Employee: Refers to all regular full-time, part-time, temporary, casual and fixed-term employees of the Company.
|
|
- Octavia Hall
- 8 years ago
- Views:
Transcription
1 Policy Name: Corporate Security Policy Number: A140 Policy Owner: Director Global Security Policy Approver: Chief Legal Officer Approval Date: January 15, 2013 Policy Statement: The purpose of the Corporate Security Policy is to establish guidelines to assist management in the implementation of security initiatives designed to facilitate business, protect employees and contractors, limit corporate liability and safeguard Nexen property, business operations, reputation and proprietary and personal information from hostile or criminal acts. Nexen will take all reasonable steps to ensure that its security operations do not adversely affect the human rights of those impacted by its operations. Our security practices will be conducted in a manner that respects Nexen's Human Rights Policy (A105), the United Nations Universal Declaration of Human Rights and other international humanitarian law. 1. Definitions Employee: Refers to all regular full-time, part-time, temporary, casual and fixed-term employees of the Company. Chief Legal Officer The person holding the most senior legal position concerning legal affairs in the Company. Contractor (or Contract Personnel): Refers to any person or corporation who supplies materials, labour or services to the Company. Director, Global Security The person assigned to oversee and manage Nexen s security procedures. Security procedures: A series of security related actions or processes designed, developed and recommended for the implementation of this policy. Nexen (or the Company) Refers to Nexen Energy ULC and its majority owned subsidiaries and affiliates for which it has managerial responsibility. 2. Objectives The objective of this policy is to ensure that Nexen maintains a level of security in compliance with legislated requirements which: [NXID: ] Page 1 of 8
2 Safeguards its employees, contractors, and members of the public from harm, including hazards associated with trespass and intrusions at Company facilities; Safeguards the Company s reputation; Deters unlawful acts against the Company; Assists in the preservation of the peace; Prevents damage to and loss of Company assets, including proprietary and sensitive corporate information. 3. Persons Affected All Nexen employees and contractors must comply with the requirements of this policy. 4. Policy 4.1 Overview Corporate Security will provide management with assistance in the following areas to ensure business and security objectives are met: Development and implementation of physical and personnel security procedures, programs and plans; Employee and contractor protection; Security vulnerability assessments and security reviews; Training programs to increase awareness of security issues and regulations, including sabotage events; Investigations into security related incidents and criminal allegations; Crisis management; Liaison with law enforcement, intelligence agencies, military and security industry contacts; Procedures for communicating security issues and concerns, threats and sabotage events to appropriate parties; Preparation of guidelines for responding to security issues, threats and sabotage events. In order to ensure the above objectives are met, Corporate Security will: Conduct assessments to monitor threats and risks to the Company from within and from local, national and international environments in which the Company operates, including recommending appropriate counter measures; [NXID: ] Page 2 of 8
3 Provide advice to the executive and Nexen Energy ULC s Board of Directors on security issues and concerns; Develop profiles in relation to international operations for risk analysis purposes; Develop security programs and provide advice to both Division and Local Management and employees and contractors in order to ensure effective employee/contractor/dependent protection in all workplaces and particularly in medium and high risk zones; Conduct security inspections, audits, reviews and/or security vulnerability assessments at a minimum of every three years at all Company operations and properties, including subsidiary companies and non-operator joint ventures in which the Company has a significant interest. 