|
|
- Lenard Hudson
- 5 years ago
- Views:
Transcription
1 Use of Central Authorisation Service Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be read in conjunction with this document. This code of practice is also qualified by The University of Edinburgh computing regulations, found at: 1. Code of Practice Version Revision Date CoP Template Author Notes Version Version 25 th January Graeme Wood Initial draft /09/ Tony Weir Minor edit 04/09/ Graeme Wood Minor edit 29/9/ Graeme Wood Minor edit 6/11/ Graeme Wood Minor edit QA Date QA Process Notes 15 Dec 2014 ITC Sec Working Gp Suggested date for Revision of the CoP January 2014 January 2016 Author Graeme Wood Graeme Wood 2. System description Revision Date System Author Notes Version N/a N/a N/a N/a Use of Central Authorisation Service Code of Practice 1
2 2.1 System name Central Authorisation Service. May also be known as central auth or cauth. 2.2 Description of system The service is an LDAP directory containing information about identities and the access rights they may have to other services. 2.3 Data The directory contains information fed to it from the Identity Management Service about identities and group information from Grouper. These include university usernames and associated data about their place within the university hierarchy, address, Unix UID, full name, identity category e.g. staff/student/alumnus/visitor, entitlements to services and group memberships. 2.4 Components The service comprises four replicated LDAP directory servers and two replicated Identity Management System connector systems to feed data from the IDM into the directory. 2.5 System owner Information Services ITI Unix Section 2.6 User base Any user identity in the university, i.e. anyone with an assigned university username and password, can query the directory for information. The data may also be queried programmatically to enable authorisation decisions for access to services based on the information in the directory e.g. apache LDAP group authorisation to web pages. 2.7 Criticality High 2.8 Disaster recovery status A disaster recovery plan is not in place since the service is highly resilient and replicated on multiple servers across multiple sites. Schools are recommended to create their own local replicas for greater resiliency. Use of Central Authorisation Service Code of Practice 2
3 3. User responsibilities 3.1 Data Data provided by the central authorisation service should not be made accessible to anyone outside the university or contracted university service providers. The data comprises personal data and is protected by the Data Protection Act and data protection policies of the University. 3.2 Usernames and passwords Off-site access to the service is protected by University Username and EASE password. 3.3 Physical security The servers are located within secure data centres operated by Information Services. 3.4 Remote/mobile working Data extracted from the LDAP directory by an authenticated remote user should not be republished or made available to any non-member of the University unless contracted by the University to provide a service on its behalf. Users should protect any device that may use the LDAP directory with suitable locks or password protection and 3.5 Downloads and removal of data from premises 3.6 Authorisation and access control maintain physical security of their equipment. Data downloaded from the LDAP directory should be protected, since it contains personal data, and should not be made available to any non-member of the university unless contracted by the University to provide a service on its behalf. All University users have read access to the data. System administrative access is granted to members of the Information Services ITI Unix Section and defined by their membership of that team and being granted specific login access to the servers. 3.7 Competencies No special knowledge is required for people to securely access the service. Knowledge of how to construct LDAP queries and the directory schema are required in order to use the service. Information to assist users is published on the University Website and the Central Authorisation Service wiki pages. Use of Central Authorisation Service Code of Practice 3
4 4. System Owner Responsibilities 4.1 Competencies The ITI Unix Section has members of staff with many years of experience in managing Unix services and LDAP directories on Unix. They are highly skilled at maintaining such systems and identifying potential security issues. 