BIOSECURITY TOOLBOX A Personal Perspective
|
|
- Arthur Hodge
- 5 years ago
- Views:
Transcription
1 BIOSECURITY TOOLBOX A Personal Perspective ANDREW CANNONS, Ph.D. SCIENTIFIC DIRECTOR USF CENTER FOR BIOLOGICAL DEFENSE
2 Toolbox for a Security Plan A defined set of tools that a user might need for a particular task Different users might use different tools to achieve the same result ANDY Biosecurity vs Biosafety Requirements of a Security Plan Meeting the Requirements of the Security Plan Using a defined set of tools (the Tampa perspective!)
3 Laboratory Biosafety and Biosecurity Biosafety: Development and implementation of administrative policies, work practices, facility design, and safety equipment to prevent transmission of biological agents to workers, other persons, and the environment Biosecurity: Protection of high-consequence microbial agents and toxins, or critical relevant information, against theft or diversion by those who intend to pursue intentional misuse
4 Laboratory Biosafety and Biosecurity, (cont.) Common Strategy Implement graded levels of protection based on a risk management methodology Laboratory biosecurity and biosafety should be integrated systems that avoid compromising necessary infectious disease research and diagnostics
5 Integrated Biosafety & Biosecurity BIOSAFETY SECURITY Review agent properties What is known? What are the infections, toxicity, oncogenecity, allergies? Review agent properties What is potential for malicious use? What are the potential consequences of malicious use? Place in Biosafety Risk Group Place in Malicious Use Risk Group Does planned lab activity change risk? Does planned lab activity change risk? Determine appropriate biosafety measures Determine appropriate security measures Defines Laboratory Operating Environment
6 Requirements of the Security Plan Site Specific Designed on Risk Assessment Provide Graded Protection Select Agents to be Used Risk of those agents Intended use of those agents Submitted upon request Should take into account Incident Response and Biosafety Plans Site Specific Training and Implementation
7 What the Security Plan Must Address Physical Security Inventory Control Information Technology Control Controlled Access Dealing with Routine Jobs cleaning, maintenance, repairs Procedures for removing unauthorized/suspicious persons Procedures for dealing with loss/compromise of keys, passwords, combinations Procedures for reporting theft/loss/release of agents, inventory alteration ALL SRA INDIVIDUALS MUST UNDERSTAND AND COMPLY
8 How to Meet the Requirements of the Security Plan? Physical Security What is needed to physically protect the agents? Some considerations: Physical security is driven by economics BT funding from CDC helped considerably to increase and improve security Labs, such as in academia, likely have a more difficult job What can be achieved with existing structures Utilizing different labs, retroactive fitting of security devices without complete overall Need to consider what is effective and what is just for show
9 Physical Security (cont.) Deter Unauthorized Access Card access (or alternate) for authorized personnel only 24/7 monitoring for forced entry/door ajar Locks on all storage containers Lock boxes (number combinations) to store keys with periodic number changes All key usage is logged Biometrics and number combinations also Guard (7 days/week)
10 Physical Security (cont.) Detect Unauthorized Access CCTV (external/internal) with 24 hr monitoring Motion sensors (real time) Audible sensors (real time) Restricted access Only authorized personnel have room access ID worn at all times in building Inventory checks of Select Agents Physical count at least monthly Alteration of inventory log
11 Physical Security (cont.) Delay Access Should have at least 2 locked doors to reach agents We have aimed to have at least four locked doors to reach agents All agents kept locked during storage (4 o C, ultra low temp) & incubation Located away from public access
12 How to Meet the Requirements of the Security Plan? Security of the Individual All personnel with access to agents must undergo Security Risk Assessment by DOJ Is this adequate? Reassessment is every 5 years is this often enough? Do Select Agent Labs do their own pre-employment screening? Pre-employment background checks of ALL staff Personnel in your receiving area must also be SRA How come FedEX & other shippers are not?
