Data processing user and operations regulations for the MTI network at the Universitätsklinikum of the FSU Jena
|
|
- Logan Logan
- 6 years ago
- Views:
Transcription
1 Universitätsklinikum Jena Postfach Jena Data processing user and operations regulations for the MTI network at the Universitätsklinikum of the FSU Jena 1 Preamble Definitions Scope Personal scope Objective scope Consequences Fundamentals of IT systems usage Access Providing access to the MTI network Programs (Software) General Processing internal data, including personal Installation of Programs Installation of network services Orderly operation of IT systems Extension/Modification of hardware and system configuration Modifications of cabling and active network components Hard- and software-based integration of IT systems Outside access to the MTI network Integration of telecommunication devices Integration of mobile IT systems Data protection (Backup) Electronic mail ( ) Providing information to the Intranet and Internet Date of Effect Addendum Addendum Addendum Proper use of username Hints for creating and managing passwords Termination of Employment Use of account resources and shared drives... 7
2 1 Preamble The goal of the IT user- and operation regulations for the MTI network of the Universitätsklinikum at the FSU Jena is to guarantee safe, conflict-free and efficient use of the data processing systems (IT systems). The following regulations provide a summary, which will be clarified later: 1. Every user is obligated to know the regulations and their prohibitions. 2. The IT systems exist for business purposes. 3. Every user shall only work within the confines of their own user account and is responsible for the safety and contents thereof. This also applies to all data saved and used in that account. 4. Application software is installed by the Klinisches Rechenzentrum (KRZ), the Universitätsrechenzentrum (University Computing Center) and their authorized employees. 5. The principles of data protection and related statutory regulation are to be honored while working with personal data; especially those of the Bundesdatenschutzgesetz (federal data protection law, BDSG) and the Thüringer Krankenhausgesetz (hospital law of Thuringia). 6. Personal data must only be gathered, processed and used within the Klinikum, unless required otherwise by statutory regulation. Special regard is to be given to the regulations of the BDSG, the Thüringer Personenvertretungsgesetz (Thuringia substitute personnel law), and other statutory regulations. 7. Substitutes for users in cases of absence and/or retirement from the Klinikum are regulated by these regulations and/or case-by-case decisions by the responsible heads of department, under consideration of the Post- und Fernmeldegeheimnis (statutory regulations concerning postal- and telecommunications privacy). Thus, the already sizable and continuously growing number of IT users shall be able to behave in a way so that stable and effective operations can be provided to all users, the statutory regulations of data protection and data security can be ensured, and legal security is provided while working with IT systems at the Klinikum. 2 Definitions IT systems in the context of these regulations are: 1. non-networked IT systems like PCs, workstations, notebooks and other mobile devices, printers, scanners, image-providing devices etc. 2. networked IT systems like PCs, workstations, servers, notebooks, printers and other mobile devices as well as communications networks required for networking, etc. The workgroup "PC-Pool/WAP-Cluster" of the Institut für Medizinische Informatik, Statistik und Dokumentation (Institute for Medical Information Processing, Statistics and Documentation, subsequently called Systems Maintenance (Systembetreuung)) is responsible for the network of the Medizinisch-Theoretisches Institut des Universitätsklinikums (subsequently called MTI network). The use of personal computing devices in the MTI network is fundamentally forbidden. Exceptional permission can be granted when justified, upon a written request from the head of department (Einrichtungsleiter) in the context of a case-by-case assessment by Systems Maintenance. In this 2
3 situation, the personal computing device is treated as belonging to the Klinikum. It falls under the competence of Systems Maintenance and the data protection agent (Datenschutzbeauftragter). The user is responsible for ensuring that the personal device fulfills up-to-date standards and security regulations. Systems Maintenance is the operator of the MTI network and closely connected with the Klinisches Rechenzentrum (subsequently KRZ), which operates the Klinikum network. Both institutions are committed to providing powerful networking services and find solutions for problems of the IT systems that are acceptable to the user. 3 Scope 3.1 Personal scope These regulations apply to all employees, interns, trainees, citizens in civilian service, and all users of the IT systems and MTI network at the Universitätsklinikum. 3.2 Objective scope These regulations apply to all IT systems that are connected to the MTI network. The MTI network includes the following institutions: Institute for Anatomy, Physiology, Biochemics, Pharmacology and Toxicology, Pathophysiology and Pathobiochemics, Human Genetics and Anthropology, Medical Statistics, Information Processing and Documentation, Immunology, Vascular Medicine, Molecular/Cellular Biology and the Central Workshop for Research and Development. 