Giving Everyone Access To Open Source Best Prac8ces
|
|
- Erica James
- 6 years ago
- Views:
Transcription
1 Giving Everyone Access To Open Source Best Prac8ces OpenChain Project - The Linux Founda8on Available under the CC ACribu8on-NoDeriva8ves 4.0 Interna8onal license.
2 The value of open source is efficiency: 1. Efficient code crea8on 2. Efficient code support 3. Efficient code evolu8on 2
3 Open source license compliance is an opportunity for efficiency. 3
4 Open source license compliance reduces: 1. Legal and reputa8on risk 2. Costs of custom process management 3. Costs related to compliance viola8ons 4
5 Many companies do a great job of reducing this inefficiency internally. 5
6 However, most companies rely on a supply chain. 6
7 We can significantly improve efficiency around open source license compliance in the supply chain. 7
8 OpenChain Project addresses the ques8on of how do I trust open source compliance in my supply chain? 8
9 More Trust = More Collabora8on = More Efficiency. 9
10 There are three parts to OpenChain Project: 1. Specifica8on 2. Conformance 3. Curriculum 10
11 The OpenChain Specifica8on defines a core set of requirements every quality compliance program must sa8sfy. Learn more here: hcps:// 11
12 OpenChain Conformance allows organiza8ons to display their adherence to these requirements. Learn more here: hcps:// 12
13 The OpenChain Curriculum provides the educa8onal founda8on for open source processes and solu8ons. Learn more here: hcps:// 13
14 Digging Deeper 14
15 The core of the OpenChain Curriculum is a reference deck to help people meet the requirements of the OpenChain Specifica8on. 15
16 The deck can also be used for general training. 16
17 The deck is not intended to cover everything. 17
18 It is intended to be a useful star8ng point. 18
19 Contents 1. What is Intellectual Property? 2. Introduction to FOSS Licenses 3. Introduction to FOSS Compliance 4. Key Software Concepts for FOSS Review 5. Running a FOSS Review 6. End to End Compliance Management (Example Process) 7. Avoiding Compliance Pitfalls 8. Developer Guidelines
20 What is Intellectual Property? Copyright: protects original works of authorship Protects expression (not the underlying idea) It covers software, books, and similar works Patents: useful inventions that are novel and non-obvious Limited monopoly to incentivize innovation Trade secrets: protects valuable confidential information Trademarks: protects marks (word, logos, slogans, color, etc.) that identify the source of the product Consumer and brand protection; avoid consumer confusion and brand dilution This chapter will focus on copyright and patents, the areas most relevant to FOSS compliance.
21 Check Your Understanding What type of material does copyright law protect? What copyright rights are most important for software? Can software be subject to a patent? What rights does a patent give to the patent owner? If you independently develop your own software, is it possible that you might need a copyright license from a third party for that software? A patent license?
22 CHAPTER 6 End to End Compliance Management (Example Processes)
23 Example Small to Medium Company Checklist Ongoing Compliance Tasks: 1. Discover all FOSS early in the procurement/development cycle 2. Review and Approve all FOSS components used 3. Verify the information necessary to satisfy FOSS obligations 4. Review and approve any outbound contributions to FOSS projects Support Requirements: 1. Ensure adequate compliance staffing and designate clear lines of responsibility 2. Adapt existing Business Processes to support the FOSS compliance program 3. Have training on the organization s FOSS policy available to everyone 4. Track progress of all FOSS compliance activities You can get detailed checklists for these items here:
24 Example Enterprise Process Review and approve compliance record of FOSS software components Compile notices for publication Post publication verifications Queued for Process Own Proprietary Software 3 rd Party Software FOSS Identification Audit Resolve Issues Reviews Approvals Registration Notices Verifications Distribution Verifications Outgoing Software Notices & Attributions Written Offer Identify FOSS components for review Scan or audit source code and Confirm origin and license of source code Resolve any audit issues in line with company FOSS policies Record approved software/version in inventory per product and per release Verify source code packages for distribution and Verify appropriate notices are provided Publish source code, notices and provide written offer Example of Compliance Management End-to-End Process
25 CHAPTER 7 Avoiding Compliance Pitfalls
26 Intellectual Property Pitfalls Type & Description Discovery Avoidance Unplanned inclusion of copyleft FOSS into proprietary or 3rd party code: This type of failure occurs during the development process when engineers add FOSS code into source code that is intended to be proprietary in conflict with the FOSS policy. This type of failure can be discovered by scanning or auditing the source code for possible matches with: FOSS source code Copyright notices Automated source code scanning tools may be used for this purpose This type of failure can be avoided by: Offering training to engineering staff about compliance issues, the different types of FOSS licenses and the implications of including FOSS in proprietary source code Conducting regular source code scans or audits for all the source code in the build environment.
