Critical Success Factors for FedRAMP Assessments A 3PAO Perspective
|
|
- Gwen Pitts
- 8 years ago
- Views:
Transcription
1 Creating Mre Effective and Strategic Slutins Critical Success Factrs fr FedRAMP Assessments A 3PAO Perspective David Svec Veris Grup, LLC Summary Clud Security Prviders (CSPs) fr the gvernment have a strategic and imprtant decisin t make befre entering the Federal Risk and Authrizatin Management Prgram (FedRAMP) authrizatin prcess. FedRAMP has the clear ptential t prvide CSPs with additinal business pprtunities as federal agencies adpt the Clud First initiative. The selectin f the third party assessment rganizatin (3PAO) t partner with thrughut the FedRAMP prcess is critical t the verall success f the CSP s request fr authrizatin. The strategic and technical slutins ffered by an experienced 3PAO can ensure that the CSP is assessed in accrdance with FedRAMP guidelines. FEDRAMP PURPOSE Alternatively, where CSPs require guidance prir t the security assessment, a 3PAO nt perfrming the actual assessment can help the CSP navigate thrugh the dcumentatin review prcess under FedRAMP and ultimately the issuance f a prvisinal Authrity t Operate (ATO). This can help ensure the prper preparatin f all security dcumentatin and implementatin f security cntrls within the CSP s infrastructure. Ensure that clud-based services have adequate infrmatin security Eliminate duplicatin f effrt and reduce risk management csts Enable rapid and cst-effective prcurement f infrmatin systems/services fr federal agencies By streamlining prcesses and prviding cst and time-saving initiatives, the 3PAO can help the CSP achieve the FedRAMP prvisinal ATO in a shrter timeframe. As a trusted advisr r as the independent assessr, the 3PAO can prvide a clear radmap t meeting FedRAMP requirements and ptentially shrten the authrizatin timeline. FedRAMP Overview In 2010, the federal gvernment made a strng plicy stand in favr f clud cmputing with a series f plicy decisins and initiatives aimed at supprting the secure and efficient migratin f gvernment agency infrmatin t a clud envirnment. As early as 2012, early studies indicate that clud services have saved the federal gvernment mre than 5.5 billin dllars, with mre savings pssible in the future. 1 FedRAMP is the largest security initiative t facilitate this Clud First prcess. FedRAMP is nw a mandatry framewrk fr the cnsistent and cst-effective assessment and cntinuus mnitring f CSPs that wrk with gvernment agencies. The framewrk relies n independent 3PAOs, such as Veris Grup, t assess CSP systems t ensure that effective security cntrls are prperly implemented and t allw transparency and cnsistency between the gvernment and the CSPs.
2 Creating Mre Effective and Strategic Slutins FedRAMP prcesses cnsist f three distinct areas (see figure 1). The initial security assessment area, which is the first phase fr CSPs, includes fur steps: initiating the prvisinal ATO request; dcumenting and implementing the security cntrls; perfrming the security assessment (testing); and finalizing the security assessment reprt. There are mre than 20 different deliverables assciated with this area. Area 1 cncludes with the submissin f the Finalized Security Assessment Package t the Jint Authrizatin Bard (JAB) fr prvisinal authrizatin. 1 Security Assessment 2 Leverage Prvisinal Authrizatin 3 Onging Assessment & Authrizatin Figure 1 Challenges f FedRAMP Since FedRAMP authrizatin (i.e., prvisinal authrizatin) is required fr any CSP wrking with the federal gvernment, gaining the FedRAMP JAB acceptance and accreditatin apprval f clud fferings including infrastructure, platfrm, and sftware as a service (IaaS, PaaS, SaaS), has becme a primary cmpetitive advantage and challenge fr CSPs in selling their slutins t the federal gvernment. The FedRAMP methdlgy and security cmpliance requirements can create a cmplex, expensive, and demanding prcess fr CSPs. In the 14 mnths leading up t the FedRAMP Pre-launch phase, less than half f the twelve Clud BPA awardees had been issued an Authrizatin t Operate (ATO). Additinally, FedRAMP expects t authrize nly a very small number f CSPs in CSPs have several specific respnsibilities utlined by the gvernment thrughut the FedRAMP prcess. Thse respnsibilities include implementing security cntrls based upn the FedRAMP security baseline; creating security assessment packages in accrdance with FedRAMP requirements; and cntracting with an independent 3PAO t perfrm initial and nging security assessments (testing). Hwever, t decrease the risk f a CSP nt btaining authrizatin, the CSPs als have t vercme challenges nt fully specified by the gvernment, but instead evidenced by the experiences f the 3PAO. The biggest bstacle t FedRAMP authrizatin that CSPs face is lack f preparatin. In an effrt t enter the market as early as pssible, many CSPs are jumping int assessments prematurely, thereby wasting valuable time and resurces and inevitably prlnging the assessment prcess. The newly implemented FedRAMP assessment prcess requires a significant level f effrt unanticipated by many CSPs, and the prviders may als be unaware f the time, resurces, csts, and security requirements necessary fr assessments. The detail-
