100%(1)1 out of 1 people found this document helpful
This preview shows page 1 - 3 out of 22 pages.
Iroquois Pipeline OperatingCompanyCybersecurity PolicyV1.0 – 8/12/161.0PurposeThis policy establishes the Cybersecurity program for the Company and identifies the minimum security measures necessary to protect the confidentiality, integrity, and availability of Company Data and Business Systems. It implements the guidelines established by the Interstate Natural Gas Association of America (INGAA) “Control Systems Cyber Security Guidelines for the Natural Gas Pipeline Industry,” v1.3, September 15, 2015; the Transportation Security Agency (TSA) “Pipeline Security Guidelines, Section 7 Cyber Asset Security Measures,” April, 2011; as well as other cybersecurity measures and best practices adopted by the Company.2.0ScopeThis policy covers all of the Company’s computer-based Business Systems, including the data they store and process and their hardware and software components (hereafter referred to collectively as “Data and Business Systems”). It applies to all employees, contractors, consultants, and third-parties having access to Company Data or Business Systems. It addresses the need to protect: the confidentiality of Company and employee information; the integrity of system functionality and data; and the availability of electronically stored or accessed data, systems and applications, and network services. Failure to comply with this policy and the standards and procedures issued in support of this policy may result in disciplinary action in accordance with the Employee Performance Improvement Policy, HR-ED-02 up to and including termination.3.0AdministratorThe Director, Information Technology is responsible for execution of this policy.4.0DefinitionsSee Appendix A5.0Policy5.1Cybersecurity Governance5.1.1The Director, Information Technology shall:18.104.22.168Designate one or more persons by name as Manager, Cybersecurity for the Company and document any change within 30 calendar days of the change. All references to “Manager, Cybersecurity” in this policy refer to the designated manager(s) and their 1
supporting staff. 22.214.171.124Designate one or more persons as a System Change Manager for each Business System. System Change Managers shall represent the business owner(s) that the system supports.126.96.36.199Designate one or more persons as Information Technology Managers for the Company. All references to “Information Technology Managers” in this policy refer to the designated staff members. 188.8.131.52Maintain authority and oversight over all aspects of this policy and its implementation and shall ensure the policy remains up to date and complies with all applicable legal and regulatory security and privacy requirements.184.108.40.206Ensure that the Company remains compliant with the policies herein. This includes, but is not limited to, oversight for security related to networks and network connected devices including SCADA (Supervisory Control and Data Acquisition) and process control systems in coordination with Engineering Services.