Information Incident Management Process
|
|
- Leon Leo Moody
- 6 years ago
- Views:
Transcription
1 September 2011 Infrmatin Incident Management Prcess Office f the Gvernment Chief Infrmatin Officer Ministry f Citizens Services and Open Gvernment
2 Table f Cntents Plicy Overview... 3 Objectives... 3 Scpe... 3 Supprting Dcuments:... 4 Sectin 1: Infrmatin Incidents... 5 Sectin 2: Appendices Ministry f Citizens Services and Open Gvernment Page 2
3 Infrmatin Incident Management Prcess Plicy Overview This plicy was develped t prvide plicy directin t guide emplyees and business wners (including supervisrs and cntract service prviders) in respnding t incidents that threaten infrmatin privacy r security. Plicy directin is ffered thrugh the fllwing sectins: Sectin 1 Infrmatin Incidents Sectin 2 Appendices A. Key Definitins B. Prcess Flw Chart C. Infrmatin Management/Infrmatin Technlgy (IM/IT) Guiding Principles Fr questins r cmments regarding this plicy and ther Infrmatin Management/Infrmatin Technlgy plicy, please cntact: Infrmatin Security Branch Office f the Gvernment Chief Infrmatin Officer Ministry f Citizens Services Telephne: Objectives The bjectives f this plicy are t: 1. Prvide a plicy framewrk fr respnding t infrmatin incidents in accrdance with legislative and plicy requirements; 2. Cnslidate plicy by functin (infrmatin incident management) rather than by business area (security, privacy, recrds management, etc.); 3. Assist emplyees and business wners (including supervisrs and service prviders) in understanding their respnsibilities in addressing infrmatin incidents. Scpe This plicy applies t emplyees and business wners (including supervisrs and cntract service prviders) r any persn handling infrmatin managed (e.g., cllected, accessed,used, shared, stred, disclsed, dispsed f, r archived) by the gvernment f British Clumbia. Ministry f Citizens Services and Open Gvernment Page 3
4 Supprting Dcuments: The fllwing dcuments and tls supprt the applicatin f this plicy: 1. Freedm f Infrmatin and Prtectin f Privacy Act (FOIPPA) 2. Prcess fr Respnding t Privacy Breaches 3. Infrmatin Security Plicy 4. General Incident and Lss Reprt (GILR) 5. Infrmatin Incident Checklist 6. Easy Guide fr Infrmatin Incidents Ministry f Citizens Services and Open Gvernment Page 4
5 Sectin 1: Infrmatin Incidents This sectin defines the steps that must ccur in respnse t an infrmatin incident, including the rles and respnsibilities f the stakehlders. An infrmatin incident is a single r a series f unwanted r unexpected events that threaten privacy r infrmatin security. Infrmatin incidents include the cllectin, use, disclsure, access, dispsal, r strage f infrmatin, whether accidental r deliberate, that is nt authrized by the business wner f that infrmatin. Infrmatin incidents include privacy breaches, which are a cllectin, use, disclsure, access, dispsal, r strage f persnal infrmatin, whether accidental r deliberate, that is nt authrized by the Freedm f Infrmatin and Prtectin f Privacy Act (see Appendix A Key Definitins fr ther terms.) Plicy Prcess 1. The Gvernment Chief Infrmatin Officer is respnsible fr the crdinatin, investigatin, and reslutin f infrmatin incidents. 2. All actual r suspected infrmatin incidents must be reprted immediately t yur supervisr and t the Gvernment Chief Infrmatin Officer using the Infrmatin Incident Management Prcess (belw). 3. The Gvernment Chief Infrmatin Officer is slely respnsible fr liaising with the Office f the Infrmatin and Privacy Cmmissiner regarding an actual r suspected privacy breach. The nly exceptin may ccur under the Whistle Blwer prvisin within Sectin 30.3 f the FOIPP Act which allws fr infrmatin sharing with the Cmmissiner by an emplyee acting in gd faith. 4. Deputy Ministry s will be respnsible fr decisins relating t ntificatins when a decisin must be made t nt ntify individual(s) based n a balance f harms. Event Reprting and Triage Phase 1. Any emplyee, service prvider r ther persn wh discvers a suspected r actual infrmatin incident (including privacy breaches) must immediately reprt it t their supervisr r designated management cntact (if ne has been appinted). 2. The supervisr r management cntact, must als immediately reprt the infrmatin incident t the Office f the Gvernment Chief Infrmatin Officer by: a. Calling the Shared Services BC Service Desk at r tll-free at (available 24 hurs a day); and b. Selecting Optin 3 and stating they require an Infrmatin Incident Investigatin. Ministry f Citizens Services and Open Gvernment Page 5
6 In circumstances where the supervisr r management cntact is nt immediately available (in persn r by phne), the emplyee, service prvider r ther persn must immediately reprt the infrmatin incident as indicated abve. The service desk will take cntact infrmatin and create a ticket fr the incident reprt. The ticket will be delivered t the Gvernment Chief Infrmatin Officer s Investigatins Unit, the Chief Infrmatin Security Officer, and the Privacy Investigatins Unit. 3. Whever reprted the incident t in step 2 abve must als reprt it t their Ministry Chief Infrmatin Officer. Where apprpriate, the Ministry Chief Infrmatin Officer als ntifies the ministry executive (deputy minister / assistant deputy minister). The business wner r emplyee reprts the infrmatin incident t the Risk Management Branch thrugh a General Incident Lss Reprt (GILR) within 24 hurs f its discvery. 4. The Investigatins Unit cntacts the infrmatin incident reprter t: Assess and dcument the infrmatin incident including, if applicable, the nature, sensitivity, vlume, impact and type f incident (physical and/r infrmatin); Assist with reslving the incident and cntaining the infrmatin incident (if applicable) if it is still nging; and Prvide the infrmatin incident reprter with instructins explaining the incident respnse prcess and pririties (e.g., cntain the lss, prevent a recurrence, and determine next steps). 5. The Investigatins Unit reprts t the Standing Respnse Team. The Standing Respnse Team assesses the incident, assigns the Incident Lead wh establishes the Incident Actin Team that includes the business wner and, depending n the nature f the infrmatin incident, may include the Ministry Infrmatin Security Officer, and delegates frm the BC Public Service Agency. The Incident Actin Team als decides if additinal infrmatin shuld be gathered t determine the respnse strategy and t define wrk assignments accrding t relevant factrs, including: Type f infrmatin incident (physical and/r infrmatin); Nature and sensitivity f the incident; Vlume; and Impact and implicatins f unauthrized disclsure r asset lss. 6. The Incident Lead determines whether the infrmatin incident is majr r minr, based n relevant factrs that include: The incident invlves multiple ministries; Ministry f Citizens Services and Open Gvernment Page 6
7 The incident invlves persnal r sensitive infrmatin; Whether there is, r culd have been, a reasnable expectatin f harm t any individuals as a result f the incident; Whether individuals will be, r have been, ntified that their persnal infrmatin was breached; Whether the incident will be, r has been, reprted t the independent ffices f the Legislative Assembly, including the Office f the Infrmatin and Privacy Cmmissiner and the Office f the Auditr General; r Whether the incident has a serius r ptentially serius public impact. a) Minr infrmatin incidents: The Incident Lead will be the main pint f cntact fr the breach. The Incident Lead will refer all minr infrmatin incidents t the Ministry Chief Infrmatin Officer fr fllw-up and reslutin in cllabratin with the business wner. If the minr incident is a privacy breach, the Privacy Investigatins Unit in the Infrmatin Security Branch gives peratinal supprt and assistance as needed. If the minr breach is nt a privacy breach, the Investigatin Unit in the Infrmatin Security Branch gives peratinal supprt and assistance as needed. When requested by the Office f the Chief Infrmatin Officer, the business wner prvides a final reprt t the Ministry Chief Infrmatin Officer, the Chief Infrmatin Security Officer, and the Incident Lead. The Chief Infrmatin Security Officer r the Incident Lead will prvide peridic updates t the Gvernment Chief Infrmatin Officer as apprpriate and as needed. b) Majr infrmatin incidents: The Incident Lead crdinates an incident management and investigatin prcess in rder t cnduct an assessment and gather evidence (see Appendix B fr the prcess flw). Status reprts are sent t the Chief Infrmatin Security Officer and/the Directr, Privacy Investigatins Unit (fr incidents invlving persnal infrmatin), wh prvide peridic updates t the Gvernment Chief Infrmatin Officer as apprpriate and as needed. Nte: Privacy breaches are reslved in accrdance with gvernment s Prcess fr Respnding t Privacy Breaches. 7. Executive Ntificatins: The Chief Infrmatin Security Officer r (fr privacy breaches) Directr f the Privacy Investigatins Unit infrms the Gvernment Chief Infrmatin Officer, Ministry Chief Infrmatin Officer, Gvernment Cmmunicatins and Public Engagement, and ther Standing Respnse Team members. The Gvernment Chief Infrmatin Officer infrms the Deputy Minister f Citizens Services, wh will infrm the Minister f Citizens Services where apprpriate. Ministry f Citizens Services and Open Gvernment Page 7
