Facility Security Policy
|
|
- Derrick Casey
- 5 years ago
- Views:
Transcription
1 1. PURPOSE 1.1 The New Brunswick Institute for Research, Data and Training (NB-IRDT) is located in the University of New Brunswick. It consists of: (i) employee offices in Singer Hall and Keirstead Hall, and (ii) a Secure Facility that houses the NB-IRDT data resources and equipment located within Keirstead Hall. 1.2 The Secure Facility consists of three areas: (i) laboratory area with a series of workstations for researchers (lab); (ii) office with computers; and (iii) the Database Administrator s office containing computers and the servers (contained in a steel cage). A locked fireproof safe, which contains CDs of data is also housed in the Database Administrator s office. 1.3 The purpose of this policy is to describe the security protocol regarding entry into the Secure Facility. 2. SCOPE 2.1 This policy applies to NB-IRDT employees, approved users, visitors, UNB security personnel, cleaning and other service personal and all other persons with respect to accessing the Secure Facility. 3. DEFINITIONS 3.1 Approved Users: Individuals who have been issued an access code and a swipe card following the approval of access according to relevant procedures, including police background checks. Approved users may include students and trainees, researchers and other approved users of NB-IRDT such as government officers. 3.2 Employees: All full-time and part-time persons currently earning wages or salary from NB- IRDT (including the Director). 3.3 Secure Facility: The physical infrastructure housing the NB-IRDT data resources and equipment for accessing resources, located within units 316, 317 and 317-A Keirstead Hall, 38 Dineen Drive, on the University of New Brunswick campus. This building and external areas including the hallway are under University of New Brunswick security surveillance. 3.4 Security Personnel: Members of the UNB campus security team. 3.5 Service Personnel: Cleaning, maintenance or other servicing personnel who are either employees of UNB or contracted through UNB who require occasional access to carry out custodial or maintenance duties. 3.6 Visitor: Persons requesting access to the Secure Facility who are not NB-IRDT employees, service or security personnel, or approved users are deemed visitors regardless of the reason for their access. Approved by Vice President, Research, UNB: June 2017 Page 1 of 5
2 4. POLICY STATEMENTS 4.1 Access to the workstations, staff computers, server and the safe containing the CDs/flash drives of data is protected by multiple levels of security as described in the Table below: Physical Safeguards Protecting Access to Secure Facility Security Feature Type of Access Who has access* Main Door: Security Alarm Code Database Administrator Door Deadbolt Key ( Do not copy key) Database Administrator Door Keypad Entry System Code (PIN) Database Administrator NB-IRDT Staff (working hours) Approved Users (working hours) Electronic ID card access swipe pad Card Database Administrator NB-IRDT Staff (working hours) Approved Users (working hours) Office: Door Lock Key Database Administrator Database Administrator Office: Door lock Key Database Administrator Safe Combination Administrative Officer s assigned backup Safe Key Database Administrator Assigned Data Analyst backup Server Cage Key Database Administrator * UNB Security has access to all security features Approved by Vice President, Research, UNB: June 2017 Page 2 of 5
3 4.2 NB-IRDT employees and approved users must use their assigned key code and swipe card for each and every entry to the Secure Facility and must not share with or loan to anyone else. 4.3 NB-IRDT employees and approved users can only access the Secure Facility when the alarm is disabled and the deadbolt opened. 4.4 Cleaning, maintenance and any other services will only occur during regular business hours and when an NB-IRDT employee is present. Service personnel must have appropriate photo identification. 4.5 Access to the office and Database Administrator s office is only permitted when explicit permission is given and the person is accompanied by an NB-IRDT employee. 4.6 Approved users are limited to accessing the Secure Facility only during regular opening hours when an NB-IRDT full-time employee is physically present in the Secure Facility. 4.7 Approved users are not permitted to answer the door, regardless of identity of person. 