Health and Human Services Enterprise Information Technology Security Training Resource Guide
|
|
- Cody Hancock
- 8 years ago
- Views:
Transcription
1 Health and Human Services Enterprise Information Technology Security Training Resource Guide Version 1.0 March 28, 2005
2 Table of Contents Section I Getting Started...1 Introduction... 1 Overview... 1 Information Security... 1 HIPAA Security Rule... 2 Other State and Federal Security Laws... 2 Section II About This Guide...3 Overview... 3 Section III Security Guidelines...4 Computer Usage Agreement... 4 Computer Resources and Right to Privacy... 4 Personal Use of State Owned Resources... 5 Equipment... 5 Internet... 5 Pornography or Sexually Explicit Information... 6 Your Agency Responding to Requests Containing PHI... 7 External Requests... 7 Internal Requests... 8 Fax Communication... 8 Virus Protection/Reporting...8 Passwords... 9 Selecting a Strong Password... 9 Sharing Your Password Compromised Password i
3 Protecting Information During Transmission Acceptable Ways To Transmit Sensitive Data Software Policy Personal Software Software From the Internet Protecting Against Unauthorized Access Electronic Access Employment Termination Physical Security Portable Computing Devices Reporting a Security Breach Media Disposal Failure to Comply Section IV Glossary...16 ii
4 Section I Getting Started Introduction Overview The Texas Health and Human Services (HHS) Enterprise information and information resources are valuable assets that must be protected from unauthorized disclosure, modification, use, or destruction. The Health and Human Services Commission and its member agencies must take steps to ensure that its information and information resources maintain their integrity, confidentiality, and their availability is not compromised. This training is provided to inform you about the HHS security policies that define the level of security controls that will protect assets against unauthorized access, disclosure, modification or destruction, whether accidental or deliberate, as well as assure the availability, integrity, utility, authenticity and confidentiality of information. As a user of the HHS Enterprise computer systems, you have been authorized to read, enter, or update information. You have the responsibility to use the information resource for only the purposes for which you have been specifically approved. You must also comply with all defined security measures. You are responsible and will be held accountable for all actions performed under your user identification (user ID). You must protect your area by keeping unauthorized individuals away from your equipment and data. In addition, you must report all situations where you believe an information security vulnerability or violation may exist, according to your normal problem reporting procedure. All of the answers you will need to successfully complete the training and pass the test are found in this guide. Information Security This guide provides a high level review of the Agency s Security Policies and Procedures. As you read through this guide you will see reference notations next to some of the text. These notations refer you to other, more detailed documents, including: Texas Health and Human Services (HHS) Enterprise Security Policy Security Guide (ESPSG) The HHS Human Resources Manual (HR Manual) HHS Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Policy. Version /28/2005
5 When you take the test, you will be given an acknowledgement that you either answered the question incorrectly or correctly. If you answered incorrectly, the reference will tell you where to go to find the correct answer. If you answered correctly, the reference will reinforce why the answer was correct. HIPAA Security Rule The final HIPAA Security Standard Rules were published on February 20, The regulations adopt standards for the security of electronic protected health information (PHI). Covered-entities must implement these standards by April 20, This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to ensure the confidentiality of electronic protected health information. Definition of PHI "Protected Health Information", or PHI, is information that is: 1. Linked to, or could be linked to, a specific person by name, Social Security number (SSN), date of birth (DOB), geographic area or other individually identifiable information (for example Medicaid ID number) and is 2. Related to that person's past, present or future physical or mental care condition; the provision of health care to that person; or the payment for the provision of health care. Other State and Federal Security Laws State agencies shall provide an ongoing information security awareness education program for all users. It is the policy of HHS that the agencies and their employees will protect the Information Resources (IR) of the department in accordance with the Texas Administrative Code (TAC), Title 1, Part 10, Chapter 202 Information Security Standards and the Information Resources Management Act (Texas Government Code Chapter 2054). HHS Agencies will also protect the information resources in accordance with Agency and enterprise rules and regulations, and applicable state and federal laws. Violating a data security system may be a crime under Chapter 33 of the Texas Penal Code (Computer Crimes). The criminal classification ranges from a misdemeanor through a felony of the first degree, depending on circumstances. In addition violation of copyright laws and license agreements, including those applicable to computer software, may result in fines and /or other legal actions. Version /28/2005
6 Section II About This Guide Overview This guide is your resource for answering the test questions on the Security computer based training (CBT). Read this guide carefully in preparation for taking the test. All of the answers you will need to successfully complete the training are found in this guide. If you want a more detailed explanation, a notation, under the major headings in Section II, gives the reference to the manual where it can be found. Example: [ESPSG - Protection Against Malicious Code]. The purpose of security training is: To reinforce security policies, practices and procedures, To ensure that you are knowledgeable and aware of security threats, concerns, and the procedures for reporting security incidents, To establish responsibility and accountability, and To satisfy legal requirements. This resource guide provides an overview of the security policy that includes: Personal use of equipment and the Internet, Passwords, Protecting individually identifiable health information and other sensitive information during electronic transmission and at rest, Downloading software to your desktop, Destruction of old computer equipment, disks and CDs, Network access, and Penalties and disciplinary action that will result if you violate a security policy. Version /28/2005
7 Computer Usage Agreement [ESPSG - User Access Management] Section III Security Guidelines It is mandatory for all Agency workforce (employees, temporary employees, volunteers, and employees of independent contractors) who are approved to access the Agency s information systems to sign the Agency s Computer Usage Agreement. The Agency s Computer Usage Agreement when signed confirms that the employee understands the policies and procedures related to the use of the Agency s computer resources. Existing workforce must recertify their understanding on an annual basis. Certification is required before the employee can access any Agency computer system. In addition, confidentiality and non-disclosure agreements indicate that certain information is private or secret. Employees who need to access such information shall be required to sign a confidentiality agreement. Computer Resources and Right to Privacy [HHS HR Manual Chapter 4 (Employee Conduct)] You shouldn t have any expectations of privacy for material sent or stored on Agency computer resources. According to the HR Manual, Agency provided equipment and informational systems, such as computer files, desk files, electronic mail ( ), and voice mail, are the property of the State of Texas. An HHS employee does not have a right to privacy in any of the property provided by an HHS Agency. All information a governmental body collects, assembles, or maintains is public unless expressly exempt from disclosure by law. Public information can be obtained through a public information (open records) request. Without advance notice, HHS agencies reserve the right to: Monitor voice mail messages, Monitor messages sent over the system, Enter or monitor the computer files of HHS employees, and Examine any state-owned equipment or property. Version /28/2005
8 This also means that your Agency has the right to track your Internet use. The Internet Use policy is discussed later in this guide. Personal Use of State Owned Resources [HHS HR Manual Chapter 4 (Employee Conduct)] Equipment Employees are expected to observe work rules. The HHS-HR Manual Section B (Employee Conduct), Work Rule #4, states: [HHS employees] must limit personal use of state computers. Personal use must not increase the state s costs for computer supplies, such as paper or toner. Printing personal documents is prohibited. State computer resources cannot be used to play computer games unless there is an HHS Agency-approved business related purpose. For example, using a computer game for therapy or rehabilitation with a consumer would be considered an Agencyapproved, business-related purpose. Internet The Agency Internet connection is intended to support official Agency business. The Internet may be used for limited personal purposes in the same manner as the telephone may be used for limited personal purposes. Unacceptable uses of the Internet are those that: Interfere with the ability of other Agency staff to do their jobs in a timely manner, including listening to or watching non-work related audio or video broadcasts; Initiate, distribute, or forward chain letters; Involve solicitation; Are associated with any personal business activity; Interfere with the performance of official HHS duties and normal work activities; Involve offensive or harassing statements, including comments based on race, national origin, sex, disability, or religion; Send, forward, download, or store sexually oriented messages or images. Version /28/2005
9 Employees found using the Internet for inappropriate purposes may be subject to disciplinary action, up to and including dismissal. Viewing or downloading pornographic material is cause for immediate dismissal. Personal use of the Internet for continuous audio or video feeds may adversely impact system performance and is prohibited. It is important for Agency employees to keep bandwidth capacity free for business purposes (e.g., monitoring legislative bills, performing work-related Web-search activities, or participating in a Web seminar). Pornography or Sexually Explicit Information Sending, forwarding, downloading, and storing of non-work related sexually oriented messages or images are unacceptable uses of the Internet and is cause for immediate dismissal. If employees observes someone viewing or downloading pornography or nonwork related sexually explicit information on an Agency computer, they must report the incident to the their supervisor or the HHSC Office of Inspector General (OIG) - Internal Affairs Section. If you are a supervisor and suspect that these activities are being performed on an Agency computer, do not initiate a search of the computer. Report the incident to HHSC Office of Inspector General (OIG) - Internal Affairs Section. OIG staff will provide directions to supervisors and/or designated Information Technology (IT) personnel. Use of Agency [HHS HR Manual Chapter 4 (Employee Conduct)] You have the responsibility to use information resources for only the purposes assigned to you and as stated in Agency policies. The use of is covered under the HHS-HR Manual Section B (Employee Conduct), Use of the Internet. The Internet and an HHS employee s Agency address may be used for limited personal purposes in the same manner as the telephone may be used for limited personal purposes (e.g. communicating with a family member). Employees found using the Internet or for inappropriate purposes may be subject to disciplinary action, up to and including dismissal. Version /28/2005
10 Employees should not respond to requests for their Agency s address except for business related purposes. Giving your Agency address provides a potential window of opportunity for businesses and individuals to indiscriminately send unsolicited, non-work related to you, which is more commonly known as SPAM or junk . This has a potential for clogging or slowing down the transmission of data on State computer networks. Responding to Requests Containing PHI [HHS HIPAA Security Policy] When you receive requesting information that contains protected health information (PHI), it is important that you know the acceptable ways to respond. Encryption is the only secure method for sending communication over the Internet. Currently, encryption technology is not available to HHS employees to secure communication with consumers or the general public. Other methods such as password protecting a document adds an additional level of security, however, passwords may be broken using tools available on the Internet. In general, confidential information may be transmitted over the Internet (external ) only if: An acceptable mode of encryption is used to protect the confidentiality and integrity of the data, and An authentication or identification procedure is employed to assure that both the sender and recipient of the data are known to each other and are authorized to receive and decrypt the information. External Requests If you receive an from a consumer or other individual about a consumer and that message contains PHI you should respond using the following procedures: If you can answer the consumer inquiry without PHI, respond appropriately. Do not include PHI in your response. This includes the PHI in the original request. If the answer to the inquiry requires you to include PHI, the requestor that you must either respond in writing through the mail or via regular fax (not efax). Version /28/2005