4.2 Employee and Contractor Protection Employees and contractors are primarily responsible for their own security and that of their dependents. They are required to report all direct and indirect knowledge of actual or potential threats, security incidents or risks to the Company or its employees and contractors, to Company management, the locally established security department, or Corporate Security. Employees and contractors assigned to work in medium and high risk zones must comply with personal security directives and advice provided by the Director, Global Security, local security departments and local management. Management is responsible for ensuring that employees and contractors working in medium and high risk zones, individually or accompanied by dependents, are afforded adequate protection consistent with the threat. Corporate Security is responsible for developing security programs and providing advice to management in terms of effective employee/contractor/dependent protection in medium and high risk zones. The international security environment is dynamic. The risk profile of particular regions and countries is commonly subject to change. The Corporate Security Department will continually assess the international environment and designate low, medium and high risk zones. Corporate Security, as well as locally established security departments, will provide security briefings to employees, contractors, and dependents required to travel to locations in medium and high risk zones. Corporate Security will be advised by way of the automated TAR (Travel Approval Request) process or by other means of all international corporate travel to medium and high risk destinations. The department will ensure that travel security advice is available to all corporate travelers. The means of providing such advice will vary depending on the security assessment of the destination, and may include the provision of general [NXID: ] Page 3 of 8
4 travel security advice available on the Loop or specific travel security advice delivered by or by way of a personal security briefing. 4.3 Executive Committee Travel Protection Corporate Security will be advised of intended international travel by executive committee members as early as possible. The department will provide a security assessment of each executive travel destination to determine if the destination poses a low, medium or high security risk. If the destination is assessed as medium or high security risk, a travel security plan and briefing will be delivered to the traveler. If the destination is high risk, consideration, through discussion between the traveler and the Director, Corporate Security, will be given to the provision of executive protection (e.g. accompany the traveler and provide close personal protection). 4.4 Security Threats Proper response procedures to a variety of security threats will ensure that a safe and secure work environment is maintained for all employees and contractors, the general public and emergency personnel while safeguarding Company assets from damage and loss. Corporate Security will provide advice establishing consistent procedures and guidelines for responding to and communicating with management in regards to the full range of security-related threats. 4.5 Incident Reporting All security related incidents must be reported to Corporate Security where they are recorded in the Lotus notes database. 4.6 Investigations Corporate Security will investigate security incidents and criminal allegations, assist in investigations, review and monitor security violations and occurrences to determine security vulnerabilities and ensure corrective action is taken. The department will investigate threats to employees and contractors or property to determine their validity and the requirement for additional security. Preliminary enquiries into suspected unlawful or unauthorized activities, to determine basic circumstances, are the responsibility of local management. All such cases will be reported to the Director, Global Security, as soon as practicable. If there is any possibility that preliminary enquiries may adversely affect a subsequent detailed investigation, preliminary enquiries should be deferred and the matter referred to a locally established security department or Corporate Security. [NXID: ] Page 4 of 8
5 The Director, Global Security, is accountable for ensuring that appropriate investigations are conducted and for rendering reports thereof to the Chief Legal Officer. The Chief Legal Officer may direct the Internal Audit Department to participate in the investigation of any aspect of suspected unauthorized or unlawful activity affecting the Company. If preliminary enquiries or investigation indicate that an employee, supplier, customer, contractor or partner is a party to serious unauthorized, unethical or criminal activity in relation to the Company, no prosecution or disciplinary action will be taken against the person or Company without prior corporate review. Corporate review must be undertaken by the Chief Legal Officer; the Vice President, Human Resources and the Director, Global Security. 