8 The Ministry Chief Infrmatin Officer infrms that ministry s executive, including its deputy minister. An executive steering grup may be created t crdinate gvernment cmmunicatins. The Gvernment Chief Infrmatin Officer will liaise with the Infrmatin and Privacy Cmmissiner in accrdance with gvernment s Prcess fr Respnding t Privacy Breaches. In situatins requiring the invlvement f law enfrcement, the Incident Lead ntifies the Assistant Deputy Minister, Plice Services Divisin, Ministry f Public Safety and Slicitr General. Where this invlves a public servant, the Incident Lead must als ntify the Public Service Agency. Additinally, when the Public Service Agency becmes aware that a public servant is subject t criminal investigatin, they must: i. Call the Shared Services BC Service Desk at r tll-free at (available 24 hurs a day); and ii. Select Optin 3 and state that they require a Security Investigatin. Investigatin and Reslutin Phase fr Majr Infrmatin Incidents 8. The Incident Lead leads the investigatin and management f the incident. The Privacy Investigatins Unit takes the lead fr privacy breaches; the Investigatins Unit takes the lead fr ther infrmatin incidents. During the investigatin: The Incident Lead will wrk with the affected ministry, s the ministry can ntify affected parties and take ther required actins as apprpriate. Ntificatin fr privacy breaches is in accrdance with gvernment s Prcess fr Respnding t Privacy Breaches. The Incident Lead will prvide status reprts t the Chief Infrmatin Security Officer, the Directr f the Privacy Investigatins Unit (fr incidents invlving persnal infrmatin), the Ministry Chief Infrmatin Officer, and the business wner. The Chief Infrmatin Security Officer r the Directr, Privacy Investigatins Unit (fr incidents invlving persnal infrmatin) will prvide status reprts t the Gvernment Chief Infrmatin Officer. Where necessary, the Gvernment Chief Infrmatin Officer liaises with the respnsible ministry s executive (deputy minister / assistant deputy minister) and the Office f the Infrmatin and Privacy Cmmissiner. 9. Ntificatin f Affected Individuals The impact f privacy breaches must be reviewed t determine if it is apprpriate t ntify individuals whse persnal infrmatin has been affected by the breach. The Incident Lead will wrk with the affected ministry, s the ministry can ntify affected parties and take ther required actins as apprpriate. Ntificatin fr privacy breaches is in accrdance with gvernment s Prcess fr Respnding t Privacy Breaches. Ministry f Citizens Services and Open Gvernment Page 8
9 The key cnsideratin in deciding whether t ntify an affected individual is whether it is necessary t avid r mitigate harm t an individual, such as: A risk f identity theft r fraud A risk f physical harm A risk f hurt, humiliatin r damage t reputatin r A risk t business r emplyment pprtunities. Other cnsideratins in determining whether t ntify individuals include: Legislative requirements fr ntificatin; Cntractual bligatins requiring ntificatin; A risk f lss f cnfidence in the public bdy and/r gd custmer/client relatins dictates that ntificatin is apprpriate. Cmpliance Ntificatin is determined based n the balance f harms. Under this principle, an individual(s) wh culd ptentially face harm as a result f an infrmatin incident may nt be ntified if it is determined that the harm that wuld result frm cnducting ntificatin wuld utweigh the benefit t be gained frm the ntificatin. Imprtant: Where an infrmatin incident invlves the ptential fr significant harm t an individual(s), the decisin t nt ntify individual(s) is based n the balance f harms and must be apprved by the Deputy Minister f the respnsible ministry. If it is determined that ntificatin f individuals is apprpriate: Ntificatin shuld ccur as sn as pssible fllwing the breach and Affected individuals shuld be ntified directly, whenever pssible. 10. When clsing an infrmatin incident file, the Incident Lead ntifies the Chief Infrmatin Security Officer, the Directr, Privacy Investigatins Unit (fr incidents invlving persnal infrmatin), the Ministry Chief Infrmatin Officer, and the business wner. In sme cases the Incident Lead writes a final reprt, including recmmendatins, and submits it t required stakehlders. There are tw types f recmmendatins included in final reprts: mandatry recmmendatins (directives), which must be implemented; and advisry recmmendatins, which the ministry decides whether t implement (the Ministry Chief Infrmatin Officer infrms the Office f the Gvernment Chief Infrmatin Officer f the decisin). 11. Gvernment, the ministry, r the business wner is, as applicable, respnsible fr implementing the final reprt s mandatry recmmendatins and reprting their status and results t the Ministry Chief Infrmatin Officer, Chief Infrmatin Security Officer and Ministry f Citizens Services and Open Gvernment Page 9
10 the Directr f the Privacy Investigatins Unit (fr incidents invlving persnal infrmatin). 12. The Chief Infrmatin Security Officer and the Directr f the Privacy Investigatins Unit (fr incidents invlving persnal infrmatin) review the reprt and, if necessary, frward implementatin results t the Gvernment Chief Infrmatin Officer. 13. The Chief Infrmatin Security Officer may perfrm cmpliance reviews r may audit the implementatin f the recmmendatins and its effectiveness. The CISO reprts the review r audit results t Gvernment Chief Infrmatin Officer. (Fr privacy issues, the Directr f the Privacy Investigatins Unit will als participate in the audit/review prcess). Respnsibilities Emplyee Supervisr In the case f the actual r suspected incident, the emplyee s respnsibilities are t: Reprt the infrmatin incident immediately t their supervisr, the Gvernment Chief Infrmatin Officer (by calling the Shared Services BC Service Desk at r tll-free at and selecting Optin 3), and the Ministry Chief Infrmatin Officer. Recver the cnfidential r persnal infrmatin if pssible, r therwise cntain the incident t lessen the impacts and implicatins fr gvernment and individuals. (Nte: If the incident invlves infrmatin technlgy, seek the directin f the Investigatins Unit befre taking any cntainment steps). Remediate the infrmatin incident by wrking cllabratively with the Investigatin Unit, Standing Respnse Team, the Gvernment Chief Infrmatin Officer s staff r thers t determine the specifics f the incident and reslve it. Prevent infrmatin incidents by being diligent in the handling f cnfidential r persnal infrmatin, and being an active participant in develping the culture f prudent infrmatin management. In the case f the actual r suspected incident supervisr s respnsibilities are t: Reprt receive the reprt abut the infrmatin incident frm the emplyee and prvide directin n assessing the incident and ensuring it is reprted centrally (t the Office f the Gvernment Chief Infrmatin Officer by calling the Shared Services BC Service Desk at r tll-free at and selecting Optin 3) and lcally (ntifying senir managers, the Ministry Chief Infrmatin Officer) within the wrkplace. Recver determine if the cnfidential r persnal infrmatin can be recvered, r if the lss/disclsure can therwise be cntained. (Nte: If the incident invlves infrmatin technlgy, seek the directin f the Investigatins Unit befre taking any cntainment steps). Ministry f Citizens Services and Open Gvernment Page 10
11 Remediate wrk cllabratively with the Business Owner, the Standing Respnse Team, the Gvernment Chief Infrmatin Officer s staff, r thers t determine the specifics f the infrmatin incident and t implement the steps needed t reslve it. Prevent infrmatin incidents by Implementing recmmendatins frm the Incident Reprt and ensuring that emplyees knw and understand hw t apply changes in the handling f cnfidential r persnal infrmatin. Participating in the develpment f a culture fr the prudent management f infrmatin, including by prviding training. Ensuring emplyees understand their respnsibility in reprting all actual and suspected infrmatin incidents, including cntaining the lss and/r recvering the infrmatin. Business Owner and Cntract Manager In the case f the actual r suspected infrmatin incident, the business wner s and gvernment Cntract Managers respnsibilities are t: Reprt ensure the infrmatin incident is reprted immediately t the Office f the Gvernment Chief Infrmatin Officer (by calling the Shared Services BC Service Desk at r tll-free at and selecting Optin 3), senir managers, and the Ministry Chief Infrmatin Officer. Recver the cnfidential r persnal infrmatin if pssible, r therwise cntain the incident t lessen the impacts and implicatins fr gvernment and individuals. (Nte: If the incident invlves infrmatin technlgy, seek the directin f the Investigatins Unit befre taking any cntainment steps). Remediate the infrmatin incident: As incident wner and as apprpriate as gvernment cntract manager n behalf f a cntracted service prvider By wrking cllabratively with the Investigatin Unit By supprting the investigatin and the Standing Respnse Team, the Gvernment Chief Infrmatin Officer s staff, r thers t determine the specifics f the infrmatin incident and reslve it By ntifying individuals r parties affected by the incident, where directed Prevent infrmatin incidents by: Ensuring that emplyees knw and understand hw t apply changes in the handling f cnfidential r persnal infrmatin. Being diligent in the handling f cnfidential r persnal infrmatin. Implementing recmmendatins frm the Infrmatin Incident Reprt Prcess and reprting the results the Chief Infrmatin Security Officer and the Directr f the Privacy Investigatins Unit, Infrmatin Security Branch. Develping a culture fr the prudent management f infrmatin, including by prviding training. Ensuring emplyees understand their respnsibility in reprting infrmatin incidents, including cntaining the lss and/r recvering the infrmatin. Ensuring Cntractrs and Service Prviders understand their respnsibilities under the Infrmatin Incident Reprt Prcess and wrking with them t ensure timely and accurate reprting. Ministry f Citizens Services and Open Gvernment Page 11
