December 26, 2014

Glossary

Availability 

Data or information is accessible and usable upon demand by an authorized person.

Business Continuity Plan 

Click Business Continuity Plan.docx to download Business Continuity Plan.

Business Operations 

All business operations that are required to support Shaw’s Clients and their operations according to all service level agreements, contractual obligations and regulatory requirements.

BYOD User Acknowledgement and Agreement Form 

Click BYOD User Acknowledgment and Agreement Form.pdf to download User Acknowledgment and Agreement Form.

CEO 

The chief executive officer with the responsibility of managing the organization.

CISO 

The senior-level Shaw employee with the responsibility of Information Security and the current title of Chief Strategy Officer.

Client Support Manager 

Member of Shaw Management responsible for managing Shaw’s Client Support Unit for Spectrum.

Clients 

A company that has agreement with Shaw to provide goods and / or services.

Compliance Unit 

A Shaw department responsible for ensuring that Shaw is meeting, at a minimum, all regulatory and contractual obligations.

Confidential 

Confidential information includes important information about business, financial, or legal data, or our employees and customers. Generally, confidential information is secured when transmitted within our organization, but requires stronger protection when shared outside of our network. Always verify your authorization before sending confidential information to third-parties.

Confidential Information 

Confidential Information is very important and highly sensitive material that is not classified as NPI. This information is private or otherwise sensitive and must be restricted to those with a legitimate business need for access.

Confidentiality 

Data or information is not made available or disclosed to unauthorized persons or processes.

Continual Access 

The standard method of granting access to Shaw Related Persons occurs on regular basis and requires periodic re-certification and approval.

Contract Manager 

Shaw-Related Persons responsible for reviewing and preparing all contractual agreements.

Contracts 

Contracts are agreements that are legally enforceable regardless of the document title. A document is a contract under this policy if it describes an obligation of Shaw, either to do or not do something or to pay money. A contract can be in both paper & electronic form. Any question as to whether a document is a contract should be referred to the Chief Strategy Officer.

Data Classification and Handling Standard 

Click Data Classification and Handling Standard.xlsx to download Data Classification and Handling Standard.

Domain Name System (DNS

Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols.

Employees 

Any person who is working at Shaw under a W-2 relationship.

Gramm-Leach-Bliley Act 

The Gramm-Leach-Bliley Act, a federal law passed in 1999 that ensures the security and confidentiality of customer information; protects against any anticipated threats or hazards to the security or integrity of such information; and protects against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer.

High Risk Profile 

As part of Shaw’s Third Party Servicer Policy and Procedures, each servicer is rated using a consistent scoring model. A High Risk Profile is obtained, when the model produces a Risk Rating of 15 or higher.

Hiring Manager  

Shaw Manager that the new resource Employee or Non Employee will report to during their engagement with the company.

Human Resources Manager 

The person at Shaw responsible for overseeing the Human Resources responsibilities.

Human Resources Staff 

Cassandra Pina – Houston or Remote, Carmen Baker – Richmond.

Implementation Lead 

Shaw Management responsible for implementing a portfolio Clients onto the Spectrum platform.

Information Assets 

All information that is classified per Shaw’s Data Classification Policy as Restricted, Confidential or Internal.

Information Owners 

The owner of a collection of information is usually the client responsible for the creation of that information or the primary user of that information.

Information Product Owners

The individual(s) or Unit with operational authority for specified Shaw Information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal. This individual or Unit is responsible for making risk tolerance decisions related to such Information on behalf of Shaw and is organizationally responsible for any loss associated with a realized information security risk scenario.

Information Resources

Shaw Information and related resources, such as personnel, equipment, funds, and information technology.

Information Security Incident(s)

An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an Information System or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.

Information Security Office

The Shaw Information Security Office, responsible for coordinating the development and dissemination of information security policies, standards, and guidelines for Shaw. This Office is currently made up of a cross section Shaw-Management and Shaw-Information Technology.

Information Security Steering Committee (ISSC)

Senior Shaw leaders providing input to ensure that the implementation of the security controls remain strong, appropriate and in alignment with Shaw’s mission.

Information System Owners

The individual(s) or Unit responsible for the overall procurement, development, integration, modification, and operation and maintenance of an Information System. This individual or Unit is responsible for making risk tolerance decisions related to such Information Systems on behalf of Shaw and is organizationally responsible for the loss, limited by the bounds of the Information System, associated with a realized information security risk scenario.

Information System(s)

A major application or general support system for storing, processing, or transmitting Shaw’s Information. An Information System may contain multiple subsystems. Subsystems typically fall under the same management authority as the parent Information System. Additionally, an Information System and its constituent subsystems generally have the same function or mission objective, essentially the same operating characteristics, the same security needs, and reside in the same general operating environment.