4 Consequences The use of the IT systems is only permitted if the user has taken note of these IT regulations and operating order and confirmed this by signature. Each supervisor is responsible for ensuring that their users have had opportunity to do this. The IT systems must only be used for business purposes. Violations of these regulations can result in disciplinary, employment-law (ie. termination), civil-law (ie. compensation) and/or criminal-law consequences (see addendum for departmental regulation) for the concerned. Unauthorized changes to IT systems, or such that endanger the operation of the network, result in separation of the affected devices from the network until an orderly state is restored. Ultimately, a reinstallation can become necessary. 5 Fundamentals of IT systems usage 5.1 Access Generally, the IT systems of the Klinikum must only be accessed by authorized users, Every IT system shall be protected by access guards as required by the BDSG. 5.2 Providing access to the MTI network Access to the MTI network is only permitted to persons that have been registered by Systems Maintenance as users as per a formal request from the head of the relevant department (access authorization). Request forms for provision of access are provided by Systems Maintenance. They 3
4 shall be filled out, signed by the responsible head of department, and returned to Systems Maintenance. Further information regarding access and password usage is listed in the addendum. 5.3 Programs (Software) General For each user, the institution at which they are employed is to define in writing, and in agreement with the KRZ and Systems Maintenance, a spectrum of licensed software required in the line of their work. Usage of programs other than those required for work is not permitted. Attempting to manipulate installed software is strictly prohibited. Furthermore, attempting to gain access to others' data, such as user accounts, mail boxes and passwords, is also prohibited. Using the provided software for commercial, non-work purposes is also prohibited. Accessing, providing or distributing racist, extremist, pornographic and other legally relevant data or documents, as well as downloading it from the Internet, is explicitly prohibited. Downloading or distributing copyrighted data, like films, music or software, without possessing a license, is explicitly prohibited and will be prosecuted. This also applies to downloading licensed software from servers of the Klinikum. Specific regulations for business- and private usage of Internet and services will be formulated in a separate agreement Processing internal data, including personal Personal data must only be raised, processed and used as specified by the Bundesdatenschutzgesetz, the Thüringer Krankenhausgesetz and other legal regulations. Other internal data must only be processed as per the requirements of the employer. Protected data must not be stored on local drives at the workplace, or processed or used outside the Klinikum, unless separate contractual agreements with the Klinikum permit it Installation of Programs The IT workstations are generally administered and managed using centralized tools by Systems Maintenance, in cooperation with the responsible IT coordinators of the institutions. Exceptions can only be permitted on a case-by-case assessment by Systems Maintenance. Local installation of any software requires the formal agreement, in writing, of the responsible head of the institution, as well as the permission of Systems Maintenance and their employees or authorized persons, under compliance with license regulations. Especially the installation of programs for remote-control is prohibited. Remote-controlling PCs for service reasons is regulated in a separate document. Software that was acquired by the KRZ is workplace-licensed and must not be circulated inside or outside of the institution. Unlicensed, personal or software that is unrelated to the demands of work, will be removed when found Installation of network services The establishment and maintenance of network services is generally done by Systems Maintenance. To guarantee data protection and work safety in the MTI network, the installation and configuration of decentralized services (FTP, Mail, directory services, servers and server services, etc) is only permitted under inclusion of Systems Maintenance Orderly operation of IT systems Systems Maintenance verifies and monitors the orderly state and smooth operation of the individual IT systems using appropriate means. The data thus gathered falls under data protection laws, and is only used for optimizing IT processes in agreement with the Personalrat and accordance with legal 4
