Identification and Authentication
|
|
- Alyson Jenkins
- 5 years ago
- Views:
Transcription
1 Identification and Authentication Example Policy Author: A Heathcote Date: 24/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created by statute, also known as NHS Digital.
2 Contents 1 Purpose 3 2 Scope 3 3 Applicability 3 4 Guidance 3 Terminology 3 Policy 3 Principles 3 Identification and Authentication Mechanisms 4 Remote Access Identification and Authentication Requirements 4 5 Key Words 5 Copyright 2017 Health and Social Care Information Centre. 2
3 1 Purpose The purpose of this Identification and Authentication Example Policy is to provide exemplar guidance in line with HMG and private sector best practice for the production of an organisation wide Identification and Authentication Policy. This is in order to allow the reader to produce the necessary policy and guidance for their business area and to ensure that the applicable and relevant security controls are set in place in line with the Department for Health, the wider NHS, health and social care and HMG requirements. 2 Scope The drafting of any policy governing the production of an Identification and Authentication policy for NHS systems, devices or applications and information deployed in support of NHS or health and social care business functions. 3 Applicability This Example Policy is applicable to and designed for use by any NHS, health and social care or associated organisations that use or have access to NHS systems and/or information at any level. 4 Guidance This Example Policy provides guidance on the production of an Identification and Authentication Policy. The Example Policy is in italics with areas for insertion shown as <> and the rationale for each paragraph or section, where required, in [.]. Terminology Term SHALL SHOULD MAY Definition This term is used to state a Mandatory requirement of this policy This term is used to state a Recommended requirement of this policy This term is used to state an Optional requirement Policy Principles Identification and authentication shall be used to identify and prove which users have accessed and utilised <insert name of organisation> systems and the data within them. The identification and authentication mechanism shall support the Access Control Policy requirements. Copyright 2017 Health and Social Care Information Centre. 3
4 Identification and authentication shall be used to identify and prove that access is authorised to encrypted media (such as laptops or USB sticks) utilized by <insert name of organisation> IT systems. [The aim of this section is to outline what identification and authentication achieves; i.e. that it is a mechanism to support access control to workstations, laptops, folders and electronic media.] Identification and Authentication Mechanisms Identification shall be achieved through username for individual users. Authentication of that username (identifier) shall be achieved through the use of one of the following mechanisms: Passwords these shall meet the <insert name of organisation> Password Policy. Tokens these may be defined or referred to as: hardware token, authentication token, USB token, cryptographic token, software token, virtual token or key fob. Biometrics - metrics related to human characteristics. These may include mechanisms that use fingerprint, face recognition, iris or retina recognition as the authentication character. Or a combination of any of these elements. The degree of authentication (single or 2 factor) shall be assessed for the level of protection required for the processed information and the risk factors to it by the Information Asset Owner (IAO) and Senior Information Risk Owner (SIRO). Where it is deemed 2 factor is required the authentication mechanisms shall be provided by different methods e.g. password and token. [This section is used to outline how identification and authentication can be achieved. It should be tailored to the mechanisms the organisation is likely to use. The decision on what mechanisms to use and whether single or two factor authentication is required is a risk based decision. For larger organisations this will be achieved via the IAOs, SIRO and CISO; for organisations using NHS managed assets (such as NHS managed networks or ) it will be defined by the system access requirements; whilst for smaller organisations the decision will be decided by the senior partners/owners and the information governance lead. As a general rule if the data to be accessed is sensitive 2 factor authentication should be considered as the policy requirement; if the data is normal office management single factor authentication is probably sufficient.] Remote Access Identification and Authentication Requirements Two factor authentication shall be used for all remote access to <insert name of organisation> IT systems processing OFFICIAL and OFFICIAL-SENSITIVE information or sensitive legacy NHS data. The two-factor authentication shall as a minimum be: Password with Secondary authentication such as a token or biometrics. Where possible the secondary authentication shall be an assured method, such as NCSC assured for OFFICIAL-SENSITIVE. Copyright 2017 Health and Social Care Information Centre. 4
5 The complexity of the password required shall be determined by the risk assessment of the IT system and shall be managed in accordance with the <insert name of organisation> Password Policy. [Where organisations, of whatever size, employ the use of remote access (i.e., from a laptop at home or on the road to access the organisation s network/data stores) then 2- factor authentication is recommended to be the minimum policy as single factor is more vulnerable. For smaller organisations this requirement may be reflected as a policy requirement for contracts that are arranged with third party IT providers who provide the IT network and/or remote access capability.] 5 Key Words Authentication, Biometric, Cryptographic, IAO, Identification, Password, Risk Assessment, SIRO, Token Copyright 2017 Health and Social Care Information Centre. 5
Hardware and Software Security
Hardware and Software Security Good Practice Guide Author: A Heathcote Date: 22/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre
More informationInformation Security Incident
Good Practice Guide Author: A Heathcote Date: 22/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body
More informationWye Valley NHS Trust. Data protection audit report. Executive summary June 2017
Wye Valley NHS Trust Data protection audit report Executive summary June 2017 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act
More informationData Security Standard 9 IT protection The bigger picture and how the standard fits in
Data Security Standard 9 IT protection The bigger picture and how the standard fits in 2018 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationState of Colorado Cyber Security Policies
TITLE: State of Colorado Cyber Security Policies Access Control Policy Overview This policy document is part of the State of Colorado Cyber Security Policies, created to support the State of Colorado Chief
More informationMobile Computing Policy
Mobile Computing Policy Overview and Scope 1. The purpose of this policy is to ensure that effective measures are in place to protect against the risks of using mobile computing and communication facilities..