27 Check Your Understanding What types of pitfalls can occur in FOSS compliance? Give an example of an intellectual property failure. Give an example of a license compliance failure. Give an example of a compliance process failure. What are the benefits of prioritizing compliance? What are the benefits of maintaining a good community relationship?
28 CHAPTER 8 Developer Guidelines
29 Developer Guidelines Select code from high quality, well supported FOSS communities Seek guidance Request formal approval for each FOSS component you are using Do not check un-reviewed code into any internal source tree Request formal approval for outside contributions to FOSS projects Preserve existing licensing information Do not remove or in any way disturb existing FOSS licensing copyrights or other licensing information from any FOSS components that you use. All copyright and licensing information is to remain intact in all FOSS components Do not re-name FOSS components unless you are required to under the FOSS license (e.g., required renaming of modified versions) Gather and retain FOSS project information required for your FOSS review process
30 Check Your Understanding Name some general guidelines developers can practice when working with FOSS. Should you remove or alter FOSS license header information? Name some important steps in a compliance process. How can a new version of a previously-reviewed FOSS component create new compliance issues? What risks should you address with in-bound software? Learn more through the free Compliance Basics for Developers hosted by the Linux Foundation at: compliance-basics-for-developers
31 We also have a GitHub repository with more material: hcps://github.com/openchain-project/curriculum 19
32 Everything is Crea8ve Commons 0 (public domain). 20
33 This means the knowledge can be used, shared, remixed and incorporated anywhere in any way. 21
34 We are always looking for dona8ons of material or 8me to improve our curriculum. 22
35 Let s Talk Shane Coughlan coughlan@linux.com
FOSS Training Reference Slides for the OpenChain Specification 1.1
CURRICULUM FOSS Training Reference Slides for the OpenChain Specification 1.1 Released under CC0-1.0. You may use, modify, and share these slides without restriction. They also come with no warranty. These
More informationCURRICULUM. FOSS Training Reference Deck, Version 2 FINAL DRAFT Designed for the OpenChain Specification 1.0
CURRICULUM FOSS Training Reference Deck, Version 2 FINAL DRAFT Designed for the OpenChain Specification 1.0 Released under the Creative Commons CC0 1.0 Universal license. These slides follow US law. Different
More informationCURRICULUM. Core FOSS Compliance Version 1 Designed for Version 1 of the OpenChain Specification
CURRICULUM Core FOSS Compliance Version 1 Designed for Version 1 of the OpenChain Specification Released under the Creative Commons CC0 1.0 Universallicense. This is not legal advice Contents 1. What is
More informationThis slide is relevant to providing either a single three hour training session or explaining how a series of shorter sessions focused on per chapter
Welcome to the OpenChain Curriculum Slides. These slides can be used to help train internal teams about FOSS compliance issues and to conform with the OpenChain Specification. You can deliver these slides
More informationConformance Handbook for OpenChain Specification 1.1
Conformance Handbook for OpenChain Specification 1.1 Revision 1 Miriam Ballhausen, Shane Coughlan Copyright 2017 The OpenChain Project. This document is licensed under the Creative Commons Attribution
More informationOpenChain Conformance 2016-H1 Specification
Contents Introduction... 3 Definitions... 4 Requirements... 5 G1: Know Your FOSS Responsibilities... 5 G2: Assign Responsibility for Achieving Compliance... 6 G3: Review and Approve FOSS Content... 7 G4:
More informationOpenChain Specification Version 1.3 (DRAFT)
OpenChain Specification Version 1.3 (DRAFT) 2018.10.14 DRAFT: This is the draft of the next version 1.3 of the OpenChain specification. Recommended changes to be made over the current released version
More informationOpenChain Conformance 2016-H1 Conformance Check
Table of Contents Introduction... 3 Definitions... 4 G1: Know Your FOSS Responsibilities... 5 G2: Assign Responsibility for Achieving Compliance... 6 G3: Review and Approve FOSS Content... 7 G4: Deliver
More informationOpenChain Specification Version 1.2 pc6 (DRAFT) [With Edit Markups Turned Off]
OpenChain Specification Version 1.2 pc6 (DRAFT) [With Edit Markups Turned Off] DRAFT: This is the near final draft of the 1.2 version of the OpenChain Specification. We have recently completed the final
More informationAuditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC
Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationSeven Requirements for Successfully Implementing Information Security Policies and Standards
