MINIMUM REQUIREMENTS FOR CONTRACTORS WORKING IN CANADIAN PACIFIC OFFICES (Canada)



Similar documents
PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )

Information Systems Acceptable Use Policy for Learners

Internet Acceptable Use Policy

Supplier IT Security Guide

Information Security and Electronic Communications Acceptable Use Policy (AUP)

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

Hope In-Home Care CODE OF CONDUCT AND ETHICS

BEConnected User Agreement

Acceptable Use Policy

Wellesley College Written Information Security Program

Information Security Policy

SAMPLE BUSINESS ASSOCIATE AGREEMENT

PURPOSE To establish standards for the use of College networks and computer accounts.

FINAL May Guideline on Security Systems for Safeguarding Customer Information

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

Credit Union Code for the Protection of Personal Information

HIPAA BUSINESS ASSOCIATE AGREEMENT

M E M O R A N D U M. Revised Information Technology Security Procedures INFORMATION TECHNOLOGY SECURITY PROCEDURES. I. General

SAMPLE WORKPLACE VIOLENCE POLICY

HIPAA Security Alert

Administrative Procedure 3720 Computer and Network Use

California Mutual Insurance Company Code of Business Conduct and Ethics

How To Ensure Health Information Is Protected

WEBSITE & SOCIAL MEDIA PRIVACY POLICY

Sanchez Energy Corporation. Code of Business Conduct and Ethics

Business Associate Contract

BERKELEY COLLEGE DATA SECURITY POLICY

THE CORPORATION OF THE CITY OF WINDSOR POLICY

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

Policy for the Acceptable Use of Information Technology Resources

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

1. Computer and Technology Use, Cell Phones Information Technology Policy

PROGRAM PARTICIPANT (STUDENT PARTICIPANT OR FACULTY PARTICIPANT) SIGNS:

MEDWAY PUBLIC SCHOOLS Medway, MA. Acceptable Use Policy for School Network, Internet, and Equipment Grades 7-12

Code of Business Conduct and Ethics. Strike Energy Limited ACN

CORPORATE. Tab Authority Subject Related Policies POLICY STATEMENT PURPOSE

Policy on the Security of Informational Assets

Montclair State University. HIPAA Security Policy

1. Compliance with Laws, Rules and Regulations

State University of New York at Potsdam. Workplace Violence Prevention Policy and Procedures

Updated February 15, 2008 MINISTRY OF HEALTH SOFTWARE SUPPORT ORGANIZATION SERVICE LEVEL AGREEMENT

INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

HIPAA Business Associate Addendum

FIDELITY APPLICANT PRIVACY AND PROTECTION NOTICE

The Internet and 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

PRIVACY BREACH MANAGEMENT POLICY

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

Model Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

Drug and Alcohol Policy. Marathon Petroleum Company LP Drug and Alcohol Policy. Employee Guide

3. Consent for the Collection, Use or Disclosure of Personal Information

Data Processing Agreement for Oracle Cloud Services

How To Monitor The Internet In Idaho

Our vision. A company where the best people want to work.

Internet and Computers. Acceptable Use and Internet Safety

What Personally Identifiable Information does EducationDynamics collect?

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT

Appendix I. The City University of New York Policy on Acceptable Use of Computer Resources

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

POLICY TEMPLATE. Date initially approved: November 5, 2013 Date of last revision: same

POLICIES AND REGULATIONS Policy #78

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version)

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy

Destiny Media Technology s Code of Conduct

SaaS. Business Associate Agreement

Valdosta Technical College. Information Security Plan

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

MARIN COUNTY OFFICE OF EDUCATION. EDUCATIONAL INTERNET ACCOUNT Acceptable Use Agreement TERMS AND CONDITIONS

Personal Information Protection and Electronic Documents Act

Information Security Plan effective March 1, 2010

APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES

MOREHOUSE COLLEGE. Standards of Conduct Guide

PROTECTION OF PERSONAL INFORMATION

Pasadena Unified School District (PUSD) Acceptable Use Policy (AUP) for Students

COUNCIL POLICY NO. C-13

Terms of use of information and communication technologies at the University of Burgundy

Computer Use Policy Approved by the Ohio Wesleyan University Faculty: March 24, 2014

COMPUTER USE POLICY. 1.0 Purpose and Summary

B. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.