More informationAccessing Encrypted s Guide for Non-NHSmail users
Accessing Encrypted Emails Guide for Non-NHSmail users April 2017 Version 2.1 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental
More informationINFORMATION TECHNOLOGY SECURITY POLICY
INFORMATION TECHNOLOGY SECURITY POLICY Author Responsible Director Approved By Data Approved September 15 Date for Review November 17 Version 2.3 Replaces version 2.2 Mike Dench, IT Security Manager Robin
More informationData Encryption Policy
Data Encryption Policy Document Control Sheet Q Pulse Reference Number Version Number Document Author Lead Executive Director Sponsor Ratifying Committee POL-F-IMT-2 V02 Information Governance Manager
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationPatient Reported Outcome Measures (PROMs)
Patient Reported Outcome Measures (PROMs) Published September 2017 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationCESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK
CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK Building resilience: 10 Steps to Cyber Security 1. Information Risk Management Regime 2. Secure
More informationCredentials Policy. Document Summary
Credentials Policy Document Summary Document ID Credentials Policy Status Approved Information Classification Public Document Version 1.0 May 2017 1. Purpose and Scope The Royal Holloway Credentials Policy
More informationPatient Information Security
Patient Information Security An overview of practice and procedure UK CAB Meeting 13th April 2012 Nathan Lea Senior Research Associate CHIME, UCL Overview - Questions that have been asked What happens
More informationHow to complete the NHSmail Social Care Provider Registration Portal
How to complete the NHSmail Social Care Provider Registration Portal April 2018 Version 1 Copyright 2018 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental
More informationHSCN Quality of Service (QoS) Policy
HSCN Quality of Service (QoS) Policy Published March 2018 Copyright 2018 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created by statute,
More informationHSCN Internet Protocol (IP) addressing policy
HSCN Internet Protocol (IP) addressing policy Published 24 May 2017 Copyright 2017Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationDevelopment Authority of the North Country Governance Policies
Development Authority of the North Country Governance Policies Subject: Electronic Signature Policy Adopted: March 28, 2018 (Annual Meeting) Resolution: 2018-03-35 Table of Contents SECTION 1.0 INTRODUCTION...
More informationInformation Security Controls Policy
Information Security Controls Policy Version 1 Version: 1 Dated: 21 May 2018 Document Owner: Head of IT Security and Compliance Document History and Reviews Version Date Revision Author Summary of Changes
More informationCIS 6930/4930 Computer and Network Security. Topic 6. Authentication
CIS 6930/4930 Computer and Network Security Topic 6. Authentication 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication Allow a user to
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationSocial care: local sponsorship model application process guidance
Social care: local sponsorship model application process guidance Published August 2017 Copyright 2017Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental
More informationICT Portable Devices and Portable Media Security
ICT Portable Devices and Portable Media Security Who Should Read This Policy Target Audience All Trust Staff, contractors, and other agents, who utilise trust equipment and access the organisation s data
More informationGMSS Information Governance & Cyber Security Incident Reporting Procedure. February 2017
GMSS Information Governance & Cyber Security Incident Reporting Procedure February 2017 Review Date; April 2018 1 Version Control: VERSION DATE DETAIL D1.0 20/04/2015 First Draft (SC) D 2.0 28/04/2015
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationTransition Network IP Addressing Policy
Transition Network IP Addressing Policy Version 0.5 1 November 2017 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationSmart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security
Smart Cards and Authentication Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security Payment Landscape Contactless payment technology being deployed Speeds
More informationNIST Security Certification and Accreditation Project
NIST Security Certification and Accreditation Project An Integrated Strategy Supporting FISMA Dr. Ron Ross Computer Security Division Information Technology Laboratory 1 Today s Climate Highly interactive
More informationCyber Essentials Questionnaire Guidance
Cyber Essentials Questionnaire Guidance Introduction This document has been produced to help companies write a response to each of the questions and therefore provide a good commentary for the controls
