Security Incident Management Procedure (GDPR)
|
|
- Phyllis Bates
- 5 years ago
- Views:
Transcription
1 Security Incident Management Prcedure (GDPR) PROC-CORP-05
2 Cntent: 1. Objetive Scpe Terms and Definitins Security Incident Management Prcedure n Persnal Data Incident Cmmunicatin Incident Registratin Incident Evaluatin Incident Ntificatin Exceptin t ntificatin/cmmunicatin Respnsabilities Language Cntrl f versins Apprval and entry int frce ANNEX Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 2 / 18
3 1. Objetive The purpse f this dcument is t establish and cmmunicate t all areas f Gnvarri Steel Services (hereinafter, GSS) the prcedure fr ntifying and managing in a standard manner the incidents that may cmprmise the security f the Persnal Data held by GSS, in cmpliance with the General Data Prtectin Regulatins (GDPR). In this regard, Regulatin (EU) 2016/679 f the Eurpean Parliament and f the Cuncil f the Eurpean Unin, adpted n 27 April 2016, n the prtectin f individuals with regard t the prcessing f persnal data and n the free mvement f such data, and repealing Directive 95/46/EC (General Data Prtectin Regulatin), prvides that security incidents invlving Persnal Data must be dcumented and reprted. 2. Scpe This prcedure applies t all the cmpanies that make up the Gnvarri Steel Services Grup, in which the parent cmpany, Gnvarri Crpración Financiera, S.L.U., and all the persnnel f the Gnvarri Steel Services Grup hld a majrity interest, directly r indirectly, in the exercise f their functins and respnsibilities, and in all the prfessinal areas in which they represent the Grup, meaning the directrs, executives, emplyees and cllabratrs f the GSS Grup, regardless f their psitin, respnsibility r gegraphical lcatin In any case, the Grup's actins cmply with the legislatin in frce in each jurisdictin, and therefre, in sme f these jurisdictins, the principles set frth in this plicy may be replaced by mre restrictive laws and regulatins in frce. 3. Terms and Definitins Prcessing Area: The unit respnsible fr prcessing the data assciated with the crrespnding prcessing Privacy Cmmittee: Unidad máxima de reprte en materia de Privacidad. Persnal Data: Any infrmatin cncerning identified r identifiable individuals. Privacy Manager: A natural r legal persn, public authrity, service r ther bdy that, alne r with thers, determines the purpses and means f prcessing Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 3 / 18
4 Incident: Any anmaly invlving the destructin, lss r accidental r unlawful alteratin f persnal data transmitted, stred r therwise prcessed, r unauthrized cmmunicatin r access t such data. Privacy Officer: Is the main persn in charge f cntrlling and supervising cmpliance with privacy and data prtectin regulatins in the rganizatin. Data subject: The persn t whm the data belngs wh is affected by the incident. Data prcessing: Operatins and technical prcedures f an autmated r nn-autmated nature that allw fr the cllectin, recrding, strage, prcessing, mdificatin, blcking and cancellatin, as well as the transfer f data resulting frm cmmunicatins, queries, intercnnectins and transfers 4. Security Incident Management Prcedure n Persnal Data This prcedure will be carried ut in the event f any incident affecting the security f Persnal Data. In any case, the actins described in sectins 4.1 Incident Cmmunicatin, 4.2 Incident Recrding and 4.3 Incident Evaluatin will be carried ut and the actins described in sectin 4.4. Ntificatin f the Incident" in cases where the security incident pses a high risk t the rights and freedms f thse affected. The fllwing graphically shws the general flw fllwed in the prcedure fr managing security incidents regarding Persnal Data: Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 4 / 18
5 4.1 Incident Cmmunicatin All staff are bliged t reprt any security incidents relating t persnal data t the Privacy Officer. This ntificatin will be made thrugh the address Privacy.Incidents@Gnvarri.cm r thrugh the frm placed at the crprtive website. Incidents may ccur in all activities related t the handling and management f infrmatin in physical frmat r lgical databases that stre persnal data, as well as in the develpment f activities that affect the security f the data cntained therein Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 5 / 18
6 The fllwing are sme examples f incidents: Cllect persnal data withut the cnsent f the data subject and withut infrming him/her f his/her rights. Attempted r vilated physical access cntrl and databases. Alter databases (deletin, mdificatin r inclusin f data that may affect the quality f the database). Remving data frm media withut prper authrizatin. Extract data n media ther than thse authrized in the database recrd. Failure t cmply with the prvisins f the Security Dcument fr data recvery. Failure t cmply with the deadlines established t reslve and respnd t requests t exercise the rights f the interested party. Illegally using persnal data. Execute the data recvery prcess. Imprperly manage backups. Lss f tangible assets (wrk phne, laptps, etc.). Inability t access the system with ur usual username/passwrd. Pssibly cmprmised access passwrd. Abnrmal system behaviur (incmplete r unrealistic infrmatin, unexpected failures, etc.). Incidents relating t persnal data are nt limited t autmate prcessing, but als include means f nn-autmated prcessing. Therefre, incidents affecting such media, such as the lss f paper lists cntaining persnal data, must als be reprted and recrded by the system described in this sectin. 4.2 Incident Registratin Once the security incident has been reprted, the fllwing actins will be taken: The Privacy Officer will frmally recrd the security incident. In this regard, at least the fllwing infrmatin shall be detailed: Type f Incident. Descriptin f the Incident. Date and time f the ntificatin. User reprting the incident. If necessary, the Privacy Officer will crdinate with the Privacy Officer t analyse the security incident. In additin, the Privacy Officer may request technical supprt frm department heads during the analysis phase f the incident. Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 6 / 18