5 requirements. If violations of the regulations or irregularities are discovered, the legal authorities are notified and a safe state is immediately restored, for instance by disconnecting network access. Present protocol files are then evaluated in cooperation with Systems Maintenance, the data protection agent (Datenschutzbeauftragter), and the Personalrat. 5.4 Extension/Modification of hardware and system configuration Modifications of cabling and active network components Modifications of the cabling of the network must only be done by authorized facilities of the Klinikum or persons authorized by them. The same applies to manipulations of active network components (routers, switches, hubs, network cards, etc). Components for wireless data transfer (Access points, wireless network cards, etc) are centrally provided and installed Hard- and software-based integration of IT systems Integration of IT systems into the Klinikum network must only be carried out by employees of Systems Maintenance or their authorized personnel. The same applies to network configuration, directory services, catalogs etc Outside access to the MTI network Special services for external access to the MTI network, like , are present. Providing these services is done by request of the responsible head of department (compare 5.2). It is explicitly pointed out that personal data must not be transmitted, or used from, outside the network Integration of telecommunication devices The usage of telecommunication devices (Modems, ISDN cards and others) is to be requested in writing from Systems Maintenance and only permitted in exceptional cases. Manipulating networked IT systems is fundamentally not permitted, to guarantee a safe and error-free operation of the network and IT systems Integration of mobile IT systems Users of mobile systems carry a heightened responsibility for their systems and the connected networks. The user must ensure that the mobile systems comply with current security demands of hard- and software manufacturers and the Klinikum in specific. Hardware-, operating system- and software updates must be installed soon after their publication by the manufacturer. Mobile systems must be registered with Systems Maintenance before usage. Systems Maintenance assigns the user network access to connect the system with the MTI network. Due to the mobile characteristics, this is urgently necessary to prevent infestation by viruses, worms and other harmful programs. Connecting an unregistered device will result in termination of network access. 5.5 Data protection (Backup) Backups of the servers are organized and performed by Systems Maintenance. To prevent data loss, the user must take care to save his data on his home drive (H:) or the Institut drive (I:) on these servers. Performing backups of data on local drives is the responsibility of the users. Systems Maintenance will provide support on demand (backup strategies, purchase recommendations). 5
6 6 Electronic mail ( ) The Universitätsklinikum uses the mail system Groupwise, which is maintained by Systems Maintenance as well as the KRZ. Access to communication and devices via WebAccess is generally encrypted. To ensure a smooth operation of the service, the size of mails is limited. The maximal size in the MTI network currently lies at 10MB. is generally considered unsafe in regards to delivery and data protection. Thus, protection-worthy data must not be sent unencrypted to external sites by . Before sending to large user groups (like everyone in Novell systems) Systems Maintenance is to be consulted. Furthermore, POP3 access to Internet services is prohibited, because this bypasses the virus scanner. To protect the user, incoming s are automatically checked for viruses and in case of infestation cleaned or summarily deleted. 7 Providing information to the Intranet and Internet Information can be provided to the Intranet and Internet. This information must be released before publication by the responsible head of department. The head of department carries responsibility for the content. Personal information of patients and coworkers (including photos, letters of patients to the Klinikum, pictures of operations etc) require personal agreement of the person concerned before publicizing them in the Intranet and/or Internet. This agreement must be provided in writing. Information must be anonymized as much as possible during publication. 8 Date of Effect These rules are effective as of The rules of are thus obsoleted. 6
7 9 Addendum 9.1 Addendum 1 Addendum 1, containing legal sanctions arising from improper use of DV systems, has been omitted from this translation. Please consult the German original. 9.2 Addendum Proper use of username The requested user account will be set up by a member of Systems Maintenance. The user will be given all required access information (login name, initial password, mail address and mail password, potentially access to further subsystems). Providing this information to other employees is prohibited. If a user is absent, the responsible head of department can request access to their account with Systems Maintenance if needed. If granted, the organizational data protection agent (Datenschutzbeauftragter) is to be informed. Each user is responsible for damages arising from careless use of the account Hints for creating and managing passwords To prevent access to the MTI network from unprivileged parties, every account is protected by a password. A password should contain at least six characters. All available characters should be used. The use of so-called trivial passwords (first names, pet names, cities and similar) is to be avoided. Preferably, the following special characters can also be used:! " $ % & / () =? ` [ ] { } \,. - _ < >. Umlauts as well as the letter ß are to be avoided. By varying these special characters, memorable and safe passwords can be created even on password change. Passwords are to be kept secret from other persons. If the suspicion of illegitimate access by third parties arises, Systems