Infrastructure Services Team 

The technology team responsible for all infrastructure such as but not limited to servers, storage, messaging, networks, work stations, etc.

Integrity 

Data or information has not been altered or destroyed in an unauthorized manner.

Internal Information 

Internal Information is intended for unrestricted use within Shaw Systems Associates, LLC., and in some cases within affiliated organizations such as Shaw Systems Associates, LLC. business partners. This type of information is already widely-distributed within Shaw Systems Associates, LLC., or it could be so distributed within the organization without advance permission from the information owner.

Interviewing Panel 

A group of 3 to 5 employees designated by the Hiring Manager or Senior Leadership Team Member to conduct interviews.

Nonpublic Personal Information (NPI) 

NPI is any “personally identifiable financial information” that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise “publicly available.” Examples include: name, address, income, Social Security number, account numbers, payment history, loan or deposit balances.

Obligation Documents 

These are documents that place either a financial or legal obligation on Shaw. These include but are not limited to: Master Services Agreement, Hosting Agreement, Professional Services, Agreement, Statement of Work, Scope of Work, Level of Effort, Change Order, Online Subscription.

On-boarding Checklist 

Click PSC – Onboarding Checklist.xlsx to download On-boarding Checklist.

Privilege of Least Principle 

The principle means giving a user account or process only those privileges which are essential to perform its intended function.

Public 

This information is available outside of our organization and is intended for public use. Public Information has been specifically approved for public release by a designated authority within each entity of Shaw Systems Associates, LLC. In general, this data is not subjected to the same level of protections as other types of information; however, never speak of or release information on behalf of the company unless you are authorized.

Recovery Point Objective (RPO) 

Recovery Point Objective (RPO) is defined within a business continuity and disaster recovery plan. It is the maximum targeted period in which data (transactions) might be lost from an IT service due to a major incident.

Recruiter 

Human Resource staff member with responsibilities for the recruitment of employees.

Restricted Information 

If disclosed to unauthorized parties, this information could have serious legal repercussions and negatively impact Shaw reputation. Restricted information requires the highest level of data protection, even if shared with others in the organization. Only those with a legitimate need to know should have access to such data.

Senior Leadership Team 

Senior members of Shaw-Management responsible for setting the overall direction for Shaw and managing to those objectives.

Shaw Incident Response Team

Senior Shaw leaders who provide input on the approach of handling significant security incidents.

Shaw Infrastructure Services

Shaw Employees, contractors, consultants and partners that support the networks, servers, messaging and other related Information Resources.

Shaw Management

All Shaw Employees with a title of Lead, Architect, Manager, Senior Manager, Director, Vice President, Senior Vice President, C Level, Human Resources, or in any other supervisory position.

Shaw Related Persons

All Shaw Employees, contractors, consultants, partners and all partner employees, sub-contractors or agents.

Shaw’s Client Information

Any communication or representation of knowledge, such as facts, data, or opinions, recorded in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual, owned or controlled by Shaw Clients made available to Shaw or Shaw-Related Persons in the normal course of transacting business.

Shaw’s Information

Any communication or representation of knowledge, such as facts, data, or opinions, recorded in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual, owned or controlled by or on behalf of Shaw.

Signing Authority Matrix 

Click Signing Authority Matrix.pdf to download Signing Authority Matrix.

Strategic Account Manager 

Members of Shaw’s Account Management Unit, responsible for working with Shaw’s Client and managing the overall relationship.

SVP Client Excellence 

SLT member responsible for Shaw’s Client Support Desk, Account Management and Classic Systems Development.

SVP Client Implementation 

SLT member responsible for Spectrum platform implementations.

SVP of Sales and Marketing 

SLT member responsible for Shaw’s Sales and Marketing Units.

Training Committee 

Cross-section of Shaw-Management and Shaw-Employees responsible for reviewing, recommending, managing, and tracking all curriculum across the organization.

Units

A department, partner or operating unit of Shaw.

User 

Any person granted access to Company Information that is classified as Restricted, Confidential or Internal and or has been granted access to any Shaw Information System.

Vendor Risk Matrix

Click Vendor Risk Matrix.xlsx to download Vendor Risk Matrix.

Virtual Machine (VM) 

Virtual Machine (VM) is an emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve specialized hardware, software, or a combination.

Virtual Private Network (VPN

Shaw’s VPN that extends its network across a public network, and enables Shaw authorized users to send and receive data across shared or public networks as if their computing devices were directly connected to the Shaw network.