Iroquois Cybersecurity Policy 1.0.docx - Iroquois Pipeline...

  • Nonesuch School
  • CIS MISC
  • amani0001
  • 22
  • 100% (1) 1 out of 1 people found this document helpful

This preview shows page 1 - 3 out of 22 pages.

Iroquois Pipeline Operating Company Cybersecurity Policy V1.0 – 8/12/16 1.0 Purpose This policy establishes the Cybersecurity program for the Company and identifies the minimum security measures necessary to protect the confidentiality, integrity, and availability of Company Data and Business Systems. It implements the guidelines established by the Interstate Natural Gas Association of America (INGAA) “ Control Systems Cyber Security Guidelines for the Natural Gas Pipeline Industry, v1.3, September 15, 2015; the Transportation Security Agency (TSA) “ Pipeline Security Guidelines, Section 7 Cyber Asset Security Measures ,” April, 2011; as well as other cybersecurity measures and best practices adopted by the Company. 2.0 Scope This policy covers all of the Company’s computer-based Business Systems, including the data they store and process and their hardware and software components (hereafter referred to collectively as “Data and Business Systems”). It applies to all employees, contractors, consultants, and third-parties having access to Company Data or Business Systems. It addresses the need to protect: the confidentiality of Company and employee information; the integrity of system functionality and data; and the availability of electronically stored or accessed data, systems and applications, and network services. Failure to comply with this policy and the standards and procedures issued in support of this policy may result in disciplinary action in accordance with the Employee Performance Improvement Policy, HR-ED-02 up to and including termination. 3.0 Administrator The Director, Information Technology is responsible for execution of this policy. 4.0 Definitions See Appendix A 5.0 Policy 5.1 Cybersecurity Governance 5.1.1 The Director, Information Technology shall: 5.1.1.1 Designate one or more persons by name as Manager, Cybersecurity for the Company and document any change within 30 calendar days of the change. All references to “Manager, Cybersecurity” in this policy refer to the designated manager(s) and their 1
supporting staff. 5.1.1.2 Designate one or more persons as a System Change Manager for each Business System. System Change Managers shall represent the business owner(s) that the system supports. 5.1.1.3 Designate one or more persons as Information Technology Managers for the Company. All references to “Information Technology Managers” in this policy refer to the designated staff members. 5.1.1.4 Maintain authority and oversight over all aspects of this policy and its implementation and shall ensure the policy remains up to date and complies with all applicable legal and regulatory security and privacy requirements. 5.1.1.5 Ensure that the Company remains compliant with the policies herein. This includes, but is not limited to, oversight for security related to networks and network connected devices including SCADA (Supervisory Control and Data Acquisition) and process control systems in coordination with Engineering Services.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture