Document Retention Project Tool Worksheet
|
|
- Bartholomew Virgil Ryan
- 5 years ago
- Views:
Transcription
1 Start Pg. Box A Document Retention On-Site Storage Worksheet Response Actions Taken Questions, Answers and Actions Documents stored On-site? If yes, go to question ; If no go to the for Off- Site storage. Documents stored in a Secure Location?. Storage location is within the main facility?. Secured behind locked door and access is limited to appropriate facility personnel?. If yes to both. and., skip to Question, If no to either or both. and/or., go to question. Can the documents be secured?. If yes to question, secure documents within the main facility behind a locked door in which access is limited to appropriate personnel at the facility, then go to question.. If no to question, Contact CCD and initiate the "Move Process" by first applying destruction criteria in question 6, continue through question 7 to relocate all stored documents. Pg, Pg, Box C Pg, Box F Pg, Box F 5 6 Are the documents "known"?. Does the facility maintain an accurate log, manifest or inventory of stored material? Documents that are required for recall can be obtained in a timely manner without searching through multiple boxes?. If yes, the documents are Known, go to Question 5; If no skip to question 6. On-site storage location meets requirements? 5. Documents stored on-site require immediate and frequent access or planned storage less than one year? 5. Is an accurate index of all documents maintained? 5. Are all boxes labeled with destruction dates? 5. Are documents destroyed in a timely manner and pursuant to the CHSPSC Document Retention Policy and schedule? 5.5 Is the On-site storage location an effective use of Facility space? 5.6 If the answers to questions are all yes, maintain current On-Site storage area and follow Retention Requirements via CHSPSC Document Retention Policy; If any answer was no, go to question Destroy documents with surpassed retention periods; follow CHSPSC Document Retention 6. Destroy Unknown documents in storage for 5 years or greater; follow CHSPSC Document Retention 6. Excludes documents with a litigation hold - contact Legal if you are unsure if there is an 6. Contact an approved destruction vendor (See Box D on page of the Document Retention Project Tool); Obtain certificate of destruction 6.5 Note number of boxes destroyed, retain Certificate of Destruction and identify any remaining boxes that must be moved to a secure storage location and/or vendor. 6.6 Criteria for every group of Unknown documents in storage less than 5 years: 6.6. A. HIIM Medical Records; contact Regional HIIM Director for guidance 6.6. B. Answer the questions below for each group of Unknown non-medical record documents Are there any accurate logs, manifests or inventories, formal or informal, maintained for Is a log kept of boxes retrieved from this location? When was the last time a box was retrieved from this location? For what purpose was that What types of documents are stored at this location? How long have documents been stored at this location? Were documents stored at this location prior to the acquisition of this facility by CHS? Are documents currently being added to storage at this location? When was the last time a box was added to storage at this location? 6.7 Provide answers to the best of your ability, DO NOT index or inventory records, contact CCD for guidance if the records are Unknown and storage time can be confirmed at less than 5 7 Will Documents be moved? On-Site Storage Worksheet: Page of
2 Pg, Box D Document Retention On-Site Storage Worksheet Response Actions Taken Questions, Answers and Actions Note: prior to initiating the move process, destruction criteria (Box F) must be applied. For any documents not meeting the criteria to be destroyed, execute one or more of the actions below: Medical records in the HIIM Department: contact Regional HIIM Director for guidance storing 7. with EvriChart All other documents, including documents with PHI, but not HIIM department medical records, contact X records storage vendor for previously negotiated discounted pricing If you do not have a contract for document storage, contact your CCD for guidance On-Site Storage Worksheet: Page of