BUSINESS ASSOCIATE ADDENDUM

Policy and Procedure for Internet Use Summer Youth Program Johnson County Community College

HIPAA Privacy & Security Health Insurance Portability and Accountability Act

Estate Agents Authority

Practice Resource. Sample internet and use policy. Foreword. Policy scope. By David J. Bilinsky 1

Code - A Date Approved: July 24/01

ROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014.

Privacy Incident and Breach Management Policy

Guidelines Applicability Guidelines Statements Guidelines Administration Management Responsibility... 4

Cloud Hosting Terms and Conditions

Data Management Policies. Sage ERP Online

SUBJECT: INFORMATION TECHNOLOGY RESOURCES I. PURPOSE

Business Conduct, Compliance and Ethics Program. important

TECHNOLOGY RESPONSIBLE USE Policy Code: 3225/4312/7320

UNIVERSITY OF MASSACHUSETTS RECORD MANAGEMENT, RETENTION AND DISPOSITION POLICY

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

Information Technology Security Policies

College of DuPage Information Technology. Information Security Plan

HIPAA Security COMPLIANCE Checklist For Employers

Transcription:

MINIMUM REQUIREMENTS FOR CONTRACTORS WORKING IN CANADIAN PACIFIC OFFICES (Canada) April 2007

- 2 - Canadian Pacific s Minimum Requirements for Contractors Working IN Canadian Pacific Offices (Canada) is the minimum safety requirements to be followed at all Times when working within the confines of an office performing desk/administration type work. Canadian Pacific s Minimum requirements for contractors working on railway property must be complied with when working outside the confines of an office or performing such tasks not related to desk/administration type work (i.e. construction, maintenance, etc). Note Prior to the commencement of any work at the worksite (whether within an office or in the field), a local safety orientation must be conducted in conjunction with Canadian Pacific and shall include the following: Hazard identification / risk assessment of hazards inherent in the work to be undertaken or generated by the work processes to be used. Various controls used to mitigate risk of the hazards present both as a result of the railway and contractor work processes. Local communication procedures including emergency call-out / response. Local evacuation procedures. 2

- 3 - MINIMUM REQUIREMENTS FOR CONTRACTORS WORKING IN CANADIAN PACIFIC OFFICES (CANADA) 1.0 INTRODUCTION 1.1 At Canadian Pacific ( CP ), safety and security must be given top priority and will take precedence over deadlines, production schedules, and all other considerations. 1.2 This policy applies to all contractors ( Contractor ) performing services for CP: 1.2.1 in CP offices located on CP property; and 1.2.2 CP offices where CPR is a tenant renting office space from a landlord ( Leased Premises ) (collectively CP Offices ). 2.0 GENERAL 2.1 The Contractor shall be solely responsible for the safety of it s employees, agents, and subcontractors performing services for CP. ( Contractor Personnel ). 2.2 The Contractor shall ensure that Contractor Personnel comply with all applicable safety laws and regulations while performing services at CP Offices. The Contractor shall ensure that Contractor Personnel comply with all applicable policies and procedures of the landlord when at CP Leased Premises. 2.3 CP is committed to providing and maintaining a work environment that supports the dignity of all individuals and will not tolerate any discrimination, harassment or violence in the workplace. Contractor shall ensure that its Contractor Personnel conduct themselves in a manner consistent with these principles. 2.4 Contractor shall ensure that Contractor s Personnel shall not be in possession of, or under the influence of intoxicants, narcotics, controlled substances, or medication which may in any way adversely affect alertness, concentration, reaction response time or safety. 2.5 Smoking is prohibited in all buildings as well as outdoors on all CP property, except a) where CP management has designated an outdoor smoking area on CP property, or b) where the landlord has designated a smoking area at the CP Leased Premises. 2.6 Any Contractor Personnel discovering an emergency, hazardous or potentially unsafe condition should advise CP immediately, as well as the landlord where the condition occurs on Leased Premises. If the local CP representative you are reporting to throughout the course of your duties is not available contact: Network Management Centre (NMC) Calgary 1-800-795-7851 3