4.8 Employees or approved users are not permitted to bring guests or visitors with them when accessing the Secure Facility unless they obtain approval in accordance with the process outlined in section 5.2 below. 4.9 Security personnel have authority to access the Secure Facility anytime throughout the day or night when called for emergency or when there is suspicion of unauthorized activity At the end of the day, the Database Administrator and/or employees follow a close-out checklist to ensure that: all workstations are shut down, all internal doors are locked, the safe and the server are locked, the main door deadbolt is locked, and the alarm is engaged. 5. PROCEDURES 5.1 Access by Employees and Approved Users Upon notification of a new employee or approved user, the Database Administrator will enter the approved start and end dates governing access in the access card system and give the individual an electronic swipe card. The individual is also assigned a 6 digit unique code for the keypad. This code cannot be changed without the assistance of the Database Administrator Upon notification that an individual has lost their swipe card, the Database Administrator will disable the access associated with the card Upon termination of an employee or an approved user, the Database Administrator will deactivate the access card and keypad PIN (if this occurs before the scheduled automated deactivation time). Approved by Vice President, Research, UNB: June 2017 Page 3 of 5
4 5.2 Access by Visitors All visitors MUST apply for access to the Secure Facility by submitting the Visitor Access Form to NB-IRDT. The Visitor Access Form must be completed prior to entry and can be submitted by , or other electronic means or in person at the NB- IRDT Administration Office. The Visitor Access Form must clearly indicate: the purpose of the visit, the employee who will be supervising their visit (visit coordinator), and the requested date and time of the visit The supervising employee will review the requirements and restrictions contained in this policy and the NB-IRDT Mobile Device Policy with the visitor before access occurs On the day of the visit, the visitor will first go to the NB-IRDT Administration Office and present one piece of photo identification to the Administrative Officer (or delegate). The Administrative Officer (or delegate) will contact the supervising employee and then escort the visitor to the Secure Facility The visitor will sign the Access Log Book and indicate the date and time of the entry The visitor will restrict their visit to the purpose described in Visitor Access Form and remain in the company of the supervising employee at all times Upon exit, the visitor will indicate the time in the Access Log Book. 5.3 Entry by Service Personnel Service personnel will arrange a time with the NB-IRDT Administration Office prior to arriving on site. A member of the NB-IRDT administration will await the service person in the hall outside the Secure Facility. Upon presenting appropriate photo identification the NB-IRDT employee will permit entry into the secure area An NB-IRDT employee will inform the personnel of the NB-IRDT Mobile Device Policy and will remain present in the secure facility while the services are being provided The service personnel will sign the Access Log Book and indicate the date and time of the entry and the purpose of visit The service personnel will restrict their visit to the original purpose indicated and be supervised by an employee Upon exit, the service personnel will indicate the time in the Access Log Book. Approved by Vice President, Research, UNB: June 2017 Page 4 of 5
5 6. ACCOUNTABILITY 6.1 The Administrative Officer is responsible to ensure that only the approved NB-IRDT employees obtain office keys. The Database Administrator is responsible to ensure that only NB-IRDT employees and approved users obtain electronic key cards and keypad codes. 6.2 NB-IRDT employees and approved users are accountable for the proper use and protection of any keys, key cards and keypad codes used at the Secure Facility or any of its offices. Employees and approved users are responsible to immediately report the loss or theft of keys or electronic swipe cards to the Database Administrator. 