3 Off-Site Storage Pg, Pg, Pg, Box F Pg, Box F Document Retention Off-Site Storage Worksheet Response Actions Taken Questions, Answers and Actions Are documents stored at Iron Mountain or EvriChart? If yes, go to question ; If no go to the for Other Off-Site storage. Note: Documents stored with Iron Mountain or EvriChart are defined as "Secure". Are the documents "known"?. Does the facility maintain an accurate log, manifest or inventory of stored material? Documents that are required for recall, can be obtained in a timely manner without searching through multiple boxes?. If yes, the documents are Known, go to Question ; If no skip to question.. Have any documents have met required retention period? If yes, go to Question ; If no, Maintain Retention Requirements via CHSPSC Document Retention Policy.. Destroy documents with surpassed retention periods; follow CHSPSC Document Retention. Destroy Unknown documents in storage for 5 years or greater; follow CHSPSC Document Retention. Excludes documents with a litigation hold - contact Legal if you are unsure if there is an. Contact an approved destruction vendor (See Box D on page of the Document Retention Project Tool): Obtain certificate of destruction.5 Note number of boxes destroyed, retain Certificate of Destruction..6 Criteria for every group of Unknown documents in storage less than 5 years:.6. A. HIIM Medical Records; contact Regional HIIM Director for guidance.6. B. Answer the questions below for each group of Unknown non-medical record documents..6.. Are there any accurate logs, manifests or inventories, formal or informal, maintained for.6.. Is a log kept of boxes retrieved from this location?.6.. When was the last time a box was retrieved from this location? For what purpose was that.6.. What types of documents are stored at this location?.6..5 How long have documents been stored at this location?.6..6 Were documents stored at this location prior to the acquisition of this facility by CHS?.6..7 Are documents currently being added to storage at this location?.6..8 When was the last time a box was added to storage at this location?.7 Provide answers to the best of your ability, DO NOT index or inventory records, contact CCD for guidance if the records are Unknown and storage time can be confirmed at less than 5 Off-Site Storage Worksheet: Page of
4 Other Off-Site Storage Pg. Box B Document Retention Other Off-Site Storage Worksheet Response Actions Taken Questions, Answers and Actions Does the storage vendor meet all Off-site physical security requirements?. Storage vendors has perimeter security (e.g. fence, proximity sensors, monitored cameras, /7 Guard)?. Are all entry points are locked?. Is there controlled access to facility via badge, guard, key or keypad?. All employees must have background checks to screen out potential employees for arrests and/or convictions including: theft and/or identity theft.5 Is an access log maintained for all visitors?.6 Does the storage locations have /7 guard and/or video surveillance?.7 Is there intrusion, fire protection and moisture alarm systems?.8 The storage facility has HVAC climate controlled units to prevent freeze and exposure to extreme heat?.9 Multi tenant storage segregation; Is the CHS affiliate storage inaccessible to others? If yes to questions. -.9 the documents are "Secure", go to question ; If no to any of the questions. -.9, initiate the "Move Process" by first applying destruction criteria in question 7, continue through question 8 to relocate all stored documents. Click here for hyper link to FDQ Pg, Box E Is the storage vendor a Potential Referral Source?. Obtain and review the Financial Disclosure Questionnaire (FDQ). If no, go to question ; If yes initiate the "Move Process" by first applying destruction criteria in question 7, continue through question 8 to relocate all stored documents. Is the financial arrangement cost effective?. Obtain contract or agreement of current vendor that specifies the Other Off-Site storage vendors costs. Open the "Other Off-Site Storage vendor Cost Comparison_Template.xlsx" spreadsheet. Enter the Other Off-Site storage vendor costs for each the billing category that match and review the results in row 0, columns K-M. Review with CFO and determine which vendor is more cost effective for Off-Site storage.. If experiencing issues using the spreadsheet . If the financial arrangement is cost effective go to step, if not cost effective, initiate the "Move Process" by first applying destruction criteria in question 7, continue through question 8 to relocate all stored documents. Is there a current fully executed contract?. If yes, go to Question 5; If no, contact your CCD ASAP, if required, the respective CCD will engage Legal to determine the next steps. 5 Is there a current *CHS BAA attached to the contract? 5. If yes, maintain Retention Requirements via CHSPSC Document Retention Policy; If no, contact your CCD ASAP, if required, The respective CCD will engage with Legal to determine the next steps. The most current BAA must be executed and in effect. 