 years ago
- Views:
Transcription
1 Data Security Policy
2 Contents 1. Introduction 3 2. Purpose 4 3. Data Protection 4 4. Customer Authentication 4 5. Physical Security 5 6. Access Control 6 7. Network Security 6 8. Software Security 7 9. Disposing of Removable Media Destruction of Data Auditing and Monitoring Contingency Planning Recruitment and Training Summary 9 Issue Date: 02-Feb-15 Classification: PUBLIC Version: 1.6 Page: 2
3 1. Introduction Outsourcery understands the importance of data security and makes every effort to ensure that customer data held on systems and within the data centres are fully protected. The company recognises that the confidentiality, integrity and availability of information and data created, maintained and hosted by Outsourcery and its customer s is vital to the success of the business. The management of Outsourcery views these as primary responsibilities and fundamental to best business practice and as such has adopted the Information Security Management System Standard BS ISO/IEC 27001:2005 as its means to manage and meet the following objectives: 1.1. Comply with all applicable laws, regulations and contractual obligations including the Data Protection Act Implement continual improvement initiatives, including risk assessment and treatment strategies, while making the best use of its management resources to meet and improve information security system s requirements Communicate its Information Security objectives and its performance in achieving these objectives, throughout the Company and to interested parties Adopt an Information Security Management System (ISMS) comprising of a security manual and procedures that provides direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with the Company s work Work closely with their customers, business partners and suppliers in seeking to establish Information Security Standards Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on Information Security Train all members of staff in their needs and responsibilities for Information Security Management Constantly strive to meet, and when possible, exceed, its customers and staff expectations Information Security shall be considered in job descriptions and when setting staff objectives where applicable Appropriate Information Security training and awareness shall be provided to all staff to ensure principals and practices are embedded in the company culture. Issue Date: 02-Feb-15 Classification: PUBLIC Version: 1.6 Page: 3
4 2. Purpose The purpose of this document is to provide information about the procedures Outsourcery implements to ensure the security of its customers data, software and systems. This document will cover the following areas: Customer Authentication Physical Security Access Control Network Security Software Security Disposal of Removable Media Auditing and Monitoring Contingency Planning Recruitment and Training This policy applies to all Outsourcery employees or any other individual or supplier working for Outsourcery. The Outsourcery management team are responsible for ensuring full compliance with this policy. 3. Data Protection Data Protection relates to obtaining, disclosing, recording, holding, using, erasing or destroying personal information and ensures a business recognises what level of information an individual can be provided with. Outsourcery PLC and/or individuals can be liable to prosecution or an individual may seek compensation through the courts for any damage suffered as a result of disclosing sensitive information. Using inaccurate / out of date data annoys customers and can waste time and money. 4. Customer Authentication Any requests to Outsourcery from Customers, for information about their service, must be validated to ensure they are who they say they are. This will reduce the risk of loss of confidentiality, and breaches of the Data Protection Act Outsourcery employees must follow the process below to authenticate a customer prior to discussing a service or divulging any information. Obtain a Mobile Phone Number. / Account Number. / Domain Name (to access account). Verify the business address (including postcode). Confirm the password. If the password is confirmed NO FURTHER QUESTIONS ARE NECESSARY. Issue Date: 02-Feb-15 Classification: PUBLIC Version: 1.6 Page: 4
5 If there is no password, or it cannot be confirmed, it is NECESSARY TO OBTAIN TWO ADDITIONAL (therefore 4) pieces of account specific information from the following: No. of services Date of next/last change Payment method/ Bank details Tariff details including cost Bolt on s, Last billed amount If an individual has been verified by following the above process then the Data Protection Act has been adhered to. Particular care needs to be paid to any requests for specific usage or financial data. Please ensure this is sent directly to an address specific to the business and secured in-line with the Information Classification Policy. 5. Physical Security Outsourcery s data centre facilities are diversely located in London and Leicester and connected by secure, resilient high speed back-up links. Both of our data centres have the following physical security features in place to protect both equipment and customer data. All racks within the data centres are equipped with fully lockable doors which only authorised engineers have access to. Proximity door locks are fitted on all internal and external doors and extensive CCTV monitoring systems are installed on all internal and external walls. CCTV monitoring systems include motion detection features that trigger CCTV recording in the event of any movement both inside and outside of the data centres (within the cameras range). All windows are fitted with steel bars and anti-ram raid bollards are in place outside of the facility. There is also a third party manned security presence in place twenty four hours a day, seven days a week. In order to mitigate any