ADEC GROUP INFORMaTiON SecURiTY AND CONTROLS
|
|
- Jessie Weaver
- 8 years ago
- Views:
Transcription
1 ADEC GROUP INFORMaTiON SecURiTY AND CONTROLS
2 Rising To Global Information Challenges Information is your most valuable commodity today. As a global enterprise servicing a wide range of businesses, ADEC Group provides our clients and partners with fully secure systems that back up the delivery of your services and solutions. With many companies and governments facing increasing risks to information security, ADEC Group s Information Security Management System (ISMS) maintains an information technology structure that fully complies with international standards such as ISO, and other industry best practices. With access to certain industry certifications and accreditations, all ADEC Group companies are committed to adhering to recognized best practices. The Need for Information Security Fully certified under ISO 27001:2005, ADEC Group s ISMS ensures improved productivity and performance levels by: Minimizing fraud in internal and external transactional systems Increasing efficiencies by streamlining processes across the network Lessening vulnerability of internal ADEC Group systems to information risks, such as cyber-attacks, hacking, loss of data, etc. Implementing best practice methodologies (Information Technology Infrastructure Library) Reducing costs of access and compliance to IT standards Adhering to corporate governance through higher levels of transparency and accountability Establishing mechanisms for stronger oversight of internal and external information management procedures Improving and/or complementing internal and external risk management procedures ISO 27001:2005 Under this standard, ADEC Group is required to: Systematically examine the organization s information security risks; Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment; and Adopt an overarching management process to ensure that the information security controls continue to meet the company s information security needs on an ongoing basis. 02 ADEC Group Information Security Domains and Controls
3 ADEC GROUP* ISMS ADEC Group is fully compliant with industry standards and best practices: Relevant ISO and other industry certifications COMPLIANCE ISO 27001: Information Security Management Systems (ISMS). Certified as of March ISO 14001: Environmental Management System (EMS). Certified as of December ISO 9001: Quality Management System (QMS). Certified as of November PCI DSS Payment Card Industry Data Security Standard. Certified in the United States since Security Policies Establishment of an Information Security Policy that conforms to all relevant laws, regulations and private certificatory requirements. Electronic Data Management System ADEC Group has developed a full suite of access management and control measures for its entire information network structure. This involves detecting, remediating and reducing unauthorized access and fraud. It also includes the cost of compliance across the different business units. ACCESS CONTROL Access Control Policy. Documents full compliance with business requirements for Access Control. User Access Management. Sets the rules for privilege management. User Responsibilities. Includes password selection and use. Network Access Control. Includes a system for external connection authentication. Operating System Access Control. Features secure log-on, use of utilities, session time-out. Application & Information Access Control. Includes sensitive system isolation. Mobile Computing & Teleworking *ADEC Group has access to the different certifications and accreditations described herein through the different member companies American Data Exchange, A-Plus English Online, ADEC Solutions, FirstCarbon Solutions and PharmaKPO. 03 ADEC Group Information Security Domains and Controls
4 ADEC GROUP ISMS ADEC Group s Business Continuity Management Plan is aimed at minimizing information systems and process disruption problems such as data losses, and ensuring the protection of information availability and business continuity at all times, based on a thorough risk assessment in which all possible causes of interruptions and corresponding mechanisms to address each have been identified. Business Security Planning: Departmental procedures for critical functions that are needed, including a communication and evacuation plan, contact information of relevant people, institutions and entities. Regular testing through desktop audits, confidence tests and back-up integrity tests. Power redundancies, Uninterrupted Power Supply (UPS), multiple generator sets. Three times redundant Internet Service Providers (ISP) with automatic switchover upon failure of primary connection. BUSINESS CONTINUITY MANAGEMENT Information Security Incident Management: Procedures for reporting and handling IT, physical security, non-it/ non-security and medical incidents. High-level Information Security Investigation Committee (ISIC) which is primarily responsible for addressing serious IT breaches. Consolidation and analysis of incident reports by Information Security Group (ISG). Emergency Response Planning Establishment of an Emergency Response Team. Procedures for emergency situations such as fire, severe weather, etc. Conduct and documentation of fire drills and evaluation exercises. Disaster Recovery Planning Procedures on recovery from IT-related disasters, such as internet connection failure, major power breakdowns, network virus outbreak, critical server crash. 04 ADEC Group Information Security Domains and Controls