Seven Requirements for Successfully Implementing and Standards A guide for executives Stan Stahl, Ph.D., President, Citadel Information Group Kimberly A. Pease, CISSP, Vice President, Citadel Information
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified Management System Auditor www.pecb.com The objective of the PECB Certified Management System Auditor examination is to ensure that the candidates
More informationApex Information Security Policy
Apex Information Security Policy Table of Contents Sr.No Contents Page No 1. Objective 4 2. Policy 4 3. Scope 4 4. Approval Authority 5 5. Purpose 5 6. General Guidelines 7 7. Sub policies exist for 8
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22000 Lead Auditor www.pecb.com The objective of the Certified ISO 22000 Lead Auditor examination is to ensure that the candidate has
More informationISO27001:2013 The New Standard Revised Edition
ECSC UNRESTRICTED ISO27001:2013 The New Standard Revised Edition +44 (0) 1274 736223 consulting@ecsc.co.uk www.ecsc.co.uk A Blue Paper from Page 1 of 14 Version 1_00 Date: 27 January 2014 For more information
More informationEvolving Compliance Needs in Acquisitions Case Study
Evolving Compliance Needs in Acquisitions Case Study Nithya A. Ruff, Director, OS Office @nithyaruff 1 About Me Director of Open Source @WD Director at large, Linux Foundation BOD MS in CS, MBA in Entrepreneurship
More informationApproved 10/15/2015. IDEF Baseline Functional Requirements v1.0
Approved 10/15/2015 IDEF Baseline Functional Requirements v1.0 IDESG.org IDENTITY ECOSYSTEM STEERING GROUP IDEF Baseline Functional Requirements v1.0 NOTES: (A) The Requirements language is presented in
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified OHSAS 18001 Lead Auditor www.pecb.com The objective of the PECB Certified OHSAS 18001 Lead Auditor examination is to ensure that the candidate
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 9001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 9001 Lead Auditor examination is to ensure that the candidate possesses
More informationOverview. Business value
PRODUCT SHEET CA Top Secret for z/vse CA Top Secret for z/vse CA Top Secret for z/vse provides innovative and comprehensive security for business transaction environments which enable your business to
More informationLegal notice and Privacy policy
Legal notice and Privacy policy We appreciate your interest in us. Below you will find information of legal relevance when visiting this website. In addition, you will find our Privacy Policy, which explains
More informationChoosing the Right Solution for Strategic Deployment of Encryption
Choosing the Right Solution for Strategic Deployment of Email Encryption White Paper: Enterprise Email Encryption Email Protection Buyer s Guide Choosing the Right Solution for Strategic Deployment of
More informationSolarWinds Trademark and Copyright Guidelines
SolarWinds Trademark and Copyright Guidelines The SolarWinds trademark guidelines are to assist SolarWinds Worldwide, LLC, its affiliates, subsidiaries, employees, agents (collectively, SolarWinds ), its
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 37001 Lead Auditor www.pecb.com The objective of the Certified ISO 37001 Lead Auditor examination is to ensure that the candidate possesses
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 14001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 14001 Lead Auditor examination is to ensure that the candidate
More informationBest Practices for PCI DSS Version 3.2 Network Security Compliance
Best Practices for PCI DSS Version 3.2 Network Security Compliance www.tufin.com Executive Summary Payment data fraud by cyber criminals is a growing threat not only to financial institutions and retail
More informationThe GDPR toolkit. How to guide for Executive Committees. Version March 2018
The GDPR toolkit How to guide for Executive Committees Version 1.0 - March 2018 Contents Document Purpose... 3 What s included... 3 Step 1 - How to assess your data... 5 a) What is GDPR?... 5 b) Video
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 20000 Lead Auditor www.pecb.com The objective of the Certified ISO/IEC 20000 Lead Auditor examination is to ensure that the candidate
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 38500 Lead IT Corporate Governance Manager The objective of the PECB Certified ISO/IEC 38500 Lead IT Corporate Governance Manager examination is to ensure
More informationConvergence of BCM and Information Security at Direct Energy
Convergence of BCM and Information Security at Direct Energy Karen Kemp Direct Energy Session ID: GRC-403 Session Classification: Advanced About Direct Energy Direct Energy was acquired by Centrica Plc
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More information5. The technology risk evaluation need only be updated when significant changes or upgrades to systems are implemented.