4.2 Operations The systems are regularly maintained through a patch regime. Security incident sites are monitored proactively. The service undergoes regular hardware refresh cycle over 4 to 5 years to ensure all components are kept up to date 4.3 System documentation End user documentation is provided on the IS section of theuniversity Website and the Central Authorisation Service wiki. Operational and system documentation is on the ITI Unix Section wiki. 4.4 Segregation of Duties ITI Unix Section staff have full login access controlled by EASE login to the servers running the service. No other user has access to the physical servers. All other access is through LDAP queries to the directory, which may require authentication for off-site access, or to update data. 4.5 Security incidents All security incidents are reported to the IS IRT team and are logged and handled by them. The ITI Unix Section will then review the incident/logs and depending on the nature of the incident take appropriate action and report back to IRT. 4.6 Fault/problem reporting 4.7 Systems development Security incidents are reported to the ITI Unix Section head, who will inform the ITI Director as appropriate. Faults and problems should be reported to the IS Helpline who would then escalate to 2nd and 3rd line support if necessary. Systems development takes place within the IS Unix Section on test and development systems before live deployment. The software stack used for the services makes use of open-source packages and th e appropriate community channels for support are used and contributed to as appropriate. Use of Central Authorisation Service Code of Practice 4
5 5. System Management 5.1 User account management User accounts on the physical servers are only provided to IS ITI Unix Section staff. These are maintained manually. 5.2 Access control Access control is maintained using access control lists defined within the directory itself. This limits unauthenticated lookups to the University network for instance and write access to specific users and systems. 5.3 Access monitoring Access logs are maintained on the servers to ensure the correct operation of the service and the service security. 5.4 Change control Change management is organised through ITI Unix Section service management procedures for significant changes to the service. Major outages to the service to put in place such changes are signed off by reference to the Helpline and Operations teams in IS User Services division and to the Applications Division. Minor changes are normally carried out as a request to fix a fault resulting from an incident or change request and are signed off by the ITI Unix Section service manager. 5.5 Systems clock synchronisation All servers synchronise their clocks to UTC using the NTP protocol. 5.6 Network management The servers are behind the university's Cisco FWSM firewall that is managed by ITI Network Section. Additionally the servers implement their own IP access controls to limit access to services running on the servers. 5.7 Business continuity The service is replicated across multiple servers in three locations over two sites. This is intended to be extended to a third site. Schools are also encouraged to replicate the directory data to directory servers within their schools. 5.8 Security Control The LDAP directory provides a mechanism of ACLs within itself to authorise access to the data. This can be used to restrict access to particular data attributes to specific accounts or IP addresses. Use of Central Authorisation Service Code of Practice 5
6 6. Third Party 6.1 Outsourcing Not applicable. 6.2 Contracts and Agreements 6.3 Compliance with the university security policy Support contracts are in place for the hardware and operating system of the servers. Occasionally engineers from the hardware supplier may come onsite to enact repairs. Components that may contain University data e.g. hard disks, that are replaced are securely handled and data is destroyed securely. The agreements comply with the university's scurity policy. 6.4 Personal data No personal data is provided to third-parties for the purposes of providing or maintaining the service. However, University service partners contracted to provide services to the University may be provided monitored access to the service in order to provide their contracted services. Use of Central Authorisation Service Code of Practice 6
Use of Wiki Code of Practice
Use of Wiki Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be read in conjunction with this document: http://www.ed.ac.uk/schools-departments/information-services/about/policies-andregulations/security-policies/security-policy
More informationNetwork Security Policy
Network Security Policy Date: January 2016 Policy Title Network Security Policy Policy Number: POL 030 Version 3.0 Policy Sponsor Policy Owner Committee Director of Business Support Head of ICU / ICT Business
More informationIT Services IT LOGGING POLICY
IT LOGGING POLICY UoW IT Logging Policy -Restricted- 1 Contents 1. Overview... 3 2. Purpose... 3 3. Scope... 3 4. General Requirements... 3 5. Activities to be logged... 4 6. Formatting, Transmission and
More informationSERVICE DESCRIPTION. Population Register Centre s online services
SERVICE DESCRIPTION Population Register Centre s online services SERVICE DESCRIPTION [Number] 2 (12) DOCUMENT MANAGEMENT Owner Author Checked by Approved by Pauli Pekkanen Project Working Group Reko-Aleksi
More informationServer Security Policy
Server Security Policy Date: Januray 2016 Policy Title Server Security Policy Policy Number: POL 029 Version 3.0 Policy Sponsor Policy Owner Committee Director of Business Support Head of ICU / ICT Business
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationITD SERVER MANAGEMENT PROCEDURE
ITD SERVER MANAGEMENT PROCEDURE PURPOSE This procedure ensures the operation and maintenance of all ITD servers in a safe and effective fashion. This is achieved by the routine monitoring and timely update
