System Configuration Standard

Owned by Vladimir Trushkin
Last updated: Sept 04, 2018 by Sezer Bozkurt (Deactivated)
2 min read


Purpose

Protect Chemwatch data and information systems by ensuring a consistent, secure configuration across devices.

Scope

This policy applies to all information systems at Chemwatch, including but not limited to, desktops/laptops, servers, network equipment, printers, mobile devices, and storage systems that store, process, or transmit Chemwatch data.

Policy

Information systems that process, transmit, or store Chemwatch data must be configured in accordance with the applicable standard for that class of device or system.  Standards must be written and maintained by the area or team responsible for the management of the system in conjunction with the IT. 

Standard software deployments, such as a database or web server, should have a standard configuration maintained by the group responsible for managing the software.

Before being deployed into production, a system must be certified to meet the applicable configuration standard in accordance with the Certification and Accreditation Procedures.

Definitions

Device Managers - Entity responsible for maintaining or managing a class of information systems.

Configuration Standard - A document or collection of documents that describe how a device should be configured.

Responsibilities

IT are responsible for developing and publishing configuration standards for the devices over which they have primary responsibility.

The CTO is responsible for reviewing and approving the standards in conjunction with the IT.

Administration and Interpretations

This policy shall be administered by Information Security.  Questions regarding this policy should be directed to the Information Security Officer.

Amendment/Termination of this Policy

The Chemwatch reserves the right to modify, amend or terminate this policy at any time.  This policy does not constitute a contract between the Chemwatch and its faculty or employees.

Exceptions

Any exception to this policy must be approved by the Information Security Office.  Exceptions to applicable standards must be documented and maintained by the team responsible for the standards.

Violations/Enforcement

Any known violations of this policy should be reported to the Chemwatch's IT.

Violations of this policy can result in immediate withdrawal or suspension of system and network privileges and/or disciplinary action in accordance with Chemwatch procedures.