Annex to the Financial Services Businesses Handbook Using Technology in the Customer Due Diligence Process A.1. Technology Risk Evaluation 1. A financial services business must, prior to deciding whether
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 14001 Lead Implementer www.pecb.com The objective of the PECB Certified ISO 14001 Lead Implementer examination is to ensure that the candidate
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO 50001 Lead Auditor The objective of the PECB Certified ISO 50001 Lead Auditor examination is to ensure that the candidate has the knowledge and skills to plan
More informationApril 17, Ronald Layne Manager, Data Quality and Data Governance
Ensuring the highest quality data is delivered throughout the university providing valuable information serving individual and organizational need April 17, 2015 Ronald Layne Manager, Data Quality and
More informationGDPR compliance: some basics & practical to do list
GDPR compliance: some basics & practical to do list Philippe LAURENT independent full service business law firm located in Brussels May 2017 Personal data processing = any operation or set of operations
More informationTHE TRUSTED NETWORK POWERING GLOBAL SUPPLY CHAINS AND THEIR COMMUNITIES APPROVED EDUCATION PROVIDER INFORMATION PACK
GAIN RECOGNITION AS AN APPROVED PROVIDER UNDER ISO/IEC 17024 AND JOIN OUR NETWORK OF TRUSTED PROVIDERS THE TRUSTED NETWORK POWERING GLOBAL SUPPLY CHAINS AND THEIR COMMUNITIES APPROVED EDUCATION PROVIDER
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationBring Your Own Device. Peter Silva Technical Marketing Manager
Bring Your Own Device Peter Silva Technical Marketing Manager Bring-Your-Own-Device (BYOD) Personal devices for business apps Why implement BYOD? Increase employee satisfaction, productivity Reduce mobile
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationNational Wood Products, Inc. FSC Chain of Custody NWP CENTRAL OFFICE Standard Operating Procedure REVIEW DATE: August 17, 2013
National Wood Products, Inc. NWP CENTRAL OFFICE Standard Operating Procedure REVIEW DATE: August 17, 2013 ORIGINAL DOCUMENT DATE: August 11, 2008 Prepared By: Tanya Coy C:\Users\tcoy\Documents\FSC CERTIFICATION\NWP
More informationHow to Secure Your Cloud with...a Cloud?
A New Era of Thinking How to Secure Your Cloud with...a Cloud? Eitan Worcel Offering Manager - Application Security on Cloud IBM Security 1 2016 IBM Corporation 1 A New Era of Thinking Agenda IBM Cloud
More informationSUSE Manager Roadmap OS Lifecycle Management from the Datacenter to the Cloud
SUSE Manager Roadmap OS Lifecycle Management from the Datacenter to the Cloud Joachim Werner Senior Product Manager joe@suse.com Jeff Lindholm Sales Engineer Jlindholm@suse.com SUSE and Linux Workloads
More informationMEDIA KIT. technology. transfer. Market Your Products and Services to 94,000 Technology Transfer, IP, Licensing and Research Professionals.
MEDIA KIT partners and investors knowledge transfer invention disclosures contracting, licensing and negotiation business development faculty outreach intellectual property marketing technology transfer
More informationA Practical Guide to Efficient Security Response
A Practical Guide to Efficient Security Response The Essential Checklist Start The Critical Challenges to Information Security Data breaches constantly threaten the modern enterprise. And the risk continues
More informationPolicy for Manufacturers to Maintain Compliance Within the Material Health Certificate Scheme. Version 1.1. January 2015
Policy for Manufacturers to Maintain Compliance Within the Material Health Certificate Scheme Version 1.1 January 2015 Copyright Cradle to Cradle Products Innovation Institute, 2015 1 Purpose This policy
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationWebsite ADA Compliance Made Easy: How to Respond to Legal Demand Letters or Avoid Them, Altogether.