6.3 Supervising employees are responsible to ensure that: any visitors have been approved to visit, relevant policies have been explained, identification has been checked, Access Log Book entries are completed, mobile devices are not used, and that they remain in the area while the visitor is present. 6.4 NB-IRDT employees are responsible to check identification, remain in the area while service personnel are present and report to the Privacy Officer any attempted or actual breaches of this policy. 6.5 Visitors and service personnel are responsible for compliance with the applicable sections of this policy. 6.6 The Database Administrator is responsible to report any security breaches (actual or attempted) to the and/or Privacy Officer. 6.7 The Director or Privacy Officer is responsible to report any security breaches to the UNB Security Department. 7. MONITORING, AUDITING & REPORTING 7.1 The Database Administrator will regularly monitor the activities of approved users while in the Secure Facility. 7.2 On a weekly basis, the Database Administrator will review the electronic access control system log to review all access to the Secure Facility. 7.3 The Database Administrator will provide monthly reports to the Director with the numbers of individuals who accessed the Secure Facility. 7.4 All visits to the Secure Facility are recorded and Visitor Access Forms are retained by the Administrative Staff in accordance with the appropriate record retention schedules. Visitor Access Forms are also scanned and ed to UNB s Vice President (Research). 7.5 The Access Log Book is kept at the Secure Facility and retained in accordance with the appropriate record retention schedules. 7.6 The Privacy Officer will conduct random audits to compare the Visitor Access Forms with the Access Log Book to ensure: (i) compliance with the requirement for prior approval and (ii) that the proper information has been written in the Access Log Book. Approved by Vice President, Research, UNB: June 2017 Page 5 of 5
Privacy Breach Policy
1. PURPOSE 1.1 The purpose of this policy is to guide NB-IRDT employees and approved users on how to proceed in the event of a privacy breach, and to demonstrate to stakeholders that a systematic procedure
More informationData Centers and Mission Critical Facilities Access and Physical Security Procedures
Planning & Facilities Data Centers and Mission Critical Facilities Access and Physical Security Procedures Attachment B (Referenced in UW Information Technology Data Centers and Mission Critical Facilities
More informationUniversity Facilities Management (UFM) Access Control Procedure (non-residence areas)
University Facilities Management (UFM) Access Control Procedure (non-residence areas) Date of Issue: October 1, 2015 A. PURPOSE University Facilities Management s (UFM) Lock Shop Access Control Procedure
More informationXAVIER UNIVERSITY Building Access Control Policy
Effective: March 25, 2019 Last Updated: March 20, 2019 XAVIER UNIVERSITY Building Access Control Policy Responsible University Office: Auxiliary Services, Physical Plant Responsible Executive: Vice President,
More informationData Center Access Policies and Procedures
Data Center Access Policies and Procedures Version 2.0 Tuesday, April 6, 2010 1 Table of Contents UITS Data Center Access Policies and Procedures!3 Introduction!3. Overview!3 Data Center Access!3 Data
More informationCCBC is equipped with 3 computer rooms, one at each main campus location:
Policy: Computer Room Procedures Policy: Draft 12/14/2009 1.0 Purpose The purpose of this document is to establish procedures for the Community College of Baltimore County (CCBC) Information Technology
More informationCenteris Data Centers - Security Procedure. Revision Date: 2/28/2018 Effective Date: 2/28/2018. Site Information
Section 01 Document Information Creation Date: 12/1/2016 Centeris Data Centers - Security Procedure Revision Date: 2/28/2018 Effective Date: 2/28/2018 Section 02 Site Information Site Information Document
More informationUlster University Policy Cover Sheet
Ulster University Policy Cover Sheet Document Title DATA CENTRE ACCESS POLICY 3.2 Custodian Approving Committee Data Centre & Operations Manager ISD Committee Policy approved date 2017 09 08 Policy effective
More informationPHYSICAL & ENVIRONMENTAL PROTECTION GUIDE
2017 PHYSICAL & ENVIRONMENTAL PROTECTION GUIDE UTC IT0129-G UTC Information Technology Michael Dinkins, CISO 4/28/2017 CONTENTS 1. SCOPE... 2 2. PRINCIPLES... 2 3. REVISIONS... 2 4. OBJECTIVE... 2 5. POLICY...