3 Creating Mre Effective and Strategic Slutins riented prcess and dcumentatin fr FedRAMP can be daunting fr small, mid-, and even large-sized CSPs withut guidance and explanatin. Veris Grup has identified several strategic and technical critical success factrs fr CSPs t help ensure successful and cst-effective preparatin fr 3PAO assessments. 3PAO Slutins The rle f the 3PAOs, twelve f whm are currently authrized at publicatin, is ne f independent assessr and expert in navigating FedRAMP prcesses. Veris Grup, LLC, is ne f the first accredited 3PAOs and is a current prvider f security assessments t leading industry CSPs. We leveraged ur lessns learned frm perfrming successful and thrugh security assessments fr CSPs t prvide recmmendatins t CSPs interested in selling an authrized clud slutin t the federal gvernment. Specifically, Veris Grup utlined a series f strategic and technical factrs that can have significant impact n the success f a CSP entering area 1 f the FedRAMP authrizatin prcess. Strategic Factrs Leadership Buy-In T prvide adequate prgram resurces and t set expectatins regarding cmpliance, the CSP s leadership must be aware and supprtive f the assessment prcess. The FedRAMP prcesses require specific preparatry wrk t be cmpleted by the CSP, and it is the leadership wh sets the expectatin that this wrk is nt ptinal, but is nw part f the expected duties f the IT peratinal, engineering, and security staff f the CSP. Leadership is als accuntable fr managing the risk f any existing r newly identified security vulnerabilities. Cmmunicatin between the 3PAO, FedRAMP fficials, and CSP leadership shuld facilitate this buy-in and awareness via the planning, executin, and debriefing activities. Dcuments & Prcesses Budgeting Outsurcing Depending n the system size, cmplexity, fr Assistance security psture and maturity, and architectural cnsideratins, FedRAMP assessments can becme an expensive investment that will require bth internal and external expenditures. Leadership Buy-In Strategic Factrs Cmmunicatin Budgeting It is necessary that CSP leadership understands these csts up frnt and calculates the ptential fr a psitive return n investment. The 3PAO is respnsible fr utlining these csts as realistic and defendable specific tasks and subtasks as they relate t the cmpnent-level security assessment and the entire assessment prcess. CSP leadership must ensure that the riginal qute prvided t them includes all expected csts and prvides a breakut f the csts, assumptins, and ptential scping and retesting issues inherent t FedRAMP that culd impact estimated schedule and csts.
4 Creating Mre Effective and Strategic Slutins Cmmunicatin FedRAMP is a transparent prcess. Open dialgue and interactin between the CSP and the FedRAMP PMO, JAB, and 3PAO frm the beginning ensures understanding f scpe, technlgy, security requirements, and assessment prcess, thereby decreasing risk and increasing the pprtunity fr authrizatin. Full and pen cmmunicatin will ensure all that stakehlders understand cmplex security issues as they relate t clud slutins. FedRAMP is an incremental and phased prcess with multiple critical cmmunicatin pints and milestnes thrughut the security assessment area. Weekly cmmunicatin between all stakehlders, full disclsure f relevant findings, and discussin and timely reslutin f all issues and risks are critical t the success f the prcess. As an end gal, ensuring that all issues have been reslved prir t the assembly f the Security Assessment Package fr submissin t the JAB will significantly increase the likelihd f a favrable authrizatin determinatin. CSPs shuld lk fr a 3PAO with prject management experience and a slid cmmunicatin plan thrughut the prcess. Outsurcing fr Assistance It is imprtant that CSPs fully vet and understand the pricing mdels, deliverables, and experience f all third party experts, including the 3PAO and ther preparatin cnsultants, wh will be assessing and assisting the CSP thrughut the FedRAMP prcess. Pricing mdels fr assessments shuld prvide clear dcumentatin fr included csts and utline pssible extra csts t be incurred. It is als crucial that CSPs prtect their intellectual prperty and technlgy with strng nn-disclsure agreements (NDAs) withut hindering the FedRAMP reprting respnsibilities required f the 3PAO. Leveraging f Security Dcumentatin and Prcesses T save time, mney, and resurces, CSPs shuld use existing system dcumentatin and security plicies, prcesses, and prcedures currently accredited under ther federal agency accreditatin bdies r leverage industry cmpliance standards (ISO, PCI, SOC, etc.), whenever pssible. There are many similarities amng industry security cmpliance framewrks s many cmpnents f an verall strng security prgram shuld be reused. Fr example, written accunt management prcedures r cntingency plans shuld be presented t a 3PAO t fulfill their testing requirements. Technical Factrs System Bundary Definitin and Inventry Preparatin CSPs shuld take time t thrughly dcument and baseline their entire clud envirnment and its system bundaries t avid any assessment impacts that wuld ccur if ther elements f the system are discvered by the assessr r are nt accurately dcumented. CSPs must have a thrugh understanding f the NIST and additinal FedRAMP security requirements that shuld be in place in rder t adequately detail their systems. Tls Technical Testing & Sampling System Bundary Definitin & Inventry Prep Technical Factrs Cntinuus Mnitring Cntrl Inheritance
5 Creating Mre Effective and Strategic Slutins A rbust and well-dcumented security prgram is necessary t successfully cmplete the security assessment. CSPs will need t plan fr additinal time t fully dcument and implement all security cntrls, prir t the security assessment. Failure t d s culd result in an incmplete security assessment r lengthy delays. A cmplete and accurate inventry that identifies all physical and virtualized devices must be maintained by the CSP. FedRAMP prvides tls such as the FedRAMP self-audit/assessment t guide CSPs thrugh this type f system preparatin. The 3PAO is als a valuable resurce fr a mre thrugh explanatin f the preparatin needed. Cntrl Inheritance Depending n the clud slutin and where it is hsted, CSPs shuld lk fr pprtunities t inherit security cntrl prtectin frm an existing FedRAMP authrized CSP, thereby reducing the assessment scpe and aviding duplicatin f testing effrts. Fr example, a particular SaaS r PaaS slutin may be able t inherit security prtectin frm an authrized IaaS envirnment n which it is hsted. In cases where the CSP des nt have management cntrl f the physical hsting envirnment, it may be necessary t ensure that Service Level Agreements and cntract agreements specifically require that the data center will mitigate any findings identified during the FedRAMP security assessment. Cntinuus Mnitring The cntinuus mnitring phase is the final and nging area f FedRAMP authrizatin that begins after a CSP btains a prvisinal ATO. Early n, CSPs shuld implement a strng cntinuus mnitring security slutin built arund autmatin, where pssible. This will help ensure that the CSP is prepared fr this imprtant phase f the FedRAMP prcess and will reduce lng-term security cmpliance csts and imprve real-time security psture. Rbust vulnerability management and cnfiguratin management prcesses are critical t maintaining the prvisinal ATO granted by FedRAMP. The relatinship with the 3PAO may cntinue int this phase thrugh quarterly vulnerability scanning and annual security assessments f the CSP s slutin. Develping a lng-term agreement with the 3PAO will allw the 3PAO t prvide cst-savings because the 3PAO will be familiar with the system and the prject management requirements f the relatinship. Technical Testing and Sampling Many clud slutins are cmprised f multiple technlgies and many instances f each. CSPs shuld ensure that planning, preparatin, and testing is cnducted n all technlgy types. A sampling plan shuld detail all f the including technlgies agreed upn with the FedRAMP PMO and 3PAO prir t the assessment and clearly identify them in the security assessment plan. The sample size f autmated testing must prvide a representative sample f the entire inventry. Manual testing sample sizes will vary by the applicability f the security cntrl t specific cmpnents r technlgy types. Tls The autmated tls that the 3PAO uses t perfrm the security assessment must be cmpliant with the FedRAMP standards. The 3PAO s cntract shuld utline all f the autmated tls that they will use t cnduct the assessment. Where applicable, all security testing tls must cnduct vulnerability scans with authenticated credentials within the system. CSPs shuld ensure that these tls meet the cnfiguratin baselines f the federal gvernment and additinal FedRAMP requirements and cmplement the security tls in use within the clud system bundary. This respnsibility cntinues int the cntinuus mnitring phase as well.