6 *Use Current CHS BAA Legal and Compliance Team Review 6. Left intentionally blank to document Compliance and Legal team notes and findings. Pg, Box F 7 7. Destroy documents with surpassed retention periods; follow CHSPSC Document Retention 7. Destroy Unknown documents in storage for 5 years or greater; follow CHSPSC Document Retention 7. Excludes documents with a litigation hold - contact Legal if you are unsure if there is an 7. Contact an approved destruction vendor (See Box D on page of the Document Retention Project Tool); Obtain certificate of destruction 7.5 Note number of boxes destroyed, retain Certificate of Destruction and identify any remaining boxes that must be moved to a secure storage location and/or vendor. 7.6 Criteria for every group of Unknown documents in storage less than 5 years: OtherOff-Site Storage Worksheet: Page of
5 Pg, Box F Document Retention Other Off-Site Storage Worksheet Response Actions Taken Questions, Answers and Actions 7.6. A. HIIM Medical Records; contact Regional HIIM Director for guidance 7.6. B. Answer the questions below for each group of Unknown non-medical record documents Are there any accurate logs, manifests or inventories, formal or informal, maintained for Is a log kept of boxes retrieved from this location? When was the last time a box was retrieved from this location? For what purpose was that What types of documents are stored at this location? How long have documents been stored at this location? Were documents stored at this location prior to the acquisition of this facility by CHS? Are documents currently being added to storage at this location? When was the last time a box was added to storage at this location? 7.7 Provide answers to the best of your ability, DO NOT index or inventory records, contact CCD for guidance if the records are Unknown and storage time can be confirmed at less than 5 Pg, Box D 8 Will Documents be moved? Note: prior to initiating the move process, destruction criteria (Box F) must be applied. For any documents not meeting the criteria to be destroyed, execute one or more of the actions below: 8. Medical records in the HIIM Department: contact Regional HIIM Director for guidance All other documents, including documents with PHI, but not HIIM department medical records, contact X records storage vendor for previously negotiated discounted pricing 8. If you do not have a contract with X for document storage, contact your CCD for guidance 8. CHSPSC Compliance Department requires the FCO and CEO to complete a & Attestation to certify complete and accurate review of each Document Retention Project Tool. A signature blank has been provided at the end of the document; typed names will be accepted as signature. By signing this document, you are certifying the following: I certify the Document Retention Project Tool has been completed for each survey response. All issues of concern or non-compliance have been reported to a CHSPSC Compliance Director. FCO Signature Date CEO Signature Date OtherOff-Site Storage Worksheet: Page of
U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)
U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) Security Risk Assessment Tool Physical Safeguards Content Version Date:
More informationFacility Security Policy
1. PURPOSE 1.1 The New Brunswick Institute for Research, Data and Training (NB-IRDT) is located in the University of New Brunswick. It consists of: (i) employee offices in Singer Hall and Keirstead Hall,
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE and Attestation of Compliance Merchants using Hardware Payment Terminals in a PCI SSC-Listed P2PE Solution Only No
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationData Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory
Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable
More informationData Processing Amendment to Google Apps Enterprise Agreement
Data Processing Amendment to Google Apps Enterprise Agreement The Customer agreeing to these terms ( Customer ) and Google Inc., Google Ireland, or Google Asia Pacific Pte. Ltd. (as applicable, Google
More informationIdentity Theft Prevention Policy
Identity Theft Prevention Policy Purpose of the Policy To establish an Identity Theft Prevention Program (Program) designed to detect, prevent and mitigate identity theft in connection with the opening
More informationSelf-Assessment Questionnaire A
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance All cardholder data functions outsourced. No Electronic Storage, Processing, or Transmission
More informationpeace of mind kit FAQ s Q: Is AccuPay bonded?