11 Internal Requests If encryption is available, it should be used. If it is not available, communication of PHI or confidential information from one HHS employee to another, over internal lines (intranet) is considered an acceptable risk. However, should not contain PHI or confidential information in the subject line and any confidential information or PHI contained in the body of the should be kept to the minimum necessary. If you have any questions about how to respond, contact your Agency Privacy Officer. Fax Communication FAX communication of PHI and/or confidential information is also considered a secure transmission method. If the information is sent by fax, the cover sheet should include a statement that the information is confidential. Staff should not use efax to communicate with consumers or the general public. Virus Protection/Reporting [ESPSG - Protection Against Malicious Code] Your computer has virus protection software installed on it. This software is your first line of defense against an attack and must not be disabled or bypassed. Employees should never disable or cancel anti-virus software scans. This leaves your computer vulnerable which in turn can open a doorway for the virus to move onto the network. Every virus that is not automatically cleaned by the virus protection software constitutes a security incident and must be reported immediately to your Agency Help Desk. It is your responsibility to: Protect information resources through requirements for the prevention and detection of malicious code and Mitigate potential liability from propagating malicious code. This means that if you suspect an attachment contains a virus or other malicious code, you should definitely not open it or forward it. This will cause the virus to spread Version /28/2005
12 and has the potential for causing very serious damage to not only the your computer, but also the entire computer network. Follow the Agency s Help Desk instructions as to what you should do. Remember, it is your responsibility to protect information resources. You will be subject to disciplinary action if any problems occurred because you removed or bypassed the virus protection software. Passwords [ESPSG - Password Use] When you signed your Agency s Computer Usage Agreement you agreed that you would comply with the security policies and procedures of the state Agency. The agreement makes you accountable for protecting state resources from unauthorized access. A password is a secret word or phrase used to gain admittance or access to information. Passwords are used to grant access to: Systems that reside at any HHS Enterprise facility The HHS Enterprise network, or Stored HHS Enterprise information. Passwords are used for the following purposes: To prevent compromise of confidential information. To provide a minimum level of user authentication To establish user accountability. Users should not use: The same password for HHS Enterprise accounts as for other non-hhs Enterprise access (e.g., personal ISP account, option trading, benefits, etc.). The "Remember Password" feature of applications. Selecting a Strong Password Strong passwords provide the first line of defense against improper access and compromise of confidential information. Strong passwords typically follow these best practice characteristics: Version /28/2005
13 Contain both upper and lower case characters (e.g., a-z, A-Z) Have digits and special characters as well as letters e.g., ~- =\`{}[]:";'<>?,./) Are at least eight characters long Note: Some legacy systems may not accept a 6-8 alphanumeric character string and special characters. Passwords may not have consecutive duplicate characters such as 99 or BB Passwords may not have consecutive-count numbers or letters such as 1234 or ABCD Are not words in any dictionary including, slang, dialect, jargon, etc. Are not based on personal information, names of family, etc. Are not to be written down or stored on-line. Should be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase might be: "This May Be One Way to Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation. Should never be the same as your user ID. Sometimes your Agency assigns a temporary password for you to access certain systems. You are responsible for changing that temporary password to a permanent one of your choosing. Passwords are meant to be a secret so you are not supposed to share your password with anyone including the IT staff. Passwords should be changed periodically, at least once every 90 days. It is recommended that user-level passwords (e.g., , web, desktop computer, etc.) be changed more frequently, at least once every 60 days. User accounts that have systemlevel privileges granted through group memberships or programs should have a unique password from other accounts held by that user. Sharing Your Password You must not share your HHS Enterprise password with anyone, including administrative assistants or secretaries. All passwords should be treated as sensitive, confidential information. You should not write passwords down and store them anywhere in your office. Nor should you store passwords in a file on ANY computer system (including Personal Digital Assistants or similar devices) without encryption. Version /28/2005
