Data or information is accessible and usable upon demand by an authorized person.
Business Continuity Plan
Click Business Continuity Plan.docx to download Business Continuity Plan.
All business operations that are required to support Shaw’s Clients and their operations according to all service level agreements, contractual obligations and regulatory requirements.
BYOD User Acknowledgement and Agreement Form
Click BYOD User Acknowledgment and Agreement Form.pdf to download User Acknowledgment and Agreement Form.
The chief executive officer with the responsibility of managing the organization.
The senior-level Shaw employee with the responsibility of Information Security and the current title of Chief Strategy Officer.
Client Support Manager
Member of Shaw Management responsible for managing Shaw’s Client Support Unit for Spectrum.
A company that has agreement with Shaw to provide goods and / or services.
A Shaw department responsible for ensuring that Shaw is meeting, at a minimum, all regulatory and contractual obligations.
Confidential information includes important information about business, financial, or legal data, or our employees and customers. Generally, confidential information is secured when transmitted within our organization, but requires stronger protection when shared outside of our network. Always verify your authorization before sending confidential information to third-parties.
Confidential Information is very important and highly sensitive material that is not classified as NPI. This information is private or otherwise sensitive and must be restricted to those with a legitimate business need for access.
Data or information is not made available or disclosed to unauthorized persons or processes.
The standard method of granting access to Shaw Related Persons occurs on regular basis and requires periodic re-certification and approval.
Shaw-Related Persons responsible for reviewing and preparing all contractual agreements.
Contracts are agreements that are legally enforceable regardless of the document title. A document is a contract under this policy if it describes an obligation of Shaw, either to do or not do something or to pay money. A contract can be in both paper & electronic form. Any question as to whether a document is a contract should be referred to the Chief Strategy Officer.
Data Classification and Handling Standard
Click Data Classification and Handling Standard.xlsx to download Data Classification and Handling Standard.
Domain Name System (DNS)
Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols.
Any person who is working at Shaw under a W-2 relationship.
The Gramm-Leach-Bliley Act, a federal law passed in 1999 that ensures the security and confidentiality of customer information; protects against any anticipated threats or hazards to the security or integrity of such information; and protects against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer.
High Risk Profile
As part of Shaw’s Third Party Servicer Policy and Procedures, each servicer is rated using a consistent scoring model. A High Risk Profile is obtained, when the model produces a Risk Rating of 15 or higher.
Shaw Manager that the new resource Employee or Non Employee will report to during their engagement with the company.
Human Resources Manager
The person at Shaw responsible for overseeing the Human Resources responsibilities.
Human Resources Staff
Cassandra Pina – Houston or Remote, Carmen Baker – Richmond.
Shaw Management responsible for implementing a portfolio Clients onto the Spectrum platform.
All information that is classified per Shaw’s Data Classification Policy as Restricted, Confidential or Internal.
The owner of a collection of information is usually the client responsible for the creation of that information or the primary user of that information.
Information Product Owners
The individual(s) or Unit with operational authority for specified Shaw Information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal. This individual or Unit is responsible for making risk tolerance decisions related to such Information on behalf of Shaw and is organizationally responsible for any loss associated with a realized information security risk scenario.
Shaw Information and related resources, such as personnel, equipment, funds, and information technology.
Information Security Incident(s)
An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an Information System or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
Information Security Office
The Shaw Information Security Office, responsible for coordinating the development and dissemination of information security policies, standards, and guidelines for Shaw. This Office is currently made up of a cross section Shaw-Management and Shaw-Information Technology.
Information Security Steering Committee (ISSC)
Senior Shaw leaders providing input to ensure that the implementation of the security controls remain strong, appropriate and in alignment with Shaw’s mission.
Information System Owners
The individual(s) or Unit responsible for the overall procurement, development, integration, modification, and operation and maintenance of an Information System. This individual or Unit is responsible for making risk tolerance decisions related to such Information Systems on behalf of Shaw and is organizationally responsible for the loss, limited by the bounds of the Information System, associated with a realized information security risk scenario.
A major application or general support system for storing, processing, or transmitting Shaw’s Information. An Information System may contain multiple subsystems. Subsystems typically fall under the same management authority as the parent Information System. Additionally, an Information System and its constituent subsystems generally have the same function or mission objective, essentially the same operating characteristics, the same security needs, and reside in the same general operating environment.