7 4.3 Incident Evaluatin Once the security incident has been recrded, the fllwing actins will be perfrmed: The Privacy Officer will evaluate the security incident. In the event that the Privacy Officer deems it apprpriate, based n the criticality f the incident, he r she may call a meeting f the Privacy Cmmittee in rder t evaluate the impact f the incident n the grup. The categry r level f criticality f the incident with respect t the security f the affected infrmatin. Fllwing the generic classificatin, we can distinguish between: Critical (affects valuable data, large vlume and in a shrt time) Very High (When yu have the capacity t affect valuable infrmatin, in appreciable quantity) High (When yu have the capacity t affect valuable infrmatin) Medium (When yu have the capacity t affect an appreciable vlume f infrmatin) Lw (Little r n capacity t affect an appreciable vlume f infrmatin). In additin, there may be technical scenaris that may lead t an incident: 0-day (unknw vulnerability): Vulnerability that allws an attacker t access data t the extent that it is an unknwn vulnerability. This vulnerability will be available until the manufacturer r develper reslves it. APT (targeted attack): This refers t different types f attacks that are nrmally aimed at gathering fundamental infrmatin that will allw the cntinuatin f mre sphisticated attacks. This categry includes, fr example, an campaign with malicius sftware t emplyees f a cmpany until ne f them installs it n their cmputer and prvides a gateway t the system. Denial f Service (DS/DDS): It cnsists f flding a system with traffic until it is nt able t prvide service t its legitimate users. Access t Privileged Accunts: The attacker gets access t the system thrugh a user accunt with advanced privileges, which gives him freedm f actin. Previusly, the user name and passwrd must have been btained by sme ther methd, such as a targeted attack. Malicius Cde: Pieces f sftware whse purpse is t infiltrate r damage a cmputer, server, r ther netwrk device fr a variety f purpses. One f the pssibilities fr malicius cde t reach an rganizatin is fr a user t unintentinally install it. Cmprmise f Infrmatin: Cllects all incidents related t access and leakage, mdificatin r deletin f nn-public infrmatin. Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 7 / 18
8 Data theft and/r filtratin: Included in this categry is the lss/theft f strage devices with infrmatin. Defacement: It is a type f directed attack that cnsists f the mdificatin f the crprate website with the intentin f psting messages f any kind r any ther intentin. The nrmal peratin f the website is interrupted, causing reputatinal damage. Explitatin f applicatin vulnerabilities: When a ptential attacker successfully explits an existing vulnerability in a system r prduct by cmprmising an rganizatin's applicatin. Scial Engineering: These are deceptin-based techniques, usually carried ut thrugh scial netwrks, which are used t direct a persn's behavir r btain sensitive infrmatin. Fr example, the user is induced t click n a link by thinking it is the right thing t d. If any f these events happens t ccur, the security incident must be reprted: Any lcal data prtectin regulatr. The affected parties 4.4 Incident Ntificatin Ntificatin t the Supervisry Authrity As mentined abve, as sn as the data cntrller becmes aware that a breach in the security f persnal data has ccurred, he must, withut delay and n later than 72 hurs after becming aware f it, make the crrespnding ntificatin t the Supervisry Authrity. A security breach is cnsidered t be recrded when there is a certainty that it has ccurred and there is sufficient knwledge f its nature and scpe. The criterin t be taken int accunt in determining whether an incident has prduced "a breach in the security f persnal data" is included in the GDPR itself, and includes "all thse security breaches that cause the accidental r unlawful destructin, lss r alteratin f persnal data transmitted, stred r therwise prcessed, r the unauthrized cmmunicatin f r access t such data. This cmmunicatin shall be made using the cmmunicatin mdel described in Annex, and shall cntain the fllwing infrmatin: Identifying and cntact data f: Entity / Persn respnsible fr prcessing Data Prtectin Officer (if designated) r cntact persn Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 8 / 18
9 Indicatin f whether the ntificatin is cmplete r partial. In the case f a partial ntificatin, indicate whether it is a first ntificatin r a supplementary ntificatin. Infrmatin abut the persnal data security breach: Date and time f detectin. Date and time f the incident and its duratin Circumstances in which the persnal data security breach has ccurred (e.g. lss, theft, cpying, etc.) Nature and cntent f the persnal data. Summary f the incident that caused the persnal data security breach (with indicatin f physical lcatin and strage medium). Pssible cnsequences and negative effects n thse data subjects affected. Technical and rganizatinal measures taken by the cntrller accrding t paragraph 33.2(d) f the GDPR. Categry f data affected and number f recrds affected. Categry and number f individuals affected. Pssible issues f a crss-brder nature, indicating the pssible need t ntify ther supervisry authrities. If, at the time f ntificatin, it is nt pssible t prvide all the infrmatin, it may be prvided at a later stage, gradually in different stages. The first ntificatin shall be made within 72 hurs, and at least ne final r clsing cmmunicatin shall be made when all the infrmatin relating t the incident is available. When the data cntrller makes the first ntificatin, he r she shall state whether he r she will prvide further infrmatin a psteriri. He may als prvide additinal infrmatin by means f intermediate cmmunicatins t the supervisry authrity at its request, r when the data cntrller cnsiders it apprpriate t update the situatin f the supervisry authrity. Where initial ntificatin is nt pssible within 72 hurs, the ntificatin shall als be made a psteriri and shall state and justify the reasns fr the delay. Ntificatins must be clear, cncise and include the infrmatin necessary fr them t be prperly analysed. Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 9 / 18