14 If you need to share computer resident data, you should use approved network services or any other mechanisms that do not infringe on any policies. Compromised Password You are responsible for all activity that takes place with your user-id and password (or other authentication mechanism). If you suspect that your password has been discovered or used by another person, you should immediately change your password and report the incident to your Agency s IT Security Team. Protecting Information During Transmission [ESPSG - Network Access Control] There are situations that are not considered acceptable methods for transmitting sensitive data, such as protected health information (PHI). Although a password protected document adds an additional level of security, the password may be broken using tools available on the Internet. Password protected documents are not considered secure. Therefore, sending external communications containing sensitive data and PHI must be encrypted. Acceptable Ways To Transmit Sensitive Data HHS Enterprise system employees are required to use a secure link (e.g., encrypted) to transmit sensitive or confidential information outside of an Agency s network. Such encryption should be accomplished only with systems approved by the IT department. If you need to transmit sensitive or protected data, you must use encryption or the protected transmission environment in use by your Agency such as Virtual Private Networks (VPN) and Network Address Translations (NAT). Software Policy [ESPSG - Software Licensing] It is illegal to copy commercial software or install unlicensed copies of commercial software on Agency computer resources Version /28/2005
15 Software From the Internet Staff should not download software from the Internet unless it is on an Agency approved list. Downloading unapproved software runs the risk of introducing malicious code into the network. Your Agency s Help Desk will have the latest information on software approved for Agency use and will be able to guide you to further information as needed. Personal Software Employees cannot install personally owned software on Agency computers. Protecting Against Unauthorized Access [ESPSG - User Access Management] You should notify the appropriate Agency management if access control mechanisms are broken or if you suspect that these mechanisms have been compromised. Electronic Access Sensitive information, either in paper or electronic form, must be protected from unauthorized access or disclosure. Care should be taken to limit access. To prevent unauthorized access, staff should implement one or more of the following: Implement a password protected screen saver requirement Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. Locking your workstation or starting a password-protected screen saver, before you leave your work area, will prevent unauthorized persons from viewing sensitive information. Some computer applications and systems have embedded coding to automatically terminate your session after a predetermined time of inactivity. Employment Termination The user s password access will be removed from all computer resources whenever an employee s employment with the Agency is terminated. Follow Agency procedures for removing access. Version /28/2005
16 Physical Security Measures have been designed to safeguard the physical perimeter of Agency facilities that house HHS Enterprise information resources. Security Badges One of the safeguard measures is your identification badge. It identifies you and your access privileges and is a control to prevent unauthorized access attempts. Physical access controls must not be disabled or bypassed. All badges shall be checked prior to entry. A receptionist, desk attendant, security guard or electronic card reader that logs the identity, time, date, and access privileges of each entry attempt may do such checking. Never share your security badge. If you forget or misplace your badge, go to your Agency s Security Desk and ask for a temporary one. Do not piggyback through a secure entrance behind an employee who has a security badge. Likewise, do not allow anyone to follow you through a secure doorway. Staff authorized to access a facility are required to have their badge visible at all times. Physical Security Perimeter Physical security perimeters are used to: Restrict access to only authorized users Reduce exposures to malicious threats Allow access privileges to be revoked quickly if necessary and, Safeguard the physical perimeter of Agency facilities that house HHS Enterprise information resources. Portable Computing Devices When using a portable computing device (e.g. laptop, Palm Pilot, etc) to access Agency data, you must take precautions to ensure that mobile computing does not compromise the security of the systems being used or data therein. To ensure the security of the device, implement one or both of the following standards: Implement a password-protected sign on screen requirement for mobile equipment. Implement a mechanism to encrypt electronic protected health information when appropriate. Version /28/2005
17 Reporting a Security Breach [ESPSG - Reporting Security Weaknesses] It is the responsibility of each employee to safeguard information, and report breaches and threats to any of the information resource systems. You are expected to remain vigilant for possible fraudulent activities. You should note and report observed or suspected security weaknesses to systems and services. Media Disposal [ESPSG - Information & Media Handling & Security] Sensitive or confidential information stored on electronic hardware and media (e.g. hard disks, CD's, floppy disks, tapes) must be destroyed according to the Agency retention schedule and in a secure manner. This includes the secure disposal of information collected on paper, electronic hardware, or computer media. Just deleting electronic files does not provide a secure method of preventing access to information stored on electronic media. Items that may require secure disposal include: paper documents, audio or video recordings, reports, magnetic tapes, removable disks or cassettes, program listings, test data, and system documentation. To prevent the compromise of sensitive information through careless or inadequate disposal of computer media, follow your Agency procedures for destroying electronic media. Failure to Comply [HHS HR Manual Chapter 4 (Employee Conduct)] The HHS HR Work Rules found in Chapter 4, Section B state that HHS employees must keep all HHS information and all information obtained as an HHS employee confidential, except as otherwise required by law, e.g., the Public Information Act, Texas Government Code, Chapter 552. Consumer-related information may be released only in accordance with sound professional practices, state and federal regulations, and HHS policies and procedures. Related work rules require that you must: Observe work rules Protect state information and property Not steal, sell, willfully or negligently damage, destroy, misuse, lose, or have unauthorized possession of owned or leased state property or use any HHS property, services, or information in an unauthorized manner or for monetary gain (including vehicles, long distance telephone services, and HHS computer systems) Version /28/2005