More informationINFORMATION ASSET MANAGEMENT POLICY
INFORMATION ASSET MANAGEMENT POLICY Approved by Board of Directors Date: To be reviewed by Board of Directors March 2021 CONTENT PAGE 1. Introduction 3 2. Policy Statement 3 3. Purpose 4 4. Scope 4 5 Objectives
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More informationDIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018
DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL June 14, 2018 A. Overriding Objective 1.1 This Directive establishes the rules and instructions for Bank Personnel with respect to Information
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationInformation technology Security techniques Telebiometric authentication framework using biometric hardware security module
INTERNATIONAL STANDARD ISO/IEC 17922 First edition 2017-09 Information technology Security techniques Telebiometric authentication framework using biometric hardware security module Technologies de l information
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationCyber Security Requirements for Electronic Safety and Security
This document is to provide suggested language to address cyber security elements as they may apply to physical and electronic security projects. Security consultants and specifiers should consider this
More informationDATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:
DATA PROTECTION SELF-ASSESSMENT TOOL Protecture: 0203 691 5731 Instructions for use touches many varied aspects of an organisation. Across six key areas, the self-assessment notes where a decision should
More informationNHSmail Skype for Business
NHSmail Skype for Business Mobile device installation guide Published December 2017 Version 3 Copyright 2017Health and Social Care Information Centre. The Health and Social Care Information Centre is a
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT Dell Data Protection Encryption Personal Edition Version 8.14.0 383-4-416 2 October 2017 v1.1 Government of Canada. This document is the property of the Government
More informationPharmacy - Frequently Asked Questions
Pharmacy - Frequently Asked Questions Published October 2017 Version 4 Copyright 2017Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body
More informationNational Policing - Accreditation Policy
Document Name File Name National Policing - Accreditation Policy National Policing Accreditation Policy v2_0.doc Authors David Critchley, Dave Jamieson and Antony Holland Reviewer Authorisation Police
More informationSecurity Principles for Stratos. Part no. 667/UE/31701/004
Mobility and Logistics, Traffic Solutions Security Principles for Stratos Part no. THIS DOCUMENT IS ELECTRONICALLY APPROVED AND HELD IN THE SIEMENS DOCUMENT CONTROL TOOL. All PAPER COPIES ARE DEEMED UNCONTROLLED
More informationIT Services Policy. DG19 Remote Access. Prepared by: < Shelim Miah> Version: 2.0
IT Services Policy DG19 Remote Access Prepared by: < Shelim Miah> Version: 2.0 Page 1 of 8 Description & Target Audience: This document outlines the use of remote access for IT Support activities and users
More informationNational Diabetes Audit and Diabetes Prevention Programme Pilot
National Diabetes Audit and Diabetes Prevention Programme Pilot MiQuest Query Guidance for Practices using SystmOne Published 13 March 2017 Copyright 2017 Health and Social Care Information Centre. The
More informationMRC Information Security Policy (IT_pg_003)
() Contents Policy statement... 3 1. Key principles... 3 2. Scope... 4 3. Purpose... 5 4. General considerations... 5 5. Accessing information and information assets... 5 6. Technical aspects... 6 7. Use
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationInformation Technology Security Plan (ITSP)
Information Technology Security Plan (ITSP) Table of Contents 1. Purpose... 3 2. Goal... 3 3. NIST Risk Management Framework... 3 4. Scope... 4 5. System Description... 4 6. Authorization Boundary... 5
More informationInformation Security Policy for Associates and Contractors
Information Security Policy for Associates and Contractors Version: 1.13 Date: 11 October 2016 Reference: 67972761 Location: Livelink Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationGuide to ITK Compliant Output Based Specification
Guide to ITK Compliant Output Based Specification Directorate DHID Document Record ID Key Division DS&P/ITK NPFIT-ELIBR-AREL-DST-0420.03 Chief Technology Officer Paul Jones Status Approved Owner Keith
More informationProtecting Personal Health Information on Mobile and Portable Devices. Guidance from the Information and Privacy Commissioner of Ontario
Protecting Personal Health Information on Mobile and Portable Devices Guidance from the Information and Privacy Commissioner of Ontario Why is the Protection of Personal Health Information (PHI) So Critical?
