Policy Direction – Information Technology Security

Rationale and Relationship to Mission, Principles and Values

In keeping with the objectives outlined in the Multiple Sclerosis Society of Canada (MS Society) strategic plan, the MS Society requires that volunteers and staff use information technology (IT) to perform their duties. The use of technology results in the creation of data, which may be valuable to the MS Society and the confidentiality of which might need to be protected by law or other policies of the MS Society.

It is important therefore that the MS Society provide a safe computing environment to protect volunteers, staff and organizational assets and to ensure that the Society’s IT and computing systems are widely available and secure.

Policy Objective

The object of this policy direction is to empower and require the Executive Team1 to consolidate existing operational procedures under one policy umbrella for consistency and alignment with other MS Society policies and to ensure that all policies and procedures of the MS Society which relate to IT or computing systems promote the availability and protect the security of those systems.

Policy Application

This policy direction applies to all MS Society volunteers and staff at all levels of the organization including the national office, all divisions and all chapters and units.

Authorization

The policy direction was approved on March 4, 2011 by the Board of Directors of the MS Society of Canada.

Policy Details

The MS Society shall ensure that all policies and procedures relating to IT and computing systems are consistent, align with other MS Society policies, and promote the availability and protect the security of those systems and the data stored in those systems. To this end, existing policies and procedures should be reviewed from time to time and revised or supplemented by additional policies and procedures as may be required to meet the objectives of this policy direction. Currently, a number of tools and internal procedures are used to protect the IT assets of the MS Society:

  • Information Technology Acceptable Use Procedures -Internal procedures for staff and volunteer that use MS Society information technology resources on a day-to-day basis. This document is executed annually.

  • Business Partner Network Access Agreement - A document that ensures that external third parties meet the same level of security and protection when granted access to the MS Society’s information technology infrastructure. This document is executed on a case-by-case basis.

  • Non-Disclosure Agreement -A document that provides mutual non-disclosure protection when external third parties are granted access to MS Society data. This document is executed on a case-by-case basis.

  • Information Technology Security Procedures - A detailed description of security procedures covering such items as external perimeter security, physical security for servers and peripheral devices, virus protection, incident handling, etc.

    Executive Champion

    The Multiple Sclerosis of Canada’s vice-president, Information Technology, is the executive champion for this policy.

    Monitoring and Compliance

    The MS Society vice-president, Information Technology, is responsible for leading the monitoring of the application and compliance of this Policy Direction in conjunction with other members of the Executive Team.

    Policy Review

    The policy direction is to be reviewed every three years following approval: March 4, 2011. The related procedures are to be reviewed on an annual basis by the Executive Team.

    ______________________________________________________

Definition

1 Executive Team: The most senior level of staff leadership within the MS Society comprised of the president and chief executive officer; division presidents; chief financial officer and

Multiple Sclerosis Society of Canada
Policy Manual Applies to: All volunteers and all staff at all levels Approved: March 4, 2011
Reviewed: December 13, 2014
Approved by: MS Society of Canada board of directors

vice-president, human resources; chief development officer; and national vice-presidents of research, client services and government relations. One person may hold more than one position. The president & chief executive officer may alter the composition of the Executive Team as required from time-to-time.