Infrastructure Services Team
The technology team responsible for all infrastructure such as but not limited to servers, storage, messaging, networks, work stations, etc.
Data or information has not been altered or destroyed in an unauthorized manner.
Internal Information is intended for unrestricted use within Shaw Systems Associates, LLC., and in some cases within affiliated organizations such as Shaw Systems Associates, LLC. business partners. This type of information is already widely-distributed within Shaw Systems Associates, LLC., or it could be so distributed within the organization without advance permission from the information owner.
A group of 3 to 5 employees designated by the Hiring Manager or Senior Leadership Team Member to conduct interviews.
Nonpublic Personal Information (NPI)
NPI is any “personally identifiable financial information” that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise “publicly available.” Examples include: name, address, income, Social Security number, account numbers, payment history, loan or deposit balances.
These are documents that place either a financial or legal obligation on Shaw. These include but are not limited to: Master Services Agreement, Hosting Agreement, Professional Services, Agreement, Statement of Work, Scope of Work, Level of Effort, Change Order, Online Subscription.
Click PSC – Onboarding Checklist.xlsx to download On-boarding Checklist.
Privilege of Least Principle
The principle means giving a user account or process only those privileges which are essential to perform its intended function.
This information is available outside of our organization and is intended for public use. Public Information has been specifically approved for public release by a designated authority within each entity of Shaw Systems Associates, LLC. In general, this data is not subjected to the same level of protections as other types of information; however, never speak of or release information on behalf of the company unless you are authorized.
Recovery Point Objective (RPO)
Recovery Point Objective (RPO) is defined within a business continuity and disaster recovery plan. It is the maximum targeted period in which data (transactions) might be lost from an IT service due to a major incident.
Human Resource staff member with responsibilities for the recruitment of employees.
If disclosed to unauthorized parties, this information could have serious legal repercussions and negatively impact Shaw reputation. Restricted information requires the highest level of data protection, even if shared with others in the organization. Only those with a legitimate need to know should have access to such data.
Senior Leadership Team
Senior members of Shaw-Management responsible for setting the overall direction for Shaw and managing to those objectives.
Shaw Incident Response Team
Senior Shaw leaders who provide input on the approach of handling significant security incidents.
Shaw Infrastructure Services
Shaw Employees, contractors, consultants and partners that support the networks, servers, messaging and other related Information Resources.
All Shaw Employees with a title of Lead, Architect, Manager, Senior Manager, Director, Vice President, Senior Vice President, C Level, Human Resources, or in any other supervisory position.
Shaw Related Persons
All Shaw Employees, contractors, consultants, partners and all partner employees, sub-contractors or agents.
Shaw’s Client Information
Any communication or representation of knowledge, such as facts, data, or opinions, recorded in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual, owned or controlled by Shaw Clients made available to Shaw or Shaw-Related Persons in the normal course of transacting business.
Any communication or representation of knowledge, such as facts, data, or opinions, recorded in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual, owned or controlled by or on behalf of Shaw.
Signing Authority Matrix
Click Signing Authority Matrix.pdf to download Signing Authority Matrix.
Strategic Account Manager
Members of Shaw’s Account Management Unit, responsible for working with Shaw’s Client and managing the overall relationship.
SVP Client Excellence
SLT member responsible for Shaw’s Client Support Desk, Account Management and Classic Systems Development.
SVP Client Implementation
SLT member responsible for Spectrum platform implementations.
SVP of Sales and Marketing
SLT member responsible for Shaw’s Sales and Marketing Units.
Cross-section of Shaw-Management and Shaw-Employees responsible for reviewing, recommending, managing, and tracking all curriculum across the organization.
A department, partner or operating unit of Shaw.
Any person granted access to Company Information that is classified as Restricted, Confidential or Internal and or has been granted access to any Shaw Information System.
Vendor Risk Matrix
Click Vendor Risk Matrix.xlsx to download Vendor Risk Matrix.
Virtual Machine (VM)
Virtual Machine (VM) is an emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve specialized hardware, software, or a combination.
Virtual Private Network (VPN)
Shaw’s VPN that extends its network across a public network, and enables Shaw authorized users to send and receive data across shared or public networks as if their computing devices were directly connected to the Shaw network.