6 Creating Mre Effective and Strategic Slutins Clsing Summary A CSP s selectin f a 3PAO shuld be an infrmed and thughtful prcess. The right 3PAO can help guide the CSP thrugh the preparatin and dcumentatin prcess fr a FedRAMP assessment. The relatinship between the CSP and 3PAO has the ptential t be lng-term, s finding ne with the interpersnal skills necessary fr effective cmmunicatin, the technical knw-hw and experience fr prper independent assessments, and the prject management experience fr the rigrus and detailed dcumentatin required by FedRAMP is critical. References f previus clud security assessments shuld be prvided by experienced 3PAOs. A well-prepared CSP can lk frward t a smth rad tward FedRAMP authrizatin and increased access t ptential gvernment clients. 1 McKendrick, J. Clud Culd Cut $12 Billin frm U.S. Gvernment Annual Deficit: Study. April 30, Frbes.cm. David Svec is the c-principal and c-funder f Veris Grup, LLC, a Vienna, VA-based cybersecurity firm and accredited FedRAMP 3PAO. Veris Grup, LLC Attn: FedRAMP 3PAO Divisin 8229 Bne Blvd., Suite 750 Vienna, VA (703) fedramp@verisgrup.cm 8229 BOONE BLVD., SUITE 750 VIENNA, VA P: (703) F: (703) inf@verisgrup.cm
Better Practice Guide Financial Considerations for Government use of Cloud Computing
Better Practice Guide Financial Cnsideratins fr Gvernment use f Clud Cmputing Nvember 2011 Intrductin Many Australian Gvernment agencies are in the prcess f cnsidering the adptin f clud-based slutins.
More informationVulnerability Management:
Vulnerability Management: Creating a Prcess fr Results Kyle Snavely Veris Grup, LLC Summary Organizatins increasingly rely n vulnerability scanning t identify risks and fllw up with remediatin f thse risks.
More informationChange Management Process
Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses
More informationProcess Improvement Center of Excellence Service Proposal Recommendation. Operational Oversight Committee Report Submission
Prcess Imprvement Center f Excellence Service Prpsal Recmmendatin Operatinal Oversight Cmmittee Reprt Submissin INTRODUCTION This Prpsal prvides initial infrmatin regarding a pssible additin t a service.
More informationPOLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationIntroduction to FedRAMP Abel Sussman. June, 2015
Intrductin t FedRAMP Abel Sussman June, 2015 1 Agenda FedRAMP Overview and Backgrund FedRAMP Final Package Authrizatin Types and Timeline Cmmn Challenges and Keys t Success Fr mre infrmatin. 2 Backgrund
More informationInternal Audit Charter and operating standards
Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw
More informationUNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES
UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative
More informationMANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016
MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 The Manitba Securities Cmmissin (the Cmmissin) is a divisin f the Manitba Financial Services Agency (MFSA). The ther divisin is the Financial Institutins
More informationChange Management Process For [Project Name]
Management Prcess Fr [Prject Name] i 1 Intrductin The is fllwed during the Executin phase f the Prject Management Life Cycle, nce the prject has been frmally defined and planned. 1.1 What is a Management
More informationSECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain
More informationFinancial Accountability Handbook
Financial Accuntability Handbk >> Vlume 5 Reprting Systems Infrmatin Sheet 5.2 Preparatin f Financial Statements Intrductin The Financial Accuntability Act 2009 (the Act) and the Financial and Perfrmance
More informationUNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer
UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Revised Critical Infrastructure Prtectin Reliability Standards Dcket N. RM15-14-000 Statement f Thmas F. O Brien Vice President & Chief Infrmatin
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationInformation Technology Services. University of Maine System. Version 0.07. December 20, 2012
IT PROJECT MANAGEMENT OFFICE (PMO) CHARTER Infrmatin Technlgy Services University f Maine System Versin 0.07 December 20, 2012 Prepared by: Rbin Sherman Authrized by: [1] Table f Cntents EXECUTIVE SUMMARY...
More informationSolution. Industry. Challenges. Client Case Study. Legacy Systems too Costly to Maintain. Supply Chain Advantage. Delivered.
Supply Chain Advantage. Delivered. Client Case Study MEBC Supprts the Federal Aviatin Administratin Manage Prject Risk during Majr ERP Implementatin thrugh Independent Verificatin and Validatin (IV&V)
More informationCASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles
More informationRisk Management Policy AGL Energy Limited
Risk Management Plicy AGL Energy Limited AUGUST 2014 Table f Cntents 1. Abut this Dcument... 2 2. Plicy Statement... 2 3. Purpse... 2 4. AGL Risk Cntext... 3 5. Scpe... 3 6. Objectives... 3 7. Accuntabilities...