More informationWeb-Hosting: Service Level Agreement
Web-Hosting: Service Level Agreement Aims of the Service The Web Hosting service provides an internal environment for hosting static websites or small-scale web applications. The service aims to provide
More informationEchidna Concepts Guide
Salt Group Concepts Guide Version 15.1 May 2015 2015 Salt Group Proprietary Limited. All rights reserved. Information in this document is subject to change without notice. The software described in this
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationAccess to University Data Policy
UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public
More informationEnsure that all windows servers are patched and virus checked to the correct levels and that changes are made in line with ISO standards
Job description and person specification Senior ICT Officer Reports to: ICT Manager Purpose This role supports the provision of a high quality and measurable ICT infrastructure support service whilst delivering
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationData protection policy
Data protection policy Context and overview Introduction The ASHA Centre needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees
More informationGetting Started with. SupportDesk. House-on-the-Hill Software Ltd. SupportDesk Green
Getting Started with SupportDesk House-on-the-Hill Software Ltd SupportDesk Green Software Copyright 1993-2007 House-On-The-Hill Software Ltd. All Rights Reserved. Manual Copyright 1993-2007 House-On-The-Hill
More informationApril Appendix 3. IA System Security. Sida 1 (8)
IA System Security Sida 1 (8) Table of Contents 1 Introduction... 3 2 Regulatory documents... 3 3 Organisation... 3 4 Personnel security... 3 5 Asset management... 4 6 Access control... 4 6.1 Within AFA
More informationData protection. 3 April 2018
Data protection 3 April 2018 Policy prepared by: Ltd Approved by the Directors on: 3rd April 2018 Next review date: 31st March 2019 Data Protection Registration Number (ico.): Z2184271 Introduction Ltd
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationGLOBAL PAYMENTS AND CASH MANAGEMENT. Security
GLOBAL PAYMENTS AND CASH MANAGEMENT Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationControl-M and Payment Card Industry Data Security Standard (PCI DSS)
Control-M and Payment Card Industry Data Security Standard (PCI DSS) White paper PAGE 1 OF 16 Copyright BMC Software, Inc. 2016 Contents Introduction...3 The Need...3 PCI DSS Related to Control-M...4 Control-M
More informationICT Security Policy. ~ 1 od 21 ~
ICT Security Policy ~ 1 od 21 ~ Index 1 INTRODUCTION... 3 2 ELEMENTS OF SECURITY CONTROL... 4 2.1 INFORMATION MEDIA MANAGEMENT... 4 2.2 PHYSICAL PROTECTION... 6 2.3 COMMUNICATION AND PRODUCTION MANAGEMENT...
More informationQ&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )
Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR ) May 2018 Document Classification Public Q&A for Citco Fund Services clients in relation to The General Data Protection
More informationUse of data processor (external business unit)
Published with the support of: Code of conduct for information security www.normen.no Use of data processor (external business unit) Supporting document Fact sheet no 10 Version: 4.0 Date: 12 Feb 2015
More informationService Description: Software Support
Page 1 of 1 Service Description: Software Support This document describes the service offers under Cisco Software Support. This includes Software Support Service (SWSS), Software Support Basic, Software
More informationData Security at Smart Assessor
Data Security at Smart Assessor Page 1 Contents Data Security...3 Hardware...3 Software...4 Data Backups...4 Personnel...5 Web Application Security...5 Encryption of web application traffic...5 User authentication...5
More informationVersion v November 2015
Service Description HPE Project and Portfolio Management on Software-as-a- Service Version v2.0 26 November 2015 This Service Description describes the components and services included in HPE Project and
More informationGuide to information backup in general practice
Guide to information backup in general practice racgp.org.au Healthy Profession. Healthy Australia. Guide to information backup in general practice Disclaimer The information set out in this publication
More informationData Warehouse. T rusted Application. P roject. Trusted System. T echnology. System. Trusted Network. Physical Security
T rusted Application Trusted System Trusted Network Physical Security System T echnology Data Warehouse P roject Filetransfer Access right just on the data transfer directories Mailbox L oadprocess Data
More information3 rd Party Certification of Compliance with MA: 201 CMR 17.00
3 rd Party Certification of Compliance with MA: 201 CMR 17.00 The purpose of this document is to certify the compliance of Strategic Information Resources with 201 CMR 17.00. This law protects the sensitive
More informationService Description: Software Support
Page 1 of 6 Service Description: Software Support This document describes the service offers under Cisco Software Support. This includes Software Support Service (SWSS), Software Support Basic, Software
More informationPolicy. Business Resilience MB2010.P.119