4.7 Special Security Measures Special security measures, including the engagement of armed security personnel, may be assigned to Nexen facilities as a result of a threat or increased risks based on a recommendation of division management and the Director, Global Security, and with the approval of the Chief Legal Officer. Special security measures may be applied to or assigned to employees and contractors, including their families, who are exposed to increased risks due to Company related responsibilities based on a recommendation of division management and the Director, Global Security, and with the approval of the Chief Legal Officer and the Vice President, Human Resources. 4.8 Security Guards The decision to contract security guard services rests with division or local management, in consultation with the Director, Global Security. Security guard contracts should conform to contract guidelines developed by local or corporate legal departments. As a general rule, security guards will not carry firearms in the course of carrying out their duties, unless; a. Approval in principle to carry firearms has been obtained from the Director, Global Security per 4.7; and b. Such guards have received firearms training to a level approved by the Director, Global Security. [NXID: ] Page 5 of 8
6 4.9 Facility Security Standards Division management or locally established security departments, in consultation with the Director, Global Security, are responsible for implementation of physical security standards. Corporate Security will provide management with consulting services as well as advice and expertise on the development and implementation of physical security standards Identification Cards All employees/contractors and consultants will be issued a security access card. A security access card request form must be filled out for each new employee or contractor. This form must be approved by the appropriate manager. At facilities where automated access control systems are in place, access control and approved identification cards may be combined. All Company identification cards will comply with the standard design developed by the Corporate Administration Department and Corporate Security Access Control Division management or local established security departments will develop and implement local procedures to effectively control the access and egress of persons, vehicles, equipment and materials from all operating facilities, as well as corporate, subsidiary and district offices. All persons are required to produce valid photo identification and local management authorization prior to accessing a Nexen facility. Corporate Security will provide management with consulting services as well as advice and expertise on the development and implementation of access control measures Information Technology Information technology and the supporting processes, systems, and networks are business assets that are critical for a safe, secure and reliable workplace. Information technology security is achieved by developing and applying sound security practices that are commensurate with the risks to assets to ensure specific security and business objectives are met. In support of IT Security, Corporate Security will conduct security vulnerability assessments and provide advice with respect to physical security measures for the Company s Information Technology infrastructure and site locations. [NXID: ] Page 6 of 8
7 4.13 Control Systems Security Control systems have characteristics that differ from traditional information technology systems. Security breaches can pose significant risk to people, damage to the environment, as well as have serious financial implications, such as production losses and the compromise of personal and propriety information. Control systems security is achieved by developing and applying sound security practices that are commensurate with the risks to assets to ensure specific security and business objectives are met. In support of Nexen control systems, Corporate Security will conduct security vulnerability assessments and provide advice with respect to physical security measures for the Company s control systems infrastructure and site locations Security Awareness and Training The Company s security programs rely on the diligence of employees and contractors to protect employees, contractors, assets, facilities and reputation from harm. Security awareness training will be provided on a variety of topics including: security threats and countermeasures, recognizing suspicious activities, persons or objects, bomb threat response plans, handling suspicious mail/packages and reporting security incidents. Training will be provided to all employees and contractors. 