Information Security Roles and Responsibilities Procedure Page 1
|
|
- Jeremy Warner
- 6 years ago
- Views:
Transcription
1 Information Security Roles and Responsibilities Procedure Reference No. xx Revision No. 2 Relevant ISO Control No Issue Date: July 17 th 2012 Revision Date: Jan 16 th 2013 Approved by: Title: Ted Harvey Director, Technology Services Version History Version No. Version Date Author Summary of Changes 1.1 July 17 th 2012 Ted Harvey Minor Spelling changes Approvals Name Title Date of Approval Version No. Ray Hoppins Associate Superintendent, System Services Distribution Name Title Date of Issue Version No. Personal Communication Devices Document Control Document Title Document Location Information Sensitivity Procedure Information Security Roles and Responsibilities Procedure Page 1
2 Table of Contents 1.0 Overview Purpose Scope Risks Procedure Detail Minimal Sensitivity: General corporate information; some personnel and technical information... Error! Bookmark not defined. 5.2 More Sensitive: Business, financial, technical, and most personnel information... Error! Bookmark not defined. 5.3 Most Sensitive: Student Information, operational, personnel, financial, IPP, & technical information integral to the success of students and division. Error! Bookmark not defined. 6.0 Enforcement Compliance Procedure Governance Definitions References...10 Information Security Roles and Responsibilities Procedure Page 2
3 1.0 Overview The Information Sensitivity Policy is intended to help employees determine the roles and responsibilities of various Chinook s Edge employees for Information security. 2.0 Purpose The information covered in these guidelines includes, but is not limited to, information that is either stored or shared via any means. This includes: electronic information, information on paper, and information shared orally or visually (such as telephone and video conferencing). All employees should familiarize themselves with the various roles and responsibilities for Information Security in the organization. It should be noted that even though the security roles and responsibilities are defined below, all users with access to Information should use common sense steps to protect Chinook s Edge Confidential information (e.g., Chinook s Edge Confidential information should not be left unattended in classrooms). Please Note: The impact of these guidelines on daily activity should be minimal. Questions about the proper classification of a specific piece of information should be addressed to your Principal. Questions about these guidelines should be addressed to Technology Services. Information Security Roles and Responsibilities Procedure Page 3
4 3.0 Scope These Roles and Responsibilities apply to all staff and third-party Agents of the School Division. Chinook s Edge personnel are encouraged to use common sense judgment in securing Chinook s Edge Confidential information to the proper extent. If an employee is uncertain of the sensitivity of a particular piece of information, he/she should contact their department manager or principal. 4.0 Risks XXXXXXXXXX 5.0 Procedure Detail 5.1 Information Security Review Committee The Technology Advisory Group is a voluntary committee whose role includes providing feedback, oversight and direction regarding information systems security and privacy assurance jurisdiction. In collaboration with the Director Technology Services, the group s specific oversight responsibilities include the following: Oversee the development, implementation, and maintenance of a mandatory division-wide strategic information systems security plan. Oversee the development, implementation, and enforcement of division-wide information systems security policy and related recommended guidelines, operating procedures, and technical standards. Oversee the process of handling requested policy exceptions. Advise COLT on related risk issues and recommend appropriate actions in support of the division s larger risk management programs. Ensure related compliance requirements are addressed, e.g., FOIP, School Technology Framework, PASI, etc. Ensure appropriate risk mitigation and control processes for security incidents as required. 5.2 Director of Technology Services The Director of Technology Services oversees the development and implementation of the divisions Information Security Policy. Specific responsibilities include: Information Security Roles and Responsibilities Procedure Page 4
5 Document and disseminate information security policies, procedures, and guidelines. Update and review policies based upon feedback and incidents. Coordinate the development and implementation of a Division-wide information security training and awareness program. Coordinate a response to actual or suspected breaches in the confidentiality, integrity or availability of information assets. 5.3 Data Owners A Data Owner is an individual or group of people who have been officially designated as accountable for specific data that is transmitted, used, and stored on a system or systems within a department, school, or administrative unit of the division. The role of the data owners is to provide direct authority and control over the management and use of specific information. These individuals might be department heads, directors, superintendents, principals, or designated staff. Responsibilities of a Data Owner include the following: Ensure compliance with Chinook s Edge polices and all regulatory requirements: Data Owners need to understand whether or not any Chinook s Edge policies govern their information assets. Data Owners are responsible for having an understanding of organizational, legal and contractual obligations surrounding information assets within their functional areas. For example, the Freedom of Information and Privacy Act (FOIP) dictates requirements related to the handling of student information. Technology Services and the FOIP officer can assist Data Owners in gaining a better understanding of legal obligations Assign an appropriate classification to information assets All information assets are to be classified based upon its level of sensitivity, value and criticality to the Division. Chinook s Edge has adopted three primary classifications: Confidential, Internal/Private, and Public. Please see the Information Sensitivity Procedure for further reference Determine appropriate criteria for obtaining access to sensitive information assets A Data Owner is accountable for who has access to information assets within their functional areas. This does not imply that a Data Information Security Roles and Responsibilities Procedure Page 5