potential threat associated with power and environmental conditions, Outsourcery operates Uninterruptible Power Supply (UPS) systems and diesel generators on all of it sites to ensure that services remain available in the event of a power failure. Outsourcery does not permit unaccompanied access to the data centre facilities. Full access control systems are in place that only allows 3rd Line Support Engineers access to secure areas; no other employees, customers or third parties are authorised to access these areas unless accompanied by an authorised engineer. All visitors are required to provide one week s prior written notice of their visit and produce photo ID upon arrival at the data centre. All Outsourcery staff are required to carry their site access and identification card with them at all times and access is restricted to authorised areas only. At Outsourcery s Head Office, the security team reserves the right to refuse access to anyone without a site access card. Site security must be informed of all visitors in advance of their visit and access is refused to any individual considered to be a security risk. Issue Date: 02-Feb-15 Classification: PUBLIC Version: 1.6 Page: 5
6 6. Access Control Access to Outsourcery s internal systems, hosting platform and customer servers is permitted for authorised personnel only. All persons must be positively identified by providing a secure User ID and password before being given access to system resources. All servers, routers, firewalls and network equipment are protected by password access controls. All passwords are randomly generated for optimum security to prevent intruders gaining unauthorised access to systems and data. Only Outsourcery s 3rd Line Engineers have full access to the hosted platforms, each engineer having their own individual login for optimum security. Authorised support staff have Admin access to hosted services in order to provide technical support to customers. Where 3rd Line Engineers require access to Outsourcery s network and systems remotely via VPN, advanced RSA security is implemented providing two factor authentication. Outsourcery only uses industry leading HP enterprise-class servers for all hosting infrastructure requirements and customer dedicated server solutions. All servers include security management features as standard that consist of power-on password, keyboard password, USB port control and administrator password. 7. Network Security Outsourcery s data centre facilities are either wholly owned or fully enclosed dedicated area s therefore not shared with any other providers or organisations. The sites all have secure back-up links to data centre facilities in both Manchester and London for network redundancy and security, and multiple internet breakouts across redundant and geographically disparate networks using BGP peering. This ensures that services are available to customers twenty four hours a day, seven days a week. Within our data centre facilities, fully layered networks are implemented with hardware load balanced front-end servers, clustered back-end servers and a high quality fibre channel storage network. Customer data is protected from outside access through a robust security and firewall solution. All managed services are protected by firewall installation and systems are pro-actively monitored around the clock for performance and availability. RSA authentication is implemented to control access to Outsourcery s network and systems remotely via secure VPN. Outsourcery uses industry leading Radware security appliances for parts of its network security. Radware Load Balancers incorporate a built-in Intrusion Prevention System (IPS), Access Control Lists (ACL) and an SSL-secured web interface for access by 3rd Line Engineers. All mobile devices used by Outsourcery staff to connect into the network are encrypted using Bitlocker, which prevents release of the contents in the event of loss or theft. Hard drives are encrypted to protect the hard drive in the event physical access has been obtained. Issue Date: 02-Feb-15 Classification: PUBLIC Version: 1.6 Page: 6
7 The Outsourcery hosting network on both primary and secondary sites is deployed behind a fully resilient Radware Defence Pro solution, providing Intrusion Prevention System (IPS), Network Behavioural Analysis (NBA) and Denial-of-Service (DoS) Protection, fully protecting our network against known and emerging network security threats. Resilient firewall pairs protect the hosted platforms from the outside world and finally application load balancers to manage fail over between primary and secondary services on both sites. Resilient edge firewalls are used for security, consisting of an integrated hardware and software solution that provides complete protection through twelve defence layers. These defence layers consist of the following: Network Denial of Service Protection Rate Control IP Reputation Analysis Sender Authentication Recipient Verification Virus Scanning Policy (user-specified rules) Spam Fingerprint Check Intent Analysis Image Analysis Bayesian Analysis Rule-based Scoring Our firewalls, internet connections, and production networks are all pro-actively monitored 24*7 with the network designed without any single points of failure. All customer dedicated server solutions hosted within Outsourcery s data centres are protected by dedicated firewalls. Customer data held within hosted SharePoint applications is protected by Microsoft Forefront anti-virus. For Hosted Microsoft Dynamics CRM 4.0 services, all data held within the system is automatically encrypted by 128 bit HTTPS encryption and all communications between applications on the hosted platform, regardless of service type, are encrypted by RC4 128 bit HTTPS security. 8. Software Security Outsourcery s 3rd Line Engineers are responsible for all software security updates on our hosting platforms. For customers with dedicated SharePoint solutions, 3rd Line Engineers manage the availability and control of security updates released to customers via Windows Update Server (WUS). In addition, Outsourcery operates a strict software security policy throughout the organisation to provide increased security across the network; this is governed by an IT Code of Conduct. All software loaded onto Outsourcery s IT systems must be legally purchased and licensed and access to install programmes is restricted to members of the internal IT Department. Any executable file launched on Outsourcery s infrastructure must have its suitability verified by Outsourcery s IT Department prior to rollout. Issue Date: 02-Feb-15 Classification: PUBLIC Version: 1.6 Page: 7