MB.P.119 Business Resilience Policy This policy been prepared by the Bi-Cameral Business Risk and Resilience Group and endorsed by the Management Boards of both Houses. It is effective from December to
More informationAccess Control Policy
Access Control Policy Version Control Version Date Draft 0.1 25/09/2017 1.0 01/11/2017 Related Polices Information Services Acceptable Use Policy Associate Accounts Policy IT Security for 3 rd Parties,
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationCisco Expressway Authenticating Accounts Using LDAP
Cisco Expressway Authenticating Accounts Using LDAP Deployment Guide Cisco Expressway X8.5 December 2014 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration 4
More informationIT Services Policy. DG19 Remote Access. Prepared by: < Shelim Miah> Version: 2.0
IT Services Policy DG19 Remote Access Prepared by: < Shelim Miah> Version: 2.0 Page 1 of 8 Description & Target Audience: This document outlines the use of remote access for IT Support activities and users
More informationIBM Security Identity Manager Version Administration Topics
IBM Security Identity Manager Version 6.0.0.5 Administration Topics IBM Security Identity Manager Version 6.0.0.5 Administration Topics ii IBM Security Identity Manager Version 6.0.0.5: Administration
More informationManaged Services OVERVIEW
Managed Services OVERVIEW overview 24/7 Support Services Tailored for large and small businesses MANAGED SERVICES 3 MONITORING AND ALERTING SERVICE 4 SUMMARY 4 DESCRIPTION 4 MONITORING 4 ALERTING 4 RESPONSIBILITY
More informationOracle Risk Management Cloud
Oracle Risk Management Cloud Release 12 New Feature Summary December 2016 TABLE OF CONTENTS REVISION HISTORY... 3 COMMON TECHNOLOGIES... 4 APPLICATIONS SECURITY... 4 User Account Management... 5 Administrator
More informationSecurity Principles for Stratos. Part no. 667/UE/31701/004
Mobility and Logistics, Traffic Solutions Security Principles for Stratos Part no. THIS DOCUMENT IS ELECTRONICALLY APPROVED AND HELD IN THE SIEMENS DOCUMENT CONTROL TOOL. All PAPER COPIES ARE DEEMED UNCONTROLLED
More informationEnd User Terminal Service
Service Definition End User Terminal Service V1.0 Signoff Name Role Signature & Date Jim Leeper Acting, Delivery Services Manager Page 1 24/04/2012 Document Control Information Document Change History
More informationICT Systems Administrative Password Procedure
ICT Systems Administrative Password Procedure Related Policy Responsible Officer Approved by Approved and commenced July, 2014 Review by July, 2017 Responsible Organisational Unit ICT Security Policy ICT
More informationWindows Server 2003 Network Administration Goals
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts relating to Windows Server 2003 network management
More informationRemote Access Policy
2016-2017 Remote Access Policy Introduction In order for SIPS IT to provide effective support for an MIS system, remote access to your MIS server is imperative. This document outlines the terms and conditions
More informationSAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2
APPENDIX 2 SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION This document contains product information for the Safecom SecureWeb Custom service. If you require more detailed technical information,
More informationBT Assure Cloud Identity Annex to the General Service Schedule
1 Defined Terms The following definitions apply, in addition to those in the General Terms and Conditions and the General Service Schedule of the Agreement. Administrator means a Customer-authorised person
More informationInformation Security Data Classification Procedure
Information Security Data Classification Procedure A. Procedure 1. Audience 1.1 All University staff, vendors, students, volunteers, and members of advisory and governing bodies, in all campuses and locations
More informationLESSOR Group CVR no.:
Independent service auditor s assurance report on the description of controls, their design and operating effectiveness regarding the operation of hosted services for the period 01-04-2017 to 31-03-2018
More informationCisco TelePresence Authenticating Cisco VCS Accounts Using LDAP
Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP Deployment Guide Cisco VCS X8.2 D14465.07 June 2014 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration
More informationModule 4 STORAGE NETWORK BACKUP & RECOVERY
Module 4 STORAGE NETWORK BACKUP & RECOVERY BC Terminology, BC Planning Lifecycle General Conditions for Backup, Recovery Considerations Network Backup, Services Performance Bottlenecks of Network Backup,
More informationUse of data processor (external business unit)
Published with the support of: Code of conduct for information security www.normen.no Use of data processor (external business unit) Supporting document Fact sheet no 10 Version: 3.0 Date: 15 Dec 2010
More informationPolicy on the Provision of Mobile Phones
Provision of Mobile Phones Policy on the Provision of Mobile Phones Originator name: Section / Dept: Implementation date: Date of next review: Related policies: Policy history: Roger Stickland Approval
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More information2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.