13 Security of the Individual (cont.) Role of the Responsible Official in Security Needs to understand and have a good working knowledge of all the security systems and procedures in place Need full understanding all security issues related to select agents What requirements, other than specified by SAP Active Role of the PIs and Supervisors in Security Need full understanding of the security systems and procedures in their locations as well as rest of building Need to be able to communicate security information to their staff Need to have a good understanding of their staff s attitudes to security Need to be able to determine changes in staff attitudes that might affect security Need full understanding all security issues related to select agents Role of SRA staff in Security Need full understanding of the security systems and procedures in their locations as well as rest of building Need full understanding all security issues related to select agents
14 Security of the Individual (cont.) Role of the Everyone in Security Need to review and understand the security plan Need to feel adequately trained in security issues All employees must wear IDs that are visible at all times No sharing of key cards, card numbers, lock box combinations Must report loss of key card, keys to RO Submit to background checks Report suspicious persons/actions to the RO and/or guard All employees must enter building at the front door All visitors must sign in and out, and be met by an employee to enter the building Constant supervision of unauthorized personnel
15 How to Meet the Requirements of the Security Plan? Inventory Control Basically means that at anytime you know exactly what select agents you have in house and how much of each In terms of security, it will always be after the fact: If a vial is stolen, it would not be recognized until inventory performed
16 Inventory Control (cont.) Example of Inventory Control Stock cultures must in inventoried at least monthly (physical count of vials, assessment of volumes) Two laboratory personnel must be present RO check of inventory process (annual) Removal of vial for use requires documentation on usage form and chain of custody (date, usage, date of discard) Use of inventory forms Packages: All packages containing Select Agents must be delivered to the Select Agent personnel for correct inventory & storage Intra facility transfer: Must use the Intra-facility form (updated) for lab to lab transfer. Receiving lab/p.i. must be approved
17 Inventory Sheet
18 How to Meet the Requirements of the Security Plan? Information Technology Requirement to keep all IT information safe and secure Minimum requirements are password and firewall protection Locked electronic media Digital certificates Are these adequate, are there additional and/or alternates?
19 How to Meet the Requirements of the Security Plan? Routine Jobs Housekeeping/cleaning Only authorized lab personnel clean the labs Maintenance Building maintenance personnel are SRA Do not have access to labs, still requiring escorts Repair (non-building personnel) Must be escorted at all times Lab must deconed prior Must sign a form indicating understanding of the type of lab they are entering
20 How to Meet the Requirements of the Security Plan? Suspicious Persons What are they? Unfamiliar person with no ID Person with anomalous appearance or who is present at an anomalous time (after hours) or place (restricted area) An insider seeking information about protected lab areas or lab projects with no apparent need to know An insider exhibiting uncharacteristic behavior or mood changes. Stressed individuals are more likely to pose a safety risk (e.g. losing focus), rather than security risk
21 How to Meet the Requirements of the Security Plan? Security Training Annual & after any incident Levels of training: For all staff members Discuss security plan Emphasis on building and staff security For members of select agent program Discuss security plan Discuss security in relation to select agents More emphasis on agent security
22 Incident Report Form all types How to report/document security issues? IR form for all security issues, large & small Key not logged back Suspicious person in building IR used to revise and upgrade security plan Requires review by all staff
23 How to Meet the Requirements of the Security Plan? Drills & Exercises Must be performed annually Must test personnel responses to: Inventory alterations Security breaches in building/lab Theft Release Incident Response
24 Drills & Exercises (cont.) Examples of drills/exercises to test security Scenario driven Staff given advance warning drill period Drill initiated by scenario placed on door of select agent lab (Tampa has 3 labs) First SRA person to find envelope is responsible for following the drill Can use help of other staff members Drill proceeds as far up as RO No calls to Law Enforcement or CDC
25 Drills & Exercises (cont.)
26 Summary Biosecurity is all about protecting highconsequence microbial agents and toxins, or critical relevant information A site specific Security Plan is required to implement this protection The Security Plan has a number of requirements from Physical Security to Personnel Security and Inventory Control Meeting these requirements relies on a set of tools These tools are not standard from lab to lab It would be useful to develop a Best Practices web site
Select Agents and Toxins Security Plan Template
Select Agents and Toxins Security Plan Template 7 CFR Part 331.11, 9 CFR Part 121.11, 42 CFR Part 73.11 Prepared by U.S. Department of Health and Human Services (HHS) Centers for Disease Control and Prevention
More informationIdentity Theft Prevention Policy
Identity Theft Prevention Policy Purpose of the Policy To establish an Identity Theft Prevention Program (Program) designed to detect, prevent and mitigate identity theft in connection with the opening
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More information3 rd Party Certification of Compliance with MA: 201 CMR 17.00
3 rd Party Certification of Compliance with MA: 201 CMR 17.00 The purpose of this document is to certify the compliance of Strategic Information Resources with 201 CMR 17.00. This law protects the sensitive
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationFacility Security Policy
1. PURPOSE 1.1 The New Brunswick Institute for Research, Data and Training (NB-IRDT) is located in the University of New Brunswick. It consists of: (i) employee offices in Singer Hall and Keirstead Hall,
More information2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY
2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationDRAFT. Standard 1300 Cyber Security
These definitions will be posted and balloted along with the standard, but will not be restated in the standard. Instead, they will be included in a separate glossary of terms relevant to all standards
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More information201 CMR COMPLIANCE CHECKLIST Yes No Reason If No Description
Do you have a comprehensive, written information security program ( WISP ) WISP) applicable to all records containing personal information about a resident of the Commonwealth of Massachusetts ( PI )?
More informationHIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationHIPAA Federal Security Rule H I P A A
H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created
More informationEXHIBIT A. - HIPAA Security Assessment Template -
Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,
More informationIS-906: Workplace Security Awareness. Visual 1 IS-906: Workplace Security Awareness
IS-906: Workplace Security Awareness Visual 1 Course Administration Sign-in sheet Course evaluation forms Site logistics Emergency procedures Breaks Restrooms Cell phones/blackberrys Visual 2 Course Objectives
More informationHosted Testing and Grading
Hosted Testing and Grading Technical White Paper July 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or
More informationSTORAGE OF SSAN. Security Risk Assessment and SECURITY PLAN. (insert name of company) SUBMITTED TO REGULATORY AUTHORITY: (insert date)
STORAGE OF SSAN Security Risk Assessment and SECURITY PLAN (insert name of company) SUBMITTED TO REGULATORY AUTHORITY: (insert date) IMPLEMENTED: (insert date) LICENCE DETAILS: No: Issue date: (Note: You
More informationOpportunity Lives Here
Opportunity Lives Here Southern Virginia Higher Education Center Policy Policy # 4107 Policy Title: INFORMATION TECHNOLOGY (IT) PHYSICAL ACCESS CONTROL POLICY Responsible Oversight Director: Chief Finance
More informationDATA CENTER ACCESS PROCEDURE IT-P-008
A member of.olllll 1, I LAUREATE INTERNATIONAL., 1 U ~~ IVERSITI E S" DATA CENTER ACCESS PROCEDURE IT-P-008 Date: 8 January, 2014 f : LAUREATE A member of... J rnttrnational, UNIVERSITIES" Data Center
More informationUniversity Facilities Management (UFM) Access Control Procedure (non-residence areas)
University Facilities Management (UFM) Access Control Procedure (non-residence areas) Date of Issue: October 1, 2015 A. PURPOSE University Facilities Management s (UFM) Lock Shop Access Control Procedure
More informationPersonal Communication Devices and Voic Procedure
Personal Communication Devices and Voicemail Procedure Reference No. xx Revision No. 1 Relevant ISO Control No. 11.7.1 Issue Date: January 23, 2012 Revision Date: January 23, 2012 Approved by: Title: Ted
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationStandard for Security of Information Technology Resources
MARSHALL UNIVERSITY INFORMATION TECHNOLOGY COUNCIL Standard ITP-44 Standard for Security of Information Technology Resources 1 General Information: Marshall University expects all individuals using information
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationPort Facility Cyber Security
International Port Security Program Port Facility Cyber Security Cyber Security Assessment MAR'01 1 Lesson Topics ISPS Code Requirement The Assessment Process ISPS Code Requirements What is the purpose
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationOhio Supercomputer Center
Ohio Supercomputer Center Security Notifications No: Effective: OSC-10 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original Publication
More informationEnviro Technology Services Ltd Data Protection Policy
Enviro Technology Services Ltd Data Protection Policy 1. CONTEXT AND OVERVIEW 1.1 Key details Rev 1.0 Policy prepared by: Duncan Mounsor. Approved by board on: 23/03/2016 Policy became operational on:
More informationApex Information Security Policy
Apex Information Security Policy Table of Contents Sr.No Contents Page No 1. Objective 4 2. Policy 4 3. Scope 4 4. Approval Authority 5 5. Purpose 5 6. General Guidelines 7 7. Sub policies exist for 8
More informationData Protection Policy
Data Protection Policy Status: Released Page 2 of 7 Introduction Our Data Protection policy indicates that we are dedicated to and responsible of processing the information of our employees, customers,
More informationStart the Security Walkthrough
Start the Security Walkthrough This guide will help you complete your HIPAA security risk analysis and can additionally be used for periodic review. It is based on the methodology used in PrivaPlan Stat
More informationFighting Insider Biosecurity Threats in Research & Production Institutions
Fighting Insider Biosecurity Threats in Research & Production Institutions Ryan Burnette, Ph.D., Director, Biosecurity Dan Sebastianelli, Deputy Director, Biosecurity Canadian Biosafety Symposium June
More informationNebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015
Nebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015 Definitions Cellular Telephone Service For the purposes of this policy, cellular telephone
More informationPhysical and Environmental Security Standards
Physical and Environmental Security Standards Table of Contents 1. SECURE AREAS... 2 1.1 PHYSICAL SECURITY PERIMETER... 2 1.2 PHYSICAL ENTRY CONTROLS... 3 1.3 SECURING OFFICES, ROOMS AND FACILITIES...
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationPolicies & Procedures Effective Date: January 24, Key Control
LSU Health Sciences Center Page 1 of 9 Key Control POLICY: Lost or stolen keys can pose a serious threat to the University s security and the potential theft or loss of State property. In order to provide
More informationDIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018
DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL June 14, 2018 A. Overriding Objective 1.1 This Directive establishes the rules and instructions for Bank Personnel with respect to Information
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 1 of 5 POLICY TITLE Section Subsection Responsible Office Private Sensitive Information Facilities, Operations, and Information Technology Information Technology Office of the Vice President of Information
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationSAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department
SAND No. 2012-1606C S 0 606C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy s National Nuclear Security Administration
More informationCountywide. Security Rule POLICIES & PROCEDURES
Health Insurance Portability and Accountability Act (HIPAA) Countywide Security Rule POLICIES & PROCEDURES County of Plumas County Administrative Office, responsible for HIPAA oversight Revised: January,
More informationBoerner Consulting, LLC Reinhart Boerner Van Deuren s.c.
Catherine M. Boerner, Boerner Consulting LLC Heather Fields, 1 Discuss any aggregate results of the desk audits Explore the Sample(s) Requested and Inquire of Management requests for the full on-site audits
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationPrevention of Identity Theft in Student Financial Transactions AP 5800
Reference: Fair and Accurate Credit Transactions Act (Pub. L. 108-159) The Board recognizes that some activities of the Shasta-Tehama-Trinity Joint Community College District, "District," are subject to
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationData Center Access Policies and Procedures
Data Center Access Policies and Procedures Version 2.0 Tuesday, April 6, 2010 1 Table of Contents UITS Data Center Access Policies and Procedures!3 Introduction!3. Overview!3 Data Center Access!3 Data
More informationHandbook Webinar
800-171 Handbook Webinar Pat Toth Cybersecurity Program Manager National Institute of Standards and Technology (NIST) Manufacturing Extension Partnership (MEP) NIST MEP 800-171 Assessment Handbook Step-by-step
More informationTechnical Reference [Draft] DRAFT CIP Cyber Security - Supply Chain Management November 2, 2016
For Discussion Purposes Only Technical Reference [Draft] DRAFT CIP-013-1 Cyber Security - Supply Chain Management November 2, 2016 Background On July 21, 2016, the Federal Energy Regulatory Commission
More informationData protection policy
Data protection policy Context and overview Introduction The ASHA Centre needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees
More informationRed Flags Program. Purpose
Red Flags Program Purpose The purpose of this Red Flags Rules Program is to document the protocol adopted by the University of Memphis in compliance with the Red Flags Rules. Many offices at the University
More informationPROCEDURE COMPREHENSIVE HEALTH SERVICES, INC
PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC APPROVAL AUTHORITY: President, CHSi GARY G. PALMER /s/ OPR: Director, Information Security NUMBER: ISSUED: VERSION: APRIL 2015 2 THOMAS P. DELAINE JR. /s/ 1.0
More informationIs your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner
Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationUniversity at Buffalo Campus Mail Services
University at Buffalo Campus Mail Services Standard Operating Procedures Guidelines for Handling Mail 9/04 The University at Buffalo Campus Mail operations is located on the University s North Campus,
More informationMOTT COMMUNITY COLLEGE. Procedure for Cellular Telephones
MOTT COMMUNITY COLLEGE Procedure for Cellular Telephones September 2012 Cellular Telephones Procedures Manual TABLE OF CONTENTS Page No. 1. Overview 3 2. Applicable Board Policy 3 3. IRS 85/15 Rule 3 4.