5 ADEC GROUP ISMS To ensure accurate and secure operation of information processing facilities, ADEC Group s ISMS has thoroughly documented operating procedures to cover all significant system activities segregation of duties and change management procedures. COMMUNICATIONS AND OPERATIONS MANAGEMENT Operational procedures and responsibilities (documentation, change management, segregation of duties, separation of development, test and operational facilities). Third-party service delivery management. System planning and acceptance (capacity management). Protection against malicious and mobile code. Back-up. Network security management and media handling (disposal). Exchange of information (media in transit, electronic messaging, interconnection of systems). E-commerce services (web hosting). Monitoring (includes detection of unauthorized activities, audit logging, administrator and operator logs). Under ISO, security is an integral part of information systems and business processes. At ADEC Group, this is clearly managed through: INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE Security Requirements of Information Systems to ensure the documentation of business requirements for new information systems, as well as enhancements to existing systems. Correct processing in applications to prevent errors, loss, unauthorized modification or misuse of information in applications. Cryptographic controls (key management) to protect the confidentiality, integrity and authenticity of information by cryptographic means. Security of System Files to control the installation of software on operational systems, and minimize the risk of interruptions in or corruption of information services. Access to program source codes is also restricted. Security in Development & Support Processes (change management) to maintain the security of system software and information. Technical Vulnerability Management to reduce risks resulting from exploitation of published technical vulnerabilities. 05 ADEC Group Information Security Domains and Controls
6 ADEC GROUP ISMS To ensure that employees, contractors and third-party users are suitable and do not present risks of fraud, theft, or misuse of facilities, ADEC Group utilizes a full range of screening methods for new employees and processes to orient on-board employees on information security needs. Employee Screening Pre-employment - Thorough background and credit checks, as well as drug testing for all employees. Employment - Information security duties and responsibilities are specified in the employment contract. Employees sign non-disclosure agreements (NDA). Employees also undergo annual background and credit checks, as well as drug testing. Termination/ Change of Employment - Establishment of a resigned loop account informing concerned departments of an employee resignation and corresponding revocation of logical system access ( account, usernames) and physical premise (ID card) entry. HUMAN RESOURCES SECURITY Secure Areas For our production facilities in Manila, Philippines: Fenced by a barb-wired perimeter wall with 24-hour on-duty security guards Premises monitored thru CCTV System with 120 day DVR retention Monitored by access level-based proximity card system Secured with in-house roving guards Visitors are escorted and issued color-coded IDs when inside the premises and are asked to sign NDAs whenever necessary For our production facility in Deposit, New York: Premises monitored through CCTV System with DVR retention of 90 days Monitored by access level-based proximity card system Visitors are escorted and issued IDs when inside the premises and are asked to sign NDAs whenever necessary Monitored by access level-based proximity card system Equipment Security Facilities support: Access Control procedure Temperature-controlled work areas Fire suppression mechanisms deployed such as extinguishers, fire/smoke detectors UPS and Automatic Volt Regulators (AVR) with built-in surge suppressors Structured cabling Regular preventative maintenance recorded and reviewed No storage device drives and USB ports disabled 06 ADEC Group Information Security Domains and Controls
7 ADEC GROUP ISMS Protection of organizational assets is a must, particularly for an IT-intensive operation. At ADEC Group: Organizational assets are maintained and monitored through the Asset Information Management System (AIMS). ASSET MANAGEMENT All software is certified to be licensed by Software Asset Management (SAM) which is endorsed by the Business Software Alliance (BSA). Information classification and labeling as per distribution, retention, disclosure and disposal. Establishment of data destruction policies and processes (disposal/crosscut shredding procedure, hard drive wiping through DBAN and if hard drive is unusable, it is physically destroyed beyond re-use). ADEC Group s overall administrative structure ensures the maintenance of a managed information security system, as well as Management s commitment to security. ORGANIZATION OF INFORMATION SECURITY For our office in Manila, Philippines: Information Security Manager reports directly to the Executive Office Establishment of System Monitoring & Compliance Department (SMCD) Membership in external organizations, primarily: Business Processing Association of the Philippines (BPAP) Information Technology Association of the Philippines (ITAP) For our office in Deposit, New York: Information Security Manager reports directly to the General Manager Establishment of Compliance Department 07 ADEC Group Information Security Domains and Controls