Diageo Third Party Hosting Standard 1. Purpose This document is for technical staff involved in the provision of externally hosted solutions for Diageo. This document defines the requirements that third
More informationWeb Hosting: Mason Home Page Server (Jiju) Service Level Agreement 2012
Web Hosting: Mason Home Page Server (Jiju) Service Level Agreement 2012 Table of Contents 1 General Overview... 2 2 Service Description... 2 2.1 Service Scope... 2 2.1.1 Eligibility Requirements... 2 2.1.2
More informationDue Diligence March 2018 Page 1 of 6. Company
Page 1 of 6 Company Company details Services offered Selectapension Limited, Selectapension House, Eridge Road, Crowborough, East Sussex, TN6 2SL, 01892 669494, www.selectapension.com. Registered in England
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationCONNX SECURITY OVERVIEW
CONNX SECURITY OVERVIEW ConnX is a web-based application which can be installed in a variety of technical environments. This purpose of this document is to advise you on the security aspects that are provided
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationCyber Essentials Questionnaire Guidance
Cyber Essentials Questionnaire Guidance Introduction This document has been produced to help companies write a response to each of the questions and therefore provide a good commentary for the controls
More informationAuthenticating Cisco VCS accounts using LDAP
Authenticating Cisco VCS accounts using LDAP Cisco TelePresence Deployment Guide Cisco VCS X6 D14526.04 February 2011 Contents Contents Document revision history... 3 Introduction... 4 Usage... 4 Cisco
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationLDAP/AD v1.0 User Guide
LDAP/AD v1.0 User Guide For v6.5 systems Catalog No. 11-808-615-01 Important changes are listed in Document revision history at the end of this document. UTC 2017. throughout the world. All trademarks
More informationLESSOR Group CVR no.:
Independent service auditor s assurance report on the description of controls, their design and operating effectiveness regarding the operation of hosted services for the period 01-04-2016 to 31-03-2017
More informationCredentials Policy. Document Summary
Credentials Policy Document Summary Document ID Credentials Policy Status Approved Information Classification Public Document Version 1.0 May 2017 1. Purpose and Scope The Royal Holloway Credentials Policy
More informationVMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager
VMware Identity Manager Cloud Deployment DEC 2017 VMware AirWatch 9.2 VMware Identity Manager You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationTable of Contents. PCI Information Security Policy
PCI Information Security Policy Policy Number: ECOMM-P-002 Effective Date: December, 14, 2016 Version Number: 1.0 Date Last Reviewed: December, 14, 2016 Classification: Business, Finance, and Technology
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationERMS Folder Development and Access Process
Electronic Records Management System () Process Guide 3 Folder Development and Access Process 1. Purpose The Folder Development and Access Process outlines the actions required to create folders, provide
More informationRemote Working Policy
[Type text] [Type text] [Type text] Information Management & Policy Services (IMPS) Remote Working Policy 1 Scope and definitions 1.1 This policy applies to all staff who use or access University systems
More informationProhire Software Systems Limited ("Prohire")
Prohire Software Systems Limited ("Prohire") White paper on Prohire GDPR compliance measures 11 th May 2018 Contents 1. Overview 2. Legal Background 3. How Prohire complies 4. Wedlake Bell 5. Conclusion
More informationAn Introduction to VRS (Visitor Registration System)
An Introduction to VRS (Visitor Registration System) Edition 1 March 2016 Document Reference: 3851_v2-2018 An Introduction to VRS (Visitor Registration System) Contents 1. Introduction Who is a visitor
More informationISAE 3402-II. LESSOR Group. April 2016
Independent service auditor s assurance report on the description of controls, their design and operating effectiveness regarding the operation of hosted services for the period 01-04-2015 to 31-03-2016
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationInformation Technology Access Control Policy & Procedure
Information Technology Access Control Policy & Procedure Version 1.0 Important: This document can only be considered valid when viewed on the PCT s intranet/u: Drive. If this document has been printed
More informationCorporate Information Security Policy
Overview Sets out the high-level controls that the BBC will put in place to protect BBC staff, audiences and information. Audience Anyone who has access to BBC Information Systems however they are employed
More informationCAMPUSPRESS TECHNICAL & SECURITY GUIDE
CAMPUSPRESS TECHNICAL & SECURITY GUIDE CAMPUSPRESS 2 WHAT IS IN THIS GUIDE? TABLE OF CONTENTS INTRODUCTION... 3 HOSTING... 5 DATACENTERS & HOSTING REGIONS... 6 BACKUPS AND DISASTER RECOVERY... 8 RELIABILITY