6 Owner is responsible for day-to-day provisioning of access. Provisioning access is the responsibility of a Data Custodian. A Data Owner may decide to review and authorize each access request individually or may define a set of rules that determine who is eligible for access based on business function, support role, etc. Access must be granted based on the principles of least privilege as well as separation of duties. For example, a simple rule may be that all students are permitted access to their own marks or all staff members are permitted access to their own health benefits information. These rules should be documented in a manner that allows little or no room for interpretation by a Data Custodian Approve standards and procedures related to management of information assets 5.4 Data Custodian While it is the responsibility of the Data Custodian to develop and implement operational procedures, it is the Data Owner s responsibility to review and approve these standards and procedures. A Data Owner should consider the classification of the data and associated risk tolerance when reviewing and approving these standards and procedures. For example, high risk and/or highly sensitive data may warrant more comprehensive documentation and, similarly, a more formal review and approval process. Data Custodians play a critical role in protecting division information systems and data. Data Custodians have administrative and/or operational responsibility over information assets and must follow all appropriate and related security guidelines to ensure the protection of sensitive data and intellectual property residing on systems for which they have accountability. Responsibilities of a Data Custodian include the following: Understand how information assets are stored, processed, and transmitted Understanding and documenting how information assets are being stored, processed and transmitted is the first step toward safeguarding that data. Without this knowledge, it is difficult to implement or validate safeguards in an effective manner. One method of performing this assessment is to create a data flow diagram for a subset of data that illustrates the system(s) storing the data, how the data is being processed and how the data traverses the network. Data flow diagrams can also illustrate security controls as they are implemented. Regardless of approach, documentation should exist and be made available to the appropriate Data Owner. Information Security Roles and Responsibilities Procedure Page 6
7 5.4.2 Implement appropriate physical and technical safeguards to protect the confidentiality, integrity and availability of information assets Technology Services and Security has published guidance on implementing reasonable and appropriate security controls for the three classifications of data: Confidential, Private, and Public. Contractual obligations, regulatory requirements and Parent requests also play in important role in implementing appropriate safeguards. Data Custodians should work with Data Owners to gain a better understanding of these requirements. Data Custodians should also document what security controls have been implemented and where gaps exist in current controls. This documentation should be made available to the appropriate Data Owner Document and disseminate administrative and operational procedures to ensure consistent storage, processing and transmission of information assets Documenting administrative and operational procedures goes hand in hand with understanding how data is stored, processed and transmitted. Data Custodians should document as many repeatable processes as possible. This will help ensure that information assets are handled in a consistent manner and will also help ensure that safeguards are being effectively leveraged Provision and de-provision access as authorized by the Data Owner Data Custodians are responsible for provisioning and de-provisioning access based on criteria established by the appropriate Data Owner. As specified above, standard procedures for provisioning and deprovisioning access should be documented and made available to the appropriate Data Owner Understand and report security risks and how they impact the confidentiality, integrity and availability of information assets Data Custodians need to have a thorough understanding of security risks impacting their information assets. For example, storing or transmitting sensitive data in an unencrypted form is a security risk. Protecting access to data using a weak password and/or not patching vulnerability s in a system or application are both examples of security risks. Security risks need to be documented and reviewed with the appropriate Data Owner so that he or she can determine Information Security Roles and Responsibilities Procedure Page 7