peace of mind kit At AccuPay, we take the trust you have placed in us very seriously. We understand that you depend on us to produce accurate payrolls as well as accurate tax returns and payments. With
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationAn Introduction to the ISO Security Standards
An Introduction to the ISO Security Standards Agenda Security vs Privacy Who or What is the ISO? ISO 27001:2013 ISO 27001/27002 domains Building Blocks of Security AVAILABILITY INTEGRITY CONFIDENTIALITY
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE and Attestation of Compliance Merchants using Hardware Payment Terminals in a PCI SSC-Listed P2PE Solution Only No
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationRECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES
RECORDS MANAGEMENT DEPARTMENT OF THE TREASURY, DIVISION OF REVENUE AND ENTERPRISE SERVICES, RECORDS MANAGEMENT SERVICES RECORDS MANAGEMENT SERVICES Records Management Services, Division of Revenue and
More informationColocation Service Terms
Colocation Service Terms Last Updated: March 24, 2017 The following Service Terms apply only to the specific Services to which the Service Terms relate. In the event of a conflict between the terms of
More informationSection 1: Assessment Information
Section 1: Assessment Information Instructions for Submission This document must be completed as a declaration of the results of the merchant s self-assessment with the Payment Card Industry Data Security
More informationHIPAA Privacy and Security Training Program
Note The following HIPAA training is intended for Vendors, Business Associates, Students, Pre Approved Shadowers, and Visitors. The following training module does not provide credit for annual training
More informationInformation Security Key Elements. for. irunway. Information Security. May 31, Public
Information Security Key Elements for irunway Information Security May 31, 2010 Contents 1 Introduction... 3 2 Key Elements of Controls for Information Security... 4 2.1 Physical Elements... 4 2.2 System
More informationPolicy & Procedure HIPAA / PRIVACY DESTRUCTION
PURPOSE To ensure that any medium containing Protected Health Information ( PHI ) is properly destroyed. POLICY PHI stored in paper, electronic or other format will be destroyed utilizing an acceptable
More informationRECORDS AND INFORMATION MANAGEMENT AND RETENTION
RECORDS AND INFORMATION MANAGEMENT AND RETENTION Policy The Health Science Center recognizes the need for orderly management and retrieval of all official records and a documented records retention and
More informationSHARED SERVICES COSTS
SHARED SERVICES COSTS Page 1 of 15 TABLE OF CONTENTS 1. 2005-2007 SUMMARY...4 2. THE TRANSMISSION PROVIDER S MAIN SUPPLIERS...6 2.1 Technology Group...8 2.2 Shared Services Centre...10 2.3 Corporate Units...12
More informationDonor Credit Card Security Policy
Donor Credit Card Security Policy INTRODUCTION This document explains the Community Foundation of Northeast Alabama s credit card security requirements for donors as required by the Payment Card Industry
More informationEXHIBIT A. - HIPAA Security Assessment Template -
Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,
More informationISO/IEC 17065:2012 VERTICAL/FILE REVIEW ASSESSMENT
F 136-04 ISO/IEC 17065:2012 SANAS Accr. No/s. VERTICAL/FILE REVIEW ASSESSMENT Organisation Organisation Representative Date: Area / field of operation Accreditation standard Assessor Signed Lead Assessor:
More informationData Sharing Agreement. Between Integral Occupational Health Ltd and the Customer
Data Sharing Agreement Between Integral Occupational Health Ltd and the Customer 1. Definitions a. Customer means any person, organisation, group or entity accepted as a customer of IOH to access OH services
More informationStandard CIP Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security program
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance No Electronic Storage, Processing, or Transmission of Cardholder Data Version 1.2 October
More informationSelect Agents and Toxins Security Plan Template
Select Agents and Toxins Security Plan Template 7 CFR Part 331.11, 9 CFR Part 121.11, 42 CFR Part 73.11 Prepared by U.S. Department of Health and Human Services (HHS) Centers for Disease Control and Prevention
More informationGETTING STARTED WITH THE SIG 2014: A RESPONDENT S GUIDE By Shared Assessments
GETTING STARTED WITH THE SIG 2014: A RESPONDENT S GUIDE By Shared Assessments GETTING STARTED WITH THE SIG 2014: A RESPONDENT S GUIDE TABLE OF CONTENTS About the SIG... 2 SIG Quick Start Guide For Responders...