More informationUWC International Data Protection Policy
UWC International Data Protection Policy 1. Introduction This policy sets out UWC International s organisational approach to data protection. UWC International is committed to protecting the privacy of
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Colin Sloey Implementation Date: September 2010 Version Number:
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationCAPABILITY STATEMENT
CAPABILITY STATEMENT Trident Health Services OUR MISSION Our mission is to be the best holistic supplier of IT services, and provide quality systems and cost effective, integrated solutions to all our
More informationService Level Agreement Domain Registration Services
Domain Registration Services 15 th March 2016 Not just another IT company Why? Because we think, react and deliver differently. Advise, Build, Support & Protect. It s what we do best, simple as that. We
More informationEnviro Technology Services Ltd Data Protection Policy
Enviro Technology Services Ltd Data Protection Policy 1. CONTEXT AND OVERVIEW 1.1 Key details Rev 1.0 Policy prepared by: Duncan Mounsor. Approved by board on: 23/03/2016 Policy became operational on:
More informationCall for Applications Post of IT Systems Engineer or Senior IT Systems Engineer I or Senior IT Systems Engineer II IT Services
Applications are invited for the post of IT Systems Engineer or Senior IT Systems Engineer I or Senior IT Systems Engineer II at the and as may be required by the University of Malta. Post of IT Systems
More informationCisco Meeting Management
Cisco Meeting Management Cisco Meeting Management 1.1 User Guide for Administrators September 19, 2018 Cisco Systems, Inc. www.cisco.com Contents 1 Introduction 4 1.1 The software 4 2 Deployment overview
More informationVersion v November 2015
Service Description HPE Quality Center Enterprise on Software-as-a-Service Version v2.0 26 November 2015 This Service Description describes the components and services included in HPE Quality Center Enterprise
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationSECURITY DOCUMENT. 550archi
SECURITY DOCUMENT 550archi Documentation for XTM Version 10.3 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of this publication may be reproduced or
More informationDaxko s PCI DSS Responsibilities
! Daxko s PCI DSS Responsibilities According to PCI DSS requirement 12.9, Daxko will maintain all applicable PCI DSS requirements to the extent the service prov ider handles, has access to, or otherwise
More informationA1 Information Security Supplier / Provider Requirements
A1 Information Security Supplier / Provider Requirements Requirements for suppliers & providers A1 Information Security Management System Classification: public Seite 1 Version history Version history
More informationInformation backup - diagnostic review Abertawe Bro Morgannwg University Health Board. Issued: September 2013 Document reference: 495A2013
Information backup - diagnostic review Abertawe Bro Morgannwg University Health Board Issued: September 2013 Document reference: 495A2013 Status of report This document has been prepared for the internal
More informationEXHIBIT A. - HIPAA Security Assessment Template -
Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,
More informationWaste Electrical and Electronic Equipment (WEEE)
Waste Electrical and Electronic Equipment (WEEE) Waste Management Report Guidance manual for WEEE Waste Management Report online submission. This document is for guidance only. It does not purport to be
More informationUCL Remote Access VPN Service Mac OS X User Guide
INFORMATION SERVICES DIVISION (ISD) NETWORK SERVICES GROUP UCL Remote Access VPN Service Mac OS X User Guide Version 3.0 Date 14 th November 2012 Author MC Document Details N/A Last Updated 03 October
More informationWHITE PAPER- Managed Services Security Practices
WHITE PAPER- Managed Services Security Practices The information security practices outlined below provide standards expected of each staff member, consultant, or customer staff member granted access to
More informationMigration and Building of Data Centers in IBM SoftLayer
Migration and Building of Data Centers in IBM SoftLayer Advantages of IBM SoftLayer and RackWare Together IBM SoftLayer offers customers the advantage of migrating and building complex environments into
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationStorage Made Easy. Mirantis
Storage Made Easy Providing an Enterprise File Fabric for Mirantis STORAGE MADE EASY ENTERPRISE FILE FABRIC FOR MIRANTIS The File Fabric is a comprehensive multi-cloud data security solution built on top
More informationv February 2016
Service Description HPE Application Performance Management on Software-as-a- Service v2.1 20 February 2016 This Service Description describes the components and services included in HPE Application Performance
More information