More informationSelect Agents and Toxins Security Plan Template
Select Agents and Toxins Security Plan Template 7 CFR Part 331.11, 9 CFR Part 121.11, 42 CFR Part 73.11 Prepared by U.S. Department of Health and Human Services (HHS) Centers for Disease Control and Prevention
More informationIdentity Theft Prevention Policy
Identity Theft Prevention Policy Purpose of the Policy To establish an Identity Theft Prevention Program (Program) designed to detect, prevent and mitigate identity theft in connection with the opening
More informationHIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More informationRed Flags Program. Purpose
Red Flags Program Purpose The purpose of this Red Flags Rules Program is to document the protocol adopted by the University of Memphis in compliance with the Red Flags Rules. Many offices at the University
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationDATA SECURITY THE PROTECTION OF YOUR INFORMATION IS OUR PRIME DIRECTIVE
DATA SECURITY THE PROTECTION OF YOUR INFORMATION IS OUR PRIME DIRECTIVE OVERVIEW building security theft alarms point of entry interior & exterior closed-circuit camera monitoring impact-resistant windows
More informationSample Security Risk Analysis ASP Meaningful Use Core Set Measure 15
Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15 Risk Analysis with EHR Questions Example Answers/Help: Status What new electronic health information has been introduced into my practice
More informationPhysical and Environmental Security Standards
Physical and Environmental Security Standards Table of Contents 1. SECURE AREAS... 2 1.1 PHYSICAL SECURITY PERIMETER... 2 1.2 PHYSICAL ENTRY CONTROLS... 3 1.3 SECURING OFFICES, ROOMS AND FACILITIES...
More informationHosted Testing and Grading
Hosted Testing and Grading Technical White Paper July 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or
More informationKeys and Electronic Access (KEAS) User Manual
Keys and Electronic Access (KEAS) User Manual Revised 04/17/2017 Table of Contents Introduction... 3 Part I: Accessing the System... 4 Logging into eweber... 4 Logging into KEAS... 5 Part II: Instructions
More informationStandard CIP Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security program
More informationWireless Communication Device Use Policy
Wireless Communication Device Use Policy Introduction The Wireless Communication Device Policy exists to provide guidance to employees regarding the acquisition and use of William Paterson University provided
More information2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY
2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on
More informationWHITE PAPER- Managed Services Security Practices
WHITE PAPER- Managed Services Security Practices The information security practices outlined below provide standards expected of each staff member, consultant, or customer staff member granted access to
More informationThe University of British Columbia Board of Governors
The University of British Columbia Board of Governors Policy No.: 118 Approval Date: February 15, 2016 Responsible Executive: University Counsel Title: Safety and Security Cameras Background and Purposes:
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 1 of 5 POLICY TITLE Section Subsection Responsible Office Private Sensitive Information Facilities, Operations, and Information Technology Information Technology Office of the Vice President of Information
More informationSECTION 15 KEY AND ACCESS CONTROLS
15.1 Definitions A. The definitions in this section shall apply to all sections of the part unless otherwise noted. B. Definitions: Access Badge / Card a credential used to gain entry to an area having
More informationPROCEDURE COMPREHENSIVE HEALTH SERVICES, INC
PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC APPROVAL AUTHORITY: President, CHSi GARY G. PALMER /s/ OPR: Director, Information Security NUMBER: ISSUED: VERSION: APRIL 2015 2 THOMAS P. DELAINE JR. /s/ 1.0
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationUniversity of Wyoming Mobile Communication Device Policy Effective January 1, 2013
University of Wyoming Mobile Communication Device Policy Effective January 1, 2013 Introduction and Purpose This policy allows the University to meet Internal Revenue Service (IRS) regulations and its
More informationPOLICIES AND PROCEDURES
Integrated Information Technology Services POLICIES AND PROCEDURES Utica College Email POLICY: Email is Utica College s sole accepted mechanism for official electronic communication in the normal conduct
More informationDATA CENTER ACCESS PROCEDURE IT-P-008
A member of.olllll 1, I LAUREATE INTERNATIONAL., 1 U ~~ IVERSITI E S" DATA CENTER ACCESS PROCEDURE IT-P-008 Date: 8 January, 2014 f : LAUREATE A member of... J rnttrnational, UNIVERSITIES" Data Center
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationCIP Compliance Workshop Boise, ID March 29, 2018
CIP-006-6 Compliance Workshop Boise, ID March 29, 2018 Mark Lemery, MSc, CPP, PSP Auditor, Cyber and Physical Security 2 Impact on Reliability Identify WECC s audit approach and inform entities of physical
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationAccess to University Data Policy
UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public
More informationPCA Staff guide: Information Security Code of Practice (ISCoP)
PCA Staff guide: Information Security Code of Practice (ISCoP) PCA Information Risk and Privacy Version 2015.1.0 December 2014 PCA Information Risk and Privacy Page 1 Introduction Prudential Corporation
More informationCardiff University Security & Portering Services (SECTY) CCTV Code of Practice
Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice Document history Author(s) Date S Gamlin 23/05/2018 Revision / Number Date Amendment Name Approved by BI annual revision Date
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationThe City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.
