ICT User Access Security Standard Operating Procedure
|
|
- Silvester O’Brien’
- 5 years ago
- Views:
Transcription
1 ICT User Access Security Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised as guidance or instruction by any police officer or employee as it may have been redacted due to legal exemptions Owning Department: Version Number: ICT Department 3.00 (Publication Scheme) Date Published: 25/05/2018 (Publication Scheme)
2 Compliance Record Equality and Human Rights Impact Assessment (EqHRIA): Date Completed / Reviewed: Information Management Compliant: Health and Safety Compliant: Publication Scheme Compliant: 01/11/2017 Yes Yes Yes Version Control Table Version History of Amendments Approval Date 1.00 Initial Approved Version 23/03/ Periodic Review. Transferred to corporate template with new Police Scotland logo. Formatting standards 13/11/2017 in line Police Scotland record set 3.00 Updated to reflect changes in data protection legislation 25/05/2018 (Publication Scheme) 2
3 Contents 1. Purpose 2. Overview 3. Processes Appendices Appendix A List of Associated Legislation Appendix B List of Associated Reference Documents Appendix C Glossary of Terms Appendix D C Division Appendix E V Division Appendix F P Division Appendix G A Division Appendix H E and J Division Appendix I N Division Appendix J G. U, Q, L and K Division Appendix K D Division (Publication Scheme) 3
4 1. Purpose 1.1 This Standard Operating Procedure (SOP) supports the Scottish Police Authority (SPA) / Police Service of Scotland, hereafter referred to as Police Scotland policy for Information Security. 1.2 This SOP provides information on the control of user access to Police Scotland/SPA Information and Communication Technology (ICT) Systems and Data detailing the steps that need to be taken to ensure that individual staff identities are provided to ensure that the individual can complete tasks associated to their respective roles. 1.3 This SOP should be used in conjunction with the Police Scotland Information Security Policy and SOP s for: ICT Acceptable Use of Computer Systems SOP IT Security SOP 2. Overview 2.1 All system logins for each system allow a user to perform specific tasks. A unique login ensures that the authorised and named individual has the correct level of access, allowing them to perform their designated role(s). It also improves the auditing capability. 2.2 Across Scotland, there are regional differences in the way user access is managed. These differences are detailed in the geographical appendices at the rear of this SOP. 3. Processes 3.1 Individuals will be issued unique logins that provide them with the necessary access specific to their job roles, and no more. It is essential that:- Each user has a unique set of credentials which affords them access to the systems and data for which they are authorised; Each user login is accompanied by an additional method of authentication; Each Individuals personal login details are secure; Each user has only the access to the systems required to carry out their role; Generic logins are not used, except in specific circumstances and are subject to risk assessment and audit controls; (Publication Scheme) 4
5 Users leaving the organisation have access disabled on the last official day of service and both user account and profile deleted after six months. Users whom it has been determined should have their system access restricted, will have it restricted as soon as reasonably practicable and in any event within two working days (outwith weekends). An expedited Systems Restriction and Audit Process is available should an operational requirement exist. 3.2 User Access Control All new user requests or changes in access to ICT systems are requested by the line manager, People and Development, Business Management Units, or Mail Administrators, dependent upon local structures. This will include staff belonging to Police Scotland, the Scottish Police Authority (SPA), temporary and contracted staff The request will be submitted via IT Connect and actioned within the Service Level Agreement (SLA) of five working days For systems where ICT retain administration responsibility, ICT will complete the user set up or change of details and provide user account details to a named individual or People and Development. Where this function is delegated to other Business Units, they will have responsibility for user maintenance When first created, the username is accompanied by a password giving an additional method of authentication, which must conform to the complexity requirements as outlined in the ICT Password Policy. At first login, the individual must change their password, and ensures from that point that their login details are known only to them Completed ICT account set up forms are held either within People and Development, or the ICT Department electronically on IT Connect Regional processes are summarised in the tables provided in the Geographic Appendices ( D - K). 3.3 Removal of User Access Removal or temporary suspension of user access will apply to all members of Police Scotland, SPA, temporary staff and contractors Access will be removed on the last official day of service with the Organisation following resignation, retirement, dismissal or death Access will be also be removed or suspended in cases of long term absence, such as, but not limited to: Maternity or paternity leave; (Publication Scheme) 5