18 Not destroy, falsify, or cause another to falsify, remove, steal, conceal, or otherwise misuse state information (including documents and oral information) or property. Violating work rules may result in disciplinary action, up to and including dismissal from employment and possible criminal prosecution. Version /28/2005
19 Section IV Glossary Authentication Bandwidth capacity CMS Computer software Computer Usage Agreement Computer virus efax Encryption ESP ESPSG External HHS IT Information Technology Resources or IT Resources The verification of the identity of a person or process. In a communication system, authentication verifies that messages really come from their stated source, like the signature on a (paper) letter. The amount of data that can be passed along a communications channel in a given period of time. Federal Centers for Medicare and Medicaid Services Responsible for enforcing the HIPAA Security Rule. The instructions executed by a computer. An agreement signed by the employee that outlines the policies and procedures related to the use of the Agency s computer resources. Depending on the Agency, this document may also be referred to as: Information Security Agreement, Computer Resource Use Agreement, or Computer Security Agreement. An example of malicious code. A program that attaches itself to an executable file or vulnerable application and delivers a payload that ranges from annoying to extremely destructive. A file virus executes when an infected file is accessed. A macro virus infects the executable code embedded in Microsoft Office programs that allow users to generate macros. Sending a fax from a computer. Any procedure used to convert plaintext into ciphertext (encrypted message) in order to prevent any but the intended recipient from reading that data. HHS Enterprise Security Policy Enterprise Security Policy Standards and Guidelines Relating to, connected with, or existing outside a single Agency or the network of HHS Agencies. HHS Enterprise Information Technology (IT) Department Hardware, software, and communications equipment, including, but not limited to, personal computers, mainframes, wide and local area networks, servers, mobile or portable computers, peripheral equipment, telephones, wireless communications, public safety radio services, facsimile machines, technology facilities including but not limited to, data centers, dedicated training facilities, and switching facilities, and other relevant hardware and software items as well as personnel tasked with the Version /28/2005
20 Internal Internet Intranet PHI Privacy Officer Security Officer Virtual Private Network VPN planning, implementation, and support of technology. Information Resources Is defined by Section (6), Texas Government Code and/or other applicable state or federal legislation. Relating to, or located within a single Agency or the network of HHS Agencies. A global system interconnecting computers and computer networks. The computers and networks are owned separately by a host of organizations, government agencies, companies, and colleges. The Internet is the present information super highway. A private network for communications and sharing of information that, like the Internet, is based on TCP/IP, but is accessible only to authorized users within an organization. An organization s intranet is usually protected from external access by a firewall. Protected Health Information 1. Linked to, or could be linked to, a specific person by name, Social Security number (SSN), date of birth (DOB), geographic area or other individually identifiable information (for example Medicaid ID number) and is 2. Related to that person's past, present or future physical or mental care condition; the provision of health care to that person; or the payment for the provision of health care. Responsible for implementing and monitoring Agency compliance of Privacy rules. Responsible for implementing and monitoring Agency compliance of Security rules. A virtual private network (VPN) is a network in which some of the nodes are connected using the public Internet, but the data sent across the Internet is encrypted, so the entire network is virtually private. Version /28/2005
INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL
INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information
More informationInformation Technology Security Policies
Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral
More informationCITY OF BOULDER *** POLICIES AND PROCEDURES
CITY OF BOULDER *** POLICIES AND PROCEDURES CONNECTED PARTNER EFFECTIVE DATE: SECURITY POLICY LAST REVISED: 12/2006 CHRISS PUCCIO, CITY IT DIRECTOR CONNECTED PARTNER SECURITY POLICY PAGE 1 OF 9 Table of
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationPHI- Protected Health Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationAPPROVED BY: DATE: NUMBER: PAGE: 1 of 9
1 of 9 PURPOSE: To define standards for appropriate and secure use of MCG Health electronic systems, specifically e-mail systems, Internet access, phones (static or mobile; including voice mail) wireless
More informationHIPAA Security Training Manual
HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,
More informationNetwork and Workstation Acceptable Use Policy
CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of
More informationMISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY
MEMORANDUM TO: FROM: RE: Employee Human Resources MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY Please find attached the above referenced policy that is being issued to each
More informationMARIN COUNTY OFFICE OF EDUCATION. EDUCATIONAL INTERNET ACCOUNT Acceptable Use Agreement TERMS AND CONDITIONS
MARIN COUNTY OFFICE OF EDUCATION EDUCATIONAL INTERNET ACCOUNT Acceptable Use Agreement TERMS AND CONDITIONS Please read the following carefully before signing this document. INTERNET access is coordinated
More information13. Acceptable Use Policy
To view the complete Information and Security Policies and Procedures, log into the Intranet through the IRSC.edu website. Click on the Institutional Technology (IT) Department link, then the Information
More informationThe Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3
Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use
More informationCOMPUTER USE POLICY City of Proctor
COMPUTER USE POLICY City of Proctor Purpose This policy serves to protect the security and integrity of the city s electronic communication and information systems by educating employees about appropriate
More informationB. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.