Policy Number: 10-09-02 Section: Roads and Traffic Subsection: Traffic Operations Effective Date: April 25, 2012 Last Review Date: Approved by: Council Owner Division/Contact: For information on the CCTV
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationMills College Key Policy
Mills College Key Policy Employees and Students How are keys requested and distributed? The supervisor or department head of the employee must initiate all key requests. Key approvals can only be made
More informationPHYSICAL PLANT OPERATIONAL & MAINTENANCE ADMINISTRATIVE PROCEDURE. Purpose
PHYSICAL PLANT OPERATIONAL & MAINTENANCE ADMINISTRATIVE PROCEDURE Section Subject Effective date Procedure Number Administration Key(s) and Lock(s) May 30, 2013 A-01 Purpose To provide a procedure that
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More informationAmerican Association for Laboratory Accreditation
R311 - Specific Requirements: Federal Risk and Authorization Management Program Page 1 of 10 R311 - Specific Requirements: Federal Risk and Authorization Management Program 2017 by A2LA. All rights reserved.
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationFreedom of Information and Protection of Privacy (FOIPOP)
Freedom of Information and Protection of Privacy (FOIPOP) No.: 6700 PR1 Policy Reference: 6700 Category: FOIPOP Department Responsible: Records Management and Privacy Current Approved Date: 2008 Sep 30
More informationDATA CENTER OPERATIONS CALIFORNIA STATE UNIVERSITY, DOMINGUEZ HILLS. Audit Report June 15, 2012
DATA CENTER OPERATIONS CALIFORNIA STATE UNIVERSITY, DOMINGUEZ HILLS Audit Report 12-31 June 15, 2012 Henry Mendoza, Chair William Hauck Steven M. Glazer Glen O. Toney Members, Committee on Audit University
More informationPrevention of Identity Theft in Student Financial Transactions AP 5800
Reference: Fair and Accurate Credit Transactions Act (Pub. L. 108-159) The Board recognizes that some activities of the Shasta-Tehama-Trinity Joint Community College District, "District," are subject to
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationGeneral Data Protection Regulations Privacy Policy
SOUTHEND ON SEA RIFLE AND PISTOL CLUB VERSION: 1.0 General Data Protection Regulations Privacy Policy About this policy This policy explains when and why we SOUTHEND ON SEA RIFLE AND PISTOL CLUB (SRPC)
More informationData Sharing Agreement. Between Integral Occupational Health Ltd and the Customer
Data Sharing Agreement Between Integral Occupational Health Ltd and the Customer 1. Definitions a. Customer means any person, organisation, group or entity accepted as a customer of IOH to access OH services
More informationHealthcare Privacy and Security:
Healthcare Privacy and Security: Breach prevention and mitigation/ Insuring for breach Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com www.securityprivacyandthelaw.com Boston Bar Association
More informationGramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.