6 Career break; Secondment outwith SPA or Police Scotland; Long term sickness or absence which is likely to exceed 12 weeks; Any other break which may be greater than 12 weeks; Suspension from duty or placed on restricted duties Suspension of access on instruction from ACU, PSD, People and Development, Line Manager or the Business Management Unit will be provided to ICT to remove access; this is managed via IT Connect. (People and Development access IT Connect via HR Connect portal) People and Development will be notified immediately if the reason for withdrawal relates to suspension from duties. If this is the case, the account will be disabled / suspended (disabled is the term that is used within ICT, however, this relates to the suspension of an account) Account access is restricted/disabled as soon as reasonably practicable and in any event within two working days (outwith weekends). Notwithstanding, every attempt is made to complete this request within 24 hours, Monday through Friday as local arrangements allow. An expedited process is available through the National Service Desk should an operational requirement exist In the case of a suspended officer, system access will only be reinstated with prior agreement of ACU or PSD as per the ICT Systems Restrictions and Audit Process. (Publication Scheme) 6
7 Appendix A List of Associated Legislation Computer Misuse Act 1990 Public Records (Scotland) Act 2011 Data Protection Act 2018 The Official Secrets Act 1911 and 1989 (Publication Scheme) 7
8 Appendix B List of Associated Reference Documents Policy Information Security Policy ICT Password Policy Standard Operating Procedures ICT Acceptable Use of Computer Systems SOP IT Security SOP Process ICT Systems Restrictions and Audit Process (Internal Document) (Publication Scheme) 8
9 Glossary of Terms Appendix C ACU Anti-Corruption Unit PSD Professional Standards Department ICT SLA Information and Communication Technology Service Level Agreement SOP Standard Operating Procedure SPA Scottish Police Authority DCC Deputy Chief Constable Designate LTD Leadership Training and Development (Publication Scheme) 9
10 C Division Appendix D New Users / Creation New user request submitted by Area that the new User request is New user details provided to Leavers / Deletion User access removal request submitted by Area that the user removal request Are accounts disabled or deleted Time period for account to be disabled If disabled, after what time period are the accounts deleted? Further Information Access forms for the above are controlled by: Long term absence - including sickness, maternity, paternity, career break Action taken on the account of an employee who is suspended People and Development and ICT Trainers IT Connect via a pre-approved Service Request People and Development People and Development HR Connect Disabled on last official day of service As soon as reasonably practicable and in any event within two working days (outwith weekends) Six months after official leaving date Business Unit / Mail Administrators Account will be disabled on request Account will be disabled based upon request from Professional Standards Department or Anti-Corruption Unit (ACU) (Publication Scheme) 10
11 Appendix E V Division New Users / Creation New user request submitted by Area that the new user request is New user details provided to Leavers / Deletion User access removal request submitted by Area that the user removal request Are accounts disabled or deleted Time period for account to be disabled / deleted If disabled, after what time period are the accounts deleted? Further Information Access forms for the above are controlled by: Long term absence - including sickness, maternity, paternity, career break Action taken on the account of an employee who is suspended Business Management Unit/Mail Administrators/LTD Administration Operations West Postmaster IT Connect User account maintenance Operations West Postmaster Requestor will have user name and supplied standard password Business Management/LTD will submit suspension of Special Constables Operations West Postmaster HR Connect Operations West Postmaster Disabled on last official day of service As soon as reasonably practicable and in any event within two working days (outwith weekends) Six months after official leaving date Business Management Account will be disabled on request Account will be disabled based upon request from Professional Standards Department or Anti-Corruption Unit (ACU) (Publication Scheme) 11
12 Appendix F P Division New Users / Creation New user request submitted by Area that the new user request is New user details provided to Leavers / Deletion User access removal request submitted by Area that the user removal request Are accounts disabled or deleted Time period for account to be disabled If disabled, after what time period are the accounts deleted? Further Information Access forms for the above are controlled by: Long term absence - including sickness, maternity, paternity, career break Action taken on the account of an employee who is suspended People and Development HR Connect User access maintenance Direct to User People and Development HR Connect Disabled on last official day of service As soon as reasonably practicable and in any event within two working days (outwith weekends) Six months after official leaving date Account will be disabled on request Account will be disabled based upon request from Professional Standards Department or Anti-Corruption Unit (ACU) (Publication Scheme) 12
13 Appendix G A Division New Users / Creation New user request submitted by Area that the new user request is New user details provided to Leavers / Deletion User access removal request submitted by Area that the user removal request Are accounts disabled or deleted Time period for account to be disabled If disabled, after what time period are the accounts deleted? Further Information Access forms for the above are controlled by: Long term absence - including sickness, maternity, paternity, career break Action taken on the account of an employee who is suspended People and Development ICT Service Desk IT Connect ICT Operations and Support Requestor Staff User s line manager ICT Service Desk HR Connect ICT Operations and Support Disabled on last official day of service As soon as reasonably practicable and in any event within two working days (outwith weekends) Six months after official leaving date N/A Account will be disabled on request Account will be disabled based upon request from Professional Standards Department or Anti-Corruption Unit (ACU) (Publication Scheme) 13