8 whether greater resources need to be devoted to mitigating these risks. Technology Services can assist Data Custodians with gaining a better understanding of their security risks. 5.5 Data Users All users have a critical role in the effort to protect and maintain division information systems and data. For the purpose of information security, a Data User is any employee, contractor or third-party provider of the division who is authorized to access Chinook s Edge Information Systems and/or information assets. Responsibilities of data users include the following: Adhere to policies, guidelines and procedures pertaining to the protection of information assets Information Technology Services and Security publishes various policies, procedures, and guidelines related to the protection of information assets and systems and can be found at Users are also required to follow all specific policies, guidelines, and procedures established by departments, schools, or administrative units with which they are associated and that have provided them with access privileges Report actual or suspected security and/or policy violations to an appropriate authority (director, principal, Technology Services, etc.) During the course of day-to-day operations, users may come across a situation where they feel the security of information assets might be at risk. For example, a user comes across sensitive information on a website that he or she feels shouldn t be accessible. If this happens, it is the users responsibly to report the situation Report actual or suspected breaches to Information Technology Services and Security Reporting a security breach goes hand in hand with reporting violations. Please visit For more information on what constitutes a security breach and for what steps to take if you suspect a security breach. Information Security Roles and Responsibilities Procedure Page 8
9 6.0 Enforcement Compliance If any employee is found to have breached this security Procedure, they may be subject to disciplinary action. Penalty for deliberate disclosure: Up to and including termination, possible civil and/or criminal prosecution to the full extent of the law. Any violation of the Procedure by a temporary worker, contractor or supplier may result in the termination of their contract or assignment and possible civil and/or criminal prosecution to the full extent of the law. 7.0 Procedure Governance The following table identifies who within CESD is Accountable, Responsible, Informed or Consulted with regards to this Procedure. The following definitions apply: Responsible the person(s) responsible for developing and implementing the Procedure. Accountable the person who has ultimate accountability and authority for the Procedure. Consulted the person(s) or groups to be consulted prior to final Procedure implementation or amendment. Informed the person(s) or groups to be informed after Procedure implementation or amendment. Responsible Accountable Consulted Informed Director Technology Services Associate Superintendent, System Services Technology Committee, Technology Advisory Group, FOIP Officer, Communications Officer, COLT All CESD Employees, All Contractors, All temporary workers. Information Security Roles and Responsibilities Procedure Page 9
10 8.0 Definitions Certain terms are used throughout this policy; in order to avoid misinterpretation, several of the more commonly used terms are defined below. TERM / DEFINITION Appropriate measures - In order to minimize risk of Chinook s Edge computer use by unauthorized personnel must be restricted so that, in the event of an attempt to access Chinook s Edge corporate information, the amount of information at risk is minimized. Information System- Any electronic system that stores, processes, or transmits information. Information Assets- Definable pieces of information in any form, recorded or stored on any media that is recognized as valuable to the Division Principle of Least Privilege- Access privileges for any user should be limited to only what is necessary to complete their assigned duties or functions, and nothing more. Principle of Separation of Duties- Whenever practical, no one person should be responsible for completing or controlling a task, or set of tasks, from beginning to end when it involves the potential for fraud, abuse, or other harm. 9.0 References Information Security Roles and Responsibilities ProcedurePage 10
Information Security Policy
Information Security Policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 NHS Business Services Authority Information Security policy Head of Security
More informationIn-service Education Packet Corporate Compliance
In-service Education Packet Corporate Compliance What is a Corporate Compliance program? A Corporate Compliance program is a system which is designed to detect and prevent violations of law by the agents,
More informationContents. NRTT Proprietary and Confidential - Reproduction and distribution without prior consent is prohibited. 2
Privacy Policy Contents INTRODUCTION... 4 PROCESSING PRINCIPALS... 5 FAIRNESS AND LAWFULNESS... 5 RESTRICTION TO A SPECIFIC PURPOSE... 5 DELETION... 5 CONFIDENTIALITY AND DATA SECURITY... 5 RELIABILITY
More informationThe Company seeks to comply with both the letter and spirit of the laws and regulations in all jurisdictions in which it operates.
1. Policy Statement CRC HEALTH GROUP, INC. CRC HEALTH CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS It is the policy of CRC Health Group to conduct its business affairs honestly and in an ethical manner.
More informationSpeak Up & Reporting Policy of AMG ADVANCED METALLURGICAL GROUP N.V. Strawinskylaan XX Amsterdam The Netherlands
Speak Up & Reporting Policy of AMG ADVANCED METALLURGICAL GROUP N.V. Strawinskylaan 1343 1077 XX Amsterdam The Netherlands Speak Up & Reporting Policy At AMG Advanced Metallurgical Group ( AMG ) we all
More informationTriple C Housing, Inc. Compliance Plan
Triple C Housing, Inc. Compliance Plan Adopted by Board of Directors on draft November 13, 2014 Overview Triple C Housing, Inc. is committed to its consumers, employees, contractual providers, vendors,
More informationInformation Governance Policy
Information Governance Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 19 th September 2017 Name of originator /author (s):
More informationINTEGRITY COMPLIANCE GUIDELINES
AFRICAN DEVELOPMENT BANK GROUP African Development Bank Group Integrity and Anti-Corruption Department INTEGRITY COMPLIANCE GUIDELINES 1 1. Prohibition of Misconduct A clearly articulated and visible prohibition
More informationCode of Business Ethics & Conduct
Code of Business HGA s success depends on conducting itself in accordance with the highest ethical standards and in full compliance with applicable law. Working with clients throughout the United States
More informationElections Ontario Privacy Policy
Elections Ontario Privacy Policy OFFICE OF THE CHIEF ELECTORAL OFFICER ELECTIONS ONTARIO November 2012 TABLE OF CONTENTS Section 1: Introduction... 3 Section 2: Definitions... 4 Section 3: Scope... 5 Section