More informationBreaking Through the Cloud: A LABORATORY GUIDE TO CLOUD COMPUTING
Breaking Through the Cloud: A LABORATORY GUIDE TO CLOUD COMPUTING Seeing these IT issues/challenges in your laboratory? Balancing the cost of purchasing, housing, implementing and maintaining servers with
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 CIP-006-6 Cyber Security Physical Security of BES Cyber Systems This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity:
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationPOLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents
POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND October 2005 Table of Contents Introduction... 1 Purpose Of This Policy... 1 Responsibility... 1 General Policy... 2 Data Classification Policy...
More informationChemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and
Chemical Facility Anti-Terrorism Standards T. Ted Cromwell Sr. Director, Security and NJ ELG Operations Meeting Today s Presentation ACC Action Major Rule Components Select Risk-Based Performance Standards
More informationWHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution
WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. We have been
More informationCCBC is equipped with 3 computer rooms, one at each main campus location:
Policy: Computer Room Procedures Policy: Draft 12/14/2009 1.0 Purpose The purpose of this document is to establish procedures for the Community College of Baltimore County (CCBC) Information Technology
More informationData protection. 3 April 2018
Data protection 3 April 2018 Policy prepared by: Ltd Approved by the Directors on: 3rd April 2018 Next review date: 31st March 2019 Data Protection Registration Number (ico.): Z2184271 Introduction Ltd
More informationSECTION 15 KEY AND ACCESS CONTROLS
15.1 Definitions A. The definitions in this section shall apply to all sections of the part unless otherwise noted. B. Definitions: Access Badge / Card a credential used to gain entry to an area having
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationData Centers and Mission Critical Facilities Access and Physical Security Procedures
Planning & Facilities Data Centers and Mission Critical Facilities Access and Physical Security Procedures Attachment B (Referenced in UW Information Technology Data Centers and Mission Critical Facilities
More informationHIPAA Security Rule Policy Map
Rule Policy Map Document Information Identifier Status Published Published 02/15/2008 Last Reviewed 02/15/1008 Last Updated 02/15/2008 Version 1.0 Revision History Version Published Author Description
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationFerrous Metal Transfer Privacy Policy
Updated: March 13, 2018 Ferrous Metal Transfer Privacy Policy Ferrous Metal Transfer s Commitment to Privacy Ferrous Metal Transfer Co. ( FMT, we, our, and us ) respects your concerns about privacy, and
More informationInsider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm
Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical
More informationHIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: Can serve as annual HIPAA training for physician practice
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationSecurity and Privacy Breach Notification
Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains
More informationSample Security Risk Analysis ASP Meaningful Use Core Set Measure 15
Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15 Risk Analysis with EHR Questions Example Answers/Help: Status What new electronic health information has been introduced into my practice
More informationUKIP needs to gather and use certain information about individuals.
UKIP Data Protection Policy Context and overview Key details Policy Update Prepared by: D. Dennemarck / S. Turner Update approved by Management on: November 6, 2015 Policy update became operational on:
More informationISSP Network Security Plan
ISSP-000 - Network Security Plan 1 CONTENTS 2 INTRODUCTION (Purpose and Intent)... 1 3 SCOPE... 2 4 STANDARD PROVISIONS... 2 5 STATEMENT OF PROCEDURES... 3 5.1 Network Control... 3 5.2 DHCP Services...