14 Appendix H E and J Divisions New Users / Creation New user request submitted by Area that the new user request is New user details provided to Leavers / Deletion User access removal request submitted by Area that the user removal request Are accounts disabled or deleted Time period for account to be disabled If disabled, after what time period are the accounts deleted? Further Information Access forms for the above are controlled by: Long term absence - including sickness, maternity, paternity, career break Action taken on the account of an employee who is suspended People and Development Edinburgh Postmaster IT Connect User account maintenance Edinburgh Postmaster New user or Line Manager People and Development Edinburgh Postmaster HR Connect Edinburgh Postmaster Disabled on last official day of service As soon as reasonably practicable and in any event within two working days (outwith weekends) Six months after official leaving date People and Development / Force Business Managers request access / removal Account will be disabled on request Account will be disabled based upon request from Professional Standards Department or Anti-Corruption Unit (ACU) (Publication Scheme) 14
15 Appendix I N Division New Users / Creation New user request submitted by Area that the new user request is New user details provided to Leavers / Deletion User access removal request submitted by Area that the user removal request Are accounts disabled or deleted Time period for account to be disabled If disabled, after what time period are the accounts deleted? Further Information Access forms for the above are controlled by: Long term absence - including sickness, maternity, paternity, career break Action taken on the account of an employee who is suspended People and Development HR Connect via a user account maintenance or pre-approved Service Request Business Management Unit (BMU) Business Management Unit HR Connect Disabled on last official day of service As soon as reasonably practicable and in any event within two working days (outwith weekends) Six months after official leaving date Business Management Unit Account will be disabled on request Account will be disabled based upon request from Professional Standards Department or Anti-Corruption Unit (ACU) (Publication Scheme) 15
16 Appendix J G, U, Q, L and K Divisions New Users / Creation New user request submitted by Area that the new user request is New user details provided to Leavers / Deletion User access removal request submitted by Area that the user removal request Are accounts disabled or deleted Time period for account to be disabled If disabled, after what time period are the accounts deleted? Further Information Access forms for the above are controlled by: Long term absence - including sickness, maternity, paternity, career break Action taken on the account of an employee who is suspended Business Management Unit/Mail Administrators Operations West Postmaster IT Connect User Account Maintenance Operations West Postmaster Requestor will have user name and supplied standard password Business Management Unit This is HR. HR will submit ICT requirements via User Access process HR Connect Operations West Postmaster Disabled on last official day of service As soon as reasonably practicable and in any event within two working days (outwith weekends) Six months after official leaving date Business Management Unit/Mail Administrators Account will be disabled on request Account will be disabled based upon request from Professional Standards Department or Anti-Corruption Unit (ACU) (Publication Scheme) 16
17 Appendix K D Division New user request submitted by Area that the new user request is New Users / Creation People and Development or Line Manager or Data Maintenance Unit ICT Service Desk IT1 Pro-forma via IT Connect or UAM depending if Police Scotland or SPA New user details provided to Leavers / Deletion User access removal request submitted by Area that the user removal request Are accounts disabled or deleted Time period for account to be disabled If disabled, after what time period are the accounts deleted? Further Information Access forms for the above are controlled by: Long term absence - including sickness, maternity, paternity, career break Action taken on the account of an employee who is suspended Line Manager or Business support area People and Development or Line Manager ICT Service Desk HR Connect Disabled on last official day of service As soon as reasonably practicable and in any event within two working days (outwith weekends) Six months after official leaving date IT Connect and the Data Input Bureau (within Criminal Justice D Division) Account will be disabled on request Account will be disabled based upon request from Professional Standards Department or Anti-Corruption Unit (ACU) (Publication Scheme) 17
IT Security Standard Operating Procedure
IT Security Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised as guidance
More informationNotebooks and PDAs. Standard Operating Procedure
Notebooks and PDAs Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised
More informationUse of Personal Mobile Phone Whilst on Duty
Use of Personal Mobile Phone Whilst on Duty (Incorporating Smartphones and Hand Held Devices) Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland
More informationData Sharing Agreement. Between Integral Occupational Health Ltd and the Customer
Data Sharing Agreement Between Integral Occupational Health Ltd and the Customer 1. Definitions a. Customer means any person, organisation, group or entity accepted as a customer of IOH to access OH services
More informationAccess to personal accounts and lawful business monitoring
Access to personal email accounts and lawful business monitoring Contents Policy statement... 2 Access to personal emails... 2 Manager suspects misuse... 3 Lawful business monitoring... 4 Additional information...