More informationCODE OF ETHICS/CONDUCT
CODE OF ETHICS/CONDUCT This Code of Ethics/Conduct ( Code ) covers a wide range of business practices and procedures. It does not cover every possible issue that may arise, but rather provides information
More informationCODE OF ETHICS AND CONDUCT
CODE OF ETHICS AND CONDUCT PREFACE Green Mountain Power s Code of Ethics and Conduct is about doing the right thing acting honorably, treating each other with respect, and following the law. It s built
More informationWestfield Corporation Slavery and Human Trafficking Statement. Financial Year Ended 31 December 2016
Westfield Corporation Slavery and Human Trafficking Statement Financial Year Ended 31 December 2016 Westfield Corporation Limited (ABN 12 166 995 197) Westfield America Management Limited (ABN 66 072 780
More informationCode of Business Conduct and Ethics
Code of Business Conduct and Ethics Table of Contents Purpose... 1 Scope... 1 Policy... 2 Responsibilities... 8 Enforcement... 8 Review and Revision... 8 PURPOSE Pursuant to the Sarbanes-Oxley Act of 2002
More informationIdentity Provider Policy. Identity and Authentication Services (IA Services)
Identity Provider Policy Identity and Authentication Services (IA Services) Table of Contents 1 Background... 1 1.1 ehealth Ontario Identity Federation... 1 1.2 Purpose... 1 1.3 Objectives... 1 1.4 Scope
More informationCHANNING SCHOOL DATA PROTECTION POLICY
CHANNING SCHOOL DATA PROTECTION POLICY The School may amend/change/update this Policy from time to time. 1. Background Data protection is an important legal compliance issue for Channing School. During
More informationPrivacy and Information Security Sanction Policy
Effective Date: November 2018 Policy Statement Privacy and Information Security Sanction Policy All workforce members, including faculty, staff, and students, are expected to comply with the organization
More informationCODE OF BUSINESS CONDUCT AND ETHICS. FRONTIER AIRLINES, INC. Adopted May 27, 2004
1. Introduction CODE OF BUSINESS CONDUCT AND ETHICS FRONTIER AIRLINES, INC. Adopted May 27, 2004 The Board of Directors adopted this Code of Business Conduct ( Code ) to establish basic legal and ethical
More informationCertified Identity Governance Expert (CIGE) Overview & Curriculum
Overview Identity and Access Governance (IAG) provides the link between Identity and Access Management (IAM) rules and the policies within a company to protect systems and data from unauthorized access,
More informationBRONX ACCOUNTABLE HEALTHCARE NETWORK IPA INC., D.B.A. MONTEFIORE ACO PIONEER ACO CORPORATE COMPLIANCE PLAN
BRONX ACCOUNTABLE HEALTHCARE NETWORK IPA INC., D.B.A. MONTEFIORE ACO PIONEER ACO CORPORATE COMPLIANCE PLAN Approved by: The ACO Board of Directors Date: December 11, 2012 Introduction In cooperation with
More informationCorporate Code of Business Conduct and Ethics
Corporate Code of Business Conduct and Ethics A MESSAGE FROM OUR CHAIRMAN, PRESIDENT AND CHIEF EXECUTIVE Honesty and integrity are paramount values at TRC. Our commitment to strict ethical standards has
More informationWhistle Blowing (Draft)
Whistle Blowing (Draft) Document Detail Type of Document (Stat Policy/Policy/Procedure) Policy Category of Document (Trust HR-Fin-FM-Gen/Academy) HR Index reference number Approved 30/03/17 Approved by
More informationAn Industry Code of Conduct Maritime Autonomous Systems (Surface) MAS(S)
BEING A RESPONSIBLE INDUSTRY An Industry Code of Conduct Maritime Autonomous Systems (Surface) MAS(S) The ISSUE 1 Maritime 01/03/2016 Autonomous Systems Surface, MAS(S) Industry Code of Conduct Foreword
More informationSubject: Definitions: None.
Office of Human Resources Standard Operating Procedure HR SOP #403 Subject: Employee Discipline Effective Date: November 16, 2012 Policy Statement: The purpose of this document is to establish a disciplinary
More informationGeneral Personal Data Protection Policy
General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,
More informationLEICESTER HIGH SCHOOL DATA PROTECTION POLICY
LEICESTER HIGH SCHOOL DATA PROTECTION POLICY 1. Background Data protection is an important legal compliance issue for Leicester High School. During the course of the School's activities it collects, stores
More informationGuidelines for Information Asset Management: Roles and Responsibilities
Guidelines for Information Asset Management: Roles and Responsibilities Document Version: 1.0 Document Classification: Public Published Date: April 2017 P a g e 1 Contents 1. Overview:... 3 2. Audience...
More informationDepartment of Public Health OF SAN FRANCISCO
PAGE 1 of 6 1. POLICY INTENT This document establishes the policy for the disciplinary and contractual sanctions to be applied in the event of violations of San Francisco Department of Public Health (SFDPH)
More informationECOSERVICES, LLC BINDING CORPORATE RULES
ECOSERVICES, LLC A. INTRODUCTION EcoServices respects the legitimate privacy interests of the people from whom it Processes Personal Information, such as its managers, officers, employees, contractors,
More informationASSOCIATED BANC-CORP CODE OF BUSINESS CONDUCT AND ETHICS
ASSOCIATED BANC-CORP CODE OF BUSINESS CONDUCT AND ETHICS Introduction This Code of Business Conduct and Ethics covers a wide range of business practices and procedures. It does not cover every issue that
More informationGOODWILL INDUSTRIES OF COLORADO SPRINGS
GOODWILL INDUSTRIES OF COLORADO SPRINGS CORPORATE COMPLIANCE PROGRAM ADOPTED : By the Board of Directors Date: October 25, 2005 Attachment 2 Memorandum 10-41 TABLE OF CONTENTS Corporate Compliance Program
More informationMODULE I: MEDICARE & MEDICAID GENERAL COMPLIANCE TRAINING
MODULE I: MEDICARE & MEDICAID GENERAL COMPLIANCE TRAINING 2 0 1 4 A Message From Our CEO and Compliance Officer At PacificSource, we pride ourselves on maintaining a culture of compliance and high ethical
More informationTELUS Supplier Code of Conduct
TELUS Supplier Code of Conduct April 2014 NEXT TELUS Supplier Code of Conduct 2 Contents Introduction... 3 Ethics... 4-5 Business Integrity... 4 No Improper Advantage... 4 Disclosure of Information...