10 Identificatin f the Supervisry Authrity Where an incident may affect the data f persns in mre than ne Member State, the cntrller shuld make an assessment f which is the main authrity t which the ntificatin shuld be made and, in case f dubt, at least ntify the lcal supervisry authrity where the breach has taken place. It will act as the main supervisry authrity, the main establishment r the sle establishment f the persn respnsible. The criteria fr identifying the main establishment are: The place where the main headquarter f the data respnsible is lcated. The place where decisins abut ends and means are made. At the fllwing link published by WP29, there is the cntact infrmatin fr each supervisry authrity: Ntificatin t the Data Subjects Cncerned As in the previus sectin, in the event f a security incident that pses a high risk t the rights and freedms f thse data subjects cncerned, this shuld be cmmunicated t the affected parties in rder t enable them t take measures t prtect themselves frm the cnsequences f the incident. The Privacy Officer is respnsible fr ntifying the affected parties f the incident and must infrm them f it within a reasnable perid f time. The ntificatin will be made by and will include the fllwing infrmatin: 1. Cntact details f the Data Prtectin Officer, r where apprpriate, the cntact pint where further infrmatin can be btained. 2. General descriptin f the incident and when it ccurred. 3. The pssible cnsequences f the persnal data security breach. 4. Descriptin f persnal data and infrmatin affected. 5. Summary f measures implemented s far t cntrl pssible damage. 6. Other useful infrmatin t thse affected t prtect their data r prevent pssible damage. 4.5 Exceptin t ntificatin/cmmunicatin Ntificatin t the Supervisry Authrity will nt be necessary where the data cntrller can demnstrate, in a reliable manner, that the breach in the security f persnal data des nt pse a risk t the rights and freedms f natural persns. Fr example, if the data were already publicly available and their disclsure des nt entail any risk t the data subject. Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 10 / 18
11 Furthermre, cmmunicatin t data subjects will nt be necessary where: The respnsible has taken apprpriate technical and rganizatinal measures, such as data nt being intelligible t unauthrized persns r machines prir t the persnal data security breach (thrugh the use f: state-f-the-art data encryptin, minimizatin, data dissciatin, access t test envirnments withut real data, etc.) Fr example, ntificatin may nt be necessary if a mbile device is lst and the persnal data it cntains is encrypted. Hwever, ntificatin may be required if this is the nly cpy f the persnal data, r fr example, the encryptin key in the pssessin f the data cntrller is cmprmised. The data cntrller has taken prtectin measures that fully r partially mitigate the pssible impact n thse affected and ensure that there is n lnger any pssibility f the high risk materialising. Fr example, by immediately identifying and implementing measures against the persn wh has accessed persnal data befre they culd d anything with it. When ntificatin t thse affected invlves a disprprtinate effrt at the technical and rganizatinal level. Fr example, where cntact details have been lst as a result f the breach, r where a new ntificatin system r prcess needs t be develped, r where excessive internal resurces are required t identify data subjects cncerned. In this situatin, ntificatin will be made publicly thrugh the channels established by the data cntrller. 5. Respnsabilities The fllwing is an allcatin f respnsibilities matrix (RACI) within the prcess f managing security incidents invlving persnal data. In this matrix, ne r mre respnsibilities represented by a letter are assigned t each f the tasks: R (Respnsible): This rle crrespnds t the persn wh actually perfrms the task. A (Accuntable): This rle is respnsible fr the task being perfrmed and is accuntable fr its executin. C (Cnsulted): This rle has sme infrmatin r capacity needed t perfrm the task. I (Infrmed): This rle shuld be infrmed abut the prgress and results f the task executin. Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 11 / 18
12 Task/Resurces Cmmunicate the incident Recrd the incident Evaluate the incident Ntifying lcal regulatr Ntifying the affected parties Privacy Cmmittee Privacy Officer Privacy manager Area Respnsible fr prcessing Emplyee I I I I R / A I R / A I / C I I/C R / A I / C I/C I R / A I I A R I I 6. Language This Standard is published in Spanish and English, the frmer being prevalent in case f divergence between the tw. 7. Cntrl f versins Versin Date Descriptin Prepared by Review by Versin 1 30th Octber Initial Versin f the Daniel Lluch Cmpliance 2018 Dcument Cmmittee 8. Apprval and entry int frce This Standard has been apprved by the Cmpliance Cmmittee f Gnvarri Steel Services Grup n Octber the 30th f 2018, and takes effect 20 calendar days after its apprval. As f the entry int frce, the previus prvisins existing in their case that regulate the same cntent are repealed. Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 12 / 18
13 ANNEX Security Breach Ntificatin Frm (AGDP) Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 13 / 18
14 Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 14 / 18
15 Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 15 / 18
16 Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 16 / 18
17 Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 17 / 18
18 Security Incident Management Prcedure (GDPR) (PROC-CORP-05) Página: 18 / 18
Data Subject Rights Management Procedure (GDPR)
Data Subject Rights Management Prcedure (GDPR) PROC-CORP-04 Cntent: 1. Objetive... 3 2. Scpe... 3 3. Terms and Definitins... 3 4. Descriptin f data subject rights... 5 4.1 Persnal data and prcessing frm
More informationSoftware Usage Policy Template