12 Supprting the audit activities f the Office f the Gvernment Chief Infrmatin Officer. Cntractr r Service Prvider In the case f an actual r suspected infrmatin incident, the cntractr s respnsibilities are t: Reprt Cntractrs will ensure that any f their emplyees, service prviders, r ther persns wh discvers a suspected r actual infrmatin incident (including privacy breaches) immediately ntify their supervisr r manager and reprt it t their Gvernment cntract manager. The gvernment cntract manager is then required t immediately reprt the infrmatin incident t the Office f the Gvernment Chief Infrmatin Officer by: Calling the Shared Services BC Service Desk at r tll-free at (available 24 hurs a day); and selecting Optin 3 and stating they are reprting an infrmatin incident. In circumstances where the cntractr s emplyee, service prvider r ther persn is unable t immediately infrm their supervisr r manager, they are required t immediately reprt the infrmatin incident t their Gvernment cntract manager. In circumstances where the emplyee, supervisr r manager is unable t immediately infrm the gvernment cntract manager, they are required t immediately reprt the infrmatin incident as utlined abve by calling the Shared Services BC Service Desk and fllwing up as sn pssible thereafter with the gvernment cntract manager. Recver the cnfidential r persnal infrmatin if pssible, r therwise cntain the incident t lessen the impacts and implicatins fr gvernment and individuals. (Nte: If the incident invlves gvernment infrmatin technlgy, seek the directin f the Cntract Manager t seek the assistance f the Investigatins Unit befre taking any cntainment steps). Remediate the infrmatin incident: With the gvernment Cntract Manager as the incident wner By wrking cllabratively with the Cntract Manager and the Investigatin Unit By supprting the investigatin and the Standing Respnse Team, the Gvernment Chief Infrmatin Officer s staff, r thers t determine the specifics f the infrmatin incident and reslve it By ntifying individuals r parties affected by the incident, where and as directed by the Incident Actin Team and the gvernment cntract manager. Prevent infrmatin incidents by: Ensuring that emplyees knw and understand hw t apply changes in the handling f cnfidential r persnal infrmatin. Being diligent in the handling f cnfidential r persnal infrmatin. Ministry f Citizens Services and Open Gvernment Page 12
13 Implementing recmmendatins frm the Infrmatin Incident Reprt Prcess and reprting the results the Chief Infrmatin Security Officer and the Directr f the Privacy Investigatins Unit, Infrmatin Security Branch. Develping a culture fr the prudent management f infrmatin, including by prviding training. Ensuring emplyees understand their respnsibility in reprting infrmatin incidents, including cntaining the lss and/r recvering the infrmatin. Ministry Chief Infrmatin Officer (MCIO) Ministry pint f cntact fr: receiving reprts abut the management f the incident frm the supervisr, emplyee, r business wner (including service prviders); cmmunicating advice and infrmatin t / frm the Incident Lead and the Standing Respnse Team; and receiving status reprts and the final investigatin reprt frm the Infrmatin Incident Lead, and distributing them as necessary. Fr minr infrmatin incidents, the MCIO is the Incident Lead s main pint f cntact fr fllw-up and reslutin in cllabratin with the business wner. Ensures infrmatin incidents are reprted within 24 hurs t the Risk Management Branch via the General Incident and Lss Reprt. Crdinates infrmatin incident cmmunicatin and updates internally (including with ministry executive). Respnsible within the ministry fr delegatin f rles and respnsibilities under this infrmatin incident prcess. Supprts the infrmatin incident investigatin prcess. Liaises with ther ministry chief infrmatin fficers in multi-ministry incidents. Ensures that the business wner (including service prviders) reprts the result f the infrmatin incident reslutin t the Chief Infrmatin Security Officer and the Directr f the Privacy Investigatins Unit (fr incidents invlving persnal infrmatin). Reviews the infrmatin incident investigatin reprts and cnveys results t the respnsible ministry executives as apprpriate. Assists prgram areas in reviewing and rectifying existing prcedures, where necessary. Ensures that the business wner implements the recmmendatins f the final reprt and reprts the implementatin results t the Chief Infrmatin Security Officer and the Directr f the Privacy Investigatins Unit (fr incidents invlving persnal infrmatin). Ensures that the audit activities f the Office f the Gvernment Chief Infrmatin Officer are supprted by the ministry. Receives, fllws up and reslves minr incidents in cllabratin with the business wner. Ministry Executives (DMs, ADMs) Receives reprts n infrmatin incidents frm Ministry Chief Infrmatin Officer and thers, as applicable. Ensures that details abut the infrmatin incident are cnveyed as necessary t senir levels f gvernment. Supprts the infrmatin incident investigatin. Ensures that the recmmendatins f the final reprt are apprpriately implemented. Ministry f Citizens Services and Open Gvernment Page 13
14 Chief Infrmatin Security Officer (CISO) Member f the Standing Respnse Team. Reprts infrmatin incidents (except privacy breaches) t the Gvernment Chief Infrmatin Officer, where apprpriate. Fllws established prtcls fr criminal ffenses r ther law enfrcement matters. Reviews ministries reprts n hw they reslved infrmatin incidents. Reviews investigatin reprts. Prvides reprts n infrmatin incident investigatins, except fr privacy breaches, t the Gvernment Chief Infrmatin Officer. Reviews reprts n the implementatin f recmmendatins. Initiates audits n the implementatin f recmmendatins, where necessary. Directr f the Privacy Investigatins Unit, Infrmatin Security Branch Member f the Standing Respnse Team. Reprts privacy breaches t the Gvernment Chief Infrmatin Officer, where apprpriate. Reviews ministries reprts n hw they reslved privacy breaches. Prvides reprts n privacy breach investigatins t the Gvernment Chief Infrmatin Officer. Reviews reprts n the implementatin f recmmendatins cncerning privacy breaches. Recmmends audits t the CISO n the implementatin f recmmendatins, where necessary. Participates in audits and reviews, where necessary. Upn the directin f the Gvernment Chief Infrmatin Officer, liaises with the Office f the Infrmatin and Privacy Cmmissiner n privacy breaches. Directr f the Investigatins and Frensics Unit, Infrmatin Security Branch Member f the Standing Respnse Team. Reprts security incidents t the Gvernment Chief Infrmatin Officer, where apprpriate. Reviews ministries reprts n hw they reslved security incidents. Prvides reprts n security investigatins t the Gvernment Chief Infrmatin Officer. Reviews reprts n the implementatin f recmmendatins cncerning security incidents. Recmmends audits t the CISO n the implementatin f recmmendatins, where necessary. Participates in audits and reviews, where necessary. Privacy Investigatins Unit, Infrmatin Security Branch Subject matter experts in privacy breach management. The Incident Actin Lead fr privacy breaches. Prvides privacy breach management advice t business wner and Ministry Chief Infrmatin Officer. Prvides privacy breach investigatin status reprts and final reprt with recmmendatins t the Chief Infrmatin Security Officer and Directr f the Privacy Investigatins Unit, Infrmatin Security Branch. Prvides immediate incident management (including cntainment) advice t the Business wner. Ministry f Citizens Services and Open Gvernment Page 14