More informationGENERAL ORDER DISTRICT OF COLUMBIA I. BACKGROUND
GENERAL ORDER DISTRICT OF COLUMBIA Subject Personnel Performance Management System (PPMS) and the Supervisory Support Program (SSP) Topic Series Number PER 120 28 Effective Date April 11, 2007 Related
More informationComputer Programs and Systems, Inc. Code of Business Conduct and Ethics
(as of January 28, 2013) Introduction This sets forth the guiding principles by which we operate Computer Programs and Systems, Inc. (the Company ) and conduct our daily business with our stockholders,
More informationFinance Code of Conduct
Finance Code of Conduct Finance Code of Conduct Purpose and Scope of Code Conduent Finance personnel are relied upon by Company management to: Develop honest and accurate financial statements; Safeguard
More informationINTEGRITY COMPLIANCE PROGRAM
INTEGRITY COMPLIANCE PROGRAM Corporate family: MG Mind Ltd, Mrkonjić putevi Ltd, Merkur Ltd. and all legal entities which are directly or indirectly controlled by the General Assemblies of MG Mind Ltd.,
More informationDATA PROTECTION POLICY 2016
DATA PROTECTION POLICY 2016 ADOPTED FROM BRADFORD METROPOLITAIN COUNCIL MODEL POLICY AUTUMN 2016 To be agreed by Governors on; 17/10/16 Signed by Chair of Governors: Statutory policy: Yes Frequency of
More informationThe Company seeks to comply with both the letter and spirit of the laws and regulations in all countries in which it operates.
1. Policy Statement ROOT9B HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS The Nasdaq listing standards require that the Company provide a code of conduct for all of its directors, officers and employees.
More informationJanus Henderson Group plc. Code of Business Conduct
Janus Henderson Group plc Code of Business Conduct This Code of Business Conduct (the Code ) has been adopted by the board of directors (the Board ) of Janus Henderson Group plc. The Code applies to all
More informationLiving Our Purpose and Core Values CODE. Code of Business Ethics and Conduct for Vendors
Living Our Purpose and Core Values CODE Code of Business Ethics and Conduct for Vendors December 2016 HCSC Vendor Code of Business Ethics and Conduct Since 1936, Health Care Service Corporation, a Mutual
More informationStraumann Code of Conduct
Straumann Code of Conduct PREFACE As a global leader in implant dentistry and dental tissue regeneration, Straumann respects laws and regulations. Apart from these obligations, there are numerous voluntary
More informationSETTING POLICIES and GUIDELINES for CONDUCTING INTERNAL INVESTIGATIONS
SETTING POLICIES and GUIDELINES for CONDUCTING INTERNAL INVESTIGATIONS Al Gagne, CCEP Director, Ethics & Compliance Textron Systems Corporation SCCE Internal Investigations Workshop November 11-12, 2010
More informationSTARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS
STARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS Starwood Hotels & Resorts Worldwide, Inc. (the Company ) has determined that it is of the utmost importance
More informationCODE OF BUSINESS CONDUCT AND ETHICS (Amended and Restated as of May 7, 2013)
CODE OF BUSINESS CONDUCT AND ETHICS (Amended and Restated as of May 7, 2013) Introduction One of Matrix Service Company's most valuable assets is its integrity. Protecting this asset is the job of everyone
More informationCENTENNIAL SCHOOL DISTRICT
No. 317.2 SECTION: EMPLOYEES CENTENNIAL SCHOOL DISTRICT TITLE: EMPLOYEE CODE OF ETHICS ADOPTED: June 13, 2017 REVISED: 317.2 EMPLOYEE CODE OF ETHICS 1. Authority 2. Guidelines All persons employed by the
More informationTNT POLICY SECURITY CLASSIFICATION: PUBLIC
TNT POLICY SECURITY CLASSIFICATION: PUBLIC Title Date of effect 23 October 2015 Version 30 Policy Owner Tjeerd Wassenaar, General Counsel Direct telephone no +31 88 393 9000 Document history Approvals
More informationWe Maintain Accurate Financial Books and Records. We Strive to Comply with All Laws and Regulations. We Maintain the Confidences Entrusted to Us
Code of Business Conduct and Ethics Contents: 1. Introduction: Philosophy Underlying This Code 2. 10 Principles: principles that establish a framework and provide guidance to all employees on how to ensure
More informationNorthern Ireland Electricity Networks Limited POLICY ON MODERN SLAVERY
Northern Ireland Electricity Networks Limited POLICY ON MODERN SLAVERY Contents 1. Purpose and Key Principles... 3 2. Policy Statement... 3 3. Prevention of Modern Slavery... 3 4. Roles and Responsibilities...