5. Roles and Responsibilities The Director, Global Security, has specific overall security responsibility and accountability for Nexen corporate security activities and operations. Division management, supported by Corporate Security, is responsible for implementation and maintenance of Nexen security systems and programs. Division management is responsible for reporting actual or potential threats or risks to Corporate Security as soon as possible after knowledge is received. Company management is responsible for ensuring that employees and contractors working in medium and high-risk zones, individually or accompanied by dependents, are afforded adequate protection consistent with the threat. Local management has the primary responsibility for implementing approved security recommendations. 6. Compliance All Nexen employees and contractors are required to comply with the Company s Corporate Security Policy. [NXID: ] Page 7 of 8
8 7. Location Specific Procedures The following Nexen global locations have security departments and site specific security procedures which provide further guidance in support of this policy: Long Lake, Alberta; Colombia; Yemen; Nigeria; United Kingdom. 8. Revision History: DATE REVISION # DESCRIPTION OF CHANGE June 18, th Revision - Administrative changes relating to name change to Nexen Energy ULC, board and executive title changes and dissolution of Board Committees where applicable. January 15, rd Revision - Content updated to comply with policy standards October 17, nd Revision - Miscellaneous changes September 25, st Revision - Miscellaneous changes January 1, 1995 Policy Creation - New Policy created and approved [NXID: ] Page 8 of 8
MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0
MAJOR PROJECTS CONSTRUCTION SAFETY SECURITY MANAGEMENT PROGRAM STANDARD HS-09 Document Owner(s) Tom Munro Project/Organization Role Supervisor, Major Projects Safety & Security (Canada) Version Control:
More informationFor additional information on T.I.P.S. please call us at 818-787-3946 or email tips@nagyprotectionservices.com
TOTALLY INTEGRATED PROTECTION SERVICES (T.I.P.S) 1 T.I.P.S (Totally Integrated Protection Services) Security Risk Analysis Survey Reports Contract security officer services Special event security services
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationELEMENT FINANCIAL CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS
APPENDIX I ELEMENT FINANCIAL CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS As of December 14, 2011 1. Introduction This Code of Business Conduct and Ethics ( Code ) has been adopted by our Board of Directors
More informationCUBIC ENERGY, INC. Code of Business Conduct and Ethics
CUBIC ENERGY, INC. Code of Business Conduct and Ethics Introduction Our Company s reputation for honesty and integrity is the sum of the personal reputations of our directors, officers and employees. To
More information2014 Whistleblower Policy. Calibre Group Limited ABN 44 100 255 623. Version 1.5
Version 1.5 Calibre Group Limited ABN 44 100 255 623 REVISION DATE AUTHOR APPROVED BY SIGNATURE 0 07-08-2014 M Silbert Chief Legal Counsel RELATED DOCUMENTS CHG-POL-CPL-05 Calibre Group Code of Conduct
More informationTitle: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION
Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION The purpose of this policy is to outline essential roles and responsibilities within the University community for
More informationR345, Information Technology Resource Security 1
R345, Information Technology Resource Security 1 R345-1. Purpose: To provide policy to secure the private sensitive information of faculty, staff, patients, students, and others affiliated with USHE institutions,
More informationPublic Law 113 283 113th Congress An Act
PUBLIC LAW 113 283 DEC. 18, 2014 128 STAT. 3073 Public Law 113 283 113th Congress An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Be it
More informationThe statements in this policy document establish HEALTHeLINK's expectations with respect to incident management.
1 Introduction The statements in this policy document establish HEALTHeLINK's expectations with respect to incident management. 2 Policy Statement 2.1 Incident Response Authority 2.1.1 Single Point of
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationTHE US FOREIGN CORRUPT PRACTICES ACT ( FCPA ) COMPLIANCE POLICY AND GUIDELINES
THE US FOREIGN CORRUPT PRACTICES ACT ( FCPA ) COMPLIANCE POLICY AND GUIDELINES 1. INTRODUCTION 1.1 The purpose of this policy is to provide all employees, directors and officers of DRDGOLD Limited, its
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationWright State University Information Security
Wright State University Information Security Controls Policy Title: Category: Audience: Reason for Revision: Information Security Framework Information Technology WSU Faculty and Staff N/A Created / Modified
More informationCODE OF CONDUCT as adopted by the Board of Directors on 20 February 2015