Maintenance is to be informed immediately Termination of Employment Login can be granted on a temporary or unlimited basis. Upon termination of the work relationship or other legal relation with the Klinikum, work in the MTI network must not continue, unless arranged otherwise in writing. For this purpose, the Department of Employment (Dezernat Personalwesen) notifies Systems Maintenance of terminated employees every month. In special cases, a short-term notification can occur. Before termination, still-required data must be transferred to a successor. After termination, the entire user account is first barred and completely deleted after a period of three months. If the user re-enters employment at the Klinikum, the user account can be reactivated. If an account is not used for a year or more, it can be deleted by Systems Maintenance. Because of this, in case of prolonged absence Systems Maintenance should be informed Use of account resources and shared drives Every user is assigned a personal data drive, called "home drive" (Home-Bereich). The data on this drive can only be read, modified and erased by the user and, in special cases, the network administration. In some cases leading coworkers or IT workers have access to this drive. The user must be informed of this. In connected institutions, a so-called Institutsbereich (institution drive; I: drive) is configured. This is a shared data drive for members of the department. Access to this drive must be requested as part of user registration. The size of these drives is determined by work requirements as well as technological and financial constraints. 7
Status: February IT Security Directive External Service Providers
Status: February 2016 IT Security Directive External Service Providers 1. Scope and purpose This safety directive is obligatory for all external service providers who work for a HYDAC affiliate. The stipulations
More informationDepartment of Public Health O F S A N F R A N C I S C O
PAGE 1 of 7 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
More informationIT ACCEPTABLE USE POLICY
CIO Signature Approval & Date: IT ACCEPTABLE USE POLICY 1.0 PURPOSE The purpose of this policy is to define the acceptable and appropriate use of ModusLink s computing resources. This policy exists to
More informationI. PURPOSE III. PROCEDURE
A.R. Number: 2.11 Effective Date: 2/1/2009 Page: 1 of 5 I. PURPOSE This policy outlines the procedures that third party organizations must follow when connecting to the City of Richmond (COR) networks
More informationDepartment of Public Health O F S A N F R A N C I S C O
PAGE 1 of 9 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
More informationSeven Requirements for Successfully Implementing Information Security Policies and Standards
Seven Requirements for Successfully Implementing and Standards A guide for executives Stan Stahl, Ph.D., President, Citadel Information Group Kimberly A. Pease, CISSP, Vice President, Citadel Information
More informationData Processor Agreement
Data Processor Agreement Data Controller: Customer located within the EU (the Data Controller ) and Data Processor: European Representative Company: ONE.COM (B-one FZ-LLC) One.com A/S Reg.no. Reg.no. 19.958
More informationLiechtenstein. General I Data Protection Laws. Contributed by Wanger Advokaturbüro. National Legislation. National Regulatory Authority.
Contributed by Wanger Advokaturbüro General I Data Protection Laws National Legislation General data protection laws The Data Protection Act (the DPA ) dated 14 March 2002 and the relevant Ordinance on
More informationRMU-IT-SEC-01 Acceptable Use Policy
1.0 Purpose 2.0 Scope 2.1 Your Rights and Responsibilities 3.0 Policy 3.1 Acceptable Use 3.2 Fair Share of Resources 3.3 Adherence with Federal, State, and Local Laws 3.4 Other Inappropriate Activities
More informationDirective. on the Use of IT Resources at the University of Bern. For internal use. Classification. Released. Document status
on the Use of IT Resources at the University of Bern Classification Document status For internal use Released Index The Governing Board of the University,... 3 1. General Provisions... 3 1.1 Aim... 3 1.2
More informationLeiden University Regulations on ICT and Internet Use. Version
1 Leiden University Regulations on ICT and Internet Use Version 1.0 4-11-2014 These Regulations state the rules regarding the use of ICT and internet facilities offered by Leiden University to its students,
More informationResponsible Officer Approved by
Responsible Officer Approved by Chief Information Officer Council Approved and commenced August, 2014 Review by August, 2017 Relevant Legislation, Ordinance, Rule and/or Governance Level Principle ICT
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationDONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY
DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY Published By: Fusion Factor Corporation 2647 Gateway Road Ste 105-303 Carlsbad, CA 92009 USA 1.0 Overview Fusion Factor s intentions for publishing an
More informationName of Policy: Computer Use Policy
Page: Page 1 of 5 Director Approved By: Approval Date: Reason(s) for Change Responsible: Corporate Services Leadership April 22, Reflect current technology and practice Corporate Services Leadership Leadership
More informationPURPOSE: To establish policies and procedures for the use of University-owned and -operated information technology resources.