More informationKWANLIN DÜN FIRST NATION. Records Management Policy
Amended on June 13, 2018 1.0 Definitions In this policy active records means records that are required for day to day operations of Kwanlin Dün First Nation and kept in the office that created them; archives
More informationBISHOP GROSSETESTE UNIVERSITY. Document Administration. This procedure applies to staff, students, and relevant data subjects
BISHOP GROSSETESTE UNIVERSITY Document Administration Document Title: Document Category: Data Breach Policy Policy Version Number: 1.1 Status: Reason for development: Scope: Author / developer: Owner Approved
More informationSELECT EMPLOYMENT POLICIES
SELECT EMPLOYMENT POLICIES Boehringer Ingelheim Vetmedica, Inc. These Company Policies and Procedures are provided by the Company for information purposes only. They do not represent the entire policies
More informationDisciplinary and Dismissal Procedure
Disciplinary and Dismissal Procedure Date updated: April 2018 Lead person(s): Head of Human Resources Review date: April 2019 Policy Title: Sunfield Disciplinary and Dismissal Procedure Page 1 of 9 Human
More informationCV, résumé, cover letter, previous work experience and education information;
Cigna Corporation Careers Site Privacy Policy Last Updated: September 2015 Cigna Corporation and its affiliates ( Cigna ) value your trust and are committed to the responsible management, use and protection
More informationDirector s Draft Report
Office of Audit and Evaluation March 2, 2017 Director s Draft Report Protected B Table of contents Executive summary... i Introduction... 1 Focus of the audit... 2 Statement of conformance... 2 Observations...
More informationDelta Dental of Michigan, Ohio, and Indiana. Compliance Plan
Delta Dental of Michigan, Ohio, and Indiana Compliance Plan Procedure #: 420-29 Issue Date: 5/15/2013 Last Revised Date: 5/23/2016 Last Review Date: 5/23/2016 Next Review Date: 5/23/2017 Title: Compliance
More informationOverarching Information Governance Policy
Document Information Board Library Reference Document Type Document Subject Original Document Author Reviewed By Review Cycle IM&T_01 Policy Information Information IGMG 3 Years Note: This document is
More informationProcurement Standard. For further information contact
Procurement Standard www.metrotrains.com.au/doing-business-with-metro For further information contact procurement@metrotrains.com.au Table of Contents 1. Introduction... 2 1.1 About Metro... 2 2. Procurement
More informationETHICAL CODE OF CONDUCT
S E C U R I N G T H E F U T U R E ETHICAL CODE OF CONDUCT 1 TABLE OF CONTENT 1. THE ETHICAL CODE OF CONDUCT 4 1.1 Purpose 4 1.2 Commitment 5 1.3 Presentation of the Code of Conduct 5 2. GENERAL PRINCIPLES
More informationBlue Cross and Blue Shield of North Carolina Corporate Governance Guidelines
Blue Cross and Blue Shield of North Carolina Corporate Governance Guidelines Over the course of Blue Cross and Blue Shield of North Carolina s ( BCBSNC or the Company ) history, the Board of Trustees (the
More informationSTATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Pursuant to the Main Market Listing Requirements of Bursa Malaysia Securities Berhad ( Bursa Malaysia ) ( Listing Requirements ), Practice Note 9 issued
More informationDHT HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS
November 2012 DHT HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS Introduction This Code of Business Conduct and Ethics (the Code ) summarizes the values, principles and the business practices which
More informationGroup Policy - People
Group Policy - People Page 1 (8) Page 2 (8) PEOPLE POLICY This Group Policy provides our employees with an overview of our company values and expectations in relation to people. In addition, this Policy
More informationThe SMS Table. Kent V. Hollinger. December 29, 2006
The SMS Table Kent V. Hollinger December 29, 2006 This presentation introduces the concepts contained in a Safety Management System (SMS) by using the analogy of an SMS being a four-legged glass-top table,
More informationWHISTLE BLOWER (EMPLOYEE PROTECTION) POLICY
W A S H I N G T O N C O L L E G E P O L I C I E S WHISTLE BLOWER (EMPLOYEE PROTECTION) POLICY Washington College strives to operate in an ethical, honest and lawful manner and expects its employees, students,
More informationBIG LOTS, INC. CODE OF BUSINESS CONDUCT AND ETHICS
September 2003 BIG LOTS, INC. CODE OF BUSINESS CONDUCT AND ETHICS Introduction This Code of Business Conduct and Ethics covers a wide range of business principles to guide all directors, officers and associates
More informationHuman Resources Security Management towards ISO/IEC 27001:2005 accreditation of an Information Security Management System
Human Resources Security Management towards ISO/IEC 27001:2005 accreditation of an Information Security Management System Professor PhD. Constantin MILITARU Polytechnic University of Bucharest, Romania
More informationOUR CODE OF BUSINESS CONDUCT AND ETHICS
OUR CODE OF BUSINESS CONDUCT AND ETHICS Introduction This Code of Business Conduct and Ethics covers a wide range of business practices and procedures. It does not cover every issue that may arise, but
More informationSANCTIONS COMPLIANCE POLICY OF MIKRO KAPITAL GROUP
SANCTIONS COMPLIANCE POLICY OF MIKRO KAPITAL GROUP MIKRO KAPITAL MANAGEMENT S.A. 10, Rue C.M. Spoo- 2546 LUXEMBOURG G.-D. of Luxembourg APPROVED ON 12 OCTOBER 2018 Vincenzo Trani, Director Pape Sliou Ndao,
More informationCode of Conduct Policy
t Code of Conduct Policy [Type here] Approved 1 December 2015 INTRODUCTION... 3 BREACHES OF THIS CODE OF CONDUCT... 3 STATEMENT OF VALUES... 4 PERSONAL AND PROFESSIONAL BEHAVIOUR... 4 ATTENDANCE AND PUNCTUALITY...