Sftware Usage Plicy Template This template is t accmpany the article: The Sftware Usage Plicy - An Indispensible Part f Yu SAM Tlbx The full article can be fund here: http://www.itassetmanagement.net/tag/plicy-template/
More informationPrivacy Policy concerning the use of the website and the use of cookies
Privacy Plicy cncerning the use f the website and the use f ckies Agria understands the imprtance f the privacy f its custmers and the prtectin f their persnal data. Present plicy utlines the handling
More informationPRIVACY AND E-COMMERCE POLICY STATEMENT
PRIVACY AND E-COMMERCE POLICY STATEMENT Tel-Tru Manufacturing Cmpany ( Tel-Tru ) is dedicated t develping lng-lasting relatinships that are built n trust. Tel-Tru is cmmitted t respecting the wishes f
More informationTown of Warner, New Hampshire Information Security Policy
Twn f Warner, New Hampshire Infrmatin Security Plicy Date Adpted: Bard f Selectmen David E. Hartman David Karrick, Jr. Clyde Carsn Table f Cntents Table f Cntents 1 Intrductin 2 Ethics and Acceptable Use
More informationPAY EQUITY HEARINGS TRIBUNAL. Filing Guide. A Guide to Preparing and Filing Forms and Submissions with the Pay Equity Hearings Tribunal
PAY EQUITY HEARINGS TRIBUNAL Filing Guide A Guide t Preparing and Filing Frms and Submissins with the Pay Equity Hearings Tribunal This Filing Guide prvides general infrmatin nly and shuld nt be taken
More informationONTARIO LABOUR RELATIONS BOARD. Filing Guide. A Guide to Preparing and Filing Forms and Submissions with the Ontario Labour Relations Board
ONTARIO LABOUR RELATIONS BOARD Filing Guide A Guide t Preparing and Filing Frms and Submissins with the Ontari Labur Relatins Bard This Filing Guide prvides general infrmatin nly and shuld nt be taken
More informationEU General Data Protection Regulation
EU General Data Prtectin Regulatin Sally Ubnske, Senir Business Systems Analyst, subnske@ariessys.cm Sean MacRae, Business Systems Analyst, smacrae@ariessys.cm GDPR Summary The Eurpean Parliament, the
More informationData Processing Information for Users of the Career and Alumni Portal of HTW Berlin (Data Privacy Policy)
Data Prcessing Infrmatin fr Users f the Career and Alumni Prtal f HTW Berlin (Data Privacy Plicy) The prtectin f yur data is imprtant t us. In view f this and in rder t cmply with all f ur statutry disclsure
More informationPatch Management Policy
Patch Management Plicy (Versin 1) Dcument Cntrl Infrmatin: Date: 21/5/18 Master Tracking Name Patch Management Plicy Master Tracking Reference Owning Service / Department Exeter IT Issue: 1 Apprvals: Authrs:
More informationHP Server Virtualization Solution Planning & Design
Cnsulting & Integratin Infrastructure Services HP Server Virtualizatin Slutin Planning & Design Service descriptin Hewlett-Packard Cnsulting & Integratin Infrastructure Cnsulting Packaged Services (HP
More informationUNSW Technology Policy:
UNSW Technlgy Plicy: UNSW Plicy Respnsible Officer Cntact Officer Apprving Authrity UNSW Data Netwrk Cnnectin Plicy Chief Infrmatin Officer Manager Infrastructure Services Supprt UNSW IT Services Ph: x
More informationOverview of Data Furnisher Batch Processing
Overview f Data Furnisher Batch Prcessing Nvember 2018 Page 1 f 9 Table f Cntents 1. Purpse... 3 2. Overview... 3 3. Batch Interface Implementatin Variatins... 4 4. Batch Interface Implementatin Stages...
More informationForcepoint UEBA Management of Personal Data
Frcepint UEBA Management f Persnal Data 2018 Frcepint LLC. All Rights Reserved Dcument Classificatin: Public FPWSCMPD-2018MAY24 Frcepint UEBA Management f Persnal Data CONTENTS Disclaimer... 2 General...
More informationPRIVACY POLICY. In this data protection declaration, we use, inter alia, the following terms:
PRIVACY POLICY We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f SwissGEL AG The use f the Internet pages f SwissGEL
More informationWELMEC Guide on evaluation of Purely Digital Parts
WELMEC 10.10 2016 Guide n evaluatin f Purely Digital Parts WELMEC is a cperatin between the legal metrlgy authrities f the Member States f the Eurpean Unin and EFTA. This dcument is ne f a number f Guides
More informationInternet/Intranet Publishing Guidelines
Muntain View-Ls Alts Unin High Schl District In trductin Internet/Intranet Publishing Guidelines Using the Internet t further the educatinal prcess, gals and bjectives is a natural extensin f Muntain View-Ls
More informationSERVICE LEVEL AGREEMENT. Mission: Certificates Management
SERVICE LEVEL AGREEMENT BSM: This SLA is cvered by BSM s fr Infrastructure, Supprt and Prjects This SLA is a cmplement t the Master Service Agreement V5.0 as described in art 2.2 (MSA) Missin: Certificates
More informationPrivacy Policy. 1. Definitions. a) Personal data
Privacy Plicy We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the BraNek Übersetzen und Dlmetschen. The use f the Internet
More informationPrivacy Policy. Information We Collect. Information You Choose to Give Us. Information We Get When You Use Our Services
Privacy Plicy Last Mdified: September 26, 2016 Pictry is a fast and fun way t share memes with yur friends and the wrld arund yu. Yu can send a Pictry game t friends and view the pictures they submit in
More informationMHS BYOD Policy MUDGEE HIGH SCHOOL STUDENT BRING YOUR OWN DEVICE (BYOD) POLICY
MHS BYOD Plicy MUDGEE HIGH SCHOOL STUDENT BRING YOUR OWN DEVICE (BYOD) POLICY Intrductin This dcument prvides advice and directin t students wh chse t use BYOD t access the Department f Educatin (DOE)
More informationDATA PROTECTION DESCRIPTION (EU GDPR compliant version) Effective Date: 13 September 2017
DATA PROTECTION DESCRIPTION (EU GDPR cmpliant versin) Effective Date: 13 September 2017 Data File Name: Legal Basis fr the Prcessing and Purpse f Use f the Persnal Data: Custmer Cntact Data File Prcessing
More informationHigh Security SaaS Concept Software as a Service (SaaS) for Life Science
Sftware as a Service (SaaS) fr Life Science Cpyright Cunesft GmbH Cntents Intrductin... 3 Data Security and Islatin in the Clud... 3 Strage System Security and Islatin... 3 Database Security and Islatin...