More informationData Security Standards
Data Security Standards Overall guide The bigger picture of where the standards fit in 2018 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a
More informationEncryption Guide for NHSmail
Encryption Guide for NHSmail December 2017 Version 3 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created by statute,
More informationPolicies, Procedures, Guidelines and Protocols. John Snell - Head of Workforce Planning, Systems and Contributors
Policies, Procedures, Guidelines and Protocols Document Details Title Staff Mobile Phone Policy Trust Ref No 2036-39774 Local Ref (optional) N/A Main points the document Procurement, allocation and use
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Interim Director
More informationInformation Governance Incident Reporting Procedure
Information Governance Incident Reporting Procedure : 3.0 Ratified by: NHS Bury CCG Quality and Risk Committee Date ratified: 15 th February 2016 Name of originator /author (s): Responsible Committee /
More informationt a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.
e info@ Mr. James Kavanagh Chief Security Advisor Microsoft Australia Level 4, 6 National Circuit, Barton, ACT 2600 19 August 2015 Microsoft CRM Online IRAP Assessment Letter of Compliance Dear Mr. Kavanagh,
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More informationQualification Specification. Level 2 Award in Cyber Security Awareness For Business
Qualification Specification Level 2 Award in Cyber Security Awareness For Business ProQual 2015 Contents Page Introduction 3 Qualification profile 3 Centre requirements 4 Support for candidates 4 Assessment
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationSERVICE DESCRIPTION. Population Register Centre s online services
SERVICE DESCRIPTION Population Register Centre s online services SERVICE DESCRIPTION [Number] 2 (12) DOCUMENT MANAGEMENT Owner Author Checked by Approved by Pauli Pekkanen Project Working Group Reko-Aleksi
More information5. The technology risk evaluation need only be updated when significant changes or upgrades to systems are implemented.
Annex to the Financial Services Businesses Handbook Using Technology in the Customer Due Diligence Process A.1. Technology Risk Evaluation 1. A financial services business must, prior to deciding whether
More informationJob Aid: Introduction to the RMF for Special Access Programs (SAPs)
Contents Terminology... 2 General Terminology... 2 Documents and Deliverables... 2 Changes in Terminology... 3 Key Concepts... 3 Roles... 4 Cybersecurity for SAPs: Roles... 5 Support/Oversight Roles...
More informationAssessment, Discharge and Withdrawal Notices between Hospitals and Social Services
Additional Messaging Guidance Document filename: Directorate / Programme Social Care Programme Project Assessment, Discharge and Withdrawal Notices Document Reference Senior Responsible Owner Simon Eccles
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT Dell EMC Elastic Cloud Storage v3.2 15 May 2018 383-4-439 V1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be altered,
More informationNHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy
NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationNational Policing Community Security Policy
Document Name File Name National Policing Community Security Policy Community_Security_Policy_FINAL v4_3.doc Authorisation Information Management Business Area Signed version held by National Police Information
More informationAlberta Reliability Standard Cyber Security Electronic Security Perimeter(s) CIP-005-AB-5
A. Introduction 1. Title: 2. Number: 3. Purpose: To manage electronic access to BES cyber systems by specifying a controlled electronic security perimeter in support of protecting BES cyber systems against
More informationTechnical Information Assurance Team Structure. and Role Description
Introduction Technical Information Assurance Team Structure and Role Description The Team is led by the Technical Information Assurance Leads. They are responsible for jointly managing the team, setting
More informationInformation Security Strategy
Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone
More informationAccess to University Data Policy
UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public
More informationBring Your Own Device (BYOD) Policy
SH IG 58 Information Security Suite of Policies Bring Your Own Device (BYOD) Policy Version 1 Summary: Keywords (minimum of 5): (To assist policy search engine) Target Audience: Next Review Date: This
More informationCongratulations! You just ordered IdentaMaster software package featuring Biometric login, File/Folder Encryption and Entire Drive Encryption.