8 9. Disposing of Removable Media Where removable hardware or storage media requires disposal, all data is wiped from the device in advance using a Department of Defence (DoD) / Ministry of Defence (MOD) approved programme. Where a hardware component becomes faulty within a customer s server and it is necessary to return the hardware to a third party supplier or manufacturer, Outsourcery will retain the disk(s) containing data in order to maintain security and integrity. 10. Destruction of Data Data overwriting occurs on termination of service. After 30 days of being in a decommissioned state, the virtual machine and related data is removed via Systems Centre and/or storage level. Data destruction is carried out when a hardware device is being retired or has failed, but is still operable. Blancco is utilised to securely remove data. Disks that are not accessible through normal disk mounting processes will be securely destroyed or degaussed by an approved third party. Certificates of destruction are provided as evidence of secure and ethical destruction. Disks under warranty are replaced by the suppler only after the data removal process has been carried out. 11. Auditing and Monitoring Outsourcery implements Border Gateway Protocol (BGP) for network routing based on path, network policies and rule sets. All issues are logged by Service Requests and major faults or problems relating to the network are escalated to the Head of Infrastructure and the Operations Director where appropriate. 12. Contingency Planning In line with our ISO certification, Outsourcery operates its own disaster recovery procedures. In the event of any security issue being identified, an escalation process is in place whereby engineers are alerted by Service Request. Upon completion of the remedial work and resolution of the fault, the Service Request is closed. Where necessary, a Service Request will be escalated to the Head of IT Operations and, for major incidents, the Operations Director. Outsourcery has a continued, ongoing commitment to data security and availability. A full disaster recovery plan is in place across multiple geographic locations for complete network redundancy and data security. This plan is built in line with guidelines and best practice derived from ISO standard Business Continuity Management. In addition, Outsourcery reserves the right to restrict, suspend or terminate any aspect of a customer s service if it is believed that the use of the service constitutes a security threat to Outsourcery or any other users on the hosted platforms or Outsourcery network. Issue Date: 02-Feb-15 Classification: PUBLIC Version: 1.6 Page: 8
9 13. Recruitment and Training All candidates employed by Outsourcery are subject to screening. As part of this process, all references are followed up for new employees and security training is included within both the induction training programme and also ongoing. Outsourcery implements an internal IT Code of Conduct that all employees must adhere to so as to ensure security and integrity of software, systems, hardware and data, in line with the requirements of ISO All employees with operational responsibilities are subject to Baseline Personnel Security Standard checks. 14. Summary Outsourcery is a Microsoft Gold Partner holding a number of Microsoft competencies for which engineers are trained. Outsourcery has achieved the following Microsoft competencies: Midmarket Solution Provider Hosting Content Management OEM Hardware Customer Relationship Management Portals & Collaboration Search Outsourcery takes data security and data management very seriously. The security, availability and integrity of data held both within the data centre facility and on our hosted platforms are of utmost importance and a key priority of the business. Outsourcery therefore continues to review and develop its security policies, processes and procedures on an ongoing basis in order to both maintain and improve these levels, in line with Outsourcery s ISO certification. Any suspected breaches or incidents should be reported immediately via security@outsourcery.co.uk or via the internal Outsourcery Security Incident Process. Issue Date: 02-Feb-15 Classification: PUBLIC Version: 1.6 Page: 9
Information Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More information1 Introduction 2. 2 Document Disclaimer 2
Important: We take great care to ensure that all parties understand and appreciate the respective responsibilities relating to an infrastructure-as-a-service or self-managed environment. This document
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationSummary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service)
Introduction This document provides a summary of technical information security controls operated by Newcastle University s IT Service (NUIT). These information security controls apply to all NUIT managed
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationCONTENTS. Security Policy
CONTENTS PHYSICAL SECURITY (UK) PHYSICAL SECURITY (CHICAGO) PHYSICAL SECURITY (PHOENIX) PHYSICAL SECURITY (SINGAPORE) SYSTEM SECURITY INFRASTRUCTURE Vendor software updates Security first policy CUSTOMER