More informationCDC UNIFIED PROCESS PRACTICES GUIDE
Dcument Purpse The purpse f this dcument is t prvide guidance n the practice f Business Case and t describe the practice verview, requirements, best practices, activities, and key terms related t these
More informationFINANCIAL SERVICES FLASH REPORT
FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent
More informationCMS Eligibility Requirements Checklist for MSSP ACO Participation
ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.
More informationITIL Release Control & Validation (RCV) Certification Program - 5 Days
ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management
More informationTERMS OF REFERENCE. Consultancy Services: The Development of a Cloud-Based Client Relationship Management Tool for CAIPA 1
TERMS OF REFERENCE Cnsultancy Services: The Develpment f a Clud-Based Client Relatinship Management Tl fr CAIPA 1 1. BACKGROUND AND PROJECT DESCRIPTION Investment prmtin experts have emphasized the need
More informationAgenda. o Purpose of IT Assessment o Scope of IT Assessment o Deloitte Recommendations o IBM Discussions o Research Data Center o Open Season
Agenda Purpse f IT Assessment Scpe f IT Assessment Delitte Recmmendatins IBM Discussins Research Data Center Open Seasn Purpse f IT Assessment Determine if IT resurces are being utilized efficiently and
More informationENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY Plicy N. 10014 Review Date Octber 1, 2014 Effective Date March 1, 2014 Crss- Respnsibility Vice President, Reference Administratin Apprver Executive Cuncil 1. 1. Plicy
More informationPOSITION NUMBER: LOCATION: Vancouver. DATE: February 2009
POSITION TITLE: Team Lead Service Centre DIVISION/BRANCH: IS/IT CURRENT CLASSIFICATION LEVEL: IS27 SUPERVISOR S POSITION NUMBER POSITION NUMBER: LOCATION: Vancuver DATE: February 2009 SUPERVISOR S TITLE/CLASSIFICATION:
More informationHEALTH INFORMATION EXCHANGE GRANTS CRITERIA
1 HEALTH INFORMATION EXCHANGE GRANTS CRITERIA INTRODUCTION On August, 20 th, the federal Office f the Natinal Crdinatr fr Health Infrmatin Technlgy (ONC) released an pprtunity fr states t apply fr between
More informationGuidelines on Data Management in Horizon 2020
Guidelines n Data Management in Hrizn 2020 Versin 1.0 11 December 2013 Guidelines n Data Management in Hrizn 2020 Versin 16 December 2013 Intrductin In Hrizn 2020 a limited pilt actin n pen access t research
More informationProfessional Leaders/Specialists
Psitin Prfile Psitin Lcatin Reprting t Jb family Band BI/Infrmatin Manager Wellingtn Prfessinal Leaders/Specialists Band I Date February 2013 1. POSITION PURPOSE The purpse f this psitin is t: Lead and
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationCDC UNIFIED PROCESS PRACTICES GUIDE
Dcument Purpse The purpse f this dcument is t prvide guidance n the practice f Risk Management and t describe the practice verview, requirements, best practices, activities, and key terms related t these
More informationAudit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd
Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew
More informationJob Profile Data & Reporting Analyst (Grant Fund)
Jb Prfile Data & Reprting Analyst (Grant Fund) Directrate Lcatin Reprts t Hurs Finance Slihull Finance Directr Nminally 37 hurs but peratinally available at all times t meet Cmpany requirements Cntract
More informationArmy DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012
Army DCIPS Emplyee Self-Reprt f Accmplishments Overview Revised July 2012 Table f Cntents Self-Reprt f Accmplishments Overview... 3 Understanding the Emplyee Self-Reprt f Accmplishments... 3 Thinking Abut
More informationPhi Kappa Sigma International Fraternity Insurance Billing Methodology
Phi Kappa Sigma Internatinal Fraternity Insurance Billing Methdlgy The Phi Kappa Sigma Internatinal Fraternity Executive Bard implres each chapter t thrughly review the attached methdlgy and plan nw t
More informationVersion Date Comments / Changes 1.0 January 2015 Initial Policy Released
Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance
More informationA project manager may choose to use a combination or hybrid of agile and waterfall processes on a project. Here, we describe only the agile process.
Intrductin Agile Prcess Jbaid The IT Prject Management Office designed the Agile prcesses t prvide the prject team the flexibility t tailr / adjust the prcess t supprt the needs and cmplexity f the prject.
More informationITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days
ITIL Service Offerings & Agreement (SOA) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management
More informationSystem Business Continuity Classification
Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationOccupational Therapy Working Group: Service Delivery review and Fee Review
Occupatinal Therapy Australia Victria Divisin Terms f Reference submissin Occupatinal Therapy Wrking Grup: Service Delivery review and Fee Review HDSG (TAC and VWA) July 2014 Occupatinal Therapy Australia
More informationThis report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd.