More informationData subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Privacy Plicy We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the GN Treuhand Anstalt. The use f the Internet pages
More informationPrivacy Policy. 1. Definitions
Privacy Plicy We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the PhtCde. The use f the Internet pages f the PhtCde
More informationPrivacy Policy Toyota Du Maroc is Committed to Respecting Your Privacy
Privacy Plicy Tyta Du Marc is Cmmitted t Respecting Yur Privacy Tyta Du Marc is cmmitted t prtecting yur persnal infrmatin and cmplying with relevant laws including, withut limitatin, the General Data
More informationPRIVACY AND COOKIE STATEMENT
PRIVACY AND COOKIE STATEMENT We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f Inn4Peple. The use f the Internet pages
More informationPrivacy Policy. 1. Definitions. a) Personal data. b) Data subject
Privacy Plicy We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the Wrld Banknte Summit. The use f the Internet pages
More informationProcurement Contract Portal. User Guide
Prcurement Cntract Prtal User Guide Cntents Intrductin...2 Access the Prtal...2 Hme Page...2 End User My Cntracts...2 Buttns, Icns, and the Actin Bar...3 Create a New Cntract Request...5 Requester Infrmatin...5
More informationAll members of the UNNC Community and users of the University network.
Bulk Email Plicy Audience: All members f the UNNC Cmmunity and users f the University netwrk. Definitin: Bulk email, by definitin, is unslicited email sent quickly in large quantities, and is recgnized
More informationAdverse Action Letters
Adverse Actin Letters Setup and Usage Instructins The FRS Adverse Actin Letter mdule was designed t prvide yu with a very elabrate and sphisticated slutin t help autmate and handle all f yur Adverse Actin
More informationIn this data protection declaration, we use, inter alia, the following terms:
Privacy Plicy We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the SAN DIEGO TOURS D.O.O.. The use f the Internet pages
More informationReporting Requirements Specification
Cmmunity Mental Health Cmmn Assessment Prject OCAN 2.0 - ing Requirements Specificatin May 4, 2010 Versin 2.0.2 SECURITY NOTICE This material and the infrmatin cntained herein are prprietary t Cmmunity
More informationIn this data protection declaration, we use, inter alia, the following terms:
Privacy Plicy We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the Ti-san d... The use f the Internet pages f the Ti-san
More informationRISKMAN REFERENCE GUIDE TO USER MANAGEMENT (Non-Network Logins)
Intrductin This reference guide is aimed at managers wh will be respnsible fr managing users within RiskMan where RiskMan is nt cnfigured t use netwrk lgins. This guide is used in cnjunctin with the respective
More informationData subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Privacy Plicy We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the Frmat Messtechnik GmbH. The use f the Internet pages
More informationTo start your custom application development, perform the steps below.
Get Started T start yur custm applicatin develpment, perfrm the steps belw. 1. Sign up fr the kitewrks develper package. Clud Develper Package Develper Package 2. Sign in t kitewrks. Once yu have yur instance
More informationIn this data protection declaration, we use, inter alia, the following terms:
1/13 Privacy Plicy We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the Htel Jensen GmbH & C. KG. The use f the Internet
More informationOATS Registration and User Entitlement Guide
OATS Registratin and User Entitlement Guide The OATS Registratin and Entitlement Guide prvides the fllwing infrmatin: OATS Registratin The prcess and dcumentatin required fr a firm r Service Prvider t
More informationAccess the site directly by navigating to in your web browser.
GENERAL QUESTIONS Hw d I access the nline reprting system? Yu can access the nline system in ne f tw ways. G t the IHCDA website at https://www.in.gv/myihcda/rhtc.htm and scrll dwn the page t Cmpliance
More informationUNIVERSITY OF MIAMI POLICY AND PROCEDURE MANUAL
UNIVERSITY OF MIAMI POLICY AND PROCEDURE MANUAL TITLE: Electrnic Data Prtectin and Encryptin REFERENCE: Refrmat CATEGORY: Infrmatin Technlgy PAGE: 1 SUPERSEDES: POL-UMIT- A175-014-01 APPROVER: David Ertel
More informationIn this data protection declaration, we use, inter alia, the following terms:
Privacy Plicy We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the MIKRO-MESS-Gesellschaft mit Messtechnik für den Umweltschutz
More informationIn this data protection declaration, we use, inter alia, the following terms:
Privacy Plicy Smiley Kinderhtel We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the Smiley Htel GmbH. The use f the
More informationUsers, groups, collections and submissions in DSpace. Contents
Users, grups, cllectins and submissins in DSpace Cntents Key cncepts... 2 User accunts and authenticatin... 2 Authrisatin and privileges... 2 Resurce plicies... 2 User rles and grups... 3 Submissin wrkflws...