More informationInformation Technology Access Control Policy & Procedure
Information Technology Access Control Policy & Procedure Version 1.0 Important: This document can only be considered valid when viewed on the PCT s intranet/u: Drive. If this document has been printed
More informationDATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:
DATA PROTECTION SELF-ASSESSMENT TOOL Protecture: 0203 691 5731 Instructions for use touches many varied aspects of an organisation. Across six key areas, the self-assessment notes where a decision should
More informationAccess Control Policy
Access Control Policy Version Control Version Date Draft 0.1 25/09/2017 1.0 01/11/2017 Related Polices Information Services Acceptable Use Policy Associate Accounts Policy IT Security for 3 rd Parties,
More informationState of Colorado Cyber Security Policies
TITLE: State of Colorado Cyber Security Policies Access Control Policy Overview This policy document is part of the State of Colorado Cyber Security Policies, created to support the State of Colorado Chief
More informationPS 176 Removable Media Policy
PS 176 Removable Media Policy December 2013 Version 2.0 Statement of legislative compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationINFORMATION TECHNOLOGY SECURITY POLICY
INFORMATION TECHNOLOGY SECURITY POLICY Author Responsible Director Approved By Data Approved September 15 Date for Review November 17 Version 2.3 Replaces version 2.2 Mike Dench, IT Security Manager Robin
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: St. Thomas University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationData Encryption Policy
Data Encryption Policy Document Control Sheet Q Pulse Reference Number Version Number Document Author Lead Executive Director Sponsor Ratifying Committee POL-F-IMT-2 V02 Information Governance Manager
More informationPatient Reported Outcome Measures (PROMs)
Patient Reported Outcome Measures (PROMs) Published September 2017 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationMANAGEMENT ACTION FILE NOTES STANDARD OPERATING PROCEDURE (SOP)
MANAGEMENT ACTION FILE NOTES STANDARD OPERATING PROCEDURE (SOP) STANDARD OPERATING PROCEDURE REFERENCE. Policy/134/08 PROTECTIVE MARKING PORTFOLIO DCC OWNER PSD START DATE 23 July 2008 REVIEW DATE July
More informationProcess Document. Scope
Process Document Subject: BCIT Access Management Process Process Number: I.0.02.00.01 Department Name: Information Technology Version: 1.4 Original Issue Date: Revision Date: 03/22/2010 Process Owner:
More informationInactive IT Accounts Policy. Version 1.0
Inactive IT Accounts Policy Version 1.0 Document History and Reviews Version Date Revision Summary of Changes Author 0.1 Sept 2018 Ali Mitchell New policy 0.2 Sept 2018 Ali Mitchell Added students into
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Introduction The purpose of this document is to provide a concise policy regarding the data protection obligations of Youth Work Ireland. Youth Work Ireland is a data controller
More informationResponsible Officer Approved by
Responsible Officer Approved by Chief Information Officer Council Approved and commenced August, 2014 Review by August, 2017 Relevant Legislation, Ordinance, Rule and/or Governance Level Principle ICT
More informationONE ID Identity and Access Management System
ONE ID Identity and Access Management System Local Registration Authority User Guide Document Identifier: 2274 Version: 1.8 Page 1 Copyright Notice Copyright 2011, ehealth Ontario All rights reserved No
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationInformation Security Data Classification Procedure
Information Security Data Classification Procedure A. Procedure 1. Audience 1.1 All University staff, vendors, students, volunteers, and members of advisory and governing bodies, in all campuses and locations
More informationDATA PROTECTION POLICY THE HOLST GROUP
DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller
More informationPolicies Procedures & Guidelines. Mobile Device Policy. Version: 1.3. Date ratified: May Date issued: 21 June 2010 Review date: 15/01/2011
Policies Procedures & Guidelines Mobile Device Policy Version: 1.3 Ratified by: IM&T Steering Group Date ratified: May 2010 Name of originator/author: Urszula Niewiadomska Date issued: 21 June 2010 Review
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Colin Sloey Implementation Date: September 2010 Version Number:
More informationDate Approved: Board of Directors on 7 July 2016
Policy: Bring Your Own Device Person(s) responsible for updating the policy: Chief Executive Officer Date Approved: Board of Directors on 7 July 2016 Date of Review: Status: Every 3 years Non statutory
More informationVodafone Location Services. Privacy Management Code of Practice. Issued Version V1.0
Vodafone Location Services Privacy Management Code of Practice Issued Version V1.0 Issued Version 1.0 Page 1 of10 17/08/03 August 2003 Vodafone Limited. All rights reserved. CONTENTS 0. Overview.. 3 1.