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationRegulation P & GLBA Training
Regulation P & GLBA Training Overview Regulation P governs the treatment of nonpublic personal information about consumers by the financial institution. (Gramm-Leach-Bliley Act of 1999) The GLBA is composed
More informationIntegrating Information Security Protections In Supplier Agreements: Guidance for Business and Technology Counsel
Presenting a live 90-minute webinar with interactive Q&A Integrating Information Security Protections In Supplier Agreements: Guidance for Business and Technology Counsel Evaluating Data Security Risks
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More informationSECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data
SECURITY STRATEGY & POLICIES Understanding How Swift Digital Protects Your Data Table of Contents Introduction 1 Security Infrastructure 2 Security Strategy and Policies 2 Operational Security 3 Threat
More informationTable of Contents. PCI Information Security Policy
PCI Information Security Policy Policy Number: ECOMM-P-002 Effective Date: December, 14, 2016 Version Number: 1.0 Date Last Reviewed: December, 14, 2016 Classification: Business, Finance, and Technology
More informationHIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp
HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements
More informationDIRECTIVE ON RECORDS AND INFORMATION MANAGEMENT (RIM) January 12, 2018
DIRECTIVE ON RECORDS AND INFORMATION MANAGEMENT (RIM) January 12, 2018 A. OVERRIDING OBJECTIVE 1.1 This Directive establishes the framework for information management of the Asian Infrastructure Investment
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationSTORAGE OF SSAN. Security Risk Assessment and SECURITY PLAN. (insert name of company) SUBMITTED TO REGULATORY AUTHORITY: (insert date)
STORAGE OF SSAN Security Risk Assessment and SECURITY PLAN (insert name of company) SUBMITTED TO REGULATORY AUTHORITY: (insert date) IMPLEMENTED: (insert date) LICENCE DETAILS: No: Issue date: (Note: You
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationIAM Security & Privacy Policies Scott Bradner
IAM Security & Privacy Policies Scott Bradner November 24, 2015 December 2, 2015 Tuesday Wednesday 9:30-10:30 a.m. 10:00-11:00 a.m. 6 Story St. CR Today s Agenda How IAM Security and Privacy Policies Complement
More informationDATA SECURITY THE PROTECTION OF YOUR INFORMATION IS OUR PRIME DIRECTIVE
DATA SECURITY THE PROTECTION OF YOUR INFORMATION IS OUR PRIME DIRECTIVE OVERVIEW building security theft alarms point of entry interior & exterior closed-circuit camera monitoring impact-resistant windows
More informationRecords Retention Policy
June 21, 2017 Table of Contents 1 Introduction...3 1.1 Purpose...3 1.2 Scope...3 1.3 Review Cycle...3 1.4 Document Owner...3 1.5 Definitions...3 2 Policy...4 2.1 Records and Record Storage...4 2.2 Applicable
More information( Utility Name ) Identity Theft Prevention Program
***DRAFT*** ( Utility Name ) Identity Theft Prevention Program Implemented as of, 2008 *** This document is intended to give guidance to municipal utilities in their understanding of the FTC Red Flag Rule.
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationElements of a Swift (and Effective) Response to a HIPAA Security Breach
Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information
More informationPhysical and Environmental Security Standards
Physical and Environmental Security Standards Table of Contents 1. SECURE AREAS... 2 1.1 PHYSICAL SECURITY PERIMETER... 2 1.2 PHYSICAL ENTRY CONTROLS... 3 1.3 SECURING OFFICES, ROOMS AND FACILITIES...
More informationSignature Practices and Technologies for TMF An Industry Overview. Kathie Clark Wingspan Technology Vice President Product Management
Signature Practices and Technologies for TMF An Industry Overview Kathie Clark Wingspan Technology Vice President Product Management 1 Agenda Review of Guidance and Regulations Research Approach Results
More informationCloud-Based Data Security
White Paper Cloud-Based Data Security SaaS-built Galileo collects and analyzes customized performance data efficiently, on-demand, via a secure Internet connection. About Galileo Created by the ATS Group,
More informationAutomate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds
EXECUTIVE BRIEF SHAREBASE BY HYLAND Automate sharing. Empower users. Retain control. With ShareBase by Hyland, empower users with enterprise file sync and share (EFSS) technology and retain control over
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals Electronic Cardholder
More informationTELECOMMUNICATIONS ACCESS POLICY 2011