Gramm Leach Bliley Act 15 U.S.C. 6801-6809 GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 11/30/2016 1 Objectives for GLBA Training GLBA Overview Safeguards Rule
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationUse of Mobile Devices on Voice and Data Networks Policy
World Agroforestry Centre Policy Series MG/C/4/2012 Use of Mobile Devices on Voice and Data Networks Policy One of the policies on information security and business continuity which will be audited by
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationData Storage, Recovery and Backup Checklists for Public Health Laboratories
Data Storage, Recovery and Backup Checklists for Public Health Laboratories DECEMBER 2018 Introduction Data play a critical role in the operation of a laboratory information management system (LIMS) and
More informationUITS Data Center Access Policies and Procedures
UITS Data Center Access Policies and Procedures Revision 5: 2/15/2017 2/15/17 Page 1 Author: Len Sousa, UConn/UITS Contents... 1 UITS Data Center Access Policies and Procedures... 1 1. Introduction...
More informationServer Security Procedure
Server Security Procedure Reference No. xx Revision No. 1 Relevant ISO Control No. 11.7.1 Issue Date: January 23, 2012 Revision Date: January 23, 2012 Approved by: Title: Ted Harvey Director, Technology
More informationEXHIBIT A. - HIPAA Security Assessment Template -
Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,
More informationGuest Wireless Policy
Effective: April 1, 2016 Last Revised: November 27, 2017 Responsible University Office: Information Technology Services Responsible University Administrator: Chief Information Officer Policy Contact: Deb
More informationUCOP Guidelines for Protection of Electronic Personal Information Data and for Security Breach Notification
University of California UCOP Guidelines for Protection of Electronic Personal Information Data and for Security Breach Notification UCOP Implementation Plan for Compliance with Business and Finance Bulletin
More informationInformation Security Incident Response and Reporting
Information Security Incident Response and Reporting Original Implementation: July 24, 2018 Last Revision: None This policy governs the actions required for reporting or responding to information security
More informationOctober 13, From: Larry Snyder, Associate Director for Administrative Services. Subject: Solutions Center Facilities Emergency Response Plan
October 13, 2015 From: Larry Snyder, Associate Director for Administrative Services Subject: Solutions Center Facilities Emergency Response Plan Purpose: To document the procedure for responding and communicating
More informationSection 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016
Section 3.9 PCI DSS Information Security Policy Issued: vember 2017 Replaces: June 2016 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationAccess Control Policy
Access Control Policy Version Control Version Date Draft 0.1 25/09/2017 1.0 01/11/2017 Related Polices Information Services Acceptable Use Policy Associate Accounts Policy IT Security for 3 rd Parties,
More informationISSP Network Security Plan
ISSP-000 - Network Security Plan 1 CONTENTS 2 INTRODUCTION (Purpose and Intent)... 1 3 SCOPE... 2 4 STANDARD PROVISIONS... 2 5 STATEMENT OF PROCEDURES... 3 5.1 Network Control... 3 5.2 DHCP Services...