MERCER UNIVERSITY SECTION: Policies and Procedures Manual SUBJECT: INFORMATION TECHNOLOGY ACCESS AND USE POLICY EFFECTIVE: January 1, 2004 PURPOSE: To establish policies and procedures for the use of University-owned
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationIndividual Agreement. commissioned processing
Individual Agreement commissioned processing (in the following: AGREEMENT) Between 1. - Address owner / Controller - and 2. - Service provider / Processor - As of: 09/2017, Page 2 of 12 The following provisions
More informationAcceptable Use Policy
Acceptable Use Policy This Acceptable Use Policy is in addition to South Central Communication s Terms of Service and together the documents constitute the Agreement between South Central Communications
More informationSPRING-FORD AREA SCHOOL DISTRICT
No. 801.1 SPRING-FORD AREA SCHOOL DISTRICT SECTION: TITLE: OPERATIONS ELECTRONIC RECORDS RETENTION ADOPTED: January 25, 2010 REVISED: October 24, 2011 801.1. ELECTRONIC RECORDS RETENTION 1. Purpose In
More informationLegal notice and Privacy policy
Legal notice and Privacy policy We appreciate your interest in us. Below you will find information of legal relevance when visiting this website. In addition, you will find our Privacy Policy, which explains
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More information1.1. Gomilio is a service provided by Activa System Srls (hereinafter referred to as
Terms of Use General Terms and Conditions 1. General 1.1. Gomilio is a service provided by Activa System Srls (hereinafter referred to as Service Provider). By registering with Gomilio as user, you (hereinafter
More informationThe Apple Store, Coombe Lodge, Blagdon BS40 7RG,
1 The General Data Protection Regulation ( GDPR ) is the new legal framework that will come into effect on the 25th of May 2018 in the European Union ( EU ) and will be directly applicable in all EU Member
More informationGuidelines for the use of the IT infrastructure at the University of Bayreuth 10 February 2005
IT Guidelines Guidelines for the use of the IT infrastructure at the University of Bayreuth 10 February 2005 In accordance with Article 32 para 3 sentence 1 of the Bavarian Higher Education Act (Bayerisches
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationHIPAA Privacy & Security Training. Privacy and Security of Protected Health Information
HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationINFORMATION TO BE GIVEN 2
(To be filled out in the EDPS' office) REGISTER NUMBER: 1423 (To be filled out in the EDPS' office) NOTIFICATION FOR PRIOR CHECKING DATE OF SUBMISSION: 03/01/2017 CASE NUMBER: 2017-0015 INSTITUTION: ESMA
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationAcceptable Use Policy
IT and Operations Section 100 Policy # Organizational Functional Area: Policy For: Date Originated: Date Revised: Date Board Approved: Department/Individual Responsible for Maintaining Policy: IT and Operations
More informationConceptboard User Agreement for users registered before October 23, 2015.
Conceptboard User Agreement for users registered before October 23, 2015. This statement was written in German. If you are facing inconsistencies between the translated version of this statement compared
More informationInternet, , and Computer Usage Policy
Important disclaimer: The policy available on this page is only an example and is furnished merely as an illustration of its category. It is not meant to be taken and used without consultation with a licensed
More information19 Dec The forwarding and returning obligation does not concern messages containing malware or spam.
E-mail rules 1/5 E-mail rules These e-mail rules concern all users of the university's e-mail systems. The parts aimed at university staff members concern all of the University's units, their employees
More informationInformation technology security and system integrity policy.
3359-11-10.3 Information technology security and system integrity policy. (A) Need for security and integrity. The university abides by and honors its long history of supporting the diverse academic values
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationWireless Communication Stipend Effective Date: 9/1/2008
Category: Financial Policy applicable for: Faculty/Staff Policy Title: Policy Number: Wireless Communication Stipend Effective Date: 9/1/2008 Enabling Act(s) IRS rule 2.1.7 Policy Owner: Sr. VP for Administration
More informationPUPIL ICT ACCEPTABLE USE POLICY
PUPIL ICT ACCEPTABLE USE POLICY Document control This document has been approved for operation within: All Trust Schools Date of last review August 2018 Date of next review August 2020 Review period Status
More informationGM Information Security Controls
: Table of Contents 2... 2-1 2.1 Responsibility to Maintain... 2-2 2.2 GM s Right to Monitor... 2-2 2.3 Personal Privacy... 2-3 2.4 Comply with Applicable Laws and Site Specific Restrictions... 2-3 2.5
More information3. As far as the hosting services of WWW INFOTECH are through leased severs of our data centre partners in US and UK through contracts.