GOLDFIELDS MONEY LIMITED ACN 087 651 849 CODE OF CONDUCT as adopted by the Board of Directors on 20 February 2015 1. Purpose This Code of Conduct (Code) clearly states the standards of responsibility and
More informationSTATEMENT FROM THE CHAIRMAN
STATEMENT FROM THE CHAIRMAN In an ever-changing global marketplace, it is important for all of us to have an understanding of the responsibilities each of have in carrying out day-to-day business decisions
More informationCollege of DuPage Information Technology. Information Security Plan
College of DuPage Information Technology Information Security Plan April, 2015 TABLE OF CONTENTS Purpose... 3 Information Security Plan (ISP) Coordinator(s)... 4 Identify and assess risks to covered data
More informationLAUREATE ANTI-CORRUPTION POLICY
LAUREATE ANTI-CORRUPTION POLICY Laureate Anti-Corruption Policy 1.0 PURPOSE AND BACKGROUND This Anti-Corruption Policy establishes basic standards and a framework for the prevention and detection of bribery
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core
More informationLisbon School District 15 Newent Road Lisbon, CT 06351
Pur pose The purpose of this policy is to establish direction, procedures, requirements, and responsibilities to ensure the appropriate protection of the Lisbon Public Schools computer and telecommunication
More informationGuidelines on the Use of Armed Security Services from Private Security Companies Annex A - Statement of Works
UNITED NATIONS SECURITY MANAGEMENT SYSTEM Security Management Operations Manual Guidelines on the Use of Armed Security Services from Private Security Companies Annex A - Statement of Works These guidelines
More informationSubject: Safety and Soundness Standards for Information
OFHEO Director's Advisory Policy Guidance Issuance Date: December 19, 2001 Doc. #: PG-01-002 Subject: Safety and Soundness Standards for Information To: Chief Executive Officers of Fannie Mae and Freddie
More informationHORIZON OIL LIMITED (ABN: 51 009 799 455)
HORIZON OIL LIMITED (ABN: 51 009 799 455) CORPORATE CODE OF CONDUCT Corporate code of conduct Page 1 of 7 1 Introduction This is the corporate code of conduct ( Code ) for Horizon Oil Limited ( Horizon
More informationTABLE OF CONTENTS. 2006.1259 Information Systems Security Handbook. 7 2006.1260 Information Systems Security program elements. 7
PART 2006 - MANAGEMENT Subpart Z - Information Systems Security TABLE OF CONTENTS Sec. 2006.1251 Purpose. 2006.1252 Policy. 2006.1253 Definitions. 2006.1254 Authority. (a) National. (b) Departmental. 2006.1255
More informationMental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan
Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan Adopted: January 2, 2007 Revised by Board of Directors on September 4, 2007 Revised and Amended
More informationLegislative Language
Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting
More informationEuropean Code for Export Compliance
European Code for Export Compliance EU-CEC European Institute For Export Compliance EU-ECF EU Export Compliance Framework: EU Export Compliance Charter The European Code for Export Compliance EU-CEC 1.
More informationFraud Policy FEBRUARY 2014
Fraud Policy FEBRUARY 2014 TABLE OF CONTENTS 1. Application of Policy... 2 2. Purpose of Policy... 2 3. Fraud Policy... 2 4. Definition of Fraud... 2 5. Duties and Responsibilities of an Employee or Contractor...
More informationCHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT)
CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT) PURPOSE: The purpose of this procedure is to establish the roles, responsibilities, and communication procedures for the Computer Security Incident
More informationCOLLINS FOODS LIMITED (the COMPANY) CODE OF CONDUCT
COLLINS FOODS LIMITED (the COMPANY) CODE OF CONDUCT 1. Introduction The Company is committed to maintaining ethical standards in the conduct of its business activities. The Company's reputation as an ethical
More informationNHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé
NHS HDL (2006)41 abcdefghijklm = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé Dear Colleague NHSSCOTLAND INFORMATION SECURITY POLICY Summary 1. NHSScotland IT Security Policy was
More informationCorporate. Security Management Policy. Document Control Summary. Contents
Corporate Security Management Policy Document Control Summary Status: Version: Author/Title: Owner/Title: Approved by: Ratified: Related Trust Strategy and/or Strategic Aims Implementation Date: Review
More informationPostNL Group Policy. on Fraud Prevention. PostNL Group Policy. on Fraud Prevention Page 1 of 15
on Fraud Prevention on Fraud Prevention Page 1 of 15 Contents 1 Objective of this group policy 3 2 Scope 4 3 Definitions 5 4 Policy provisions and responsibilities 7 4.1 Fraud Prevention controls 7 4.2