More informationData Access Request Service
Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations
More informationFMCS SECURE HOSTING GUIDE
FMCS SECURE HOSTING GUIDE October 2015 SHG-MNL-v3.0 CONTENTS INTRODUCTION...4 HOSTING SERVICES...4 Corporate Secure Hosting... 4 Hosting Partner... 4 Hosting Location... 4 Physical Security... 4 Risk and
More informationPolicy Document. Communications and Operation Management Policy
Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author
More informationLas Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
More informationInformation Security & Management Systems
Information Security & Management Systems Our Security Protocol Network Security Our entire network is protected by multiple-layer of security appliance and software. We have implemented the following
More informationData Security Policy THE CTA. Guardian Electrical Solutions Ltd DATA SECURITY POLICY. Reviewed and approved by the Company Secretary Richard Roebuck
THE Data Security Policy CTA Reviewed and approved by the Company Secretary Richard Roebuck Signed 04/01/2013 INDEX SECTION DESCRIPTION 1.0 INTRODUCTION 2.0 AND ARRANGEMENTS 3.0 MONITORING THE SECURITY
More informationFormFire Application and IT Security. White Paper
FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development
More informationIslington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014
Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document
More informationTechnical specifications
Technical specifications PhD Manager is built on the Haplo open source platform. The Haplo platform provides a flexible database tailored to storing information about the activities in complex organisations.
More informationPolicy Document. IT Infrastructure Security Policy
Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT
More informationPhysical Security Policy
Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security
More informationUniversity of Brighton School and Departmental Information Security Policy
University of Brighton School and Departmental Information Security Policy This Policy establishes and states the minimum standards expected. These policies define The University of Brighton business objectives
More informationPCI Data Security and Classification Standards Summary
PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers
More informationManaging internet security
Managing internet security GOOD PRACTICE GUIDE Contents About internet security 2 What are the key components of an internet system? 3 Assessing internet security 4 Internet security check list 5 Further
More informationSWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationSecurity Whitepaper: ivvy Products
Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security
More informationEmpLive Technical Overview
Version 1.6 Updated 27/08/2015 Support: +61 2 8399 1688 Email: support@wfsaustralia.com Website: wfsaustralia.com Legal Notice Copyright WFS: A WorkForce Software Company. All Rights Reserved. By receiving
More informationIBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationHosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com
Security Overview Learn More: Call us at 877.634.2728. www.megapath.com Secure and Reliable Hosted Exchange Our Hosted Exchange service is delivered across an advanced network infrastructure, built on
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationUse of Exchange Mail and Diary Service Code of Practice
Use of Exchange Mail and Diary Service Code of Practice Introduction This code of practice outlines the support mechanisms in place for the security of the Exchange mail and diary service. References are
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India
CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationTenzing Security Services and Best Practices
Tenzing Security Services and Best Practices OVERVIEW Security is about managing risks and threats to your environment. The most basic security protection is achieved by pro-actively monitoring and intercepting
More informationManaged Hosting & Datacentre PCI DSS v2.0 Obligations
Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationUniversity of Aberdeen Information Security Policy
University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationSecurity April 2015. Solving the data security challenge with our enhanced private and hybrid cloud services
Security April 2015 Secure cloud solutions with guaranteed UK data sovereignty. Solving the data security challenge with our enhanced private and hybrid cloud services This paper enables discussion around
More informationKeyfort Cloud Services (KCS)
Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency
More informationMicrosoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10
Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between
More informationHealthcareBookings.com Security Set Up
HealthcareBookings.com Security Set Up Introduction... 2 Overview of the process for using HealthcareBookings.com... 2 Professionals... 2 Patients... 3 Passwords... 4 Hosting Security... 4 Overview of
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationOCR LEVEL 3 CAMBRIDGE TECHNICAL
Cambridge TECHNICALS OCR LEVEL 3 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT NETWORKED SYSTEMS SECURITY J/601/7332 LEVEL 3 UNIT 28 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 NETWORKED SYSTEMS SECURITY
More informationECSA EuroCloud Star Audit Data Privacy Audit Guide
ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:
More informationProjectManager.com Security White Paper
ProjectManager.com Security White Paper Standards & Practices www.projectmanager.com Introduction ProjectManager.com (PM) developed its Security Framework to continue to provide a level of security for
More informationState of Texas. TEX-AN Next Generation. NNI Plan
State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...