Web Email Hosting Agreement 1. General provisions 1. The delivery and the provision of hosting services by WWW INFOTECH is based on the general terms and conditions of WWW INFOTECH LLP and these terms
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationWASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information
WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7 Appropriate Methods of Communicating Protected Health Information Statement of Policy Washington University and its member organizations (collectively, Washington
More informationWireless Network Standard
Last Modified: 10/20/15 Wireless Network Standard Purpose The standard and guidelines described in this document will ensure the uniformity of wireless network access points at the University of Georgia.
More informationInformation Technology Cyber Security Policy. Convergint Technologies, LLC
Information Technology Cyber Security Policy Convergint Technologies, LLC September 2015 Convergint Technologies, LLC POLICY MANUAL Subject: CYBER SECURITY POLICY Approved: Tom Schmitt Effective Date:
More informationINFORMATION ASSET MANAGEMENT POLICY
INFORMATION ASSET MANAGEMENT POLICY Approved by Board of Directors Date: To be reviewed by Board of Directors March 2021 CONTENT PAGE 1. Introduction 3 2. Policy Statement 3 3. Purpose 4 4. Scope 4 5 Objectives
More informationAcceptable Use Policy
Acceptable Use Policy POLICY 07.01.01 Effective Date: 01/01/2015 The following are responsible for the accuracy of the information contained in this document Responsible Policy Administrator Information
More informationPrivacy Policy of the products of Ilves Solutions Ltd and Ilves Valmisohjelmistot Ltd / Ilveshaku
Privacy Policy of the products of Ilves Solutions Ltd and Ilves Valmisohjelmistot Ltd / Ilveshaku Data protection is your fundamental right, which we commit to safeguard. In this Data protection statement
More informationPOLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents
POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND October 2005 Table of Contents Introduction... 1 Purpose Of This Policy... 1 Responsibility... 1 General Policy... 2 Data Classification Policy...
More informationCOMMERCIAL BANK OF DUBAI PSC GENERAL CONDITIONS OF ACCESS AND USE OF COMMERCIAL BANK OF DUBAI FACEBOOK BRANCH
COMMERCIAL BANK OF DUBAI PSC GENERAL CONDITIONS OF ACCESS AND USE OF COMMERCIAL BANK OF DUBAI FACEBOOK BRANCH 1. CBD Facebook Branch Commercial Bank of Dubai psc (hereinafter "CBD"), allows access and
More informationSecurity and Privacy Breach Notification
Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains
More informationChecklist According to ISO IEC 17065:2012 for bodies certifying products, process and services
Name of Certifying Body Address of Certifying Body Case number Date of assessment With several locations Yes No Assessed locations: (Name)/Address: (Name)/Address: (Name)/Address: Assessed area (technical
More informationIDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) ITS Responsible Use of Telephone, Telecommunications, and Networking Resources ISUPP 2280
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) ITS Responsible Use of Telephone, Telecommunications, and Networking Resources ISUPP 2280 POLICY INFORMATION Policy Section: Information Technology
More information<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy
Policy Title: Effective Date: Revision Date: Approval(s): LASO: CSO: Agency Head: Allowed Personally Owned Device Policy Every 2 years or as needed Purpose: A personally owned information system or device
More informationTechnology Control Plan
Technology Control Plan I. Statement of policy and assignment of responsibility The University of Illinois at Urbana-Champaign (UIUC) is committed to complying with the export laws and regulations of the
More informationOhio Supercomputer Center
Ohio Supercomputer Center Security Notifications No: Effective: OSC-10 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original Publication
More informationACCEPTABLE USE POLICY
ACCEPTABLE USE POLICY The purpose of this document is to communicate Clayton County Public Schools Board of Education policies to ensure efficient, effective, and safe use of all CCPS's digital resources.
More informationWebsite Privacy Policy
Website Privacy Policy Village Emergency Center Privacy Policy Updated: 1/22/18. PLEASE READ THIS PRIVACY POLICY (Privacy Policy) CAREFULLY. By accessing and using this website, you agree to be bound by
More informationViolations of any portion of this policy may be subject to disciplinary action up to and including termination of employment.