- 4-2.7 Security concerns and security incidents (i.e. theft, vandalism, bribery, stalking, assault, suspicious activity or other incidents that may cause injury or property damage, or involve criminal activity) on CP property must be reported to the CP Police Service. Security concerns at CP Leased Premises must be reported to an appropriate CP representative, the landlord or its representative. Canadian Pacific Police Services 1-800-716-9132 3.0 ACCESS TO CP OFFICES AND BUILDING SECURITY 3.1 Access to CP Offices for any Contractor Personnel is at CP s sole discretion. Such access is only for the purpose of Contractor Personnel performing services for CP, and only for the duration of Contractor s contract with CP. 3.2 The Contractor shall provide, at CP s request, evidence that a satisfactory security (i.e. criminal records) check has been conducted for Contract Personnel. 3.3 At CP maintaining a secure work environment by controlling unauthorized access to CP Offices must be given top priority. Contractor, and all Contractor Personnel are expected to support a secure work environment by: 3.3.1 not permitting unauthorized persons into CP Offices; 3.3.2 by wearing Contractor s uniforms (if Contractor has uniforms) to identify themselves as Contractor personnel; 3.3.3 by wearing Contractor identification cards (including photo identification cards if available) in plain view to identify themselves as Contractor Personnel, or in the event that Contractor does not have identification cards, by retaining appropriate identification at all times while performing the Services; and 3.3.4 by ensuring that they obtain the appropriate identification/visitor tags as required by the landlord at the Leased Premises, or required by CP pursuant to Section 3.4 3.4 CP may, at its sole discretion, require Contractor Personnel to wear identification/ visitor tags ( Visitor Tags ) while working at CP Offices. Contractor Personnel who are required to wear Visitor Tags shall: 3.4.1 wear the Visitor Tags in plain view at all times at CP Offices; 3.4.2 safeguard their Visitor Tags and not lend them to others; 3.4.3 report the loss of their Visitor Tag promptly to CP; and 3.4.4 return the Visitor Tags issued by CP to CP promptly upon termination of the services for CP, or earlier if access is no longer required. 4

- 5-3.5 In the event that Contractor Personnel loses or damages a Visitor Tag, CP may charge Contractor a fee for issuing a replacement Visitor Tag. 3.6 At CP s sole discretion, Contractor Personnel may be required to obtain temporary access card keys for CP Offices. Such access card keys will be subject to such conditions and access hours as CP or the landlord deem appropriate. 3.7 Contractor agrees to ensure that Contractor Personnel comply with all applicable access and security requirements of the landlord while on CP Leased Premises. For more information regarding access to CP Offices, please contact CP s Facilities Management Department. 4.0 INFORMATION AND NETWORK SECURITY 4.1 CP s information assets include: 4.1.1 CP s information and data in all media, including but not limited to information on paper and stored on computers, diskettes, tapes, microfilm and fiche; 4.1.2 CP s intellectual property; 4.1.3 Electronic and digital communication regarding CP s business including e- mails and voice mails; 4.1.4 Computing and communications equipment (including fax machines); and 4.1.5 Computer networks and gateway access including controls to the internet, external business partners, regulatory agencies and other external organizations. ( CP Information Assets ) 4.2 If CP permits Contractor or Contractor Personnel access to CP Information Assets under the contract that this Schedule C is attached to, Contractor shall ensure that Contractor Personnel shall only use CP Information Assets for CP s business purposes and to the extent necessary to perform Contractor services for CP. Contractor Personnel must not use CP Information Assets for personal purposes or Contractor s other business purposes/clients. Contractor Personnel must not attempt to access any CP Information Assets, that are not approved functions as specified under the contract that this Schedule C is attached to. 4.3 Contractor Personnel must use extreme care when transmitting CP information internally or externally, to ensure that the method of transmission (whether by voice mail, mail, fax, e-mail or otherwise) is appropriate to limit access to the information and to protect its confidentiality and integrity to the greatest extent possible. 4.4 Contractor Personnel requiring access to CP s computer network in order to perform services for CP, must be identified to and approved by CP. If Contractor Personnel are granted access to CP s computer network (whether through a CP computer or its own computer), Contractor must ensure that Contractor Personnel comply with the following requirements, regardless whether its use is in CP Offices or off site: 5

