Orange County NC Website
Browse       Search
DocuSign Envelope ID:24BBAFA9-CD81-4144-ACEF-E9036E703739 <br /> Information Technology Steering Committee, in conjunction with the Chief Information Security Officer, will <br /> assess the adequacy of the security awareness education and training program on a yearly basis. <br /> Termination Processes <br /> The following standards will be followed upon the resignation of an employee, member of Management, <br /> IT Staff contractor or third party user, or service provider. <br /> Employee Resignation <br /> • Human Resources will immediately notify IT when the resignation is received. <br /> • The Supervisor and/or Management Team will determine if access privileges will be continued for <br /> the notice period, adjusted or immediately terminated. IT will implement procedures as directed <br /> by the Supervisor. <br /> • A monthly report will be forwarded to the Chief Information Security Officer by Human Resources <br /> that lists all terminations during the month and confirmation that all building access and system <br /> access privileges have been terminated. <br /> Employee Termination <br /> • Human Resources will notify IT immediately upon termination of an employee. <br /> • IT will implement procedures as directed by the supervisor to immediately terminate all facility <br /> and system access rights. <br /> Management Resignation <br /> • Human Resources will immediately notify the Chief Information Security Officer when <br /> management resignation is received. <br /> • Administrative rights to the network will be immediately revoked. User rights will be maintained. <br /> • Any server passwords known by the management employee will be immediately changed. <br /> • Continued offsite access, as well as the usage of any portable equipment assigned (hardware, <br /> software and other materials), will be determined as agreed upon by the remaining executive <br /> management team. <br /> IT Staff Resignation or Termination <br /> • A determination must be made by management as to whether to allow the employee to work <br /> during the notice period or to have them leave immediately. <br /> • Each of the above procedures for management resignation must be followed. <br /> Third Parties (to include temporary workers and contractors) <br /> • All hardware, e.g. laptops, security fobs, network hot-spots, will be returned to Jende Solutions on <br /> the last day of the person's employment. <br /> • All network access will be revoked on the representative's last working day. <br /> • All residual vendor or partner management and reporting will be accomplished through the use of <br /> hard copy materials or through supervised access to limited information. <br /> • All customer information or other confidential Jende Solutions information will be returned to <br /> Jende Solutions upon termination of contract. <br /> 29. What methods does the cloud provider use to destroy information, when so authorized? <br /> Database record removal, log record removal, backup removal of the preceding list. <br /> 30. What is the cloud provider's patch management policy/methods? <br /> Patching occurs monthly, or earlier depending on security alerts and critical <br />