15 Prvides privacy expertise. Recmmends t the business wner that the affected peple be ntified f the infrmatin incident. Participates in audits n the implementatin f the recmmendatins, where necessary. Investigatins and Frensics Unit, Infrmatin Security Branch Subject matter experts in nn-privacy breach management and infrmatin incident investigatins. The Incident Actin Lead fr security incidents. Prvides immediate incident management (including cntainment) advice t the Business wner. Fllws established prtcls fr criminal ffenses r ther law enfrcement matters. Prvides nn-privacy breach infrmatin incident investigatin status reprts and the final reprt with recmmendatins t the Chief Infrmatin Security Officer. Prvides nn-privacy breach management advice t business wner and MCIO. Prvides investigatins expertise. Perfrms audits n the implementatin f the recmmendatins, where necessary. Gvernment Chief Infrmatin Officer Respnsible fr the crdinatin, investigatin, and reslutin f all infrmatin incidents, including privacy breaches. Receives and reviews status reprts and, where applicable, final infrmatin incident investigatin reprts and reprts n implementatin f recmmendatins. Ensures that the recmmended cntrls f the final reprt are apprpriately implemented thrugh audits. Reprts infrmatin incidents t the Deputy Minister f Citizens Services. Cntacts respnsible ministry executives t ensure apprpriate cmmunicatin, recmmendatin, and cllabratin, where apprpriate. Liaises with the Office f the Infrmatin and Privacy Cmmissiner n privacy breaches, where apprpriate. Deputy Minister, Ministry f Labur, Citizens Services and Open Gvernment (CITZ DM) Receives infrmatin incident and investigatin reprts, where necessary. Ensures that details abut the incident are cnveyed as necessary t senir levels f gvernment. Ministry f Citizens Services and Open Gvernment Page 15
16 Sectin 2: Appendices A. Key Definitins B. Prcess Flw Chart C. Simplified Flw Chart D. Infrmatin Management/Infrmatin Technlgy (IM/IT) Guiding Principles Ministry f Citizens Services and Open Gvernment Page 16
17 Appendix A Key Definitins Business Owner the peratinal unit (such as a branch r a service prvider) in which the infrmatin incident ccurred. Cntract Manager the persn(s) respnsible fr the versight f a Cntractr r Service Prvider. It shuld be nted that this culd als include gvernment persnnel respnsible fr less frmal infrmatin sharing arrangements. Cntract Service Prvider a persn r rganizatin retained under a cntract t perfrm services fr a public bdy. Incident Actin Team the team pulled tgether t take actin and respnd t the incident. The team includes the Incident Lead and the business wner at a minimum. The team may invlve, depending n the nature f the infrmatin incident, the Ministry Infrmatin Security Officer, and delegates frm the BC Public Service Agency. Incident Lead the OCIO member assigned by the Standing Respnse Team as the investigative lead fr managing the incident. Infrmatin Incident a single r a series f unwanted r unexpected events that threaten infrmatin security r privacy. Persnal Infrmatin - means recrded infrmatin abut an identifiable individual ther than business cntact infrmatin. Persnal infrmatin can be abut gvernment emplyees, gvernment clients r thers and may be held by gvernment r administered by service prviders n behalf f gvernment. Persnal infrmatin includes, but is nt limited t: name, address, telephne number, ; race, natinal/ethnic rigin, clur, religius r plitical beliefs r assciatins; age, sex, sexual rientatin, marital status; identifying number r symbl such as scial insurance number r driver s license number; fingerprints, bld type, DNA prints; health care histry; educatinal, financial, criminal, emplyment histry; anyne else s views r pinins abut an individual and the individual s persnal views r pinins unless they are abut smene else. Privacy Breach a type f infrmatin incident where there is a cllectin f, use f, disclsure f, access t, dispsal f, r strage f persnal infrmatin, whether accidental r deliberate, that is nt authrized by the Freedm f Infrmatin and Prtectin f Privacy Act. Recrd includes bks, dcuments, maps, drawings, phtgraphs, letters, vuchers, papers and any ther thing n which infrmatin is recrded r stred by any means, whether graphic, electrnic, mechanical r therwise. Ministry f Citizens Services and Open Gvernment Page 17
18 Standing Respnse Team cnsists f the Chief Infrmatin Security Officer, the Directrs f the Privacy Investigatins and Investigatins & Frensics Units, Infrmatin Security Branch and delegates frm their ffices. Ministry f Citizens Services and Open Gvernment Page 18
19 Appendix B Prcess Flw Chart
20 Appendix C Simplified Flw Chart Crprate Infrmatin Incident Management Prcess Wrkflw Incident Discvery/Reprting Incident Investigatin/Remediatin/Preventin Gvernment CIO Emplyee Supervisr (ptin 3) Prcess starts here Emplyee reprts directly if n supervisr is immediately available Suspected/ Cnfirmed Infrmatin Incident Runs thrugh triage prcess and assigns Incident Lead Takes caller infrmatin and assigns t Gvernment CIO (Min f Citizens Services) Immediately reprts incident t (ptin 3) Immediately reprts incident t Supervisr IAT always includes Incident Lead (OCIO), prgram area supervisr (r alternate cntact), and MCIO (r MCIO delegate) Incident Lead frms Incident Actin Team As apprpriate, Incident Lead may invlve representatives frm PSA, Legal Services, and/r PSSG depending n the circumstances. Incident Lead als liaises with the OIPC as required. Reprts t Ministry CIO Cmpletes and submits GILR Incident Lead guides IAT and investigative activities Incident Actin Team takes ver, handles all investigative, remediative, and preventative actins Supervisr participates in IAT (r identifies alternate cntact) Emplyee prvides additinal infrmatin and cperates with IAT as required Incident Actin Team: Identifies the steps required t cntain the incident; Gathers additinal infrmatin abut the incident as apprpriate; Assesses ntificatin requirements - whether any individuals affected by an incident need t be ntified Ensures that executives and Ministers are infrmed f incidents, as apprpriate Examines whether any preventin measures are apprpriate t guard against similar incidents frm ccurring in the future Ministry f Citizens Services and Open Gvernment Page 17
21 Appendix D Infrmatin Management/Infrmatin Technlgy (IM/IT) Guiding Principles Infrmatin Management/Infrmatin Technlgy Principles fr Use f Infrmatin Infrmatin Management/Infrmatin Technlgy (IM/IT) Principles utlines the principles that guide gvernment emplyees as they wrk with, handle and manage gvernment infrmatin. Intrductin: The Gvernment f British Clumbia is rich in infrmatin an asset that can help transfrm gvernment services, develp evidence infrmed plicy and prgrams, and achieve better utcmes fr British Clumbians. Applying the fllwing strategies and guiding principles in every day wrk will help gvernment achieve its verall gals and ensure infrmatin is used and managed in a way that recgnizes its value. Guiding Principles Definitin: Infrmatin is data that cnveys meaning. It is created, received, and acquired fr r by the B.C. gvernment and enables the prvisin f services. Infrmatin includes and is nt limited t: persnal data; ppulatin data (ecnmic, cultural and demgraphic data); and prgram and peratinal data (perfrmance measures and data used in plicy and prgram develpment and peratins). Strategies: Infrmatin is an asset that is shared, where apprpriate, t ptimize its value t gvernment and British Clumbians. Infrmatin, as a managed strategic gvernment-wide resurce, is leveraged with the apprpriate plicies, pririty and security, resulting in: Integratin and crdinatin f service delivery f gvernment prgrams and services; Cllabratin, innvatin and transfrmatin f service delivery t better meet the needs f citizens; and Evidence-infrmed decisin-making and prgram and plicy develpment. Right Infrmatin
22 Infrmatin meets the needs f its users, and the quality f infrmatin is apprpriate fr its purpse in terms f accuracy, relevancy, reliability, cnsistency, and cmprehensiveness. Right Persn Infrmatin is available and accessible as apprpriate. Right Purpse Infrmatin is integral t the business f gvernment, and is shared as apprpriate fr pursuing an identified purpse r t supprt achievement f gvernment plicy and/r service gals and business needs. Right Time Infrmatin is available in a timely way, when needed, t supprt business and prgram gals, needs and decisins. Right Way Infrmatin is handled in a way that respects and prtects the privacy f individuals regarding their persnal infrmatin held by gvernment and the cnfidentiality f gvernment and private sectr infrmatin. Ministry f Citizens Services and Open Gvernment Page 18
AUDIT & RISK COMMITTEE CHARTER
AUDIT & RISK COMMITTEE CHARTER Rle and Respnsibilities The Bard f The Institute f Internal Auditrs Australia (IIA-Australia) has established a Bard Audit & Risk Cmmittee as part f its respnsibilities in
More informationTERMS OF REFERENCE. Audit and Risk Committee (the "Committee") of Wilmcote Holdings Plc (the "Company")
References t the "Bard" shall mean the full Bard f Directrs. MEMBERSHIP - The Bard has reslved t establish a cmmittee f the Bard t be knwn as the Audit and Risk Cmmittee. - The Cmmittee shall cmprise at
More information[AGENCY NAME] Mandate and Roles Document. (Pure Advisory Committees)
[This sample dcument has been develped by the Agency Gvernance Secretariat. It is intended t be used fr infrmatinal purpses nly. Agencies are encuraged t adapt the dcument t meet their specific needs.