More informationGeneral Data Protection Regulation (GDPR) for CEO s Quick overview & impact
General Data Prtectin Regulatin (GDPR) fr CEO s Quick verview & impact ISSE, Nvember 14th 2017 Erik Luysterbrg EMEA Data Prtectin & Privacy Leader Why is GDPR n the agenda? Cllectin, analysis and internatinal
More informationCSPN Security Target. PLC Simatic S range
CSPN Security Target PLC Simatic S7 1500 range Categry Industrial systems: prgrammable lgic cntrller Reference: CSPN-ST-Simatic-S7-1500-Range-1.01 Date: 2017/10/03 Internal cde: SIE009 Cpyright AMOSSYS
More informationSecurity of Information Technology Resources
CORNELL UNIVERSITY POLICY LIBRARY Security f Infrmatin Technlgy Resurces Technlgies Chapter: 4, Security and Vice President fr Infrmatin Technlgies Originally Issued: June 1, 2004 Last Full Review: December
More informationIn this data protection declaration, we use, inter alia, the following terms:
Privacy Plicy We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the City-Taxi 24h GmbH. The use f the Internet pages
More informationIn this data protection declaration, we use, inter alia, the following terms:
Privacy Plicy Data prtectin is f a particularly high pririty fr the management f the Irish Psychsynthesis Netwrk Steering Grup. The use f the Internet pages f the Irish Psychsynthesis Netwrk Steering Grup
More informationClub Together Privacy Policy
Club Tgether Privacy Plicy Publicatin date Tuesday, 10 April 2018 Authr Ian Butterwrth 1 Definitins... 2 2 Name and Address f the cntrller... 3 3 Ckies... 3 4 Cllectin f general data and infrmatin... 4
More informationVMware AirWatch Certificate Authentication for Cisco IPSec VPN
VMware AirWatch Certificate Authenticatin fr Cisc IPSec VPN Fr VMware AirWatch Have dcumentatin feedback? Submit a Dcumentatin Feedback supprt ticket using the Supprt Wizard n supprt.air-watch.cm. This
More informationMANAGING FORWARDING ACCOUNTS
Overview This prcess is t be perfrmed as needed t manage e-mail frwarding accunts fr Alumni. Several tasks may need t be perfrmed: Adding a new user t the security table Resetting a user s passwrd ( frgt
More informationE-Lock Policy Manager White Paper
White Paper Table f Cntents 1 INTRODUCTION... 3 2 ABOUT THE POLICY MANAGER... 3 3 HOW E-LOCK POLICY MANAGER WORKS... 3 4 WHAT CAN I DO WITH THE POLICY MANAGER?... 4 4.1 THINGS YOU CONTROL IN SIGNING...
More informationPrivacy Policy for Web-Presence
Privacy Plicy fr Web-Presence Öffentlicher Ntar & Partner Kmmandit-Partnerschaft Rtenturmstraße 25 kanzlei@ntar-stefan.at https://www.ntar-stefan.at We are very delighted that yu have shwn interest in
More informationAnonymous User Manual
Annymus User Manual esuppliercnnect Versin 9.4 January 15 th, 2017 Page 1/32 January 15 th, 2017 v9.4 Table f cntents: 1 Intrductin 3 2 Abut esuppliercnnect 5 2.1 Prtal Access 6 2.1 Prtal Structure 7 2.2
More informationPoint-to-Point Encryption (P2PE)
Payment Card Industry (PCI) Pint-t-Pint Encryptin (P2PE) Template fr P2PE Applicatin Reprt n Validatin (Applicatin P-ROV) Applicatin P-ROV Template Fr Applicatins used with PCI P2PE Hardware/Hardware Standard
More informationUsing the National Police Library
Using the Natinal Plice Library Including terms, cnditins and privacy infrmatin Versin 1.1 Updated 23 July 2018 Using the Natinal Plice Library The Natinal Plice Library prvides access t a wide range f
More informationOmniPCX Record PCI Compliance 2.3
S T R A T E G I C W H I T E P A P E R OmniPCX Recrd PCI Cmpliance 2.3 Alcatel-Lucent Enterprise Services Page 1/11 OmniPCX-Recrd R2.3 PCI Cmpliance White Paper Legal ntice Alcatel, Lucent, Alcatel-Lucent
More informationPrivacy Policy. We may collect information about you in a variety of ways. The information we collect on the Site includes:
Privacy Plicy BHIP Glbal, Inc. ( BHIP, we r us ) respects the privacy f ur users ( User r Yu ). This Privacy Plicy explains hw Pruvit cllects, uses, and disclses, and safeguards Yur Infrmatin when yu visit
More informationUSD 373 s General Guidelines for Web Page Publishing. The USD 373 Internet community domain address will be located at
8-14-08 District Web Pages USD 373 s General Guidelines fr Web Page Publishing General Guidelines The purpse f any USD 373 publicatin is t share infrmatin regarding issues, events, persnnel, students and
More informationSOLA and Lifecycle Manager Integration Guide
SOLA and Lifecycle Manager Integratin Guide SOLA and Lifecycle Manager Integratin Guide Versin: 7.0 July, 2015 Cpyright Cpyright 2015 Akana, Inc. All rights reserved. Trademarks All prduct and cmpany names
More informationDate: October User guide. Integration through ONVIF driver. Partner Self-test. Prepared By: Devices & Integrations Team, Milestone Systems
Date: Octber 2018 User guide Integratin thrugh ONVIF driver. Prepared By: Devices & Integratins Team, Milestne Systems 2 Welcme t the User Guide fr Online Test Tl The aim f this dcument is t prvide guidance
More informationPrivacy Policy. What this policy covers. What information we collect about you
Effective starting: May 25, 2018 What this plicy cvers Privacy Plicy Yur privacy is imprtant t us, and s is being transparent abut hw we cllect, use, and share infrmatin abut yu. This plicy is intended
More informationMilestone XProtect. NVR Installer s Guide
Milestne XPrtect NVR Installer s Guide Target Audience fr this Dcument This guide is relevant fr peple respnsible fr delivering and installing Milestne XPrtect NVR surveillance systems. If yu are a Milestne
More informationData Privacy Policy. 1. Definitions
Data Privacy Plicy Thank yu fr shwing interest in CEPS - Centre fr Eurpean Plicy Studies. Data prtectin is f a particularly high pririty fr the management f CEPS. The use f the Internet pages f the Centre
More informationRelease Notes Version: - v18.13 For ClickSoftware StreetSmart September 22, 2018
Release Ntes Versin: - v18.13 Fr ClickSftware StreetSmart September 22, 2018 Cpyright Ntice Cpyright 2018 ClickSftware Technlgies Ltd. All rights reserved. N part f this publicatin may be cpied withut
More informationIn this data protection declaration, we use, inter alia, the following terms:
Privacy Plicy We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the Lehrstuhl für Betriebswirtschaftslehre, insbesndere
More informationStudent participation Students can register online, track progress, express interest and demonstrate proficiency.