Website ADA Compliance Made Easy: How to Respond to Legal Demand Letters or Avoid Them, Altogether. Legal Demand Letters. Solved. Background Across the country, thousands of businesses and organizations,
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationTexas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13
Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 I. Vision A highly reliable and secure bulk power system in the Electric Reliability Council of Texas
More informationFIVE BEST PRACTICES FOR ENSURING A SUCCESSFUL SQL SERVER MIGRATION
FIVE BEST PRACTICES FOR ENSURING A SUCCESSFUL SQL SERVER MIGRATION The process of planning and executing SQL Server migrations can be complex and risk-prone. This is a case where the right approach and
More informationTechnical Trust Policy
Technical Trust Policy Version 1.2 Last Updated: May 20, 2016 Introduction Carequality creates a community of trusted exchange partners who rely on each organization s adherence to the terms of the Carequality
More informationWiMAX Forum Trademark Policy and Trademark Usage Guidelines Part 1 WiMAX. Adopted March 27, 2007; Amended September 6, 2007
Introduction. WiMAX Forum Adopted March 27, 2007; Amended September 6, 2007 This policy provides usage guidelines and requirements for WiMAX. WiMAX is a trademark and service mark of the WiMAX Forum. As
More informationNSF Data Management Plan Template Duke University Libraries Data and GIS Services
NSF Data Management Plan Template Duke University Libraries Data and GIS Services NSF Data Management Plan Requirement Overview The Data Management Plan (DMP) should be a supplementary document of no more
More informationPolicy for Certification of Private Label Products Within the Cradle to Cradle Certified Certification Scheme. Version 1.0.
Policy for Certification of Private Label Products Within the Cradle to Cradle Certified Certification Scheme Version 1.0 March 2015 Copyright, Cradle to Cradle Products Innovation Institute, 2015 Cradle
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationUnderstanding my data and getting value from it
Understanding my data and getting value from it Creating Value With GDPR: Practical Steps 20 th February 2017 Gregory Campbell Governance, Regulatory and Legal Consultant, IBM Analytics gcampbell@uk.ibm.com
More informationMasterCard NFC Mobile Device Approval Guide v July 2015
MasterCard NFC Mobile Device Approval Guide v2.0 30 July 2015 Notices Following are policies pertaining to proprietary rights, trademarks, translations, and details about the availability of additional
More informationTerms, Methodology, Preparation, Obstacles, and Pitfalls. Vulnerability Assessment Course
Terms, Methodology, Preparation, Obstacles, and Pitfalls Vulnerability Assessment Course All materials are licensed under a Creative Commons Share Alike license. http://creativecommons.org/licenses/by-sa/3.0/
More informationAcceptable Use Policy
Acceptable Use Policy 1. Overview The Information Technology (IT) department s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Quincy College s established
More informationManaging Your Record Retention Policy Safely
Managing Your Record Retention Policy Safely Client and counsel have a duty to preserve materials with potential evidentiary value. The preceding discussion told us about the duties of lawyers and clients
More informationChecklist According to ISO IEC 17065:2012 for bodies certifying products, process and services
Name of Certifying Body Address of Certifying Body Case number Date of assessment With several locations Yes No Assessed locations: (Name)/Address: (Name)/Address: (Name)/Address: Assessed area (technical
More informationThis procedure sets out the usage of mobile CCTV units within Arhag.
CCTV PROCEDURE Statement This procedure sets out the usage of mobile CCTV units within Arhag. Arhag is a registered charitable housing association and is not considered an appropriate authority with regards
More informationCERTIFICATE POLICY CIGNA PKI Certificates
CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA 1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification...
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO 39001 Lead Auditor The objective of the PECB Certified ISO 39001 Lead Auditor examination is to ensure that the candidate has the knowledge and skills to plan
More informationWorkday s Robust Privacy Program
Workday s Robust Privacy Program Workday s Robust Privacy Program Introduction Workday is a leading provider of enterprise cloud applications for human resources and finance. Founded in 2005 by Dave Duffield
More informationOCTOSHAPE SDK AND CLIENT LICENSE AGREEMENT (SCLA)
OCTOSHAPE SDK AND CLIENT LICENSE AGREEMENT (SCLA) This is a License Agreement (the "Agreement") for certain code (the Software ) owned by Akamai Technologies, Inc. ( Akamai ) that is useful in connection
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationSHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT
SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place
More informationCERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION
CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION Introduction The IFFO RS Certification Programme is a third party, independent and accredited
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 17025 Lead Auditor The objective of the PECB Certified ISO/IEC 17025 Lead Auditor examination is to ensure that the candidate possesses the needed expertise
More informationStandard: Risk Assessment Program
Standard: Risk Assessment Program Page 1 Executive Summary San Jose State University (SJSU) is highly diversified in the information that it collects and maintains on its community members. It is the university
More informationTechnical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM
Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM Document Details Title Description Version 1.1 Author Classification Technical Vulnerability and Patch Management Policy
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationAcceptable Use Policy
Acceptable Use Policy 1. Purpose The purpose of this policy is to outline the acceptable use of computer equipment at Robotech CAD Solutions. These rules are in place to protect the employee and Robotech
More informationEffective security is a team effort involving the participation and support of everyone who handles Company information and information systems.