More informationAudit and Risk Management Committee Charter
Audit and Risk Management Cmmittee Charter Pivtal Systems Crpratin ("Cmpany") 1. Objectives The Audit and Risk Management Cmmittee (Cmmittee) has been established by the bard f directrs (Bard) f the Cmpany.
More informationStakeholder Relations and Communications Policy
Stakehlder Relatins and Cmmunicatins Plicy Effective January 15, 2008 Apprved by the Bard f Directrs n January 15, 2008 TABLE OF CONTENTS Sectin I Stakehlder Relatins and Cmmunicatins Plicy 1 NOVA SCOTIA
More informationEngineering IT Application Development Governance Workflow
Apprved April 6, 2018 Engineering IT Applicatin Develpment Gvernance Wrkflw This dcument is intended t define the gvernance structure and prcesses t be used in guiding the activities f the Engineering
More informationTerms of Reference - Board of Directors (approved by the Board on 12 April 2018)
Terms f Reference - Bard f Directrs (apprved by the Bard n 12 April 2018) 1. Respnsibility and Principal Duties The Bard f Directrs has the verall respnsibility fr the gvernance f the Cmpany and fr supervising
More informationInformation concerning the constitution, goals and functions of the agency, including 1 :
Annual Reprt cmpliance checklist This checklist utlines the gvernance, perfrmance, reprting cmpliance and prcedural requirements f the Financial Administratin and Audit Act 1977 and the Financial Management
More informationAudit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd
Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 3.0, 19 February 2018 Apprver Bard f Directrs St Andrew
More informationA-1110 Wien. Privacy Notice
Eurfins Lebensmittelanalytik Tel. +43 (1) 944 33 44-0 ffice@eurfins.at www.eurfins.at Privacy Ntice Table f cntents 1 Cntrller infrmatin... 2 2 What infrmatin shuld yu give Eurfins?... 2 3 Why d we use
More informationAUDIT, RISK MANAGEMENT AND COMPLIANCE COMMITTEE CHARTER
AUDIT, RISK MANAGEMENT AND COMPLIANCE COMMITTEE CHARTER August 2012 OPUS Grup Limited Audit, Risk Management and Cmpliance Cmmittee 1. GENERAL PURPOSE The primary bjective f the Audit, Risk Management
More informationPSNC Briefing on the NHS Complaints procedure (from 1 April 2009)
PSNC Briefing n the NHS Cmplaints prcedure (frm 1 April 2009) Under the prvisins f the Natinal Health Service (Pharmaceutical Services) Regulatins 2005 1 pharmacy cntractrs are required t make arrangements
More informationNCTJ Conflicts of Interest Policy and Procedures
NCTJ Cnflicts f Interest Plicy and Prcedures Purpse This plicy aims t draw attentin t the pssibility f cnflicts, minimise r prevent a cnflict ccurring and manage cnflicts that have arisen. Definitin f
More informationLocal Code Of Corporate Governance
Lcal Cde Of Crprate Gvernance Apprved by Jint Cmmittee 26 June 2017 Reprt N JC 09/2017 LOCAL CODE OF CORPORATE GOVERNANCE INTRODUCTION Crprate gvernance is the cmbinatin f prcesses and structures implemented
More informationAUDIT and ASSURANCE COMMITTEE TERMS OF REFERENCE
AUDIT and ASSURANCE COMMITTEE TERMS OF REFERENCE P U R P O S E The Cmmittee is an perating Cmmittee f the Grup Bard and is charged with the respnsibility f gaining assurance fr the Grup Bard that the rganisatin
More informationCorporate Governance Principles
Crprate Gvernance Principles Revised 05-03-2018 Amphenl s Crprate Gvernance Principles have been apprved by the Bard f Directrs and, tgether with the Cmpany s Certificate f Incrpratin, as amended and/r
More informationPolicy Coversheet. Link Tutors: appointment and responsibilities
Plicy Cversheet Name f Plicy: Link Tutrs: appintment and respnsibilities Purpse f Plicy: Intended audience(s): Apprval fr this plicy given by: T utline the arrangements fr the appintment f University Link
More informationGuidelines for submission to the NSW Population and Health Services Research Ethics Committee. Version June 2015
Guidelines fr submissin t the NSW Ppulatin and Health Services Research Versin 3.0 18 June 2015 Cntents Sectin 1: Intrductin... 3 Sectin 2: Research Gvernance... 4 Sectin 3: Submissins t the NSW PHSREC...
More informationTERMS OF REFERENCE FOR THE PROVISION OF OUTSOURCED INTERNAL AUDIT SERVICE
W&RSETA Standard Bidding Dcuments Terms f Reference TERMS OF REFERENCE FOR THE PROVISION OF OUTSOURCED INTERNAL AUDIT SERVICE 1 W&RSETA Standard Bidding Dcuments Terms f Reference 1. BACKGROUND TO W&RSETA
More informationAudit & Risk Committee Charter
Audit & Risk Cmmittee Charter AUDIT & RISK COMMITTEE CHARTER The Audit & Risk Cmmittee has been established by reslutin f the Bard f Macmahn Hldings Limited ( Macmahn r the Cmpany ). Membership The Audit
More informationFINANCE/ADMINISTRATION SECTION CHIEF
Missin: Mnitr the utilizatin f financial assets and the accunting fr financial expenditures. Supervise the dcumentatin f expenditures and cst reimbursement activities. Psitin Reprts t: Incident Cmmander
More informationCODE OF CONDUCT AND ETHICS POLICY ON CONFLICTS OF INTEREST
CODE OF CONDUCT AND ETHICS POLICY ON CONFLICTS OF INTEREST Magna Internatinal Inc. Plicy n Gifts & Entertainment 1 POLICY ON CONFLICTS OF INTEREST Magna emplyees have a duty t act in Magna s best interest.