More informationCell and PDAs Policy
Cell and PDAs Policy CHAPTER: 13 Information Services Department SECTION: 13 SUBJECT: Cell Phones and PDAs POLICY #: 13.13.00 Revised OFFICE/DEPARTMENT: Information Services EFFECTIVE DATE: October 1,
More informationCenteris Data Centers - Security Procedure. Revision Date: 2/28/2018 Effective Date: 2/28/2018. Site Information
Section 01 Document Information Creation Date: 12/1/2016 Centeris Data Centers - Security Procedure Revision Date: 2/28/2018 Effective Date: 2/28/2018 Section 02 Site Information Site Information Document
More informationCyber Security Risk Management and Identity Theft
Cyber Security Risk Management and Identity Theft 2017 MD SHRM State Conference Presented by Robert Bob Olsen, Chief Executive Officer MS ITS, MBA, CISSP, CISM October 16, 2017 This presentation may not
More informationHIPAA Assessment. Prepared For: ABC Medical Center Prepared By: Compliance Department
HIPAA Assessment Prepared For: ABC Medical Center Prepared By: Compliance Department Agenda Environment Assessment Overview Risk and Issue Score Next Steps Environment NETWORK ASSESSMENT (changes) Domain
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationCYBER SECURITY FOR WATER AND WASTEWATER UTILITIES PRESENTED BY: DAVID A. CHANDA, PE
CYBER SECURITY FOR WATER AND WASTEWATER UTILITIES PRESENTED BY: DAVID A. CHANDA, PE Cyber Security A Hot Topic NotPetya Cyberattack 2018 Thales Data Threat Report Tempting Cedar Spyware Implementation
More informationThe Office of Infrastructure Protection. Background. Purpose 6/13/2016. National Protection and Programs Directorate Department of Homeland Security
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Measures for Public Gatherings Western Region Healthcare Emergency Preparedness
More informationU.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)
U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) Security Risk Assessment Tool Physical Safeguards Content Version Date:
More informationHISPOL The United States House of Representatives Internet/ Intranet Security Policy. CATEGORY: Telecommunications Security
HISPOL 003.0 The United States House of Representatives Internet/ Intranet Security Policy CATEGORY: Telecommunications Security ISSUE DATE: February 4, 1998 REVISION DATE: August 23, 2000 The United States
More informationThe City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.
Policy Number: 10-09-02 Section: Roads and Traffic Subsection: Traffic Operations Effective Date: April 25, 2012 Last Review Date: Approved by: Council Owner Division/Contact: For information on the CCTV
More informationWireless Communication Device Use Policy
Wireless Communication Device Use Policy Introduction The Wireless Communication Device Policy exists to provide guidance to employees regarding the acquisition and use of William Paterson University provided
More informationBaker Intermediate School Phase II: School Safety Report
Baker Intermediate School Phase II: School Safety Report 2017-2018 Phase II: School Safety Report Josh Mounts 1645 Martin Luther King Jr Dr Winchester, Kentucky, 40391-2812 United States of America Last
More informationPhysician Office Name Ambulatory EHR Security Risk Analysis
Process is in place to verify access granted is appropriate (ie: Role Based access indicates that the biller has access to billing screens and the nurse has access to the patient medical information).
More informationPhysical and Environmental Security Policy Document Number: OIL-IS-POL-PES
Physical and Environmental Security Policy Document Number: OIL-IS-POL-PES Document Details Title Description Version 1.0 Author Classification Physical and Environmental Security Policy Physical and Environmental
More informationHIPAA FOR BROKERS. revised 10/17
HIPAA FOR BROKERS revised 10/17 COURSE PURPOSE The purpose of this information is to help ensure that all Optima Health Brokers are prepared to protect the privacy and security of our members health information.
More informationGUIDELINES FOR THE USE OF DEA CONTROLLED SUBSTANCES
GUIDELINES FOR THE USE OF DEA CONTROLLED SUBSTANCES The Drug Enforcement Agency has specific registration and management guidelines for researchers using controlled substances. This document provides a
More informationStandard CIP-006-3c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security
More informationInfrastructure Security Overview
White Paper Infrastructure Security Overview Cisco IronPort Cloud Email Security combines best-of-breed technologies to provide the most scalable and sophisticated email protection available today. Based
More information# B: Key Code Security Rules and Information on GM KeyCode Look-Up Application - (Jan 9, 2009)
Page 1 of 11 Document ID: 2221721 #06-00-89-051B: Key Code Security Rules and Information on GM KeyCode Look-Up Application - (Jan 9, 2009) Subject: Key Code Security Rules and Information on GM KeyCode
More informationGenomics Institute of the Novartis Research Foundation ( GNF ) Case Study
Challenge To protect its sensitive research technology and critical intellectual assets, GNF has deployed the Avigilon High Definition (HD) surveillance system, keeping the facility running safely and
More information