BACKED BY REFERENCE GUIDE Acceptable Use Policy GENERAL GUIDANCE NOTE: This sample policy is not legal advice or a substitute for consultation with qualified legal counsel. Laws vary from country to country.
More informationScientific Working Group on Digital Evidence
Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE requests notification by e-mail before or contemporaneous to the introduction of this document, or
More informationCERTIFICATE SCHEME THE MATERIAL HEALTH CERTIFICATE PROGRAM. Version 1.1. April 2015
CERTIFICATE SCHEME For THE MATERIAL HEALTH CERTIFICATE PROGRAM Version 1.1 April 2015 Copyright Cradle to Cradle Products Innovation Institute, 2015 1 Purpose The intention of the Certificate Scheme is
More informationSymantec Data Center Migration Service
Avoid unplanned downtime to critical business applications while controlling your costs and schedule The Symantec Data Center Migration Service helps you manage the risks and complexity of a migration
More informationAccessibility of Web
Web Accessibility Policy and Procedure Accessibility of Web Last Updated: August 2018 Content: Outlined in Section 504 of the Rehabilitation Act of 1973 (Section 504), 29 U.S.C. 794, and its implementing
More informationPublic vs private cloud for regulated entities
Public vs private cloud for regulated entities DC2: Restricted use The cloud is for everyone but not for everything 2 Opportunity enabler DC2: Restricted use Flexibility SAAS Public Accessibility Agility
More informationARCHIVE ESSENTIALS
EMAIL ARCHIVE ESSENTIALS KEY CONSIDERATIONS WHEN MOVING TO OFFICE 365 DISCUSSION PAPER PREFACE The last few years have seen significant changes in the way that organisations conduct business. There has
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Software asset management Part 1: Processes and tiered assessment of conformance
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 19770-1 Second edition 2012-06-15 Information technology Software asset management Part 1: Processes and tiered
More informationHPE DATA PRIVACY AND SECURITY
ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection
More informationConsumer Protection & System Security Update. Bill Jenkins and Cammie Blais
Consumer Protection & System Security Update Bill Jenkins and Cammie Blais Consumer Protection Goal: To act responsibly to protect consumers against deceptive, fraudulent or unfair practices. 2 2 Partners
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationTake control of your e-discovery process. Increase efficiency, reduce risk and keep costs in line with an integrated solution.
AD ediscovery Collect, Audit and Analyze with a Seamless, Secure Solution Take control of your e-discovery process. Increase efficiency, reduce risk and keep costs in line with an integrated solution.
More informationAdvent IM Ltd ISO/IEC 27001:2013 vs
Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater
More informationSAP Security Remediation: Three Steps for Success Using SAP GRC
SAP Security Remediation: Three Steps for Success Using SAP GRC All companies need strong application security environments as part of a successful overall risk management strategy. Strong risk-oriented
More informationContinuously Discover and Eliminate Security Risk in Production Apps
White Paper Security Continuously Discover and Eliminate Security Risk in Production Apps Table of Contents page Continuously Discover and Eliminate Security Risk in Production Apps... 1 Continuous Application
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22000 Lead Implementer www.pecb.com The objective of the Certified ISO 22000 Lead Implementer examination is to ensure that the candidate
More informationProgress and challenges with the establishment of MRV system in African Countries
Progress and challenges with the establishment of MRV system in African Countries The progress, challenges and lesson learned on building an integrated MRV system: an example from South Africa in building
More informationIBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT
IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT NOTICE Clients are responsible for ensuring their own compliance with various laws and regulations, including the
More informationData protection. 3 April 2018
Data protection 3 April 2018 Policy prepared by: Ltd Approved by the Directors on: 3rd April 2018 Next review date: 31st March 2019 Data Protection Registration Number (ico.): Z2184271 Introduction Ltd
More information