More informationPhysical Safeguards Policy July 19, 2016
Physical Safeguards Policy July 19, 2016 SCOPE This policy applies to Florida Atlantic University s Covered Components and those working on behalf of the Covered Components (collectively FAU ) for purposes
More informationRECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES
RECORDS MANAGEMENT DEPARTMENT OF THE TREASURY, DIVISION OF REVENUE AND ENTERPRISE SERVICES, RECORDS MANAGEMENT SERVICES RECORDS MANAGEMENT SERVICES Records Management Services, Division of Revenue and
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationPolicies & Procedures Effective Date: January 24, Key Control
LSU Health Sciences Center Page 1 of 9 Key Control POLICY: Lost or stolen keys can pose a serious threat to the University s security and the potential theft or loss of State property. In order to provide
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationIntroduction To IS Auditing
Introduction To IS Auditing Instructor: Bryan McAtee, ASA, CISA Bryan McAtee & Associates - Brisbane, Australia * Course, Presenter and Delegate Introductions * Definition of Information Technology (IT)
More informationData protection. 3 April 2018
Data protection 3 April 2018 Policy prepared by: Ltd Approved by the Directors on: 3rd April 2018 Next review date: 31st March 2019 Data Protection Registration Number (ico.): Z2184271 Introduction Ltd
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationProtecting Your Gear, Your Work & Cal Poly
9/20/2016 1 Protecting Your Gear, Your Work & Cal Poly Information Security Office Shar i f Shar i f i, CI SSP, CRISC Kyle Gustafson, Information Security Analyst Jon Vasquez, Information Security Analyst
More informationData Privacy Breach Policy and Procedure
Data Privacy Breach Policy and Procedure Document Information Last revision date: April 16, 2018 Adopted date: Next review: January 1 Annually Overview A privacy breach is an action that results in an
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationSTORAGE OF SSAN. Security Risk Assessment and SECURITY PLAN. (insert name of company) SUBMITTED TO REGULATORY AUTHORITY: (insert date)
STORAGE OF SSAN Security Risk Assessment and SECURITY PLAN (insert name of company) SUBMITTED TO REGULATORY AUTHORITY: (insert date) IMPLEMENTED: (insert date) LICENCE DETAILS: No: Issue date: (Note: You
More informationHIPAA Security Checklist
HIPAA Security Checklist The following checklist summarizes the HIPAA Security Rule requirements that should be implemented by both covered entities and business associates. The citations are to 45 CFR
More informationStandard CIP-006-1a Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-1a 3. Purpose: Standard CIP-006 is intended to ensure the implementation of a physical security program
More informationHIPAA Security Checklist
HIPAA Security Checklist The following checklist summarizes the HIPAA Security Rule requirements that should be implemented by both covered entities and business associates. The citations are to 45 CFR
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationIdentity Theft Prevention Program. Effective beginning August 1, 2009
Identity Theft Prevention Program Effective beginning August 1, 2009 I. PROGRAM ADOPTION Christian Brothers University developed this Identity Theft Prevention Program pursuant to the Federal Trade Commission's
More informationDocument Retention Project Tool Worksheet
Start Pg. Box A Document Retention On-Site Storage Worksheet Response Actions Taken Questions, Answers and Actions Documents stored On-site? If yes, go to question ; If no go to the for Off- Site storage.
More informationPhysical and Environmental Security Policy Document Number: OIL-IS-POL-PES
Physical and Environmental Security Policy Document Number: OIL-IS-POL-PES Document Details Title Description Version 1.0 Author Classification Physical and Environmental Security Policy Physical and Environmental
More informationColocation Service Terms
Colocation Service Terms Last Updated: March 24, 2017 The following Service Terms apply only to the specific Services to which the Service Terms relate. In the event of a conflict between the terms of
More informationPersonal Communication Devices and Voic Procedure
Personal Communication Devices and Voicemail Procedure Reference No. xx Revision No. 1 Relevant ISO Control No. 11.7.1 Issue Date: January 23, 2012 Revision Date: January 23, 2012 Approved by: Title: Ted
More informationStandard CIP Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-1 3. Purpose: Standard CIP-006 is intended to ensure the implementation of a physical security program
More informationSt. Joseph s General Hospital LOCKDOWN EMERGENCY RESPONSE PLAN
St. Joseph s General Hospital LOCKDOWN EMERGENCY RESPONSE PLAN ERP Lockdown may be initiated in response to incidents originating within the facility, or incidents occuring in the community that have the
More informationSDBOR Technology Control Plan (TCP) Project Title:
SDBOR Technology Control Plan (TCP) Project Title: Principal Investigator: Phone: Department: Email: Description of Controls (EAR/ITAR Category): Location(s) Covered by TCP: Is sponsored research involved?
More informationRAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures
RAPID7 INFORMATION SECURITY An Overview of Rapid7 s Internal Security Practices and Procedures 060418 TABLE OF CONTENTS Overview...3 Compliance...4 Organizational...6 Infrastructure & Endpoint Security...8
More information