8 About ADEC Group Processing over 30 million transactions each month, ADEC Group works seamlessly to provide comprehensive services and solutions to help you reduce costs, optimize resource use, improve operational efficiencies and, for partners, generate new revenue streams. American Data Exchange Corporation Knowledge Processing Services With over 14 years experience in the high-value real estate industry, American Data Exchange continues to fulfill managed service requirements to increase efficiencies and improve clients overall business operations. Partnering with clients to develop and implement customized outsourced solutions including call center, insurance and closing/settlement services and superior back-office management support, AMDATEX, deploys certified best practices using the most advanced technology for digital data capture, character recognition, data conversion, database creation and arching for knowledge process services. A-Plus English Online Educational Online Language Learning Service A-Plus English Online provides different institutions access to the best online educational resources focusing on Chinese and English language proficiency. With world-class technology and a highly competent faculty, A-Plus English Online offers scalable, effective and dynamic online learning solutions around the globe to those who want to learn English as a second language. ADEC Solutions Business and Back Office Processing ADEC Solutions provides back office processing, saving you time and money, and helping you focus on more strategic activities. We provide customizable and tailor-made onshore and offshore solutions that are cost-effective, such as mailroom services, scanning and imaging, data capture and conversion, quality assurance and exception management, data and document storage, supply chain and research services for professionals in accounts payable, human resources, healthcare, banking, legal, insurance, retail and consumer products and services. FirstCarbon Solutions Environmental and Data Management Solutions FirstCarbon Solutions collaborates with you to balance profitability and sustainability through a unique combination of environmental consulting, software, and extensive back office information processing capabilities. We will help you eliminate inefficiencies and costs that contribute to an excessive use of resources across the supply chain and help you tackle the data for better decisionmaking and improved business performance. PharmaKPO Pharmaceutical and Healthcare-focused Solutions PharmaKPO partners with industry leaders like Zuellig Pharma to offer a wide range of services focusing on the pharmaceutical and healthcare industries. Our unique domain expertise will help you develop the solutions that will drive the highest value for your organization in a highly competitive industry whether it be simple data and document management spanning various functions across your business or specific solutions including patient chart scanning and medical records sorting and indexing. AGINFOSEC-0613A 08 ADEC Group Information Security Domains and Controls
ISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationISO 27002:2013 Version Change Summary
Information Shield www.informationshield.com 888.641.0500 sales@informationshield.com Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category
More informationHengtian Information Security White Paper
Hengtian Information Security White Paper March, 2012 Contents Overview... 1 1. Security Policy... 2 2. Organization of information security... 2 3. Asset management... 3 4. Human Resources Security...
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters
When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationSecurity Overview. BlackBerry Corporate Infrastructure
Security Overview BlackBerry Corporate Infrastructure Published: 2015-04-23 SWD-20150423095908892 Contents Introduction... 5 History... 6 BlackBerry policies...7 Security organizations...8 Corporate Security
More informationInformation Security: Business Assurance Guidelines
Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationINFORMATION SYSTEMS. Revised: August 2013
Revised: August 2013 INFORMATION SYSTEMS In November 2011, The University of North Carolina Information Technology Security Council [ITSC] recommended the adoption of ISO/IEC 27002 Information technology
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationSystem Security Plan University of Texas Health Science Center School of Public Health
System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationDoes it state the management commitment and set out the organizational approach to managing information security?