- 6-4.4.1 only access CP information and network sites necessary for the performance of its services for CP; 4.4.2 not access confidential or private information such as employee files without the express consent of CP management; 4.4.3 treat passwords as confidential and not share their access privileges or passwords with any other individuals (including Contractor s other employees, agents and sub-contractors) unless specifically authorized by the CP Manager of Information Security; 4.4.4 change their password whenever they feel it has been compromised, or whenever requested to do so by the CP; 4.4.5 not use CP computers to download material from internet sites that contain offensive, racist, sexist or pornographic images, data or other inappropriate material; 4.4.6 not compromise the security of the CP network by i) introducing or increasing the exposure of the CP network to unauthorized activity, or ii) by introducing or expanding the means by which the security controls in place on the CP System may be circumvented; or iii) introducing viruses to CP s network; 4.4.7 provide adequate physical security and control of any computer workstations so that unauthorized personnel do not have access to connect to the CP network; 4.4.8 not to take any action which might reasonably be construed as likely to alter or destroy any information, data, programs, or systems, or to render them meaningless or ineffective, or compromised; and 4.4.9 Contractor must not use, access, browse, view, read, copy, or print any data, files or directories of any CP network environment, that CP has not specifically granted Contractor Personnel access to in writing. 4.5 CP reserves the right to examine all data stored in or transmitted through CP Information Assets, for compliance with this policy. 5.0 PRIVACY OF PERSONAL INFORMATION 5.1 Personal information means any information obtained from CP or while performing services for CP, about an identifiable individual including: 5.1.1 age, social insurance number, employee number, income, ethnic origin; 5.1.2 Opinions concerning an individual, performance evaluations, disciplinary actions, succession planning information; 5.1.3 CPR employee records, credit records, loan records, medical records, education records, criminal history; 5.1.4 Correspondence that is explicitly or implicitly of a private nature; 6

- 7-5.1.5 but excludes business telephone number, and business title. ( Personal Information ) 5.2 Contractor shall ensure that Contractor Personnel in viewing, receiving, handling, managing, protecting and using any Personal Information, comply with the Personal Information Protection and Electronic Documents Act (Canada) and without limiting the generality of the foregoing shall: 5.2.1 use any Personal Information only for the purpose for which it was collected; 5.2.2 not collect, handle, manage, retain, reproduce or use Personal Information except to the extent required for the performance of its services for CP and except to Contractor Personnel who have a need to know in connection with the services for CP; 5.2.3 take all precautions and take all steps necessary to prevent the loss, theft, unauthorized access, disclosure, copying, use, modification or retention of any Personal Information, by any Contractor employees, agents or subcontractors not performing Services, or any third party; 5.2.4 provide a level of security and protection for Personal Information that is satisfactory to CP and equal to or greater than CPR s level of security; 5.2.5 except as stated otherwise in the contract that this Schedule C is attached to, upon completion or termination of its services for CP, return, destroy, erase or make anonymous any Personal Information related to CP employees, officers, agents or contractors in its possession or documentation, and within 30 days after the completion or termination of its services provide CP with written certification that such return, destruction, erasure or anonymity of such Personal Information has been completed; and 5.2.6 Ensure that the disposal or destruction of Personal Information does not allow any other parties from gaining access to the Personal Information. When disposal of hard copy information is authorized by CP, shredding must be used to maintain confidentiality. 6.0 COMPLIANCE WITH CP REQUIREMENTS 6.1 If Contractor Personnel fail to comply with these Minimum Requirements, Contractor will be required to ensure that such Contractor Personnel immediately leaves CP property or the Leased Premises. The above provisions and requirements may be amended from time to time by CP. 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information