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationInformation Security BYOD Procedure
Information Security BYOD Procedure A. Procedure 1. Audience 1.1 This document sets out the terms of use for BYOD within the University of Newcastle. The procedure applies to all employees of the University,
More informationUniversity Health Network (UHN)
University Health Network (UHN) RESOURCE MATCHING AND REFERRAL (RM&R) AND ONLINE REFERRAL BUSINESS INTELLIGENCE TOOL (ORBIT) Policy Governing User Account Management Version: 4.0 Date: Last modified on
More informationGeneral Data Protection Regulation
General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced
More informationLOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE. Loughborough University (LU) Research Office SOP 1027 LU
LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE Loughborough University (LU) Research Office SOP 1027 LU Process for Writing Study Protocols for NHS Research Sponsored by Loughborough
More informationINFORMATION SECURITY PRINCIPLES OF THE UNIVERSITY OF JYVÄSKYLÄ
INFORMATION SECURITY PRINCIPLES OF THE UNIVERSITY OF JYVÄSKYLÄ JYVÄSKYLÄN YLIOPISTO Introduction With the principles described in this document, the management of the University of Jyväskylä further specifies
More informationACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION
ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or
More informationMail Management. Standard Operating Procedure
Mail Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised as
More informationPolicy General Policy GP20
Email Policy General Policy GP20 Applies to All employees Committee for Approval Quality and Governance Committee Date of Approval September 2012 Review Date June 2014 Name of Lead Manager Head of Technology
More informationOn-boarding of users to SPOR data services
02 October 2018 version 2 EMA/307181/2017 Information Management Division 30 Churchill Place Canary Wharf London E14 5EU United Kingdom Telephone +44 (0)20 3660 6000 Facsimile +44 (0)20 3660 5550 Send
More informationThe City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.
Policy Number: 10-09-02 Section: Roads and Traffic Subsection: Traffic Operations Effective Date: April 25, 2012 Last Review Date: Approved by: Council Owner Division/Contact: For information on the CCTV
More information1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.
1 Introduction 1.1 Article 15 of the General Data Protection Regulations (GDPR) provides individuals (Data Subjects) with the right to access personal information so that they are fully informed of the
More information1 Logging in Viewing Records for your Department Entering an Absence Absence Calendar... 9
Contents Page 1 Logging in...2 2 Viewing Records for your Department... 3 3 Entering an Absence... 6 4 Absence Calendar... 9 4.1 Calendar Display... 10 4.2 Entering a sickness absence using the absence
More informationRedirection Of Domestic Mail
APPLICATION FOR April 2017 Redirection Of Domestic Mail WHAT THE SERVICE OFFERS Jersey Post s domestic mail redirection services enables customers to have their mail redirected to an alternative address
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationDATA PROTECTION POLICY. Introduction:
DATA PROTECTION POLICY Introduction: Data: FOTA is a charity which supports the delivery of the Duke of Edinburgh s Award (DofE), Junior Award Scheme for Schools and other accredited learning programmes
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationThe University of British Columbia Board of Governors
The University of British Columbia Board of Governors Policy No.: 118 Approval Date: February 15, 2016 Responsible Executive: University Counsel Title: Safety and Security Cameras Background and Purposes:
More informationDRIVING FORWARD PROFESSIONAL STANDARDS FOR TEACHERS. Professional Update. Guide for Reviewees. Date: January 2016 V 01
DRIVING FORWARD PROFESSIONAL STANDARDS FOR TEACHERS Professional Update Guide for Reviewees Date: January 2016 V 01 Contact: webservices@gtcs.org.uk Contents Date: January 2016... 1 1.0 INTRODUCTION...
