1. Business Continuity, Disaster Recovery and Backup Procedures

Statement of IT Policy

(As of 12-31-2015)

1. Business Continuity, Disaster Recovery and Backup Procedures

The Society maintains, tests, and regularly revises plans for continuing business operations in the event of a natural disaster and/or system failures. This includes a tested system and

process to back up and recover media needed for supporting the Society. The IT aspect of overall Society business continuity planning builds upon the physical location for business re-deployment in case of business disruption or overall system failures.

2. Security and Internal Infrastructure (to include servers, routers, data base configurations and software, etc.)

The Society maintains appropriate planning and documentation that describes a stable infrastructure of servers, routers and data bases to support BHS IT operational needs. The

Society maintains appropriate and current licensing for all software purchased and used. The Society allows remote or virtual access to information in order to meet its deliverables to its members and volunteers. The Society monitors access and follows established guidelines in the client and network security policies.

3. Desktop Security and Configuration

The Society keeps client data, business information, and personal identification information private and secure, using appropriate desktop anti-virus and firewall software.

4. Client and Network Passwords and Tokens

The Society maintains access to client data and business information by issuing passwords only to employees and others who have a business need for such access. Users are informed that their access to information is monitored to ensure that members’ and customers’ information remains confidential and protected.

5. Personal Devices/Hardware/Software

The Society encourages creative use of devices and applications that support its programs and users. Use of personal hardware and software is reviewed by the appropriate staff contact to ensure that reasonable costs, security, and proper information management are maintained. All personal use must be appropriate and safeguarded to protect the confidentiality of Society information and/or Intellectual Property and Protected Information. When the Society provides access for such personal devices, or when a personal device is used in part for Society business, then the Society reserves the right to review the overall use of the device.

6. Budgets, Acquisition assessment, and Life-cycle Planning

The budget for technology is supported by clearly defined acquisition processes, with priority given to essential equipment. These processes include plans for upgrading software and hardware based on industry standards in conjunction with their potential use to support Society programs.

7. Operational Review and Requests for systems, hardware, software

The Society maintains an Operational Review process that includes financial oversight and reporting, to determine current and desired future states regarding IT infrastructure in support of Society operational and member needs.

8. Development and Training of Staff

The Society supports the specific technical education and training for all employees and all people working on behalf of the Society, appropriate to their individual roles. The Society supports the continuing education of IT employees and contractors as needed to maximize their effectiveness in performing their current job responsibilities, and to acquire new skills, knowledge and abilities. Where appropriate, the Society provides additional resources to facilitate the learning process.

9. File Management and Sharing

Information technology must be configured, operated and managed in a controlled manner to ensure the confidentiality, integrity and availability of Society information assets. In order to safeguard Society intellectual property, appropriate technology is used to segregate information intended for general public access from information intended for use by internal users.

10. Electronic Communications

Electronic communications are appropriate and safeguarded to protect the confidentiality of Society information and/or intellectual property and other protected information.

11. Third Party Agreements

The Society develops third party agreements that are established between the Society and employees, consultants, vendors, volunteers, etc. that support all aforementioned policies in carrying out Society business operational requirements.

IT Policy Task Force - Don Fuson (CSD-Chair), Casey Parsons (JAD), Dan True (LOL), Steve

Tremper (NSC), Kevin Williams (NED), Steve Zorn (LOL)

IT Policy ● Version Date: December 31, 2015 ● Page 1