Page 1 f 31 Intrductin Our MAG 10 Learning Management System (LMS) is a Web based technlgy used t plan, implement, and assess a specific learning prcess. LMS is a training prgram which prvides cmplete
More informationJohn R. Robles CISA, CISM, CRISC
Jhn R. Rbles CISA, CISM, CRISC www.jhnrrbles.cm jrbles@cqui.net 787-647-3961 What is Security as a Service (SecaaS)? Security as a Service is a clud cmputing mdel that Delivers Managed Security Services
More informationCookbook Qermid Defibrillator web service Version This document is provided to you free of charge by the. ehealth platform
Ckbk Qermid Defibrillatr web service Versin 1.01 This dcument is prvided t yu free f charge by the ehealth platfrm Willebrekkaai 38 38, Quai de Willebrek 1000 BRUSSELS All are free t circulate this dcument
More informationNew Tenancy Contact - User manual
New Tenancy Cntact - User manual Table f Cntents Abut Service... 3 Service requirements... 3 Required Dcuments... 3 Service fees... 3 Hw t apply fr this service... 4 Validatin Messages... 28 New Tenancy
More informationContingency Planning Template
Cntingency Planning Template Prject Name: U.S. Department f Husing and Urban Develpment Octber, 2010 Cntigency Planning Template (V1.0) Ntes t the Authr [This dcument is a template f a Security Apprach
More informationPrivacy Policy according to GDPR May 2018
Privacy Plicy accrding t GDPR May 2018 We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the Michael Mutter e.k. "MUTTER
More informationINFORMATION TECHNOLOGY SERVICES NIST COMPLIANCE AT FSU - CONTROLLED UNCLASSIFIED INFORMATION
NIST 800-171 COMPLIANCE AT FSU - CONTROLLED UNCLASSIFIED INFORMATION WHAT IS NIST 800-171 COMPLIANCE AND WHY DO WE HAVE TO DO IT? Any Cntrlled Unclassified Infrmatin (CUI) residing in nnfederal infrmatin
More informationEDS-Site Entry User Manual
EDS- Revisin Histry Versin Date Authr/Organizatin Descriptin 1.0 2011-06-08 Jn Pelster First Draft 2012 Gvernment f Alberta Page 2 f 14 Disclaimer In this disclaimer prvisin: Crwn means Her Majesty the
More informationPerformance of usage of MindSphere depends on the bandwidth of your internet connection.
MindSphere MindAccess User Data Sheet MindAccess User prvides yu with an Accunt in rder t access the MindSphere Platfrm. This allws yu t cnfigure Assets and Users, access Applicatins and stre data. Such
More informationPublic Documents Registration of authorities in IMI Guide for Access managers
Public Dcuments Registratin f authrities in IMI Guide fr Access managers 6th August 2018 Versin 2 PUBLIC DOCUMENTS -REGISTRATION GUIDE Dcument revisins Date Versin number Dcument changes 29/06/2018 0.1
More informationFinal Report. Graphical User Interface for the European Transport Model TREMOVE. June 15 th 2010
Date June 15 th 2010 Authrs Charitn Kuridis Dr Mia Fu Dr Andrew Kelly Thmas Papagergiu Client Eurpean Cmmissin DG Climate Actin Directrate A: Internatinal & Climate Strategy Unit A4: Strategy & Ecnmic
More informationTPCH Data Sharing Policies and Procedures
TPCH Data Sharing Plicies and Prcedures Intrductin: The TPCH Data Sharing Plicies and Prcedures were created based n the CC apprved Pima Cunty: HMIS Data Sharing Plan apprved by TPCH bard n February 24,
More informationHP Service Manager. Software Version: 9.41 For the supported Windows and UNIX operating systems. Request Fulfillment help topics for printing
HP Service Manager Sftware Versin: 9.41 Fr the supprted Windws and UNIX perating systems Fulfillment help tpics fr printing Dcument Release Date: September 2015 Sftware Release Date: September 2015 Legal
More informationUML : MODELS, VIEWS, AND DIAGRAMS
UML : MODELS, VIEWS, AND DIAGRAMS Purpse and Target Grup f a Mdel In real life we ften bserve that the results f cumbersme, tedius, and expensive mdeling simply disappear in a stack f paper n smene's desk.
More informationIn this data protection declaration, we use, inter alia, the following terms:
Seite 1 vn 16 Privacy Plicy We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the Finanz Infrmatik. The use f the Internet
More informationANNUAL COMPUTER SECURITY REFRESHER TRAINING
Cmputer DD Nvember 27, 2017 ANNUAL COMPUTER SECURITY REFRESHER TRAINING Nrthrp Grumman has a requirement t prvide annual cmputer security training t all emplyees wh have access t classified cmputing systems.