More informationMinimum-Security Criteria for C-TPAT Foreign Manufacturers
Minimum-Security Criteria for C-TPAT Foreign Manufacturers These minimum security criteria are fundamentally designed to be the building blocks for foreign manufacturers to institute effective security
More informationInformation Governance Policy
Information Governance Policy Owner Author Information Team Information Governance Manager Reviewed by Approved by and date Council/Committee/EMT Board - Date approved Effective from 24 April 2017 Review
More informationGENTING MALAYSIA BERHAD (58019-U) CODE OF CONDUCT AND ETHICS
GENTING MALAYSIA BERHAD (58019-U) CODE OF CONDUCT AND ETHICS All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means,
More informationINTRODUCTION CIBC CODE OF CONDUCT
INTRODUCTION The Canadian Imperial Bank of Commerce and its controlled entities (collectively CIBC ) are committed to the highest standards of ethical and professional conduct. The CIBC Code of Conduct
More information(ATFL) Whistle-blowing Policy (Vigil Mechanism)
(ATFL) Whistle-blowing Policy (Vigil Mechanism) INDEX 1. OWNER... 3 2. BACKGROUND AND OBJECTIVES OF THE POLICY... 3 4. COVERAGE... 4 5. SCOPE... 4 6. EXCLUSIONS... 4 7. DEFINITIONS... 5 8. REPORTING CHANNEL...
More informationCode of Conduct for Staff
Diocese of Bristol Academies Trust Code of Conduct for Staff Date Adopted: 4 th June 2015 Date Reviewed:.v 1 Final Page 1 History of most recent Policy changes (must be completed) Date Page Change Origin
More informationInternal Control in Higher Education
Internal Control in Higher Education Daniel Adams Office of Audit Services Audit Services Mission To provide assurance and advisory services that are independent, objective and risk-based in order to protect
More informationCorporate Governance: Sarbanes-Oxley Code of Ethics
Corporate Governance: Sarbanes-Oxley Code of Ethics Latest Update: December 14, 2016 CODE OF BUSINESS CONDUCT AND ETHICS TABLE OF CONTENTS Introduction 1 Purpose of the Code 1 Conflicts of Interest 2 Corporate
More informationInternational Rescue Committee, UK Modern Slavery Statement
International Rescue Committee, UK Modern Slavery Statement Last Updated: 20/03/2018 Introduction International Rescue Committee UK ( IRC-UK ) recognises its responsibility and is committed to preventing
More informationMODA HEALTH CODE OF CONDUCT
MODA HEALTH CODE OF CONDUCT I. Introduction Moda Health has a longstanding tradition of caring for our members, communities, and employees. We strive to act with absolute integrity in the way we do our
More informationInternational Standards for the Professional Practice of Internal Auditing (Standards)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the
More informationCompliance Program (Decision) ISO Board of Governors January 24-25, 2007 John C. Anders Acting Corporate Secretary General Session
Compliance Program (Decision) ISO Board of Governors January 24-25, 2007 John C. Anders Acting Corporate Secretary General Session Why Have a Compliance Program? California Independent! Two critical reasons:
More informationScope Policy Statement Reason For Policy Procedure Definitions Sanctions Additional Contacts History. Scope. University Policies.