Chicago Public Schools Policy Manual Title: ACCEPTABLE USE OF THE CPS NETWORK AND COMPUTER RESOURCES Section: 604.1 Board Report: 09-0722-PO3 Date Adopted: July 22, 2009 Policy: THE CHIEF EXECUTIVE OFFICER
More informationSample Policies for Internet Use, Email and Computer Screensavers
Sample Policies for Internet Use, Email and Computer Screensavers In many of its financial management reviews, the Technical Assistance Section has encouraged municipalities to develop and adopt policies
More informationCity of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011
City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011 Purpose and Intent The City of Boston recognizes the importance
More informationHow To Protect The Time System From Being Hacked
WISCONSIN TIME SYSTEM Training Materials TIME SYSTEM SECURITY AWARENESS HANDOUT Revised 11/21/13 2014 Security Awareness Handout All System Security The TIME/NCIC Systems are criminal justice computer
More informationFDOH Information and Privacy Awareness Training Learner Course Guide
Florida Department of Health FDOH Information and Privacy Awareness Training Learner Course Guide To protect, promote & improve the health of all people in Florida through integrated state, county, & community
More informationPierce County Policy on Computer Use and Information Systems
Pierce County Policy on Computer Use and Information Systems Pierce County provides a variety of information technology resources such as computers, software, printers, scanners, copiers, electronic mail
More informationSheridan College Institute of Technology and Advanced Learning Telephone and Computer Information Access Policy
Sheridan College Institute of Technology and Advanced Learning Telephone and Computer Information Access Policy Introduction This Telephone and Computer Information Access Policy (the "Policy") governs
More informationBEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
More informationAPPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES
APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS (INCLUDING INTERNET & E-MAIL) EMC CORPORATE POLICY COPYRIGHT 2007 EMC CORPORATION. ALL RIGHTS RESERVED. NO PORTION OF THIS MATERIAL MAY BE REPRODUCED,
More informationDHHS Information Technology (IT) Access Control Standard
DHHS Information Technology (IT) Access Control Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-B 1.0 Purpose and Objectives With the diversity of
More informationHFS DATA SECURITY TRAINING
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationINITIAL APPROVAL DATE INITIAL EFFECTIVE DATE
TITLE AND INFORMATION TECHNOLOGY RESOURCES DOCUMENT # 1107 APPROVAL LEVEL Alberta Health Services Executive Committee SPONSOR Legal & Privacy / Information Technology CATEGORY Information and Technology
More informationDEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE
2 of 10 2.5 Failure to comply with this policy, in whole or in part, if grounds for disciplinary actions, up to and including discharge. ADMINISTRATIVE CONTROL 3.1 The CIO Bureau s Information Technology
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationDelaware State University Policy
Delaware State University Policy Title: Delaware State University Acceptable Use Policy Board approval date: TBD Related Policies and Procedures: Delaware State University Acceptable Use Policy A Message
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationNC DPH: Computer Security Basic Awareness Training
NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects
More informationHIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics
HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationInformation Security and Electronic Communications Acceptable Use Policy (AUP)
Policy No.: AUP v2.0 Effective Date: August 16, 2004 Revision Date: January 17, 2013 Revision No.: 1 Approval jwv / mkb Information Security and Electronic Communications (AUP) 1. INTRODUCTION Southwestern
More information2. Begin gathering necessary documents for student (refer to Record Acknowledgement Form)
Dear Colleague, This notice is to share some recent changes we ve made with our Student Onboarding Process. Effective October 1, 2014, our onboarding process is migrating from Public Safety to our Human
More informationRules of the Road for Users of Smithsonian Computers and Networks
Rules of the Road for Users of Smithsonian Computers and Networks Introduction Smithsonian systems, networks and other computer resources are shared among Smithsonian employees, interns, visiting scholars,
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationTHE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY
THE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY Version Author Date Approved by Board 2009-1 Gillian Kirkup 24 March 2010 Page 1 of 8 THE RICE MARKETING BOARD FOR
More informationHuman Resources Policy and Procedure Manual
Procedure: maintains a computer network and either purchases software for use in the network or develops proprietary software systems for Company use. Company employees are generally authorized to use
More informationU.S. Department of the Interior's Federal Information Systems Security Awareness Online Course
U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior
More informationThe City reserves the right to inspect any and all files stored in private areas of the network in order to assure compliance.
1.0 PURPOSE: Internet access to global electronic information sources on the World Wide Web is provided by the City of Battle Creek to assist in obtaining work-related data and technology. The following
More informationState of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY
State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY Effective December 15, 2008 State of Illinois Department of Central Management Services Bureau
More informationMedford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee
Software Policy Approved by School Committee General Statement of Policy The Medford Public Schools licenses the use of computer software from a variety of third parties. Such software is normally copyrighted
More informationHealth Insurance Portability and Accountability Act (HIPAA) Overview
Health Insurance Portability and Accountability Act (HIPAA) Overview Agency, Contract and Temporary Staff Orientation Initiated: 5/04, Reviewed: 7/10, Revised: 10/10 Prepared by SHS Administration & Samaritan
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationTONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE
GENERAL STATEMENT TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE 1.1 The Council recognises the increasing importance of the Internet and email, offering opportunities for improving
More informationPeace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users
Table of Contents... 1 A. Accountability... 1 B. System Use Notification (Login Banner)... 1 C. Non-... 1 D. System Access... 2 E. User IDs... 2 F. Passwords... 2 G. Electronic Information... 3 H. Agency
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationDepartment of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS
Department of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS 1. Purpose This directive establishes the Department of Homeland
More informationSUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE
SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE Directive Concerning the Colorado Judicial Department Electronic Communications Usage Policy: Technical, Security, And System Management Concerns This
More informationTown of Essex Comprehensive Public Records and Technology Policy
Town of Essex Comprehensive Public Records and Technology Policy Introduction: Public records and the use of technology are inextricably linked in our modern age. As such, this policy covers both topics,
More informationInformation Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc.