More informationDOE Intranet Quick Reference Getting Started
DOE Intranet Quick Reference Getting Started How do I get to the DOE Intranet? DOE employees can access the DOE intranet two ways: 1) Go directly to the DOE intranet using the following address: https://intranet.hawaiipublicschools.org/
More informationSage Hibernia Limited Copyright Statement
Sage Hibernia Limited Copyright Statement Sage Hibernia Limited, 2010. All rights reserved If this documentation includes advice or information relating to any matter other than using Sage software, such
More informationProcedures for responding to requests for personal data to support Data Protection Policy
Procedures for responding to requests for personal data to support Data Protection Policy Heriot-Watt Procedures for responding to requests for personal data; to support Data Protection Policy HERIOT-WATT
More informationSERVICE DESCRIPTION. Population Register Centre s online services
SERVICE DESCRIPTION Population Register Centre s online services SERVICE DESCRIPTION [Number] 2 (12) DOCUMENT MANAGEMENT Owner Author Checked by Approved by Pauli Pekkanen Project Working Group Reko-Aleksi
More informationPolicy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018
Policy Title; Business Continuity Management Policy Date Published/Reviewed; February 2018 Business Lead; Head of Strategic Governance CCMT sponsor; Deputy Chief Constable Thames Valley Police ensures
More informationSubject: Online eopf Self-Service Feature for Login ID and Password Retrieval for New Users
For Federal Employees Subject: Online eopf Self-Service Feature for Login ID and Password Retrieval for New Users As of 08/31/2015, Smithsonian Institution Official Personnel Folders (OPFs) are available
More informationINFORMATION ASSET MANAGEMENT POLICY
INFORMATION ASSET MANAGEMENT POLICY Approved by Board of Directors Date: To be reviewed by Board of Directors March 2021 CONTENT PAGE 1. Introduction 3 2. Policy Statement 3 3. Purpose 4 4. Scope 4 5 Objectives
More informationProvider Portal. User Manual. Therapists and Health Practitioners
Provider Portal User Manual Therapists and Health Practitioners Table of Contents 1. Introduction... 3 2. Registering for the Provider Portal... 4 i. Changing Your Password...6 ii. Accepting Terms and
More informationNetwork Account Management Security Standard
TRUST-WIDE NON-CLINICAL DOCUMENT Network Account Management Security Number: Scope of this Document: Recommending Committee: Approving Committee: SS06 All Staff/ Services Users Joint Information Governance
More informationGuidance on Completing Provider Service Return (PSR) Version 1.2 September 2018
Glasgow City Council Social Work Services Guidance on Completing Provider Service Return (PSR) Version 1.2 September 2018 Introduction All providers of purchased services to Glasgow City Council Social
More informationIn Company Abrasive Wheels Instructor / Examiner Training & Certification
Health & Safety Certification & Services Ltd Central Administration Office - 100 Princes Street, Kettering, Northamptonshire, NN16 8RR Tel: 01536 414966 Fax: 01536 416933 email: info@hscsltd.co.uk WEB
More informationINFORMATION SECURITY POLICY
YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST INFORMATION SECURITY POLICY Author Head of IT Equality impact Low Original Date September 2003 Equality assessment
More informationScheme Document SD 003
Scheme Document SD 003 Management Systems (ISO 9001, ISO 14001, BS OHSAS 18001 & PN111 Factory Production Control) SD 003 Rev 03.6 10 Oct 2013 Page 1 of 13 (blank) SD 003 Rev 03.6 10 Oct 2013 Page 2 of
More informationStanddards of Service
Standards of Service for the Provision and Maintenance of; THUS Demon Business 2000, Business 8000, Business 2+, Business 2 + Pro, Demon Business Lite, Demon Business Lite +, Demon Business Unlimited,
More informationPolicy No: I-AS 002/2014. Ind-Aussie Solar (P) Ltd outlines protocols to be followed in using the mobile phones. Purpose:
Policy No: I-AS 002/2014 Purpose: Applicable to: Ind-Aussie Solar (P) Ltd outlines protocols to be followed in using the mobile phones All permanent, temporary employees and trainees First issue Date 20
More informationGenesis Health System Non-Employee Workforce Computer, Badge, Physical Access Request & Termination Process
Genesis Health System Non-Employee Workforce Computer, Badge, Physical Access Request & Termination Process Genesis Health System is changing the way you request computer, badge & physical access for your
