Roger Koelpin GIS \ Critical Infrastructure Planning and Assessment Branch 317-232-0181 Standard Operating Procedures for Treatment.

Slides:



Advertisements
Similar presentations
The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
Advertisements

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards.
PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM
Hospital Emergency Management
ALERT: The Basics Food and Drug Administration Center for Food Safety and Applied Nutrition.
Ethical Considerations when Developing Human Research Protocols A discipline “born in scandal and reared in protectionism” Carol Levine, 1988.
Supporting and Protecting Adults From Harm Community Planning Board 10 th November 2011 Wendy Hinnie.
“I Wish Someone Had Told Me…” December 17, 2013 Brad King Co-Director, Indiana Election Division 2014 Election Administrators Conference.
DHS, National Cyber Security Division Overview
The Adult Support and Protection (Scotland) Act 2007 (“the Act”) Level 1.
APAC Defense Forum Learning and IT Capacity Building for Defense Sector.
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Implementing Human Service Worker Safety Regulations
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
Deprivation of Liberty Safeguards MQNF Events 2014.
Risk Management - the process of identifying and controlling hazards to protect the force.  It’s five steps represent a logical thought process from.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
RESPONSIBLE CONDUCT IN HUMAN SUBJECTS RESEARCH MARGARITA M. CARDONA DIRECTOR OF SPONSORED RESEARCH Institutional Review Board.
Shaping healthcare … for you and your family Philip Tremewan, Designated Nurse for Safeguarding Adults Guildford & Waverley CCG Safeguarding Adults & Mental.
Two of the most important pieces of the health and safety legislation affecting educational establishments across the UK are the Health and Safety at.
Care Act Adult Safeguarding Michelle Jenkins – Head of Safeguarding (Adults)
Managing Records: Good government, Better business. FOI Presentations to Boards & Committees Cayman Islands National Archive November 2008.
Emergency Response Worker Health & Safety Training Interagency Communications.
Presented to Managers. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an organization.
ISO Registration Common Areas of Nonconformances.
Push Partner Program: Private Sector Helping the Public Sector Push Partner Program: Private Sector Helping the Public Sector August 2010 Robbie Roberts.
SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: Mob:
Operational Issues. Operational Changes It is important to organisations to ensure that they abide by the Law when caring for the safety of their employees,
Public Records Training Manitowoc City Attorney’s Office.
Work Related Learning in KS4 at NHGS Careers education in PSCHEE including CVs, letters of application, application forms, interviews etc Enterprise Education.
March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.
Overview Role and function of the Authority
Census Planning and Management for next Nigerian Census
Emergency Preparedness and You:
Skills of the Secretary
SERVICES ACQUISITION REFORM ACT OF 2003 A STATUS REPORT
Public Utility Commission CLE June 1, 2017
Iowa Communications Alliance
IRB BASICS Ethics and Human Subject Protections Summer 2016
CMS Policy & Procedures
Complying with Maryland’s Open Meetings Act
Providing Access to Your Data: Handling sensitive data
A brief update to inform on current actions
Figure 3: TSN Analysis Methodology
SGSU Open Meeting 26 April 2016 Sophie Bowen
A Thread Relevant to all Levels of the EA Cube
Critical Infrastructure Protection Policy Priorities
The North Halifax Grammar School-Specialist Science Academy
Super Storm Sandy: The Wake up Call
Practicum: Root Cause Analysis
The Legislative Branch
TYPE IN CENTRE NAME LEVEL 1 RISK ASSESSMENT TYPE IN NAME
Risk Management Process & Procedures
INVESTIGATIONS AND COMPLIANCE
IS&T Project Reviews September 9, 2004.
Quick Review of Ch. 8 The Legislative Branch
Accident Reporting and Investigation. Presented by H&S Officer name
TYPE IN CENTRE NAME LEVEL 2 RISK ASSESSMENT TYPE IN NAME
The Adult Support and Protection (Scotland) Act 2007
Security Management Definition: security is a proactive measure taken protect , prevent and safeguard both human material resources. Objectives of security.
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Safeguarding and Volunteers Training
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
TYPE IN CENTRE NAME LEVEL 2 RISK ASSESSMENT TYPE IN NAME
Presented by European Railway Agency (ERA)
Roger Koelpin GIS\CIKR Planner
Unit 4: Area Command.
FOI - we’re not doing ourselves a service
Presentation transcript:

Roger Koelpin GIS \ Critical Infrastructure Planning and Assessment Branch Standard Operating Procedures for Treatment of Critical Infrastructure Information

What is Critical Infrastructure? The Problem Why do we need an SOP for CII? Methods IDHS SOP

What is Critical Infrastructure? Think risk management R = fn ( C, V, T ) Many definitions. All different, all good. Various thresholds for criticality. Things change in criticality depending on situation. Bottom line, if you can’t do your “business” without it, it is critical.

The Problem We have a need to withhold some information about critical infrastructure. Because we promised. Because it is “risky” to publish. Members of the general public have a reasonable expectation of…

The Problem …knowing that Company XYZ has an office located there. (Geography?) Members of the general public DO NOT have a reasonable expectation of knowing that the 3 rd switch on the left, room 911, building 666, will turn off the sun, forever. (Capabilities, capacity..?) Not always a set of binary options.

Why do we need an SOP? Indiana Access to Public Records Act IC It is the law. Bad things happen when you don’t follow the law. Worse things happen if we promise to keep secrets and don’t. Very real need to continue getting information from private sector!

Why do we need an SOP? Indiana Access to Public Records Act – exceptions IC (b)(19) …reasonable likelihood of threatening public safety by exposing a vulnerability to terrorist attack.

Why do we need an SOP? Indiana Access to Public Records Act – exceptions Can successfully withhold if (IC ) prove that the records are exempted records, and denial of access is NOT arbitrary or capricious.

Methods Prove that the records are exempted Define “Critical Infrastructure Information” and Beyond “a member of the general public has a reasonable expectation…”

Methods Prove that the records are exempted Define “Critical Infrastructure Information” Created a retention schedule for IDHS, for CII through Indiana Public Access Commission Retention schedule is “shred CII when obsolete.” CII defined as anything under IC (b)

Methods Denial of access is NOT arbitrary or capricious Have an SOP for treatment of CII Train and exercise staff on the SOP Apply SOP consistently Part of the SOP establishes a process for assuring that members of the general public DO NOT have a reasonable expectation… Covers those “non-binary” cases

IDHS SOP 1.Retention and Safeguarding 2.Types of CII Records 3.Distribution

IDHS SOP Retention and Safeguarding 1.Retention 2.Safeguarding Includes attachment for best practices 3.Labeling 4.Training 5.Updates

IDHS SOP Types of CII Records 1.Submitted to IDHS as CII by public sector 2.Submitted to IDHS as CII by private sector 3.Generated by IDHS With an attachment for identification of records where members of the general public DO NOT have a reasonable expectation of… Includes allowances for redaction

IDHS SOP Distribution 1.General public – not allowed 2.Response partners Public sector with SOPs for CII Public sector without SOPs for CII Private sector partners

Standard Operating Procedures for Treatment of Critical Infrastructure Information What is Critical Infrastructure? The Problem Why do we need an SOP for CII? Methods IDHS SOP

Standard Operating Procedures for Treatment of Critical Infrastructure Information Questions? Roger Koelpin GIS \ Critical Infrastructure Section Chief Planning and Assessment Branch