Cmmittee: Date(s): Infrmatin Systems Sub Cmmittee 11 th March 2015 Subject: Agilisys Managed Service Financial Reprt Reprt f: Chamberlain Summary Public Fr Infrmatin This reprt prvides Members with an
More informationPCI DSS Cloud Computing Guidelines
Standard: PCI Data Security Standard (PCI DSS) Versin: 2.0 Date: February 2013 Authr: Clud Special Interest Grup PCI Security Standards Cuncil Infrmatin Supplement: PCI DSS Clud Cmputing Guidelines Table
More informationHIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337
HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationTHIRD PARTY PROCUREMENT PROCEDURES
ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central
More informationMajor capital investment in councils. Good practice checklist for project managers
Majr capital investment in cuncils checklist fr prject managers Prepared by Audit Sctland March 2013 b The Accunts Cmmissin The Accunts Cmmissin is a statutry, independent bdy which, thrugh the audit prcess,
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationAim The aim of a communication plan states the overall goal of the communication effort.
Develping a Cmmunicatin Plan- Aim Aim The aim f a cmmunicatin plan states the verall gal f the cmmunicatin effrt. Determining the Aim Ask yurself r yur team what the verall gal f the cmmunicatin plan is.
More informationE-Business Strategies For a Cmpany s Bard
DATATEC LIMITED BOARD CHARTER / TERMS OF REFERENCE 1. CONSTITUTION The primary bjective f the Cmpany s Bard Charter is t set ut the rle and respnsibilities f the Bard f Directrs ( the Bard ) as well as
More informationChief Finance and Operations Officer IfM Education and Consultancy Services (IfM ECS)
Chief Finance and Operatins Officer IfM Educatin and Cnsultancy Services (IfM ECS) Rle Summary IfM ECS disseminates the research and educatin utputs f the University f Cambridge Institute fr Manufacturing
More informationNC3A SOA Techwatch Day Call for Presentations
NC3A SOA Techwatch Day Call fr Presentatins 1 February 2012 Hsted at NATO C3 Agency, The Hague, The Netherlands By NC3A Chief Technlgy Office (CTO) David Burtn Chief Technlgy fficer Versin 1, 1 December
More informationGravesham Borough Council
Classificatin: Part 1 Public Key Decisin: Please specify - N Gravesham Brugh Cuncil Reprt t: Perfrmance and Administratin Cmmittee Date: 12 Nvember 2015 Reprting fficer: Subject: Crprate Perfrmance Manager
More informationEJttilb Health. The University of Texas Medical Branch Audit Services. Audit Report. Epic In-Basket Management Audit. Engagement Number 2015-008
',. -... : t'f" ' EJttilb Health The University f Texas Medical Branch Audit Reprt Audit Engagement Number 2015-008 July 2015 nie University f Texas Medical Branch 301 University Bulevard, Suite 4.100
More informationThe Town of Fort Frances
The Twn f Frt Frances PERFORMANCE APPRAISAL POLICY SECTION HUMAN RESOURCES REVISED August 2002 Reslutin N. Supercedes Reslutin N. Plicy Number 3.3 PAGE 1 f 9 1. PURPOSE: The purpse f supprt staff perfrmance
More informationCommunicating Deficiencies in Internal Control to Those Charged with Governance and Management
Internatinal Auditing and Assurance Standards Bard ISA 265 April 2009 Internatinal Standard n Auditing Cmmunicating Deficiencies in Internal Cntrl t Thse Charged with Gvernance and Management Internatinal
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationThe Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future
The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents
More informationSystems Load Testing Appendix
Systems Lad Testing Appendix 1 Overview As usage f the Blackbard Academic Suite grws and its availability requirements increase, many custmers lk t understand the capability f its infrastructure. As part
More informationIN-HOUSE OR OUTSOURCED BILLING
IN-HOUSE OR OUTSOURCED BILLING Medical billing is ne f the mst cmplicated aspects f running a medical practice. With thusands f pssible cdes fr diagnses and prcedures, and multiple payers, the ability
More informationGovernment of Malta. Reference: GMICT X 0004-1:2014 Version: 7.0. Effective: 07 January 2014
Gvernment f Malta Reference: GMICT X 0004-1:2014 Versin: 7.0 Effective: 07 January 2014 This dcument is part f the http://ictplicies.gv.mt Underlined terms are defined in the Vcabulary. Purpse The purpse
More informationOE PROJECT MANAGEMENT GLOSSARY