More informationInternal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)
Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC) 1 Introduction 1.1 Section 316 (4) of the International Business
More informationContra Costa Community College District Business Procedure 10.57 SECURITY CAMERA OPERATING PROCEDURE
Contra Costa Community College District Business Procedure 10.57 SECURITY CAMERA OPERATING PROCEDURE The District and its colleges are committed to enhancing the quality of life of the community by integrating
More informationAPEC General Elements of Effective Voluntary Corporate Compliance Programs
2014/CSOM/041 Agenda Item: 3 APEC General Elements of Effective Voluntary Corporate Compliance Programs Purpose: Consideration Submitted by: United States Concluding Senior Officials Meeting Beijing, China
More informationPlatform Specialty Products Corporation Foreign Corrupt Practices Act/Anti-Corruption Policy
1. Introduction. Platform Specialty Products Corporation Foreign Corrupt Practices Act/Anti-Corruption Policy 1.1 Combating Corruption. Platform Specialty Products Corporation, including its subsidiaries,
More informationSCOTTISH CHILDREN S REPORTER ADMINISTRATION
Part 1 - Policy for Fraud Prevention, Detection and Investigation 1. Introduction 1.1 SCRA like other public bodies, has a duty to conduct its affairs in a responsible and transparent way and to take into
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More information1 Human Rights Governance of the VPSHR at Barrick
Table of Contents Forward... 2 1 Human Rights Governance of the VPSHR at Barrick... 3 A. Our Commitment... 3 B. Security Management System... 3 C. Monitoring and Reporting... 4 2 Implementation of the
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationCompliance and Ethics Program
Compliance and Ethics Program Compliance and Ethics Program Introduction Inova, including its corporate subsidiaries, is committed to promoting an organizational culture that encourages ethical conduct
More informationDRAFT. Anti-Bribery and Anti-Corruption Policy. Introduction. Scope. 1. Definitions
DRAFT Change History: Anti-Bribery and Anti-Corruption Policy Control Risks Group Ltd Commercial in confidence Introduction This document defines Control Risks policy on the avoidance of bribery and corruption.
More informationFederal Act on Private Security Services provided Abroad
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Private Security Services provided Abroad
More informationOhio Supercomputer Center
Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationCARDINAL RESOURCES LLC INTRODUCTION
CARDINAL RESOURCES LLC ANTI- BRIBERY AND ANTI- CORRUPTION POLICY INTRODUCTION The purpose of this Anti- bribery and Anti- corruption Policy (the "Policy") is to ensure compliance by the Red Bird Group
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationWho Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5
Information Security Policy Type: Administrative Responsible Office: Office of Technology Services Initial Policy Approved: 09/30/2009 Current Revision Approved: 08/10/2015 Policy Statement and Purpose
More informationMONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)
MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,
More informationANTI BRIBERY AND FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY
ANTI BRIBERY AND FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY THIS POLICY DOES NOT CREATE A CONTRACT OF EMPLOYMENT OR ALTER THE AT WILL NATURE OF ANY EMPLOYEE S EMPLOYMENT IN ANY WAY. 1. Statement of
More informationInformation security policy
Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current
More informationModel Business Associate Agreement
Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model
More informationCODE OF ETHICS AND PROFESSIONAL CONDUCT
CODE OF ETHICS AND PROFESSIONAL CONDUCT Mission To provide adults, caregivers and families with programs and services promoting an enhanced quality of life. Family Alliance, Inc. has a clearly stated charitable
More informationProtective security governance guidelines
Protective security governance guidelines Security awareness training Version 1.0 Approved September 2010 Contents Introduction... 1 Who gets of security awareness training/briefings?... 2 Security awareness
More informationComputer Security Incident Response Team
Computer Security Incident Response Team Operational Standards The University of Scranton Information Security Office August 2014 Table of Contents 1.0 Operational Standards Document Overview... 3 2.0
More informationInformation Security Program
Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security
More informationH. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.
H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.
More informationInformation Security Management System Policy
Information Security Management System Policy Public Version 3.3 Issued Document Name Owner P079A ISMS Security Policy Information Security Security Policies, Standards and Procedures emanate from the
More informationSempra Energy Corporate Compliance and Ethics Plan This page is managed by the Director of Business Conduct (Last revised on 1 30 09)
Sempra Energy Corporate Compliance and Ethics Plan This page is managed by the Director of Business Conduct (Last revised on 1 30 09) Sempra Energy and its subsidiaries and affiliates ("Company") conduct
More informationAS/NZS 4801:2001. Safety Management Systems (SMS) Self-Assessment Checklist. Revision 1 (January 2014)
AS/NZS 4801:2001 Safety Management Systems (SMS) Self-Assessment Checklist This document restates the requirements of AS/NZS 4801:2001 for Safety Management Systems (SMS) and has been developed to assist
More informationMANAGED CORPORATE SERVICE PROVIDERS
PRACTICE NOTES ON MANAGED CORPORATE SERVICE PROVIDERS (PN-010105) (Issued under section 7(1)(a) of the Financial Services Development Act 2001) Issued on 06 January 2005 CONTENTS Pages 1 Introduction 1-2
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationInformation Security Management System Information Security Policy
Management System Policy Version: 3.4 Issued Document Name: Owner: P079A - ISMS Security Policy Classification: Public Security Policies, Standards and Procedures emanate from the Policy which has been
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationM E M O R A N D U M. The Policy provides for blackout periods during which you are prohibited from buying or selling Company securities.
M E M O R A N D U M TO: FROM: All Directors, Officers and Covered Persons of Power Solutions International, Inc. and its Subsidiaries Catherine Andrews General Counsel and Insider Trading Compliance Officer
More informationNHS Business Services Authority Information Security Policy
NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationGroup Policy 1. INTRODUCTION 2. BUSINESS INTEGRITY. 2.1. Honesty, Integrity & Fairness
Corporate Code of Conduct and Ethics Policy Approver: CEO Valid from: 26-11-13 1. INTRODUCTION CRI recognizes its responsibilities as a global services provider, and is committed to being a responsible
More informationSAMPLE TEMPLATE. Massachusetts Written Information Security Plan
SAMPLE TEMPLATE Massachusetts Written Information Security Plan Developed by: Jamy B. Madeja, Esq. Erik Rexford 617-227-8410 jmadeja@buchananassociates.com Each business is required by Massachusetts law
More informationREQUIREMENTS RESPECTING THE SECURITY OF OFFSHORE FACILITIES
REQUIREMENTS RESPECTING THE SECURITY OF OFFSHORE FACILITIES Definitions 1. In these requirements: C-NLOPB means the Canada-Newfoundland and Labrador Offshore Petroleum Board; Chief Safety Officer means
More informationThe Use of Information Technology Policies and Policies
Information Technology Management Procedure June 1, 2015 Information Technology Management, page 1 of 7 Contents Responsibility for Local Information Technology Policies 3 Responsibility to Maintain Functionality
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES A CONSULTATION REPORT OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS STANDING COMMITTEE 3 ON MARKET INTERMEDIARIES
More informationBERKELEY COLLEGE DATA SECURITY POLICY
BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY TABLE OF CONTENTS Chapter Title Page 1 Introduction 1 2 Definitions 2 3 General Roles and Responsibilities 4 4 Sensitive Data
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationPolicy Title: HIPAA Security Awareness and Training
Policy Title: HIPAA Security Awareness and Training Number: TD-QMP-7011 Subject: HIPAA Security Awareness and Training Primary Department: TennDent/Quality Monitoring/Improvement Effective Date of Policy:
More informationOutsourcing and third party access
Outsourcing and third party access This document is part of the UCISA Information Security Toolkit providing guidance on the policies and processes needed to implement an organisational information security
More informationCOMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS
Department of Health and Human Services CENTERS FOR MEDICARE & MEDICAID SERVICES COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS March 2005 TABLE OF CONTENTS INTRODUCTION...3 ELEMENTS
More informationInteractions with Security Guards. Short-Term Work
Protecting Your Jewish Institution: Security Strategies for Today s Dangerous World 89 Guidelines for Hiring a Security Contractor 7 Once a decision is made that your institution has short- or long-term