More informationUnderstanding Sage CRM Cloud
Understanding Sage CRM Cloud Data centre and platform security whitepaper Document version 2016 Table of Contents 1.0 Introduction 3 2.0 Sage CRM Cloud Data centre Infrastructure 4 2.1 Site location 4
More informationSchool of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy
School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy Page 1 of 10 Contents 1 Preamble...3 2 Purpose...3 3 Scope...3 4 Roles and responsibilities...3
More informationNetwork Security Policy
IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service
More informationTHE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE
THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationThe evolution of data connectivity
Leveraging the Benefits of IP and the Cloud in the Security Sector The CCTV and alarm industry has relied on analogue or Integrated Services Digital Network (ISDN) communications to provide data connectivity
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationEnrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------
w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------
More informationDecision on adequate information system management. (Official Gazette 37/2010)
Decision on adequate information system management (Official Gazette 37/2010) Pursuant to Article 161, paragraph (1), item (3) of the Credit Institutions Act (Official Gazette 117/2008, 74/2009 and 153/2009)
More informationAGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader
AGENDA ITEM: SUMMARY Report for: Committee Date of meeting: 30 May 2012 PART: 1 If Part II, reason: Title of report: Contact: Purpose of report: Recommendations Corporate objectives: Implications: INFORMATION
More informationMAXIMUM DATA SECURITY with ideals TM Virtual Data Room
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for
More informationA Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER
A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER 1 Agenda Audits Articles/Examples Classify Your Data IT Control
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationCloudDesk - Security in the Cloud INFORMATION
CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationSecure Mobile Shredding and. Solutions
Secure Mobile Shredding and Data Erasure Solutions SECURE MOBILE SHREDDING & DATA ERASURE SERVICES... NCE s mobile shredding and data erasure service permanently destroys your data in a secure and controlled
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationVendor Questionnaire
Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationSNAP WEBHOST SECURITY POLICY
SNAP WEBHOST SECURITY POLICY Should you require any technical support for the Snap survey software or any assistance with software licenses, training and Snap research services please contact us at one
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationVersion 1.0. Ratified By
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationCLOUD SERVICE SCHEDULE
CLOUD SERVICE SCHEDULE 1 DEFINITIONS Defined terms in the Standard Terms and Conditions have the same meaning in this Service Schedule unless expressed to the contrary. In this Service Schedule, unless
More informationSaaS architecture security
Introduction i2o solutions utilise the software as a service (or SaaS) model because it enables us to provide our customers with a robust, easy to use software platform that facilitates the rapid deployment
More informationSECURITY POLICY REMOTE WORKING
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices
More informationStable and Secure Network Infrastructure Benchmarks
Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day
More informationHIPAA RISK ASSESSMENT
HIPAA RISK ASSESSMENT PRACTICE INFORMATION (FILL OUT ONE OF THESE FORMS FOR EACH LOCATION) Practice Name: Address: City, State, Zip: Phone: E-mail: We anticipate that your Meaningful Use training and implementation
More informationSecure, Scalable and Reliable Cloud Analytics from FusionOps
White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationFileRunner Security Overview. An overview of the security protocols associated with the FileRunner file delivery application
FileRunner Security Overview An overview of the security protocols associated with the FileRunner file delivery application Overview Sohonet FileRunner is a secure high-speed transfer application that
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationHIPAA Privacy & Security White Paper
HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact
More informationOn-Site Computer Solutions values these technologies as part of an overall security plan:
Network Security Best Practices On-Site Computer Solutions Brian McMurtry Version 1.2 Revised June 23, 2008 In a business world where data privacy, integrity, and security are paramount, the small and
More informationProtection of Computer Data and Software
April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal
More informationVodafone New Zealand Microsoft Privacy Statement Dated: August 2013
Vodafone New Zealand Microsoft Privacy Statement Dated: August 2013 This Microsoft privacy statement sets out how your personal information is used by Vodafone in connection with the provision of the Microsoft
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More information<cloud> Secure Hosting Services
Global Resources... Local Knowledge Figtree offers the functionality of Figtree Systems Software without the upfront infrastructure investment. It is the preferred deployment solution for organisations
More informationPractice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited
Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident
More informationTELEFÓNICA UK LTD. Introduction to Security Policy
TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15
More informationSaaS Security for the Confirmit CustomerSat Software
SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationIntroduction. PCI DSS Overview
Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,
More information