More informationEmployee Hardship Assistance Policy
Emplyee Hardship Assistance Plicy Functinal Area: Human Resurces Applies T: All Faculty and Staff Plicy Reference(s): N/A Number: TBD Date Issued: March 4, 2013 Page(s): 6 Respnsible Persn The Directr
More informationDATA PROTECTION POLICY FOR PUPILS AND PARENTS
DATA PROTECTION POLICY FOR PUPILS AND PARENTS This Plicy is relevant t the whle schl including EYFS Cntents 1.0 Intrductin 2.0 Respnsibility fr data prtectin 3.0 Types f persnal data prcessed by the schl
More informationRisk and Audit Committee charter
Risk and Audit Cmmittee charter 1. Intrductin The Bard f Cffey Internatinal Limited ( Cffey r the Cmpany ) has established a Risk and Audit Cmmittee ( Cmmittee ). It is nted that the Cmmittee is a sub-cmmittee
More informationMay Audit and Compliance Program Charter
May 2015 Audit and Cmpliance Prgram Charter TABLE OF CONTENTS PAGE 1.0 BACKGROUND 2 2.0 AUDIT AND COMPLIANCE ASSESSMENT 2 3.0 KEY LEGISLATIVE AUTHORITY AND POWERS 4 4.0 VALUES 5 5.0 STEPS IN THE ASSESSMENT
More informationPolicy Planning and Analysis Team (PAT) Charter
Plicy Planning and Analysis Team (PAT) Charter Purpse f this Charter Dcument This charter defines the missin, guiding principles, scpe, rles, membership, and peratins fr the Plicy Planning and Analysis
More informationCRSP Index Governance Committees Terms of Reference. Introduction... 2 Governance and Oversight Control Framework... 3 Index Oversight Committee...
CRSP Index Gvernance Cmmittees Terms f Reference CRSP Center fr Research in Security Prices The University f Chicag Bth Schl f Business Chicag, IL 60603 Intrductin... 2 Gvernance and Oversight Cntrl Framewrk...
More informationAUDIT COMMITTEE CHARTER
AUDIT COMMITTEE CHARTER WBHO Audit Cmmittee Charter Page 1 f 9 Intrductin The Audit Cmmittee is cnstituted as a statutry cmmittee f the Cmpany in respect f its statutry duties in terms f Sectin 94(1) f
More informationBROCKTON AREA MULTI-SERVICES, INC. ORGANIZATION AND POLICY GUIDE
Page 1 f 6 Subject: Plicy and Prcedure Regarding Prgressive Disciplinary Actin Plicy Date Develped: 7/01/06 Date(s) Reviewed/Revised: 5/4/10 PURPOSE: T define BAMSI s plicy n Prgressive Disciplinary Actin
More informationChapter 17. Environmental and Social Management System and Environmental and Social Management Plan
Chapter 17 Envirnmental and Scial Management System and Envirnmental and Scial Management Plan CONTENTS 17 ENVIRONMENTAL AND SOCIAL MANAGEMENT SYSTEM AND ENVIRONMENTAL AND SOCIAL MANAGEMENT PLAN 17-1 17.1
More informationCritical Incident Policy
Critical Incident Plicy Scpe This plicy is applicable t Kaplan Business Schl Pty Ltd and t critical incidents that may ccur while students are undertaking study at Kaplan Business Schl, (Kaplan). Purpse
More informationDepartment of Environment Land, Water and Planning
Department f Envirnment Land, Water and Planning Psitin purpse The Senir Plicy Officer is part f the Building Unit which is respnsible fr the delivery f plicies and brad based strategies t achieve imprved
More informationWork Instruction. for Change Management. Work Instruction Administrator John Doe Chief Corporeal Officer ACME
Wrk Instructin fr Change Management Wrk Instructin Administratr Jhn De Chief Crpreal Officer Wrk Instructin Authr Benjamin M.A. Rbsn Directr f Operatins IPSec Pty Ltd Date f Last Update 3/05/2011 12 Mrtuary
More informationHIPAA Privacy Rule LINKS AND RESOURCES AFFECTED ENTITIES IMPACT ON EMPLOYERS. Provided by Brown & Brown of Louisiana, LLC
Prvided by Brwn & Brwn f Luisiana, LLC HIPAA Privacy Rule The HIPAA Privacy Rule establishes natinal standards t prtect individuals medical recrds and ther persnal health infrmatin. The Privacy Rule applies
More informationRisk Management Policy
Risk Management Plicy 1. Purpse The purpse f this plicy is t prvide clear guidelines fr the management f risk. Risk is defined as the effect f uncertainty n bjectives. 1 Risk Management is the discipline
More informationPershing Financial Services Guide (FSG) including its Privacy Policy
Pershing Financial Services Guide (FSG) including its Privacy Plicy Issued by Pershing Securities Australia Pty Ltd ABN 60 136 184 962 Australian Financial Services License N. 338 264 Date FSG was prepared:
More informationBoard of Directors Job Description
Bard f Directrs Jb Descriptin Abut SVP s Bard f Directrs Members at Large SVP Bulder Cunty s Bard f Directrs is cmprised f 5 t 15 members. The Executive Cmmittee includes the Bard Chair, Vice Chair, Treasurer,
More informationSummit Asset Managers Limited
Irish Infrastructure Trust Privacy Ntice Intrductin This ntice sets ut details f hw and why Summit Asset Managers Limited, f Beresfrd Curt,, Dublin 1, Ireland, acting n behalf the Irish Infrastructure
More informationCollaboration Assessment Worksheets
Part 1 f 5: Knwledge Base Cllabratin Assessment Wrksheets 1. Have the cllabrating agencies agreed upn a cmmn definitin fr the target ppulatin? Cllabrating agencies have nt determined a cmmn definitin f
More informationThe Company is a public company incorporated in Bermuda and its securities are listed on AIM.
(Incrprated in Bermuda Registratin N. 44512) POLICY FOR TRADING IN COMPANY SECURITIES The Cmpany is a public cmpany incrprated in Bermuda and its securities are listed n AIM. Schedule 1 t this Plicy cntains
More informationTASSAL GROUP LIMITED ABN Procedures for the Oversight and Management of Material Business Risks. (Approved by the Board 28 May 2015)
Prcedures fr the Oversight and Management f Material Business Risks TASSAL GROUP LIMITED ABN 15 106 067 270 Prcedures fr the Oversight and Management f Material Business Risks (Apprved by the Bard 28 May
More informationTASSAL GROUP LIMITED ABN
Plicy fr the Selectin and Appintment f Directrs TASSAL GROUP LIMITED ABN 15 106 067 270 Plicy fr the Selectin and Appintment f Directrs (Reviewed by the Bard 25 June 2013) 1 Reviewed by the Bard - 25 June
More informationCORPORATE GOVERNANCE POLICY
CORPORATE GOVERNANCE POLICY Bard Missin Sagicr Real Estate X Fund Limited ( X Fund r the Cmpany ) was incrprated in 2011 under the laws f St. Lucia as an Internatinal Business Cmpany (IBC). X Fund is cmmitted
More informationEXECUTIVE SUMMARY INTERNAL AUDIT REPORT. IOM Kingston JM JULY 2017
EXECUTIVE SUMMARY INTERNAL AUDIT REPORT IOM Kingstn JM201701 17-21 JULY 2017 Issued by the Office f the Inspectr General Page 1 f 9 Reprt n the Audit f IOM Kingstn Executive Summary Audit File N. JM201701
More informationHUMAN RESOURCES AND COMPENSATION COMMITTEE CHARTER
HUMAN RESOURCES AND COMPENSATION COMMITTEE CHARTER PURPOSE The Human Resurces and Cmpensatin Cmmittee (the Cmmittee ) f Precisin Drilling Crpratin (the Crpratin ) is a standing cmmittee f the bard f directrs
More informationTHE CLOROX COMPANY AUDIT COMMITTEE CHARTER. [Effective May 8, 2017]
THE CLOROX COMPANY AUDIT COMMITTEE CHARTER [Effective May 8, 2017] PURPOSE AND AUTHORITY The Audit Cmmittee ( Cmmittee ) is established by the Bard f Directrs ( Bard ) fr the purpses f: 1. Representing
More informationGuidelines and Recommendations Guidelines on periodic information to be submitted to ESMA by Credit Rating Agencies
Guidelines and Recmmendatins Guidelines n peridic infrmatin t be submitted t ESMA by Credit Rating Agencies 23 June 2015 ESMA/2015/609 Table f Cntents 1 Scpe... 3 2 Definitins... 3 3 Purpse f Guidelines...