Annual Education 2014 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information
More informationBRIGHAM AND WOMEN S HOSPITAL
BRIGHAM AND WOMEN S HOSPITAL HUMAN RESOURCES POLICIES AND PROCEDURES SUBJECT: SOCIAL MEDIA, ELECTRONIC COMMUNICATION and ACCEPTABLE USE POLICY #: HR-503 EFFECTIVE DATE: January 1, 2008 POLICY This policy
More informationDIOCESE OF DALLAS. Computer Internet Policy
DIOCESE OF DALLAS Computer Internet Policy October 2012 Page 1 ROMAN CATHOLIC DIOCESE OF DALLAS COMPUTER SYSTEMS AND INTERNET USE POLICY Summary Definitions: 1. The term Communication(s) Assets as used
More informationMCOLES Information and Tracking Network. Security Policy. Version 2.0
MCOLES Information and Tracking Network Security Policy Version 2.0 Adopted: September 11, 2003 Effective: September 11, 2003 Amended: September 12, 2007 1.0 POLICY STATEMENT The Michigan Commission on
More informationTenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014
Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology
More informationTameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
More informationHIPAA Privacy & Security Health Insurance Portability and Accountability Act
HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would
More informationSection 5 Identify Theft Red Flags and Address Discrepancy Procedures Index
Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...
More informationMEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT
MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT TO: John Phillips, City Manager Number: 04-020 SUBJECT: Computer Network, Internet and E-Mail Access Policy Date: 9/903 Attached is copy of the Information
More informationGuide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR
Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific
More informationCity of Venice Information Technology Usage Policy
City of Venice Information Technology Usage Policy The City of Venice considers information technology (IT) resources to be city resources. It shall be the policy of the city to maintain these resources
More informationAcceptable Use Policy
Acceptable Use Policy TABLE OF CONTENTS PURPOSE... 4 SCOPE... 4 AUDIENCE... 4 COMPLIANCE & ENFORCEMENT... 4 POLICY STATEMENTS... 5 1. General... 5 2. Authorized Users... 5 3. Loss and Theft... 5 4. Illegal
More informationICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation
ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette
More informationInformation Security Code of Conduct
Information Security Code of Conduct IT s up to us >Passwords > Anti-Virus > Security Locks >Email & Internet >Software >Aon Information >Data Protection >ID Badges > Contents Aon Information Security
More informationREGION 19 HEAD START. Acceptable Use Policy
REGION 19 HEAD START Acceptable Use Policy 1.0 Overview Research, Evaluation, Assessment and Information Systems (R.E.A.I.S.) intentions for publishing an Acceptable Use Policy are not to impose restrictions
More informationState HIPAA Security Policy State of Connecticut
Health Insurance Portability and Accountability Act State HIPAA Security Policy State of Connecticut Release 2.0 November 30 th, 2004 Table of Contents Executive Summary... 1 Policy Definitions... 3 1.
More informationInformation Security Policy Manual
Information Security Policy Manual Latest Revision: May 16, 2012 1 Table of Contents Information Security Policy Manual... 3 Contact... 4 Enforcement... 4 Policies And Related Procedures... 5 1. ACCEPTABLE
More informationNetwork Security Policy
KILMARNOCK COLLEGE Network Security Policy Policy Number: KC/QM/048 Date of First Issue: October 2009 Revision Number: 3 Date of Last Review: October 2011 Date of Approval \ Issue May 2012 Responsibility
More informationHow To Write A Health Care Security Rule For A University
INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationAPPROVED BY: Signatures on File Chief Information Officer APPROVED BY: Chief Financial Officer PURPOSE
TITLE: COMPUTER USE POLICY PAGE 1 OF 5 EFFECTIVE DATE: 07/2001 REVIEW DATES: 02/2003, 09/2006 REVISION DATES: 03/2005, 03/2008 DISTRIBUTION: All Departments PURPOSE APPROVED BY: Signatures on File Chief
More informationLa Cañada Unified School District Personnel Use of Technology Regulations (AR 4163.4) Also known as the Staff Technology and Internet Use Policy
LCUSD Personnel Use of Technology Regulations (AR 4163.4) Updated 08/21/08 p. 1 of 5 La Cañada Unified School District Personnel Use of Technology Regulations (AR 4163.4) Also known as the Staff Technology
More informationAngard Acceptable Use Policy
Angard Acceptable Use Policy Angard Staffing employees who are placed on assignments with Royal Mail will have access to a range of IT systems and mobile devices such as laptops and personal digital assistants
More informationAppendix H: End User Rules of Behavior
Appendix H: End User Rules of Behavior 1. Introduction The Office of Management and Budget (OMB) has established the requirement for formally documented Rules of Behavior as set forth in OMB Circular A-130.