More informationInformation Security Strategy
Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone
More informationNational Policing Community Security Policy
Document Name File Name National Policing Community Security Policy Community_Security_Policy_FINAL v4_3.doc Authorisation Information Management Business Area Signed version held by National Police Information
More informationData Centers and Mission Critical Facilities Access and Physical Security Procedures
Planning & Facilities Data Centers and Mission Critical Facilities Access and Physical Security Procedures Attachment B (Referenced in UW Information Technology Data Centers and Mission Critical Facilities
More informationERMS Folder Development and Access Process
Electronic Records Management System () Process Guide 3 Folder Development and Access Process 1. Purpose The Folder Development and Access Process outlines the actions required to create folders, provide
More informationAlberta Health Services Identity & Access Management (IAM) Alberta Netcare Access Request Process User Reference Guide
Identity & Access Management (IAM) User Reference Guide TABLE OF CONTENTS Introduction to IAM and Alberta Netcare request process... 3 Submitting an Alberta Netcare Access Request in IAM... 6 Modifying
More informationWorld Wide Jobs Ltd t/a Findmyexpert.com Privacy Policy 12 th April 2018
World Wide Jobs Ltd t/a Findmyexpert.com Privacy Policy 12 th April 2018 We understand that you are aware of and care about your own personal privacy interests and we take that seriously. This Privacy
More informationThe Data Protection Act 1998 Clare Hall Data Protection Policy
The Data Protection Act 1998 Clare Hall Data Protection Policy Introduction This document is a guide to the main requirements of the new Data Protection Act (DPA) that came into force on 24th October 2001.
More informationSevern Trent Water. Telecommunications Policy and Access Procedure
Severn Trent Water Telecommunications Policy and Access Procedure Contents STW Telecommunications Policy: 5-12 Health and Safety: 13-18 Access Procedures:19-30 2 STW LSH Sites Access Policy [Controlled
More informationWe may change the privacy notice from time to time by amending this page.
This privacy notice sets out how we will process personal data we collect from or about you, or which you provide to us. Please read this notice carefully to understand why data is being collected and
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationProvider Portal. User Manual. Vision Care
Provider Portal User Manual Vision Care Table of Contents 1. Introduction... 3 2. Registering for the Provider Portal... 4 i. Changing Your Password...6 ii. Accepting Terms and Conditions...7 iii. Setting
More informationepermits ONLINE INSPECTIONS MANAGEMENT Contractor Instructions etools.cityoflewisville.com/esuite.permits/
epermits ONLINE INSPECTIONS MANAGEMENT Contractor Instructions etools.cityoflewisville.com/esuite.permits/ Welcome to epermits the City of Lewisville s newest online portal for managing permits & inspections
More informationUpdating MACS documentation
Updating MACS documentation To ensure that MACS documentation is always up to date SEPA needs to establish a process to make sure that documents are reviewed and updated regularly. This MACS technical
More informationPolicy & Procedure. IT Password Policy. Policy Area. Version Number 2. Approving Committee SMT. Date of Approval 26 September 2017
Policy & Procedure Policy Area IT Password Policy IT Version Number 2 Approving Committee SMT Date of Approval 26 September 2017 Date of Equality Impact Assessment 03 August 2016 Date of Review 01 November
More informationSign-off Manager User Guide
QA Ltd. Sign-off Manager User Guide MY QA PORTAL Contents Introduction... 3 Logging into myqa... 4 Homepage and My Learning... 6 Department transaction history and Booking Approval... 8 Booking Requests
More informationeprost System Policies & Procedures
eprost System Policies & Procedures Initial Approval Date: 12/07/2010 Revision Date: 02/25/2011 Introduction eprost [ Electronic Protocol Submission and Tracking ] is the Human Subject Research Office's
More informationProcessWorld User Guide. (October 2017)
ProcessWorld User Guide (October 2017) Table of Contents 1. INTRODUCTION... 2 2. REGISTRATION... 2 3. PASSWORDS... 3 4. REQUESTING ACCESS TO APPLICATIONS... 3 5. THE PROCESSWORLD MENU... 4 5.1 MY DETAILS...
