Policies

Download Free FERC-NERC ISO 27002 Policy Map. This document explain how specific policy topic ISO 17799/27001 map to the cyber security requirements of the Mandatory Reliability Standards for Critical Infrastructure Protection from Federal Energy Regulatory Commission (FERC).

Download Free IT Security Awareness and Training Program Plan Templates. This templates consist of explanation and sample of Background of the Awareness and Training Program such as: OMB A-130, Appendix III, Federal Information Security Management Act (FISMA) or Specific department and/or agency policy (and other relevant information or rationale that may drive an awareness and training program and plan). This template also give complete

Until its final enactment on June 1, 2007, REACH (EC 1907/2006) was a matter not only of serious legislative debate, but also on the receiving end of bitter condemnation. And though it may still be grounds for all sorts of feelings, good and bad, the fact is that its regulations will force businesses around the world to make some excruciating decisions about tens of thousands of substances by June 2008, because that is the date of the first regulatory deadline set to affect existing chemical products. REACH, whose provisions will be phased-in over 11 years, now replaces 40 existing pieces of legislation in the European Union (EU). Companies can find explanations of REACH in the guidance documents, on the EU’s REACH web site (see Figure 12-1) and a number of help desks are available for consultation. The European Commission is slated to conduct a series of reviews of REACH Annexes until December 2008 (Annexes I, IV, V, XI, XIII).

What REACH says

The TSCA (which hasn’t been amended since its enactment over 30 years ago) is to REACH what a speck of dust is to the sun. The difference between them — to say nothing of both the immediate and long-term consequences of the latter — is enormous. Remember our discussion on the difference between substances and materials? Well, this is where those differences come into play even as they are obliterated. Forget materials. REACH forces companies to comply on the level of substances — an enormous task compared to complying with the TSCA.

The current registration process, in which you must register every product you make with the European Chemicals Agency (ECA), covers nearly 30,000 substances. Of these, 2,500 are likely to be hazardous to human health or the environment and will have to undergo continued testing to show that they can be used safely. Over the next dozen years, however, as many as 100,000 existing substances will be subject to REACH evaluation, authorization, and, in many cases, restriction. Ultimately, the ECA estimates that a total of 150,000 to 200,000 substances will be registered, though some authorities put that number much higher, going so far as to suggest that there will be half a million applications for approval.

Safely retaining and securing data is an important aspect of an effective security strategy. Business demands, increased user requirements and even compliance concerns (i.e., Sarbanes-Oxley) have created a need for a comprehensive Storage Security Policy.

This policy's purpose is to preserve the organization's critical data from damage, disaster, and misuse as well as to ensure fulfillment of compliance requirements, ensure privacy, optimize storage space, reduce the cost of data retention, and ensure that outdated records are properly destroyed. It includes a policy you can customize to meet your needs as well as a risk assessment spreadsheet you can use to judge just how much your organization is at risk by not having this policy in place.

Download Page

1980 Organization for Economic Cooperation and Development (OECD) Guidelines focus on area:
1. Data collection limitations
2. The quality of data
3. Specifications of the purpose for data collection
4. Limitations of data use
5. Participation by the individual on whom the data is being collected
6. Accountability of the data controller

The OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, adopted on 23 September 1980, continue to represent international consensus on general guidance concerning the collection and management of personal information. By setting out core principles, the guidelines play a major role in assisting governments, business and consumer representatives in their efforts to protect privacy and personal data, and in obviating unnecessary restrictions to transborder data flows, both on and off line. The reflection of twenty-one years of expertise and experience shared among representatives of OECD governments, business and industry, and civil society, this publication contains the instruments that serve as the foundation for privacy protection at the global level: the 1980 OECD Privacy Guidelines, the 1985 Declaration on Transborder Data Flows and the 1998 Ministerial Declaration on the Protection of Privacy on Global Networks.

Download Page