Management of Human Resource Records: Personnel Records for Staff and Temporary Employees and Benefit Program Records for All Employees, Retirees, and COBRA Participants About This Policy Effective Date:
More informationWEWORK PRIVACY POLICY FOR PEOPLE DATA
WEWORK PRIVACY POLICY FOR PEOPLE DATA OVERVIEW WeWork Companies Inc. and our affiliates and subsidiaries (referred to together as WeWork, we, our or us ) respect individual privacy and take the privacy
More informationLIQUEFIED NATURAL GAS LIMITED
LIQUEFIED NATURAL GAS LIMITED Corporate Governance Policy 19 July 2018 Page 1 of 10 Liquefied Natural Gas Limited Corporate Governance Policy This policy is a key part of Liquefied Natural Gas Limited
More informationRELM WIRELESS CORPORATION (the Company ) CODE OF BUSINESS CONDUCT AND ETHICS
RELM WIRELESS CORPORATION (the Company ) CODE OF BUSINESS CONDUCT AND ETHICS Introduction This Code of Business Conduct and Ethics covers a wide range of business practices and procedures. It does not
More informationMacroprocesso 2-GOVERNANÇA CORPORATIVA
Summary 1. OBJECTIVE... 3 2. ADDITIONAL ATTACHMENTS... 3 3. DEFINITIONS... 3 4. DESCRIPTION... 3 4.1. Petronect Rules of Ethical Conduct... 4 4.1.1. Professional personal conduct... 4 4.1.2. Work Duty...
More informationOur vision. A company where the best people want to work.
Code of Conduct Our vision A company where the best people want to work. The world leader in chemical distribution, providing unparalleled connectivity between customers and suppliers. 2 Univar s guiding
More informationInternal Control Vulnerability Assessment (January 2011) Unit Name. Prepared by. Title. Reviewed by. Title. Reviewer s Comments
Internal Control Vulnerability Assessment (January 2011) Division Unit Name Prepared by Date Title (For Internal Control Team Use Only) Reviewed by Date Title Reviewer s Comments Return completed assessment
More informationE-VERIFY MEMORANDUM OF UNDERSTANDING ARTICLE I PURPOSE AND AUTHORITY
ARTICLE I PURPOSE AND AUTHORITY This Memorandum of Understanding (MOU) sets forth the points of agreement between the Social Security Administration (SSA), the Department of Homeland Security (DHS) and
More informationCODE OF BUSINESS CONDUCT AND ETHICS
CODE OF BUSINESS CONDUCT AND ETHICS INTRODUCTION This Code of Business Conduct and Ethics (the Code ) embodies the commitment of Sama Resources Inc. ( Sama ) to conduct its business in accordance with
More informationCounty of Sutter. Management Letter. June 30, 2012
County of Sutter Management Letter June 30, 2012 County of Sutter Index Page Management Letter 3 Management Report Schedule of Current Year s 4 Schedule of Prior Auditor Comments 9 Prior Year Information
More informationDISCIPLINARY RULES FOR EMPLOYEES
DISCIPLINARY RULES FOR EMPLOYEES DISCIPLINARY RULES FOR EMPLOYEES Page Introduction... 1 Gross misconduct... 2 Theft and dishonesty... 2 Failure to undertake the requirements of the job... 3 Breach of
More informationADELAIDE BRIGHTON LIMITED ACN
ADELAIDE BRIGHTON LIMITED ACN 007 596 018 AUDIT, RISK AND COMPLIANCE COMMITTEE COMMITTEE CHARTER 1 Membership of the committee The committee shall consist of: only non-executive directors a majority of
More informationTHE TIMBERLAND COMPANY CODE OF ETHICS
THE TIMBERLAND COMPANY CODE OF ETHICS Code of Ethics MISSION AND VALUES STATEMENT We believe the honest and ethical conduct of our employees is an essential prerequisite to our success as a company. There
More informationMiMedx Group, Inc. Code of Business Conduct and Ethics
MiMedx Group, Inc. Code of Business Conduct and Ethics 1. Introduction. 1.1 The Board of Directors of MiMedx Group, Inc. (together with its subsidiaries, the "Company") has adopted this Code of Business
More informationCODE OF CONDUCT AND ETHICS
CODE OF CONDUCT AND ETHICS Policy #: POL0020154 Effective date: October 24, 2017 Version: 6.0 COPYRIGHT 2017 SERVICENOW, INC. ALL RIGHTS RESERVED 2225 Lawson Lane, Santa Clara, CA 95054, USA This document
More informationACCOUNTABILITY FRAMEWORK FOR HUMAN RESOURCE MANAGEMENT
ACCOUNTABILITY FRAMEWORK FOR HUMAN RESOURCE MANAGEMENT All Deputy Ministers, Associate Deputy Ministers, Executives, Senior Officials, supervisors, and human resource professionals in the BC Public Service
More informationSOURCE SELECTION PLAN. {Insert if Phase I or Phase II} {Insert Project Name} {Insert Project Acronym} SOLICITATION XXXXXX-xx-R-xxxx
SOURCE SELECTION PLAN {Insert if Phase I or Phase II} {Insert Project Name} {Insert Project Acronym} SOLICITATION XXXXXX-xx-R-xxxx {INSERT MONTH & YEAR} COORDINATION: Contracting Officer Date IPT Leader
More informationto inform employees of their obligation to report serious wrongdoing within Monsanto India;
MONSANTO INDIA LIMITED MONSANTO SPEAK-UP PROTOCOL FOR INDIA 1. BACKGROUND 1.1 Monsanto India Limited (hereinafter referred to as Monsanto India or the Company ) is committed to conducting business with
More information