More informationThe Bishop s Stortford High School Internet Use and Data Security Policy
Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable
More informationInformation Technology Acceptable Use Policy
Information Technology Acceptable Use Policy Overview The information technology resources of Providence College are owned and maintained by Providence College. Use of this technology is a privilege, not
More informationHIPAA Awareness Training
New York State Office of Mental Health Bureau of Education and Workforce Development HIPAA Awareness Training This training material was prepared for internal use by the New York State Office of Mental
More informationAppendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice
Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help
More informationAppendix A: Rules of Behavior for VA Employees
Appendix A: Rules of Behavior for VA Employees Department of Veterans Affairs (VA) National Rules of Behavior 1 Background a) Section 5723(b)(12) of title 38, United States Code, requires the Assistant
More informationsection 15 Computers, Email, Internet, and Communications
section 15 Computers, Email, Internet, and Communications 15.1 Electronic Communications Email is Not Private Email messages, including attachments, sent and received on YWCA Tulsa equipment are the property
More information'Namgis First Nation. 1.0 Overview. 2.0 Purpose. 3.0 Scope. 4.0 Policy
Created: 2/18/2011 Page 1 of 8 'Namgis First Nation is hereinafter referred to as "the government." 1.0 Overview Though there are a number of reasons to provide a user network access, by far the most common
More informationPolicy and Procedure for Internet Use Summer Youth Program Johnson County Community College
Policy and Procedure for Internet Use Summer Youth Program Johnson County Community College This Policy and Procedures for Internet Use booklet has been prepared for Summer Program students with access
More informationProcedure Title: TennDent HIPAA Security Awareness and Training
Procedure Title: TennDent HIPAA Security Awareness and Training Number: TD-QMP-P-7011 Subject: Security Awareness and Training Primary Department: TennDent Effective Date of Procedure: 9/23/2011 Secondary
More informationSenior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES
Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the
More informationUTMB INFORMATION RESOURCES PRACTICE STANDARD
IR Security Glossary Introduction Purpose Applicability Sensitive Digital Data Management Privacy Implications This abbreviated list provides explanations for typically used Information Resources (IR)
More informationAPHIS INTERNET USE AND SECURITY POLICY
United States Department of Agriculture Marketing and Regulatory Programs Animal and Plant Health Inspection Service Directive APHIS 3140.3 5/26/2000 APHIS INTERNET USE AND SECURITY POLICY 1. PURPOSE This
More information4118.35 Personnel POLICY REGARDING EMPLOYEE USE OF THE DISTRICT'S COMPUTER SYSTEMS AND ELECTRONIC COMMUNICATIONS
4118.35 Personnel POLICY REGARDING EMPLOYEE USE OF THE DISTRICT'S COMPUTER SYSTEMS AND ELECTRONIC COMMUNICATIONS Computers, computer networks, electronic devices, Internet access, and e-mail are effective
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationAbout this Tool Information Security for Residents...
About this Tool Information Security for Residents... Purpose: Provide materials to inform and educate Residents in order to reach compliance regarding information security. Audience: New Residents Information
More informationResponsible Access and Use of Information Technology Resources and Services Policy
Responsible Access and Use of Information Technology Resources and Services Policy Functional Area: Information Technology Services (IT Services) Applies To: All users and service providers of Armstrong
More informationWestchester Community College Student Technology Use Policy Version 2 / April 2015 Table of Contents
Westchester Community College Student Technology Use Policy Version 2 / April 2015 Table of Contents Introduction... 2 Prohibited Use... 2 Electronic Communication & Computer Usage... 3 Identification
More informationAppropriate Use of Campus Computing and Network Resources
The Claremont Colleges Policy Regarding Appropriate Use of Campus Computing and Network Resources Approved by the Council of The Claremont Colleges on 08/20/04 An overall guiding mission of The Claremont
More informationPolicy Description: Use of Internet, Email, and Other IT Resources Policy Policy No: ODT IT 001. Pages: 9 Pages
Policy Description: Use of Internet, Email, and Other IT Resources Policy Policy No: ODT IT 001 Authorities: Ohio IT Policy ITP E.8 ODT HR - 011 ODT HR 015 IRS Publication 1075 Divisions With Primary Responsibility:
More informationDepartment of Finance and Administration Telephone and Information Technology Resources Policy and Procedures March 2007
Department of Finance and Administration Telephone and Information Technology Resources Policy and Procedures March 2007 I. Statement of Policy The Department of Finance and Administration (DFA) makes
More informationEMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY
EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY This is a statement of The New York Institute for Special Education s (NYISE s) policy related to employees Computer Network and Internet
More information