Introduction
After reading over the current Service Level Agreement (SLA) between Finman Account Management, LLC, and Datanal Inc, and Minertek, evidence was found that none security standards necessary to protect all parties are addressed within the document. The following information technology security standards are the recommended to protect all parties involved and should be applied to the SLA in this case.
Finman Account Management, the chief concern is to provide guidelines within the SLA that address data protection, authorized use, sharing of data, and retention/destruction of data. Furthermore, Finman is devoted to protecting intellectual property, patents, and copyright while also safeguarding physical property.
Statement of
…show more content…
(6) “Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.” (Key Definitions Of The Data Protection Act | ICO, 2015).
Authorize Use, Retention, Sharing, Destruction.
The primary focus for Finman’s corporate data is limiting the retention, sharing, use and destruction by Minertek and Datanal. An IT alignment strategy will match each organization’s capabilities, resources, strengths, and risks to formulate strong goals from each partner to align. The standards and procedures proposed above ISO/IEC 20000 explain best practice for service management. ISO/IEC 20000 provides the approach for establishing best management practices which include establishing policies and procedures to provide proper information assurance for data, cyber security awareness training and risk management.
Cybersecurity awareness training will reduce the chances of risks occurring between the three parties engaging in any active outside the best practices of the ISO/IEC 20000, while also mitigating risks to employees and networks. Once training has been completed each company will be responsible for the unauthorized retention, sharing, use and destruction of Finman’s corporate data. Furthermore, the core of Finman’s corporate data
Data Protection Act 1998 – gives individuals the right to know what information is held about them, and those that processes personal information must comply with eight principles, which makes sure that personal information is fairly and lawfully processed; processed for limited purposes; adequate, relevant and not excessive; accurate and up to date; not kept for longer than is necessary; processed in line with your rights; secure; not transferred to other countries without adequate protection;
The data protection act- the data protection act is legislation put in place to keep personal data confidential. It can promote anti-discriminatory practice as it can stop people finding out information about individuals that the individual wants to stay private. E.g. phone numbers and addresses. These would need to stay private so people don’t find out where you live or what is wrong with you.
The Data Protection Act 1998 is a piece of legislation which defines the law on processing data of people living within the United Kingdom.
Data protection is a very important piece of legislation that was brought into power in 1998, because it has been designed to prevent confidential and personal information being passed on to other people and any relevant companies without a person’s consent. This also means that any information that is stored of children should be kept in either a password protected or lockable location.
covers correct storage and sharing of both manual and electronic information. There are eight principles put in place by the Data Protection Act 1998 to make sure that information is handled properly:
Information Commissioner’s Office (2012) Introduction to The Data Protection Act 1998. [Online] Available from: http://www.ico.org.uk/~/media/documents/library/Corporate/Research_and_reports/ico_presentation_EVOC_20120528.ashx [Accessed: 11th October 2013]
* Processed in line with the rights of individuals - this includes the right to be informed of all the information held about them, to prevent processing of their personal information for marketing purposes, and to compensation if they can prove they have been damaged by a data controller's non-compliance with the Act.
• The Plan is to correct the vulnerabilities identified during the assessment and focusing on ensuring compliance with the Safeguard and Privacy rules in the GLBA, which requires financial institutions to establish a security program The plan will protect the consumers’ information that is stored locally and update the client, network infrastructure. The PDCA methodology was used to ensure that the problems identified, were corrected, monitored and improved.
Justify how your recommendations will limit use, sharing, retention and destruction of Finman’s corporate data by Datanal and Minertek.
Financial management for IT services (ITSM) is an IT service management process area for control of expenses. Also, many financial managers strive to save money by scrutinizing the cost of IT. For instance, ITIL offers a suite of efficiency driving tools which can help businesses identify where they can offer huge cost management. With ITIL management can be configured to implement cost reduction strategies to reduce cost. Therefore the aim of a financial manager is to promote IT services is to give accurate and cost effective stewardship of IT assets and stewardship of all IT assets and resources used in providing IT services. The IT depart is used to planning, controlling, and recovering plan, control and recover costs expended in providing that the IT service negotiates and agrees on the service-level agreement (SLA) (Conger, Dattero, Galup, & Quan, 2009).
This act applies to all organisations that process data relating to their staff and customers. It is the main legal framework in UK that protects personal data. The act contains 8 data protection principles which are:
The Data Protection Act 1998 is a piece of legislation that controls how an individual’s personal information is used by organisations, businesses and the government. This Act ensures that HR departments only collect data from individuals is covered by what we are allowed to collect under the Act, relevant and not excessive, we must also be sure that data is not stored for longer than necessary. We must ensure that data is stored securely and confidentially; and that we are open about the reasons why we are collecting and storing the data.
The Data Protection Act 1998 defines UK law on the processing of data on identifiable living people. The act contains eight principles, which all organisations processing personal information must conform to, these are:
The data protection act protects people who are identifiable from their information and data being shared. The information will be bank details, address and billing and some other personal details.