TELECOMMUNICATIONS ACCESS POLICY 2011 The Vice Chancellor and Principal, as delegate of the Senate of the University of Sydney, adopts the following policy. Dated: 31 January 2011 Signature: Name: Michael
More informationCode of Ethics Certification 2018 CHECKLIST
Code of Ethics Certification 2018 CHECKLIST Medical technology companies (both AdvaMed members and non-members) may participate in this certification program. The certification affirms that the company
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationStandard CIP-006-4c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationCIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra
CIP-014 JEA Compliance Approach FRCC Fall Compliance Workshop Presenter Daniel Mishra Acronyms & Terminologies DHS Department of Homeland Security JEA It s not an acronym JSO Jacksonville Sheriff's Office
More informationPreparing for a Breach October 14, 2016
Preparing for a Breach October 14, 2016 Jeremy Gilbert, GCFE, GASF, EnCE, CPA Manager, DHG Forensics forensics 1 Agenda Medical data breaches Why? Types? Frequency? Impact of a data breach How to prepare
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 CIP-006-6 Cyber Security Physical Security of BES Cyber Systems This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity:
More informationRAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures
RAPID7 INFORMATION SECURITY An Overview of Rapid7 s Internal Security Practices and Procedures 060418 TABLE OF CONTENTS Overview...3 Compliance...4 Organizational...6 Infrastructure & Endpoint Security...8
More informationSOUTHERN CALIFORNIA EDISON COMPANY
SOUTHERN CALIFORNIA EDISON COMPANY COMPLIANCE PROCEDURES IMPLEMENTING FERC ORDER 717C STANDARDS OF CONDUCT Version 1.2 Updated June 14, 2017 Purpose: To provide Southern California Edison s (SCE) overall
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationWayne State University
Wayne State University Office of Environmental Health & Safety Controlled Substances Program Why is Wayne State doing this? In 2011, a survey of our laboratories revealed that some were not adhering to
More informationTCP AUDIT QUESTIONNAIRE
Audit Date: UECP Auditor(s): Audit Location: Lead Principal Investigator (PI): PI Department: Project Title: Sponsor: Est. Project End Date: FRS Acct #: EAR/ITAR Classification(s): Original TCP Signed:
More informationData Center Access Policies and Procedures
Data Center Access Policies and Procedures Version 2.0 Tuesday, April 6, 2010 1 Table of Contents UITS Data Center Access Policies and Procedures!3 Introduction!3. Overview!3 Data Center Access!3 Data
More informationStandard CIP-006-3c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE-HW and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE-HW and Attestation of Compliance Hardware Payment Terminals in a Validated P2PE Solution only, No Electronic Cardholder
More informationHow to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016
How to Respond to a HIPAA Breach Tuesday, Oct. 25, 2016 This Webinar is Brought to You By. About HealthInsight and Mountain-Pacific Quality Health HealthInsight and Mountain-Pacific Quality Health are
More informationSECTION 15 KEY AND ACCESS CONTROLS
15.1 Definitions A. The definitions in this section shall apply to all sections of the part unless otherwise noted. B. Definitions: Access Badge / Card a credential used to gain entry to an area having
More informationINTERNATIONAL SOS. Information Security Policy. Version 2.00
INTERNATIONAL SOS Information Security Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: August 2009 Updated: April 2018 2018 All copyright in these materials are
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Imprint Machines or Standalone Dial-out Terminals Only, No Electronic Cardholder Data Storage
More informationThe simplified guide to. HIPAA compliance
The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act
More informationApplications/Data To Include in Survey (include applications that meet one or more of the following criteria)
Objective of Survey The purpose of this survey is to identify and understand 1) the nature of critical and sensitive campus-wide applications and/or data, 2) where the data is located, 3) how the data
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationAPPENDIX TWO RETENTION AND DISPOSAL SCHEDULE IMPLEMENTATION GUIDELINES
APPENDIX TWO RETENTION AND DISPOSAL SCHEDULE IMPLEMENTATION GUIDELINES National Screening Unit Version 3 April 2012 Prepared by SWIM Ltd 2012 1 Table of Contents 1 What is a retention and disposal schedule?