OE PROJECT MANAGEMENT GLOSSARY ACCEPTANCE CRITERIA : thse criteria, including perfrmance requirements and essential cnditins that must be met befre the prject deliverables are accepted. ACTIVITY: an actin
More informationVIRGINIA S AUTOMATION OF CHILD CARE SUBSIDY
VIRGINIA S AUTOMATION OF CHILD CARE SUBSIDY AGENDA Business Drivers Radmap t Autmatin Lcal Department Participatin Facilitating a Smth Transitin Benefits Challenges & Surprises Wish List If we were t d
More informationIT CHANGE MANAGEMENT POLICY
IT CHANGE MANAGEMENT POLICY Effective Date May 19, 2016 Crss-Reference 1. IT Operatins and Maintenance Plicy 2. IT Security Incident Management Plicy Respnsibility Apprver Review Schedule 1. Plicy Statement
More informationRequest for Proposal. Saskatchewan Arts Board. Database Development. RFP Reference Number S AB-ADMIN001. Release Date Februar y 9, 2016
Request fr Prpsal Saskatchewan Arts Bard Database Develpment RFP Reference Number S AB-ADMIN001 Release Date Februar y 9, 2016 Clsing Date March 1, 2016 Clsing Time 2:00 pm, Lcal Sask. Time Page 2 f 7
More informationWhat is Software Risk Management? (And why should I care?)
What is Sftware Risk Management? (And why shuld I care?) Peter Kulik, KLCI, Inc. 1 st Editin, Octber 1996 Risks are schedule delays and cst verruns waiting t happen. As industry practices have imprved,
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationDelaware Performance Appraisal System
Delaware Perfrmance Appraisal System Building greater skills and knwledge fr educatrs DPAS-II Guide fr Administratrs (District Administratrs) Supervisr Rubric fr Evaluating District Administratrs Updated
More informationLINCOLNSHIRE POLICE Policy Document
LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area
More informationMSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER
MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend
More informationexpertise hp services valupack consulting description security review service for Linux
expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS
More informationPresentation: The Demise of SAS 70 - What s Next?
Presentatin: The Demise f SAS 70 - What s Next? September 15, 2011 1 Presenters: Jeffrey Ziplw - Partner BlumShapir Jennifer Gerasimv Senir Manager Delitte. SAS 70 Backgrund and Overview Purpse f a SAS
More informationRENEWABLE ENERGY CAPITAL & PROJECT MANAGEMENT
BEST PRACTICE RENEWABLE ENERGY CAPITAL & PROJECT MANAGEMENT Expert Curse Faculty Mr Kasper Walet Organised By pweredge Curse Overview The speed f renewable energy adptin and its ultimate market share will
More informationPROTIVITI FLASH REPORT
PROTIVITI FLASH REPORT The PCI Security Standards Cuncil Releases PCI DSS Versin 3.2 May 9, 2016 On April 28, 2016, the PCI Security Standards Cuncil (PCI SSC) released PCI Data Security Standard (PCI
More informationSystem Business Continuity Classification
System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality
More information1 Google Apps for Education Henrico County, Virginia
1 Ggle Apps fr Educatin Henric Cunty, Virginia PROGRAM CATEGORY: Infrmatin Technlgy 1. Abstract f the Prgram Henric Cunty Public Schls (HCPS) prides itself n its innvative apprach t instructin. We believe
More informationPADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700
PADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700 Plicy Title Versin Number Date Issued Critical Incident Management Plicy 2.0 Nvember 2007 Reviewed April 2010 June 2015 Definitin Critical incidents
More information10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review
10 th May 2010 Mr. Peter Levy Audit Quality Strategic Review Crpratins and Financial Services Divisin The Treasury Langtn Crescent PARKES ACT 2600 Dear Peter, Re: Audit Quality in Australia: A Strategic
More informationLicensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite
Vlume Licensing brief Licensing the Cre Client Access License (CAL) Suite and Enterprise CAL Suite Table f Cntents This brief applies t all Micrsft Vlume Licensing prgrams. Summary... 1 What s New in This
More informationDec. 2012. Transportation Management System. An Alternative Traffic Solution for the Logistics Professionals
Dec. 2012 Transprtatin Management System An Alternative Traffic Slutin fr the Lgistics Prfessinals What is a TMS-Lite system? What are the features and capabilities f a TMS-Lite system? Why chse a TMS-Lite
More informationMaintain a balanced budget primarily the General & Park Funds