INSTALLATION Congratulations! You just ordered IdentaMaster software package featuring Biometric login, File/Folder Encryption and Entire Drive Encryption. From this point on, you may install any additional
More informationSyllabus: The syllabus is broadly structured as follows:
Syllabus: The syllabus is broadly structured as follows: SR. NO. TOPICS SUBTOPICS 1 Foundations of Network Security Principles of Network Security Network Security Terminologies Network Security and Data
More informationBCS Level 4 Award in Risk Assessment QAN 603/0830/8
S Level 4 ward in Risk ssessment QN 603/0830/8 Specimen Paper Record your surname / last / family name and initials on the answer sheet. Specimen paper only 20 multiple-choice questions 1 mark awarded
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationSingapore s National Digital Identity (NDI):
Singapore s National Digital Identity (NDI): Leaving no one behind Kwok Quek Sin Director, National Digital Identity Programme Government Technology Agency PART 1 INTRODUCTION TO NDI Better Living For
More informationDesktop Configuration Guide for NHSmail
Desktop Configuration Guide for NHSmail Version 4 Published October 2017 Copyright 2017Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body
More informationBring Your Own Devices (BYOD) Information Governance Guidance
Bring Your Own Devices (BYOD) Information Governance Guidance 1. Purpose The purpose of this document is to provide guidelines that will support organisations considering whether to enable the use of Bring
More informationImplementing Electronic Signature Solutions 11/10/2015
Implementing Electronic Signature Solutions 11/10/2015 Agenda Methodology, Framework & Approach: High-Level Overarching Parameters Regarding Electronic Service Delivery Business Analysis & Risk Assessment
More informationNetwork Security Policy
Network Security Policy Date: January 2016 Policy Title Network Security Policy Policy Number: POL 030 Version 3.0 Policy Sponsor Policy Owner Committee Director of Business Support Head of ICU / ICT Business
More informationCompliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security
Panda Security Compliance of Panda Products with General Data Protection Regulation (GDPR) 1 Contents 1.1. SCOPE OF THIS DOCUMENT... 3 1.2. GENERAL DATA PROTECTION REGULATION: OBJECTIVES... 3 1.3. STORED
More informationUse of Mobile Devices on Voice and Data Networks Policy
World Agroforestry Centre Policy Series MG/C/4/2012 Use of Mobile Devices on Voice and Data Networks Policy One of the policies on information security and business continuity which will be audited by
More informationSWAMID Person-Proofed Multi-Factor Profile
Document SWAMID Person-Proofed Multi-Factor Profile Identifier http://www.swamid.se/policy/assurance/al2mfa Version V1.0 Last modified 2018-09-12 Pages 10 Status FINAL License Creative Commons BY-SA 3.0
More informationCardiff University Security & Portering Services (SECTY) CCTV Code of Practice
Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice Document history Author(s) Date S Gamlin 23/05/2018 Revision / Number Date Amendment Name Approved by BI annual revision Date
More informationINFORMATION SECURITY POLICY
Open Open INFORMATION SECURITY POLICY OF THE UNIVERSITY OF BIRMINGHAM DOCUMENT CONTROL Date Description Authors 18/09/17 Approved by UEB D.Deighton 29/06/17 Approved by ISMG with minor changes D.Deighton
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT WorkCentre 7525/7530/7535/7545/7556 with FIPS 140-2 Compliance over SNMPv3 25 July 2016 v1.0 383-4-371 Government of Canada. This document is the property of the Government
More informationINFORMATION TO BE GIVEN 2
(To be filled out in the EDPS' office) REGISTER NUMBER: 1423 (To be filled out in the EDPS' office) NOTIFICATION FOR PRIOR CHECKING DATE OF SUBMISSION: 03/01/2017 CASE NUMBER: 2017-0015 INSTITUTION: ESMA
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationUNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)
UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) Koji NAKAO, NICT, Japan (Expert of UNECE WP29/TFCS) General Flow of works in WP29/TFCS and OTA Data protection
More informationInformation Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC
Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/protect/ndcbf_
More information21 CFR Part 11 LIMS Requirements Electronic signatures and records
21 CFR Part 11 LIMS Requirements Electronic signatures and records Compiled by Perry W. Burton Version 1.0, 16 August 2014 Table of contents 1. Purpose of this document... 1 1.1 Notes to version 1.0...
More informationThe University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems
The University of Texas at El Paso Information Security Office Minimum Security Standards for Systems 1 Table of Contents 1. Purpose... 3 2. Scope... 3 3. Audience... 3 4. Minimum Standards... 3 5. Security
More informationEHR SECURITY POLICIES & SECURITY SITE ASSESSMENT OVERVIEW WEBINAR. For Viewer Sites
EHR SECURITY POLICIES & SECURITY SITE ASSESSMENT OVERVIEW WEBINAR For Viewer Sites Agenda 1 Introduction and EHR Security Policies Background 2 EHR Security Policy Overview 3 EHR Security Policy Assessment
More informationCloud Security Standards
Cloud Security Standards Classification: Standard Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January 2018 Next
More informationData Quality Maturity Index (DQMI) Power BI Interactive Report User Guide
Data Quality Maturity Index (DQMI) Power BI Interactive Report User Guide Published 08 May 2018 Copyright 2018 Health and Social Care Information Centre. The Health and Social Care Information Centre is
More information