Page 1 of 6 Policy: All computer resources are the property of Lee County and are intended to be used for approved County business purposes. Users are permitted access to the computer system to assist
More informationCustomer Proprietary Network Information
Customer proprietary network information (CPNI) means information that relates to the quantity, technical configuration, type, destination, location, and amount of use of our service by you and information
More informationAcceptable Usage Policy (Student)
Acceptable Usage Policy (Student) Author Arthur Bogacki Date 18/10/2017 Version 1.1 (content sourced and consolidated from existing Email and Electronic Communication, and User Code of Practice policies.)
More informationAcceptable Use Policy
Acceptable Use Policy 1. Overview ONS IT s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to ONS established culture of openness, trust and integrity.
More informationOPTIMAL BLUE, LLC PRIVACY POLICY
OPTIMAL BLUE, LLC PRIVACY POLICY ` Page 1 of 12 Title TABLE OF CONTENTS OUR COMMITMENT TO YOUR PRIVACY... 1 WHAT WE DO AND HOW WE RECEIVE INFORMATION... 2 WEBSITE INFORMATION PRACTICES... 2 GENERAL INFORMATION
More information"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.
Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationII.C.4. Policy: Southeastern Technical College Computer Use
II.C.4. Policy: Southeastern Technical College Computer Use 1.0 Overview Due to the technological revolution in the workplace, businesses such as Southeastern Technical College (STC) have turned to computer
More informationNorth Carolina Health Information Exchange Authority. User Access Policy for NC HealthConnex
North Carolina Health Information Exchange Authority User Access Policy for NC HealthConnex North Carolina Health Information Exchange Authority User Access Policy for NC HealthConnex Introduction The
More informationData Privacy Statement for myportal to go
Data Privacy Statement for myportal to go Contents 1. Scope... 2 2. Data Handled by Unify Through myportal to go... 2 3. Disclosure of Your Personal Data... 3 4. Accessing, Correcting and Deleting Your
More informationDATA PROTECTION POLICY THE HOLST GROUP
DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller
More informationLakeshore Technical College Official Policy
Policy Title Original Adoption Date Policy Number Information Security 05/12/2015 IT-720 Responsible College Division/Department Responsible College Manager Title Information Technology Services Director
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationPRIVACY POLICY OF THE WEB SITE
PRIVACY POLICY OF THE ERANOS FOUNDATION Introductory remarks The Eranos Foundation respects your privacy! Privacy policy EU Norm 2016-769 GDPR 1 We do not sell or distribute any information that we acquire
More informationTexas Health Resources
Texas Health Resources POLICY NAME: Remote Access Page 1 of 7 1.0 Purpose: To establish security standards for remote electronic Access to Texas Health Information Assets. 2.0 Policy: Remote Access to
More informationOpen Data Policy City of Irving
Open Data Policy City of Irving 1. PURPOSE: The City of Irving is committed to fostering open, transparent, and accessible city government, and recognizes that by sharing data freely, the city will generate
More informationRules for Commissioned Processing. (DDV Declaration of Conformity)
Rules for Commissioned Processing (DDV Declaration of Conformity) Service provider (in the following Service Provider) Representative Street name and number Postal code, place E-mail address Website Version:
More informationIT CHARTER. Révisée le 7 janvier 2014
SECTION 1... 1 Preamble... 1 Scope of application... 2 SECTION 2... 2 Rules of good practice... 2 SECTION 3... 4 Systems Administrators... 4 SECTION 4... 5 Accounts and passwords... 5 SECTION 5... 6 Security...
More informationTERMS AND CONDITIONS OF PROVIDING ELECTRONIC SERVICES. 1. General provisions
TERMS AND CONDITIONS OF PROVIDING ELECTRONIC SERVICES 1. General provisions 1. Under Article 8.1.1 of the Polish Law of 18 July 2002 on the Provision of Electronic Services (Journal of Laws of 2016, item
More informationElectronic Network Acceptable Use Policy
Electronic Network Acceptable Use Policy 2016-2017 www.timothychristian.com ELECTRONIC NETWORK ACCEPTABLE USE POLICY Electronic Network This Policy is intended to serve as a guide to the scope of TCS s
More informationWireless Communication Device Use Policy
Wireless Communication Device Use Policy Introduction The Wireless Communication Device Policy exists to provide guidance to employees regarding the acquisition and use of William Paterson University provided
More informationGEWISS S.p.A. IT CODE OF CONDUCT
GEWISS S.p.A. IT CODE OF CONDUCT Approved by the Board of Directors on 25 th July 2012 CONTENTS INTRODUCTION... 3 1. DEFINITIONS... 3 2. COMPANY INFORMATION SYSTEMS - GENERAL RULES... 3 3. USE OF INFORMATION
More informationPlatform Privacy Policy (Tier 2)
Platform Privacy Policy (Tier 2) Updated: May 24, 2018 Hurify Digital Markets, Inc. ( Hurify ) is committed to protecting your privacy and ensuring you have a positive experience using our products and
More informationRUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology
RUTGERS POLICY Section: 70.2.8 Section Title: Legacy UMDNJ policies associated with Information Technology Policy Name: Information Security: Acceptable Use Formerly Book: 95-01-09-05:00 Approval Authority:
More informationChildren s Health System. Remote User Policy
Children s Health System Remote User Policy July 28, 2008 Reason for this Policy This policy defines standards for connecting to the Children s Health System (CHS) network from any remote host. These standards
More informationPRIVACY POLICY Let us summarize this for you...