More informationCOMPLETION, WITHDRAWAL AND CERTIFICATE ISSUANCE POLICY AND PROCEDURE
COMPLETION, WITHDRAWAL AND CERTIFICATE ISSUANCE POLICY AND PROCEDURE Table of Contents 1. Overview of the certificate issuance policy and procedure 3 2. Issuance of certification control procedure 5 3.
More informationLeeds Civic Trust Privacy Policy
Leeds Civic Trust Privacy Policy This document sets out Leeds Civic Trust s Privacy Policy as it relates to the storage and use of personal data. The policy will be reviewed formally by the Trust s Council
More informationCERTIFICATION OF CONSTRUCTION (ELECTRICAL INSTALLATIONS TO BS 7671) SCHEME GUIDE. SBSC Scottish Building Serv ices Certification
CERTIFICATION OF CONSTRUCTION (ELECTRICAL INSTALLATIONS TO BS 7671) SCHEME GUIDE SBSC Scottish Building Serv ices Certification www.niceic.com www.select.org.uk GUIDE TO THE SCHEME FOR CERTIFICATION OF
More information2.1 The type of personal information that auda collects about you depends on the type of dealings you have with us. For example, if you:
auda PUBLISHED POLICY Policy Title: PRIVACY POLICY Policy No: 2014-01 Publication Date: 11/03/2014 Status: Current 1. BACKGROUND 1.1 This document sets out auda's privacy policy, drafted in accordance
More informationSchedule EHR Access Services
This document (this Schedule") is the Schedule for Services ( EHR Access Services ) related to access to the electronic health records ( EHR ) maintained by ehealth Ontario and the use of information in
More informationAutomated Background Check System (ABCS)- Requesting Access Guide. April 2018
Automated Background Check System (ABCS)- Requesting Access Guide April 2018 How do I access ABCS? Complete Background Check Request Access to HHS Enterprise Portal Request Access to ABCS Use ABCS There
More informationData Protection Policy
The Worshipful Company of Framework Knitters Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act 1998 (DPA) [UK] For information on this
More informationProcedure 9 Suspension, Withdrawal and Scope Reduction
Procedure 9 Suspension, Withdrawal and Scope Table of Contents 1 Introduction... 2 2 Suspension and Withdrawal... 2 3 Extending or Reducing the Scope of Certification... 3 4 Document Revision History...
More informationDEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy
DEPARTMENT OF JUSTICE AND EQUALITY Data Protection Policy May 2018 Contents Page 1. Introduction 3 2. Scope 3 3. Data Protection Principles 4 4. GDPR - Rights of data subjects 6 5. Responsibilities of
More informationA Guide for Contractors: Health & Safety Contractor Induction Information. Crown Melbourne
A Guide for Contractors: Health & Safety Contractor Induction Information Crown Melbourne Approved By: Group Manager HSW Page 1 of 8 Table of Contents 1. INTRODUCTION CONTRACTOR REQUIREMENTS... 3 2. INDUCTION
More informationCardiff University Security & Portering Services (SECTY) CCTV Code of Practice
Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice Document history Author(s) Date S Gamlin 23/05/2018 Revision / Number Date Amendment Name Approved by BI annual revision Date
More informationPOLICIES AND PROCEDURES
Integrated Information Technology Services POLICIES AND PROCEDURES Utica College Email POLICY: Email is Utica College s sole accepted mechanism for official electronic communication in the normal conduct
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationWHITE PAPER- Managed Services Security Practices
WHITE PAPER- Managed Services Security Practices The information security practices outlined below provide standards expected of each staff member, consultant, or customer staff member granted access to
More informationAudit Report. Chartered Management Institute (CMI)
Audit Report Chartered Management Institute (CMI) 10 October 2012 Note Restricted or commercially sensitive information gathered during SQA Accreditation monitoring activities is treated in the strictest
More informationSecurities Mosaic User Guide
Securities Mosaic User Guide Searching, viewing, and extracting data on the Securities Mosaic website. About Knowledge Mosaic Knowledge Mosaic provides industry specific news services and online research
More informationContinuing Professional Development Verification and Recognition Policy
Continuing Professional Development Verification and Recognition Policy Summary of Policy The London Institute of Banking & Finance issues Statements of Professional Standing (SPS) to financial advisers
More informationAccess to University Data Policy
UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public
More information