Orange County NC Website
Browse       Search
DocuSign Envelope ID:24BBAFA9-CD81-4144-ACEF-E9036E703739 <br /> The CISO is responsible for establishing a monitoring and reporting program that contains the following: <br /> • Security Monitoring <br /> • Internal Testing <br /> • External Examination <br /> Risk Management Reviews <br /> The Security/IT Steering Committee and Board of Directors of Jende Solutions continuously strive to <br /> maintain a clear understanding of the types of information security risks to which Jende Solutions is <br /> exposed. This is accomplished by: <br /> • Delineating clear accountability and lines of authority across Jende Solutions's businesses and <br /> information security activities. <br /> • Conducting an annual review of threats and hazards to critical operations and adjusting the <br /> information security program accordingly. <br /> • Maintaining an active oversight role as products, services, and new technologies are instituted <br /> and improved. <br /> • Providing clear guidance regarding acceptable levels of security over Jende Solutions's <br /> information assets. <br /> • Ensuring that the established policies, procedures, and controls are communicated to and <br /> observed by all employees. <br /> • Annually reviewing and approving information systems and security policies to ensure that the <br /> policies address security risks, are aligned with Jende Solutions's overall business and <br /> technology strategies, and comply with relevant laws, regulations, and rulings. <br /> • Performing an annual review and approval of the internal audit program for scope and frequency <br /> concerning compliance with information security policies. <br /> Security Monitoring <br /> The CISO is responsible for coordinating the monitoring program for all information systems activities and <br /> reporting any significant violations to company policy to Senior Management and the Security/IT Steering <br /> Committee. This includes oversight of the following duties: <br /> IT Department Responsibilities <br /> • Perform a periodic review of all systems management logs, system/application activity reports, <br /> and disk usage to search for possible security incidents. If a possible intrusion is identified, <br /> implement procedures as outlined in the Incident Response Policy. <br /> • Perform all scheduled maintenance to include software updates and maintain a log of services <br /> performed. <br /> • Perform an annual audit of all systems, software and peripheral devices to ensure an accurate <br /> software and hardware inventory. <br /> • Immediately remove any unlicensed software, hardware, or unauthorized modems from the <br /> network or any system. <br /> • Periodically review and clear error logs. <br /> • Review media backup and anti-virus logs daily to ensure that no viruses are detected and that the <br /> data was successfully backed up the previous night. <br /> • Periodically review user and group security profiles. This includes reviewing user access to <br /> systems and data based upon their business responsibilities, granting access rights based upon <br /> these job functions, and ensuring security profiles are promptly modified or revoked upon a <br /> change in job function or termination. For each audit entry, the following information will be <br /> recorded: <br /> ■ Date and Time of event <br /> ■ User ID and User involved in the event <br /> ■ Type of User action <br />