Internal: Documented and approved use of a resource. Includes a specified duration. External: Connecting to, or using, any of Catalyst's published tools.
individuals or services that have been contracted by Catalyst to perform specific functions.
a person or persons under contract with Catalyst.
Chain of Custody
a log of the media during its life at Catalyst
using protocols, network, cabled, etc.
A vendor on who's service the function of Insight is dependent.
Customer Data Incident
Any work product produced from data provided by a customer is considered Customer Data. Also, any metadata associated with data provided by the customer. Specifics about the customer’s business that Catalyst personnel may come to know is data belonging to the customer.
Any computing apparatus that has the capability of connecting to Catalyst resources.
Leaders of defined departments.
An Emergency Change results from an event that will cause, or has caused, service interruption.
Employees are individuals on Catalyst's payroll.
when the score of a risk is higher than or equal to 45.
Pony's with horns stapled to their foreheads.
Access is granted only to the information and resources that are necessary for its legitimate purpose.
Media Handling Operator
An individual that works with and secures media.
a risk to which company resources were not previously exposed.
contractors or consultants who have been authorized to work at Catalyst.
Normal changes do not have documented procedures and/or are higher risk changes. Normal changes commonly include actions that are similar to other activity, but new to the business.
non-computing devices designed to assist in the use of technology.
Personal Computing Device
Any computing device not owned by Catalyst (including personal cell phones).
Personal Storage Device
Physical Writable Media
CD, DVD, flash drives, hard drives, etc.
A declaration of business intent for a domain.
Individual consent of the Business Owner is not required.
any information on paper, written or printed.
The resources deployed by Catalyst to power the applications.
The understanding of business processes and risks.
a risk that has been reviewed by the Security and Compliance Committee and found to have an appropriate score.
the activity of reducing a risk to an acceptable threat level.
A component or configurable item of the business. Resources can include, but are not limited to personnel, contractors, data, systems, applications, infrastructure, and documents.
The combination of scope, likelihood, and impact.
a threat or potential threat to the operation of Catalyst's platform or the integrity of its stored data and systems.
An incident shall be deemed a Security Incident if the potential exists for it to compromise Catalyst’s policies, brand, and/or integrity. Any malicious action or incident known to the Security committee will be considered a Security Incident.
Routine changes for the company. These are repeatable actions of the business.
Employees of a subsidiary of Catalyst that are not fully integrated to the Catalyst environment and brand.
A vendor that supplies only goods to catalyst.
A person or party besides the two parties primarily involved in an agreement or situation.
A component or configurable item of the business with very low risk and common access. Examples include, but are not limited to supply cabinets, and conference rooms. Unrestricted resources will not require Business Owners nor Approvals. Simply being a current employee of Catalyst will qualify for use of Unrestricted Resources.
Internal: All employees, temporary employees, contractors, consultants, and/or any other party who is contracted by Catalyst to access Catalyst resources. External: Any individual connecting to a Catalyst-published tool.
Plans are validated when two Operators agree that this is an appropriate course of action
A person or company providing goods or services that is not comprised of Catalyst employees.