More informationRxAXIS Security Module 09/25/2013
RxAXIS Security Mdule 09/25/2013 Lessn Title Intrductin: Security Mdule In this tutrial we are ging t lk at the Security Maintenance Mdule f the RxAXIS system. When used, this system gives emplyees access
More informationIHIS Research Access Request Guidelines
Eservices: https://sumc.service-nw.cm/ 1. FOR NEWLY HIRED EMPLOYEES: Use On-barding Services & On-Barding Guide Frm Please Nte the fields required fr Research IHIS access are the same as thse utlined in
More informationSchoolMessenger School Notification is a product of Henrico County Public Schools (HCPS)
1 SchlMessenger: Staff and Parent Cmmunicatin Henric Cunty, Virginia Shrt Overview SchlMessenger Schl Ntificatin is a prduct f Henric Cunty Public Schls (HCPS) that assists the schl divisin with simplifying
More informationData subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Data Prtectin We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the GOES GmbH. The use f the Internet pages f the GOES
More informationPassword Management Guidelines
Unified Cntract System Passwrd Management Guidelines Versin 2.5 Revisin date: 26-06-2006 Authr:J.Thiyagarajan Cpyright 2006 by Hexaware Technlgies Limited All rights reserved. All text and figures included
More informationMcGill University Firewall Sharing Services Service Description and Service Level Agreement. Prepared by Network and Communications Services
McGill University Firewall Sharing Services Service Descriptin and Service Level Agreement Prepared by Netwrk and Cmmunicatins Services Revisin Histry Versin Date Summary f changes Apprved by 1.0 February
More informationS4S Support Services. Audit4 version 14+ Aug Copyright 2017 S4S Pty Ltd. S4S Pty Ltd. Phone: Web:
S4S Pty Ltd ABN: 26 104 845 909 Phne: 1300 133 308 Web: http://www.s4s.cm.au Audit4 versin 14+ Aug 2018 Cpyright S4S Pty Ltd S4S Supprt prvides cmprehensive services s that yu can get the maximum benefit
More informationUpdate: Users are updated when their information changes (examples: Job Title or Department). o
Learn Basic User Integratin Batch File Prcessing The Learn Basic User Integratin is designed t manage the rganizatinal changes cmpanies are challenged with n a daily basis. Withut a basic type f integratin,
More informationAPPLICATION FORM. CISAS opening hours: 9:00am to 5:00pm, Monday to Friday
Enquiry reference number: (Office use nly) Administered by the Centre fr Effective Dispute Reslutin (CEDR) APPLICATION FORM What is this Applicatin fr? What d I need t d? This applicatin frm is fr custmers
More informationUsing the Swiftpage Connect List Manager
Quick Start Guide T: Using the Swiftpage Cnnect List Manager The Swiftpage Cnnect List Manager can be used t imprt yur cntacts, mdify cntact infrmatin, create grups ut f thse cntacts, filter yur cntacts
More informationIntroduction to Mindjet on-premise
Intrductin t Mindjet n-premise Mindjet Crpratin Tll Free: 877-Mindjet 1160 Battery Street East San Francisc CA 94111 USA Phne: 415-229-4200 Fax: 415-229-4201 www.mindjet.cm 2012 Mindjet. All Rights Reserved
More informationOBSERVATIONS FROM CYBERSECURITY EXAMINATIONS
By the Office f Cmpliance Inspectins and Examinatins ( OCIE ) 1 This Risk Alert prvides a summary f bservatins Vlume VI, Issue 5 August 7, 2017 frm OCIE s examinatins OBSERVATIONS FROM f registered brkerdealers,
More informationE. G. S. Pillay Engineering College, Nagapattinam Computer Science and Engineering
IT2042 - Infrmatin Security 1-1 E. G. S. Pillay Engineering Cllege, Nagapattinam Cmputer Science and Engineering Elective II IT 2042 INFORMATION SECURITY VIII Sem CSE QUESTION BANK - UNIT-IV 1) What is
More informationCOMMITTEE FOR THE PROTECTION OF CULTURAL PROPERTY IN THE EVENT OF ARMED CONFLICT
CLT-11/CONF/211/4 Paris, 6 September 2011 Original: English UNITED NATIONS EDUCATIONAL, SCIENTIFIC AND CULTURAL ORGANIZATION COMMITTEE FOR THE PROTECTION OF CULTURAL PROPERTY IN THE EVENT OF ARMED CONFLICT
More informationSucceed in ISO/IEC Audit Checks. Bob Cordisco Systems Engineer
Succeed in ISO/IEC 27001 Audit Checks Bb Crdisc Systems Engineer Bb.Crdisc@netwrix.cm Hw t Ask Questins Type yur questin here Click Send Agenda Why cmpliance is imprtant What ISO/IEC 27001 is ISO/IEC 27001
More informationGroup Policy Manager Quick start Guide
Grup Plicy Manager Quick start Guide Sftware versin 4.0.0.0 General Infrmatin: inf@cinsystems.cm Online Supprt: supprt@cinsystems.cm Cpyright CinSystems Inc., All Rights Reserved Page 1 CinSystems Inc.
More informationDocAve Governance Automation 2
DcAve Gvernance Autmatin 2 Business User Guide Service Pack 2 Issued March 2018 The Enterprise-Class Management Platfrm fr SharePint Gvernance Table f Cntents What s New in this Guide... 3 Submitting Dcumentatin
More information