PRIVACY POLICY Let us summarize this for you... We promise to never sell your personal information. This site collects usage information to provide a better web experience for our users. If you purchase
More informationETHIOPIAN NATIONAL ACCREDITATION OFFICE. Minimum Requirements For The Operation Of Product Certification Bodies
ETHIOPIAN NATIONAL ACCREDITATION OFFICE Minimum Requirements For The Operation Of Product Certification Bodies April 2011 Page 1 of 7 NO CONTENTS Page 1. Introduction 2 2. Scope 2 3. Definitions 2 4 Management
More informationACCEPTABLE USE ISO INFORMATION SECURITY POLICY. Author: Owner: Organisation: Document No: Version No: 1.0 Date: 10 th January 2010
INFORMATION SECURITY POLICY EMAIL ACCEPTABLE USE ISO 27002 7.1.3 Author: Owner: Organisation: Document No: Chris Stone Ruskwig TruePersona Ltd SP-7.1.3 No: 1.0 Date: 10 th January 2010 Copyright Ruskwig
More informationINFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES
INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES 1. INTRODUCTION If you are responsible for maintaining or using
More informationUse of data processor (external business unit)
Published with the support of: Code of conduct for information security www.normen.no Use of data processor (external business unit) Supporting document Fact sheet no 10 Version: 4.0 Date: 12 Feb 2015
More informationGuest Wireless Policy
Effective: April 1, 2016 Last Revised: November 27, 2017 Responsible University Office: Information Technology Services Responsible University Administrator: Chief Information Officer Policy Contact: Deb
More informationInformation Security Management Criteria for Our Business Partners
Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents
More informationLearning Management System - Privacy Policy
We recognize that visitors to our Learning Management System (LMS) may be concerned about what happens to information they provide when they make use of the system. We also recognize that education and
More informationEffective security is a team effort involving the participation and support of everyone who handles Company information and information systems.
BACKED BY REFERENCE GUIDE Acceptable Use Policy GENERAL GUIDANCE NOTE: This sample policy is not legal advice or a substitute for consultation with qualified legal counsel. Laws vary from country to country.
More informationData Processing Agreement
Data Processing Agreement between The Data Controller Name Address Postcode and city Country and The Data Processor Idha Sweden AB Norra vägen 28 856 50 Sundsvall Sweden] Page 1 of 15 1 Content 2 Data
More informationDepartment of Public Health O F S A N F R A N C I S C O
PAGE 1 of 9 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationAcceptable Use Policy
Acceptable Use Policy 1. Overview The Information Technology (IT) department s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Quincy College s established
More informationWireless Communication Device Policy Policy No September 2, Standard. Practice
Standard This establishes the business need and use of cellular phones (hereinafter referred to as wireless communication devices ) as an effective means of conducting City of Richland business, and to
More informationInternet Service Provider Agreement
Internet Service Provider Agreement 1. Introduction By using this Internet service ( Service ) you agree to be bound by this Agreement and to use the Service in compliance with this Agreement, our Acceptable
More informationGeneral Terms and Conditions of Participation
General Terms and Conditions of Participation Version 1, 4 May 2016 1. Scope The University of Passau, Innstraße 41, 94032 Passau, provides as an accompaniment to the EU-funded research project "ihearu"
More informationData Processing Agreement
Data Processing Agreement Addendum to the Main Contract between Simonsen Chartering Aps Christiansmindevej 74 CBR no.: 20702206 (hereinafter referred to as the Shipping Company ) and 3 rd party processing
More information