EXHIBIT B City f Chic Budget Cntingency Plan P The purpse f the Budget Cntingency Plan is t establish a guideline and general apprach t respnd t adverse financial and ecnmic cnditins that culd negatively
More informationTO: Chief Executive Officers of all National Banks, Department and Division Heads, and all Examining Personnel
AL 96-7 Subject: Credit Card Preapprved Slicitatins TO: Chief Executive Officers f all Natinal Banks, Department and Divisin Heads, and all Examining Persnnel PURPOSE The purpse f this advisry letter is
More informationSeattle Police Department
Seattle Plice Department Prpsed develpment f a Business Intelligence System December 2013 Versin: FINAL Executive Summary Executive Summary 1. Intrductin The United States and the City f Seattle have entered
More informationMITEL INTEROP CERTIFICATION OVERVIEW FOR MSA DEVELOPER PARTNERS AND SIP SERVICE PROVIDERS
MITEL INTEROP CERTIFICATION OVERVIEW FOR MSA DEVELOPER PARTNERS AND SIP SERVICE PROVIDERS UPDATED FEBRUARY 27, 2014 MITEL INTEROPERABILITY CERTIFICATION OVERVIEW FOR MSA DEVELOPER PARTNERS AND SIP SERVICE
More information2008 BA Insurance Systems Pty Ltd
2008 BA Insurance Systems Pty Ltd BAIS have been delivering insurance systems since 1993. Over the last 15 years, technlgy has mved at breakneck speed. BAIS has flurished in this here tday, gne tmrrw sftware
More informationTHE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM
THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant
More informationBusiness Plan 2014-15
Cmmissin fr Lcal Administratin in England Business Plan 2014-15 All Business Plan activity is linked t ur fur Strategic Objectives LGO Business Plan 2014-2015 v web 3 Page 1 descriptin 1. Prvide a cmplaints
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationCHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC.
CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC. PURPOSE The purpse f the Cmpensatin Cmmittee f the Bard f Directrs (the Bard ) f Upland Sftware, Inc. (the Cmpany
More informationDelivering Business Value Through IT Cost Transparency Using IT CMF
Office f the CIO Delivering Business Value Thrugh IT Cst Transparency Using IT CMF Sharad Jshi Vice President, IT Business Management March 24 th, 2015 Abut the Depsitry Trust and Clearing Crpratin (DTCC)
More information- Upfront fee of $ + GST - Ongoing fee commencing immediately after plan implementation of $20.00 + GST per fortnight.
Cntract f engagement This cntract f engagement is between FSB 4 Financial Limited (the adviser) and (the client). Purpse This cntract establishes the relatinship between the adviser and the client relating
More informationITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days
ITIL V3 Planning, Prtectin and Optimizatin (PPO) Certificatin Prgram - 5 Days Prgram Overview The ITIL Intermediate Qualificatin: Planning, Prtectin and Optimizatin (PPO) Certificate is a free-standing
More informationHearing Loss Regulations Vendor information pack
Hearing Lss Regulatins Vendr infrmatin pack Nvember 2010 Implementing the Accident Cmpensatin (Apprtining Entitlements fr Hearing Lss) Regulatins 2010 The Minister fr ACC, the Hn. Dr Nick Smith, has annunced
More informationProject Startup Report Presented to the IT Committee June 26, 2012
Prject Name: SOS File 2.0 Agency: Secretary f State Business Unit/Prgram Area: Secretary f State Prject Spnsr: Al Jaeger Prject Manager: Beverly Maitland Prject Startup Reprt Presented t the IT Cmmittee
More informationService Level Agreement in IBM T Clud - ITAP
G-Clud Lt 4: Specialist Clud Services Service Definitin 100 Lngwater Avenue Green Park Reading Berkshire RG2 6GP Tel: 0118 9213 510 Email: gclud@dssec.c.uk Website: www.dssec.c.uk Intrductin Thank yu fr
More informationWe will record and prepare documents based off the information presented
Dear Client: We appreciate the pprtunity f wrking with yu regarding yur Payrll needs. T ensure a cmplete understanding between us, we are setting frth the pertinent infrmatin abut the services that we
More informationBIBH Duty Statements and Governance chart reviewed and approved April 2014. BIBH Executive Governance & Management Arrangements
BIBH Duty Statements and Gvernance chart reviewed and apprved April 2014 BIBH Executive Gvernance & Management Arrangements BIBH COMMITTEE CEO - Paul O Cnnell Executive Secretary - Brian Firth Executive
More information