More informationVOLUNTEER REGISTRATION FORM
VOLUNTEER REGISTRATION FORM Office Use Only Prgram: Site: Day(s): Time: Name Email: Phne Number (cell) (hme) (Wrk) Address Birth date What is yur current ccupatin? Are yu r have yu ever been a member f
More informationPolicy and Procedures Date: April 23, Subject: Policy and Procedures for Establishment of New Schools at Virginia Tech
Virginia Plytechnic Institute and State University N. 6150 Rev.: 1 Plicy and Prcedures Date: April 23, 2002 Subject: Plicy and Prcedures fr Establishment f New Schls at Virginia Tech 1. Purpse...1 2. Plicy...1
More informationCHARTER OF RESERVES, HEALTH, SAFETY, ENVIRONMENT AND SOCIAL RESPONSIBILITY COMMITTEE 2018
CHARTER OF RESERVES, HEALTH, SAFETY, ENVIRONMENT AND SOCIAL RESPONSIBILITY COMMITTEE 2018 The Reserves, Health, Safety, Envirnment and Scial Respnsibility Cmmittee Charter utlines the specific rles and
More informationAUDIT COMMITTEE CHARGE
AUDIT COMMITTEE CHARGE Number f Members 5-7 Must be an dd number fr purpses f vting. Cmpsitin Members shall include the Secnd Past President, the Secretary and Treasurer, at least ne ther Bard member and
More informationUSDA Forest Service Project-level Objections Process
USDA Frest Service Prject-level Objectins Prcess 36 CFR Part 218, Prject-Level Pre-decisinal Administrative Review Prcess September, 2013 What is the bjectin prcess and what happened t the appeals prcess?
More informationSempra Energy Environmental, Health, Safety and Technology Committee Charter
Sempra Energy Envirnmental, Health, Safety and Technlgy Cmmittee Charter As adpted by the Bard f Directrs f Sempra Energy n September 5, 2000 and amended thrugh Nvember 9, 2015. I. Purpse The purpse f
More informationUNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C
UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washingtn, D.C. 20549 FORM 8-K CURRENT REPORT Pursuant t Sectin 13 r 15(d) f the Securities Exchange Act f 1934 Date f reprt (Date f earliest event reprted):
More informationPurpose... 1 Definitions... 1 Policy... 2
Cntents Purpse... 1 Definitins... 1 Plicy... 2 1. Privacy Principles... 2 2. Cllectin f infrmatin... 2 3. Unique Student Identifiers (USI)... 3 4. Strage and use f infrmatin... 4 5. Disclsure f infrmatin...
More informationARIZONA FIRE DISTRICT ASSOCIATION FINANCIAL PROCEDURES POLICY
FINANCIAL PROCEDURES POLICY 1. PURPOSE The purpse f these Financial Prcedures is t prvide cnsistent applicatin f cnduct and prper internal cntrls t safeguard the assets f the Arizna Fire District Assciatin
More informationSubject Access Requests
Subject Access Requests The Data Prtectin Act 1998 gives rights t individuals in respect f the persnal data that rganisatins hld abut them. One f thse rights is the right t get a cpy f the infrmatin that
More informationGuidelines for the Development of a Cooperative Biosecurity Plan for Grazing Livestock
Guidelines fr the Develpment f a Cperative Bisecurity Plan fr Grazing Livestck July 2016 AIM Prvide guidelines fr prducer grups t set up and maintain a cperative bisecurity plan (CBP) fr an endemic disease
More informationTerms of Reference. 1. Background/Context. 1.1 Purpose
Sub-regin Steering Cmmittee Terms f Reference 1. Backgrund/Cntext 1.1 Purpse The Patients First Act, 2016 requires Lcal Health Integratin Netwrks (LHINs) t establish gegraphic sub-regins fr the purpses
More informationAccord Group Privacy Policy
Accrd Grup (WA) Pty Ltd CERTIFIED PRACTISING ACCOUNTANTS ABN: 96 210 970 944 William Murray Huse 92 Wray Avenue FREMANTLE WA 6160 PO Bx 236 FREMANTLE WA 695 Email: accrdwa@accrdwa.cm.au Telephne: (08)
More informationActive Sussex. Trustee Recruitment Pack
Active Sussex Trustee Recruitment Pack Our main aim is t imprve lcal peple s health and wellbeing thrugh the prmtin f sprt and physical activity fr all members f the cmmunity, n matter their level f activity.
More informationAudit Committee Charter
www.subsea7.cm Audit Cmmittee Charter 5 23.May.17 Mark Fley VP Grup Financial Cntrller Dd Fraser Chairman f the Audit Cmmittee Revisin Revisin Date Dcument Owner Dcument Apprver Revisin: 5 Audit Cmmittee
More informationData Protection Policy
Data Prtectin Plicy PLEASE NOTE: A new Data Prtectin Plicy, cmpliant with the requirements f the Data Prtectin Act 2018 and the Eurpean General Data Prtectin Regulatin (GDPR), is currently underging the
More information16-18Co(17)97 Appendix 2. Panel Consideration Practice Statement. Introduction. This document has been produced to:
16-18C(17)97 Appendix 2 Panel Cnsideratin Practice Statement Intrductin This dcument has been prduced t: Supprt the cnsistent cnsideratin f fitness t teach cnduct cases by Panels in line with the GTCS
More informationDisciplinary Policy. WHO is this policy for?
Disciplinary Plicy WHO is this plicy fr? Channel 4 emplyees wh ve passed their prbatinary perid Channel 4 managers This plicy des nt frm part f any emplyee s cntract f emplyment and we may amend it at
More informationSchool Business Manager
Plicy Title: Risk Assessment Plicy Authr: Schl Business Manager Audience: Staff Reviewed by: Gvernrs Review frequency: Annual Reviewed when: Octber 2016 Risk Assessment Plicy Intrductin Nrthease Manr Schl
More informationOFFICE OF THE PRESIDENT HUMAN RESOURCES POLICY MANUAL SECTION 11 JULY 28, 2006 REDUCTION IN FORCE GUIDELINES
Purpse A reductin in frce is an actin t reduce the number f emplyees in a wrk unit r university-wide. A reductin in frce may becme necessary due t reduced funding, rerganizatin, change in wrklad, r ablishment
More informationPrivacy Notice for Applicants and Tenants
Privacy Ntice fr Applicants and Tenants What we need Scttish Brders Husing Assciatin (SBHA) will be a "cntrller" f the persnal infrmatin that yu prvide t us thrugh yur cmpleted Husing Applicatin Frm, and
More informationSteering Committee of the Global Nuclear Safety and Security Network (GNSSN)
Steering Cmmittee f the Glbal Nuclear Safety and Security Netwrk (GNSSN) Attachment 1 Terms f Reference April 2012 Intrductin The glbal nuclear safety and security framewrk is the glbal framewrk fr achieving
More informationUCEA/ECU Age Discrimination Working Group Guidance. Age Discrimination Legislation Guidance Note 1: Pay and Benefits A UCEA Publication
UCEA/ECU Age Discriminatin Wrking Grup Guidance Age Discriminatin Legislatin 2006 Guidance Nte 1: Pay and Benefits A UCEA Publicatin Scpe f guidance This guidance nte addresses the implicatins f the Emplyment
More informationGuidelines for an OSHA Site Visit
Guidelines fr an OSHA Site Visit These guidelines were created t assist yu in navigating an unannunced visit frm an OSHA cmpliance fficer. The infrmatin is intended as a general guide t best practices
More informationEnterprise Risk Management Focusing on the Right Risks
Enterprise Risk Management Fcusing n the Right Risks Assciatin Cnference September 17, 2014 P L n L e A l n s a r n L t f i l C 3 1 0 2 cliftnlarsnallen.cm Discussin Objectives 1.Discuss factrs driving
More informationHuntington Bancshares Incorporated
Audit Cmmittee Apprved By: Bard f Directrs Huntingtn Bancshares Incrprated Apprval Date 1 f 6 Purpse f Cmmittee The Audit Cmmittee (Cmmittee) is established by the Bard f Directrs (Bard) t assist the Bard
More informationEmergency Support Function (ESF) 18 Business and Industry
Emergency Supprt Functin (ESF) 18 Business and Industry Lead Crdinating Agency: Supprt Agencies Pensacla Bay Area Chamber f Cmmerce Better Business Bureau f Nrthwest Flrida Century Chamber f Cmmerce Dwntwn
More informationAre you ready for the FUTURE of your Quality Management system?
