A+ A+ CORPORATION PRESENTS: INFORMATION TECHNOLOGY DEPARTMENT

Slides:



Advertisements
Similar presentations
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Advertisements

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
VOTER REGISTRATION AND IDENTIFICATION
Aire-Master Regional Conference Human Resource Compliance Presented by Wes Garnett Hilton Hotel Phoenix, Arizona February 16, 2013.
HIPAA Privacy Rule Training
Before reviewing the following presentation click on the links below and print off the documents: NAM-43 The Bair Foundation HIPAA Policy NAM- 89 HIPAA.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
CREATED BY: HMIS Security Awareness Approved 1/10/2012 Revised 1/29/2013 Revised 3/15/2013.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Developing a Records & Information Retention & Disposition Program:
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.
New Data Regulation Law 201 CMR TJX Video.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Data Access and Data Sharing KDE Employee Training Data Security Video Series 2 of 3 October 2014.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.
Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.
1Copyright Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.
April 23, Massachusetts’ New Data Security Regulations: Ten Steps To Compliance Amy Crafts
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
ADB Project TA 3696-PAK, Regulation for Corporate Governance 1 REGULATION FOR CORPORATE GOVERNANCE IN PAKISTAN CAPITAL MARKETS.
Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.
Security and Privacy Strategic Global Partners, LLC.
Training Module 11 – Version 1.1 For Internal Use Only Communication Policy ® Corporate Communications, Disclosure and Insider Trading Policy 
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
EFFECT OF CORPORATE IT POLICIES ON OTHERWISE PRIVILEGED COMMUNICATIONS Prepared by Joel P. Hoxie of Snell & Wilmer November 2010 Presented by: Jon Barton.
Page 1 of 23 DMC’S COMMITMENT TO COMPLIANCE: COMPLIANCE PROGRAM CODE OF CONDUCT 2009 DMC Corporate Audit and Compliance Department Detroit Medical Center©
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
CORPORATE RECORDS RETENTION POLICY TRAINING By: Diana C. Toman, Corporate Counsel & Assistant Secretary.
TRADE SECRETS Presented By Joseph A. Calvaruso Orrick, Herrington & Sutcliffe LLP 1 © AIPLA 2012.
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
Welcome to the ICT Department Unit 3_5 Security Policies.
Effect of Corporate IT Policies on Otherwise Privileged Communication By: Jonathan T. Barton.
Somerset ISD Online Acceptable Use Policy. Somerset Independent School District Electronic Resources Acceptable Use Policy The purpose of this training.
Non-Criminal Justice Agency User Agreement
The CDA Information Security Office Presents…
HIPAA Privacy Rule Training
FERC Standards of Conduct
HIPAA Privacy & Security
Mysale Information Classification 101
Office of Information Technology October 18, 2016
Learn Your Information Security Management System
Contingent Workforce: Global Privacy Laws Overview
Privacy & Confidentiality
The CDA Information Security Office Presents…
New Volunteer Orientation and Policies
External Sales & Agreements (Contracts)
PERSONAL DATA PROTECTION ACT 2010
Server Security Policy
Internal Data Destruction Audit
Red Flags Rule An Introduction County College of Morris
Disability Services Agencies Briefing On HIPAA
RECORDS AND INFORMATION
Employee Privacy and Privacy of Employee Information
IT Data destruction audit proposal
Security Awareness Training
Mysale Information Classification 101
Information Sensitivity
Code of Conduct Training and Statement of Understanding 2018
Confidentiality of Information Acknowledgment and Agreement 2018
Purchasing Contracts Training
UCA Gramm-Leach Bliley Act (GLBA) Safeguards Rule Compliance Training Effective June 12, 2018 Adapted from materials published by the Federal Trade Commission.
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Confidentiality Agreement
Move this to online module slides 11-56
Presentation transcript:

A+ A+ CORPORATION PRESENTS: INFORMATION TECHNOLOGY DEPARTMENT DATA DESTRUCTION POLICY TRAINING A+

A+ Policy Scope: Computer Hardware and Peripherals Hard Drives Thumb Drives RAM Back Up Tapes Print/Copy/Scan/Facsimile Machine Physical Records A+

A+ Training Objective: Data Destruction Policy Goes Into Effect on 11/1/16 Promulgated by the Fair Credit Reporting Act All A+ Employees & 3rd Parties are Required to Comply A+

Roles & Responsibilities: VP of IT & CIO – Sponsors & Approves Director of IT Security – Maintains IT Operations – Executes Management – Ensures Compliance IT Audit – Monitors Compliance ***All Employees*** Comply With Policy Report Non-Compliance Sign Acknowledgment (part of annual security training) A+

Data Classification Applicability: Description Public Unauthorized use or disclosure of Public data or information presents negligible risk to Company and/or its customers. Confidential Unauthorized use or disclosure of Confidential data or information presents a moderate level of risk to the Company and/or its customers. Restricted Unauthorized use or disclosure of Restricted data or information presents a significant level of risk to the Company and/or its customers. A+

Policy – Data Destruction Matrix Classification/ Medium Hard Drives Removable Storage Devices RAM Back Up Tapes Printers Physical Records Public 1, 2  1 - 2 Confidential 1, 4 1 4 1, 2, 4 5 Restricted 1, 3, 6 3, 6 1, 2, 3, 6 Minimum Destruction Requirements 1 Wipe/Clean (USB) 2 Reimage/Overwrite (tape) 3 Off-site destruction 4 On-site destruction 5 On-site shredding 6 Certificate of Destruction Required A+

A+ Enforcement: Willful Policy Violations May Result in: Disciplinary Action** Legal Action Civil Action ** Up to and Including Termination A+

A+ Acknowledgment of Data Destruction Policy Training The undersigned employee/contractors/ vendors/all other affiliates hereby acknowledges and agrees that: The employee has received the training and read the Memorandum containing an overview of the Data Destruction Policy by A+ (the “Policy”). The employee understands the terms of the Policy and agrees to abide by them. Any violation of the Policy may result in disciplinary action up to and including termination of employment for cause and Legal actions. The Policy is subject to revision by A+ which may from time to time inform employees of revisions to the Policy, and it is the employee’s responsibility to ensure that they comply with the most current Policy. I will not copy or forward the Policy, in whole or in part, to any person without the consent of the A+ IT Security Director. If you have any questions regarding the Policy or any situation not specifically addressed in the Policy, please consult with your supervisor. Designation (employee/contractors/ vendors/others): ________________________ Name: _________________________________ Signature: ______________________________ Date: ___________________________________________

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.