More informationHIPAA Security Checklist
HIPAA Security Checklist The following checklist summarizes the HIPAA Security Rule requirements that should be implemented by both covered entities and business associates. The citations are to 45 CFR
More informationSTATE OF MINNESOTA PROFESSIONAL FUNDRAISER SOLICITATION NOTICE INSTRUCTIONS
Mail To: Minnesota Attorney General s Office Charities Division 445 Minnesota Street, Suite 1200 St. Paul, MN 55101-2130 Website Address: www.ag.state.mn.us/charity STATE OF MINNESOTA PROFESSIONAL FUNDRAISER
More informationHIPAA Security Checklist
HIPAA Security Checklist The following checklist summarizes the HIPAA Security Rule requirements that should be implemented by both covered entities and business associates. The citations are to 45 CFR
More informationVendor Security Questionnaire
Business Associate Vendor Name Vendor URL Vendor Contact Address Vendor Contact Email Address Vendor Contact Phone Number What type of Service do You Provide Covenant Health? How is Protected Health Information
More informationIT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu
January 30, 2017 1 Corporate Structures Shareholders Governance Level: Board of Directors External Director CFO CEO Legal Counsel External Director Responsible for: Evaluate Direct Monitor Internal Directors
More information1.0 Executive Summary. 2.0 Features and Benefits
Table of Contents 1.0 EXECUTIVE SUMMARY 2.0 FEATURES AND BENEFITS 3.0 DETAILS OF SERVICE 4.0 Deliverable 5.0 Exclusions 6.0 SCOPE OF RESPONSIBILITY 7.0 PROJECT WORK DETAILS 8.0 ORDERING INFORMATION 9.0
More informationBuilding Cloud Trust. Ioannis Stavrinides. Technical Evangelist MS Cyprus
Building Cloud Trust Ioannis Stavrinides Technical Evangelist MS Cyprus If you re resisting the cloud because of security concerns, you re running out of excuses. The question is no longer: How do I move
More information2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY
2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on
More informationSecurity Note. BlackBerry Corporate Infrastructure
Security Note BlackBerry Corporate Infrastructure Published: 2017-03-02 SWD-20170302091637541 Contents Introduction... 5 History... 6 BlackBerry policies...7 Security organizations... 8 Cyber Security
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More informationFACILITY USER GUIDE. Colocation in Key Info s Agoura Court Data Center
FACILITY USER GUIDE Colocation in Key Info s Agoura Court Data Center Page 1 of 11 Key Info Facilities User Guide v2.4 Table of Contents Welcome... 3 GETTING STARTED... 4 Colocation Access... 4 Proof of
More informationHosted Testing and Grading
Hosted Testing and Grading Technical White Paper July 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or
More informationStandard CIP-006-1a Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-1a 3. Purpose: Standard CIP-006 is intended to ensure the implementation of a physical security program
More informationma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018
ma recycle.com Rely and Comply... GDPR Privacy Policy Policy Date: 24 May 2018 Max Recycle Hawthorne House Blackthorn Way Sedgeletch Industrial Estate Fencehouses Tyne & Wear DH4 6JN T: 0845 026 0026 F:
More informationPAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) B GUIDE
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) B GUIDE Last Reviewed: December 13, 2017 Last Updated: December 19, 2017 PCI DSS Version: V3.2, Rev 1.1 Prepared for: The
More informationSection 1: Assessment Information
Section 1: Assessment Information Instructions for Submission This document must be completed as a declaration of the results of the merchant s self-assessment with the Payment Card Industry Data Security
More informationInternet, , Social Networking, Mobile Device, and Electronic Communication Policy
TABLE OF CONTENTS Internet, Email, Social Networking, Mobile Device, and... 2 Risks and Costs Associated with Email, Social Networking, Electronic Communication, and Mobile Devices... 2 Appropriate use
More informationRecords Information Management
Information Systems Sciences Records Information Management Region V Spring Conference March 26, 2015 Was I supposed to keep that 1 Where did we store that 2 Space Issues. Need storage space for a classroom
More informationContent Protection & Security Standard
Content Protection & Security Standard GOVERNANCE AND SECURITY CULTURE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND AWARENESS BUSINESS RESILIENCE Content Protection
More informationPolicy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4
Policy Sensitive Information Version 3.4 Table of Contents Sensitive Information Policy -... 2 Overview... 2 Policy... 2 PCI... 3 HIPAA... 3 Gramm-Leach-Bliley (Financial Services Modernization Act of
More informationIBM Cloud Service Description: Watson Analytics
IBM Cloud Services Agreement IBM Cloud Service Description: Watson Analytics The following is the Service Description for your Order: 1. Cloud Service The Cloud Service offering is described below, portions
More informationInfrastructure Security Overview
White Paper Infrastructure Security Overview Cisco IronPort Cloud Email Security combines best-of-breed technologies to provide the most scalable and sophisticated email protection available today. Based
More information