1 Are yu ready fr the FUTURE f yur Quality Management system? BACKGROUND Quality Management System standard, ISO 9001 has made sme majr changes released in September 2015. Organizatins are studying and
More informationBECCLES INDOOR BOWLS CLUB
. BECCLES INDOOR BOWLS CLUB PRIVACY NOTICE FOR OUR MEMBERS We are cmmitted t respecting yur privacy. This ntice is t explain hw we may use persnal infrmatin we cllect befre, during and after yur membership
More informationPERFORMANCE DEVELOPMENT SYSTEM. Supervisory and Management Staff Appraisal. Department: Reviewer s Name: Review Period:
PERFORMANCE DEVELOPMENT SYSTEM Supervisry and Management Staff Appraisal Emplyee Name: Title: Department: Reviewer s Name: Title: Review Perid: t Date f Entry t Psitin: Date f Last Review: Type f Review:
More informationPolicy on Requesting Reasonable Accommodations from the Zoning Code
Plicy n Requesting Reasnable Accmmdatins frm the Zning Cde Backgrund The Americans with Disabilities Act (ADA), as amended, is a federal anti-discriminatin statute designed t remve barriers that prevent
More informationFINANCE & AUDIT COMMITTEE
FINANCE & AUDIT COMMITTEE Page 1 f 8 CHARTER f the Finance & Audit Cmmittee f the Bard Of Directrs f Spectral Medical Inc. Purpse The primary functin f the Finance & Audit Cmmittee (the Cmmittee ) f the
More informationOSHA INSPECTION CHECKLIST
OSHA INSPECTION CHECKLIST HANDLING AN OSHA INSPECTION The Occupatinal Safety and Health Act (OSH Act) authrizes the Occupatinal Safety and Health Administratin (OSHA) t cnduct wrkplace inspectins and investigatins
More informationInternational Standard on Auditing (Ireland) 265. Communicating Deficiencies in Internal Control to Those Charged with Governance and Management
Internatinal Standard n Auditing (Ireland) 265 Cmmunicating Deficiencies in Internal Cntrl t Thse Charged with Gvernance and Management MISSION T cntribute t Ireland having a strng regulatry envirnment
More informationEnforceable Undertakings Operational Policy
Enfrceable Undertakings Operatinal Plicy Enfrceable Undertakings Operatinal Plicy. Nvember 2018 Page 1 f 13 Enfrceable Undertakings Operatinal Plicy This plicy sets ut Maritime NZ s apprach t enfrceable
More informationIndependent Director and Audit Committee
Independent Directr and Audit Cmmittee Rules summary The listed cmpany s bard f directrs is representing the sharehlders. They are respnsible fr making decisins n the cmpany s imprtant plicies and strategies.
More informationGENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER. Amended and Restated: December 13, 2017
GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER Amended and Restated: December 13, 2017 Purpse The purpse f the Audit Cmmittee is t assist the Bard f Directrs f General Mtrs Cmpany in its versight f the
More informationResolving Professional Differences (Escalation Policy)
Reslving Prfessinal Differences (Escalatin Plicy) Apprved : LSCB May 2018 1. Intrductin Effective wrking tgether depends n an pen apprach and hnest relatinships between agencies. Prblem slving and reslutin
More informationBest Practice in Gift Agreements
Best Practice in Gift Agreements Date: September 5, 2010 Updated August 6, 2016 Prepared By: Ann Huse Categry: Recrds Management Cmments T: ahuse@miami.edu Cmment Perid: Octber 1 December 31, 2016 Descriptin
More informationCOMPLAINTS POLICY ARUNSIDE PRIMARY SCHOOL. POLICY ADOPTED: 20 th JUNE 2016 THE POLICY IS TO BE REVIEWED: November 2017
COMPLAINTS POLICY ARUNSIDE PRIMARY SCHOOL POLICY ADOPTED: 20 th JUNE 2016 THE POLICY IS TO BE REVIEWED: Nvember 2017 Arunside Primary Schl Blackbridge Lane West Sussex RH12 1RR Cmplaints Plicy (Parents
More informationTERMS AND CONDITIONS FOR APPOINTMENT OF INDEPENDENT DIRECTOR
TERMS AND CONDITIONS FOR APPOINTMENT OF INDEPENDENT DIRECTOR 1 PRIVATE & CONFIDENTIAL Date: T, Independent Directrs, Subject: Appintment as an Independent Directr InfBeans Technlgies Limited Dear Sir/Madam,
More informationBoard Committee Charters
Charter Released by the Bard f Directrs f Snva Hlding AG n June 17, 2014. Audit Cmmittee ( AC ) Charter Art. 1: Purpse The Audit Cmmittee ( AC ) reviews n behalf f the Bard the wrk and effectiveness f
More informationDraft Revision for Unified Plan, Annex B, Appendix II, #3-F
Draft Revisin fr Unified Plan, Annex B, Appendix II, #3-F F. Unified Cmmand Stakehlder Grups Tw distinct grups exist fr prviding infrmatin r cnsultatin with the Unified Cmmand. The first includes tribal
More informationSNAKK MEDIA LIMITED FINANCIAL PRODUCTS TRADING POLICY AND GUIDELINES
SNAKK MEDIA LIMITED FINANCIAL PRODUCTS TRADING POLICY AND GUIDELINES Date adpted: 5 Nvember 2015 Versin: 1 1 SCOPE OF POLICY FINANCIAL PRODUCTS TRADING POLICY AND GUIDELINES This plicy applies t all directrs,
More informationNational Management Group
Jb card Natinal Management Grup Natinal Management Grup This jb card utlines the rles and respnsibilities f the Natinal Management Grup (NMG) during all phases f a respnse t an Emergency Plant Pest (EPP)
More informationCORPORATE GOVERNANCE, NOMINATING & RISK COMMITTEE CHARTER
CORPORATE GOVERNANCE, NOMINATING & RISK COMMITTEE CHARTER PURPOSE The Crprate Gvernance, Nminating and Risk Cmmittee (the Cmmittee ) f Precisin Drilling Crpratin (the Crpratin ) is a permanent cmmittee
More informationVIVINT SOLAR, INC. COMPENSATION COMMITTEE CHARTER. (Adopted as of May 9, 2014)
VIVINT SOLAR, INC. COMPENSATION COMMITTEE CHARTER (Adpted as f May 9, 2014) PURPOSE The purpse f the Cmpensatin Cmmittee (the Cmmittee ) f the Bard f Directrs (the Bard ) f Vivint Slar, Inc. (the Cmpany
More informationYou can get help from government organizations that are not connected with us
2011 Evidence f Cverage fr Medi-Pak Advantage MA (PFFS) Chapter 9: What t d if yu have a prblem r cmplaint (cverage decisins, appeals, cmplaints) BACKGROUND SECTION 1 Intrductin Sectin 1.1 What t d if
More informationGeneral Information and Instructions NOT FOR USE
Part II Order Request Frm Ministry f the Envirnment and Climate Change General: General Infrmatin and Instructins Anyne wh has utstanding envirnmental issues that have nt been addressed thrugh the Class
More informationBulletin. Service Update Activity Type Elderly Waiver and Alternative Care Programs TOPIC PURPOSE CONTACT SIGNED TERMINOLOGY NOTICE NUMBER DATE
Bulletin NUMBER #18-25-05 DATE August 9, 2018 OF INTEREST TO Cunty Directrs Scial Services Supervisrs and Staff Cunty Public Health Directrs Tribal Health Directrs Lng Term Care Cnsultatin Cntacts HCBS
More informationDEPARTMENT: Patient & Financial POLICY DESCRIPTION: 501 (c)(3) Charity Care & Financial Assistance Policy & Procedures PAGE: 1 of 7
PAGE: 1 f 7 PURPOSE: This plicy is intended t cmply with the financial assistance and emergency care plicies required by Internal Revenue Sectin 501(r) and shall be interpreted t s cmply. This plicy applies
More informationHow to Become a Delaware Public Benefit Corporation
Hw t Becme a Delaware Public Benefit Crpratin This utline describes the majr steps required fr an existing Delaware crpratin t becme a Delaware public benefit crpratin. 1. Summary. In rder t becme a public
More information