More informationREQUEST FOR BOARD ACTION
REQUEST FOR BOARD ACTION HENDERSON COUNTY BOARD OF COMMISSIONERS MEETING DATE: 23 March 2005 SUBJECT: ATTACHMENT(S): HIPAA 1. Proposed Resolution adopting policies 2. Proposed policies SUMMARY OF REQUEST:
More informationUtica College. Information Security Plan
Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles
More informationA Short Guide to The Safety, Health and Welfare at Work Act, 2005
A Short Guide to The Safety, Health and Welfare at Work Act, 2005 3 A Short Guide to the Safety, Health and Welfare at Work Act, 2005 Published in August 2005 by the Health and Safety Authority, 10 Hogan
More informationLEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction
LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed
More informationC. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)
I. Title A. Name: Information Systems Security Incident Response Policy B. Number: 20070103-secincidentresp C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)
More informationCODE OF ETHICS AND BUSINESS CONDUCT
CODE OF ETHICS AND BUSINESS CONDUCT Date of Issue: 22 January 2015 Version number: 2 LUXFER HOLDINGS PLC Code of Ethics and Business Conduct Luxfer Holdings PLC is committed to conducting its business
More informationAdministrative Policy No. AD 2.26 Title:
I. SCOPE: Administrative Policy No. AD 2.26 Page: 1 of 5 This policy applies to all directors, officers, employees, agents, and shareholders of Tenet Healthcare Corporation, its subsidiaries and/or affiliates
More informationEMERGENCY MANAGEMENT AGENCY ORDINANCE. The County of McDowell ordains; Article 1 McDowell County Emergency Management Agency.
EMERGENCY MANAGEMENT AGENCY ORDINANCE The County of McDowell ordains; Article 1 McDowell County Emergency Management Agency. Section 1. Short Title This Ordinance shall be known and may be cited and referred
More informationWellesley College Whistleblower Policy Adopted April 2009
Wellesley College Whistleblower Policy Adopted April 2009 1. General Wellesley College (the "College") requires all employees (including faculty) to observe high standards of business and personal ethics
More informationRUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology
RUTGERS POLICY Section: 70.2.20 Section Title: Legacy UMDNJ policies associated with Information Technology Policy Name: Information Security: Incident Management Formerly Book: 95-01-09-02:00 Approval
More informationGUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987
GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987 CONTENTS Page 1. Introduction 3-4 2. The Commission s Policy 5 3. Outsourcing
More informationPolicy No: TITLE: EFFECTIVE DATE: CANCELLATION: REVIEW DATE:
Policy No: TITLE: AP-AA-17.2 Data Classification and Data Security ADMINISTERED BY: Office of Vice President for Academic Affairs PURPOSE EFFECTIVE DATE: CANCELLATION: REVIEW DATE: August 8, 2005 Fall
More informationGuidelines on the Use of Armed Security Services from Private Security Companies
UNITED NATIONS SECURITY MANAGEMENT SYSTEM Security Management Operations Manual Guidelines on the Use of Armed Security Services from Private Security Companies These guidelines should be read in conjunction
More informationSAMPLE BUSINESS ASSOCIATE AGREEMENT
SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT
More informationAFTRS Health and Safety Risk Management Policy
AFTRS Health and Safety Risk Management Policy Responsible Officer Contact Officer Authorisation Director, Corporate and Student Services Head of Human Resources Chief Executive Officer Effective Date
More informationStandards of. Conduct. Important Phone Number for Reporting Violations
Standards of Conduct It is the policy of Security Health Plan that all its business be conducted honestly, ethically, and with integrity. Security Health Plan s relationships with members, hospitals, clinics,
More informationCERUS CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS
CERUS CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS Introduction We are committed to maintaining the highest standards of business conduct and ethics. This Code of Business Conduct and Ethics reflects
More informationHealth Partners HIPAA Business Associate Agreement
Health Partners HIPAA Business Associate Agreement This HIPAA Business Associate Agreement ( Agreement ) by and between Health Partners of Philadelphia, Inc., the Covered Entity (herein referred to as
More informationTITLE III INFORMATION SECURITY
H. R. 2458 48 (1) maximize the degree to which unclassified geographic information from various sources can be made electronically compatible and accessible; and (2) promote the development of interoperable
More information