Risk Assessment Check List Information Security Policy 1. Information security policy document Does an Information security policy exist, which is approved by the management, published and communicated
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationINFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION
INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,
More informationInformation security management systems Specification with guidance for use
BRITISH STANDARD BS 7799-2:2002 Information security management systems Specification with guidance for use ICS 03.100.01; 35.020 This British Standard, having been prepared under the direction of the
More informationDelphi Information 3 rd Party Security Requirements Summary. Classified: Public 5/17/2012. Page 1 of 11
Delphi Information 3 rd Party Security Requirements Summary Classified: Public 5/17/2012 Page 1 of 11 Contents Introduction... 3 Summary for All Users... 4 Vendor Assessment Considerations... 7 Page 2
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationDRAFT IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) Communications and Operations Management Policy #2450
DRAFT IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) Communications and Operations Management Policy #2450 POLICY INFORMATION Major Functional Area (MFA): Finance and Administration Policy Title:
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationFISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS
TABLE OF CONTENTS General Topics Purpose and Authorities Roles and Responsibilities Policy and Program Waiver Process Contact Abbreviated Sections/Questions 7.1 What is the purpose of this chapter? 7.2
More informationApplication Development within University. Security Checklist
Application Development within University Security Checklist April 2011 The Application Development using data from the University Enterprise Systems or application Development for departmental use security
More informationInformation Security Policy and Handbook Overview. ITSS Information Security June 2015
Information Security Policy and Handbook Overview ITSS Information Security June 2015 Information Security Policy Control Hierarchy System and Campus Information Security Policies UNT System Information
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationsecurity policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.
Abstract This paper addresses the methods and methodologies required to develop a corporate security policy that will effectively protect a company's assets. Date: January 1, 2000 Authors: J.D. Smith,
More informationMusic Recording Studio Security Program Security Assessment Version 1.1
Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND
More informationNetwork Security Policy
IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service
More informationInformation Shield Solution Matrix for CIP Security Standards
Information Shield Solution Matrix for CIP Security Standards The following table illustrates how specific topic categories within ISO 27002 map to the cyber security requirements of the Mandatory Reliability
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationUniversity of Aberdeen Information Security Policy
University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...
More informationSWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific
More informationAnalysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds
Original Article Healthc Inform Res. 2010 June;16(2):89-99. pissn 2093-3681 eissn 2093-369X Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds Woo-Sung
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationVersion 1.0. Ratified By
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience
More informationHIPAA Compliance Evaluation Report
Jun29,2016 HIPAA Compliance Evaluation Report Custom HIPAA Risk Evaluation provided for: OF Date of Report 10/13/2014 Findings Each section of the pie chart represents the HIPAA compliance risk determinations
More informationFRAMEWORK. Continuous Process Improvement Risk, Information Security, and Compliance
FRMEWORK Continuous Process Improvement Risk, Information Security, and Compliance The pragmatic, business-oriented, standardsbased methodology for managing information. CPI-RISC Information Risk Framework
More informationOVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii
The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department
More informationClickTale Security Standards and Practices: Delivering Peace of Mind in Digital Optimization
Delivering Peace of Mind in Digital Optimization TABLE OF CONTENTS INTRODUCTION 2 PRIVACY AND ANONYMITY 3 ISO 27001 COMPLIANCE 5 APPLICATION-LEVEL SECURITY 6 PENETRATION TESTING AND SECURITY AUDITS 7 GENERAL
More informationAccess Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL
AU7087_C013.fm Page 173 Friday, April 28, 2006 9:45 AM 13 Access Control The Access Control clause is the second largest clause, containing 25 controls and 7 control objectives. This clause contains critical
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More informationThird Party Security Requirements Policy
Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,
More informationUCS Level 2 Report Issued to
UCS Level 2 Report Issued to MSPAlliance Unified Certification Standard (UCS) Report Copyright 2014 www.mspalliance.com/ucs info@mspalliance.com Welcome to the UCS report which stands for Unified Certification
More informationVMware vcloud Air HIPAA Matrix
goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationXerox Litigation Services. In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk
Xerox Litigation Services In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk Your Highest Priority is also Your Greatest Challenge Data breaches are not just
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationSNAP WEBHOST SECURITY POLICY
SNAP WEBHOST SECURITY POLICY Should you require any technical support for the Snap survey software or any assistance with software licenses, training and Snap research services please contact us at one
More informationBEST PRACTICES FOR COMMERCIAL COMPLIANCE
BEST PRACTICES FOR COMMERCIAL COMPLIANCE [ BEST PRACTICES FOR COMMERCIAL COMPLIANCE ] 2 Contents OVERVIEW... 3 Health Insurance Portability and Accountability Act (HIPAA) of 1996... 4 Sarbanes-Oxley Act
More informationInternal Control Guide & Resources
Internal Control Guide & Resources Section 5- Internal Control Activities & Best Practices Managers must establish internal control activities that support the five internal control components discussed
More informationCloud Contact Center. Security White Paper
Cloud Contact Center Security White Paper Introduction Customers communicate with organizations in a variety of forms from phone conversations to email, web chat and social media. As each interaction may
More informationICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen
ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure
More information^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA
^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS KOGAN PAGE London and Sterling, VA Contents Foreword by Nigel Turnbull How to use this book
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security- Perspective for Management Information Security Management Program Concept
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationIBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationULH-IM&T-ISP06. Information Governance Board
Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationTELEFÓNICA UK LTD. Introduction to Security Policy
TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationCloudDesk - Security in the Cloud INFORMATION
CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES
More informationR345, Information Technology Resource Security 1
R345, Information Technology Resource Security 1 R345-1. Purpose: To provide policy to secure the private sensitive information of faculty, staff, patients, students, and others affiliated with USHE institutions,
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationSecurity and Privacy Controls for Federal Information Systems and Organizations
NIST Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems JOINT TASK FORCE TRANSFORMATION INITIATIVE This document contains excerpts from NIST Special Publication
More informationInformation Technology General Controls Review (ITGC) Audit Program Prepared by:
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
More informationInformation Security Policies and Procedures Development Framework for Government Agencies. First Edition - 1432 AH
Information Security Policies and Procedures Development Framework for Government Agencies First Edition - 1432 AH 6 Contents Chapter 1 Information Security Policies and Procedures Development Framework
More informationInformation Technology Security Procedures
Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3
More information1 Introduction 2. 2 Document Disclaimer 2
Important: We take great care to ensure that all parties understand and appreciate the respective responsibilities relating to an infrastructure-as-a-service or self-managed environment. This document
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationInformation Security Management. Audit Check List
Information Security Management BS 7799.2:2002 Audit Check List for SANS Author: Val Thiagarajan B.E., M.Comp, CCSE, MCSE, SPS (FW), IT Security Consultant. Approved by: Algis Kibirkstis Owner: SANS Extracts
More informationINFORMATION SECURITY PROCEDURES
INFORMATION AN INFORMATION SECURITY PROCEURES Parent Policy Title Information Security Policy Associated ocuments Use of Computer Facilities Statute 2009 Risk Management Policy Risk Management Procedures
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationCONTENTS. Security Policy
CONTENTS PHYSICAL SECURITY (UK) PHYSICAL SECURITY (CHICAGO) PHYSICAL SECURITY (PHOENIX) PHYSICAL SECURITY (SINGAPORE) SYSTEM SECURITY INFRASTRUCTURE Vendor software updates Security first policy CUSTOMER
More informationCloud Contact Center. Security White Paper
Cloud Contact Center Security White Paper Introduction Customers communicate with organizations in a variety of forms from phone conversations to email, web chat and social media. As each interaction may
More informationApril 21, 2009 Dines Bjørner: MITS: Models of IT Security: 1. c Dines Bjørner 2006, Fredsvej 11, DK 2840 Holte, Denmark
April 21, 2009 Dines Bjørner: MITS: Models of IT Security: 1 Models of IT Security Security Rules & Regulations: An Interpretation Dines Bjørner Fredsvej 11, DK 2840 Holte, Denmark Presented at Humboldt
More informationManaged Hosting & Datacentre PCI DSS v2.0 Obligations
Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationPCI Data Security and Classification Standards Summary
PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges Agenda Overview of Information Security Management Information
More informationInformation Security Policy
Information Security Policy Last updated By A. Whillance/ Q. North/ T. Hanson On April 2015 This document and other Information Services documents are held online on our website: https://staff.brighton.ac.uk/is
More information