< Back to TOPS Login
TOPS Terms and Conditions
Copyright © 2008, Parkersburg-Marietta Contractors & Trades Educational Development Fund Office
All rights reserved.
User Access Security Policy 2.0 (WPS)
Published: September 1, 2008
By: Parkersburg-Marietta Contractors & Trades Educational Development Fund Office
I. Objective of the Security Policy:
TOP System maintains and distributes information about members of the PMCTEDF, some of which is considered "sensitive" nonpublic personal information. TOP System has defined such information to be fully displayed Social Security Numbers ("SSN"), Drivers License Numbers ("DL"), and Dates of Birth ("DOB"). TOP System developed and implemented this Security Policy in order to protect against the misuse of or unauthorized access to sensitive data by users of PMCTEDF systems ("System"). This Policy documents the security requirements that must be followed by our Subscribers in order to gain and maintain access to sensitive data.
II. Access to this Security Policy:
This Policy has been developed for the sole use of the Subscriber and should not be duplicated or distributed to those that have not been assigned as an end user or the security administrator by the Subscriber.
III. Right to restrict access:
PMCTEDF may deny Subscriber access to all or part of the System without notice if Subscriber engages in any conduct or activities that PMCTEDF in its sole discretion believes violates any of the terms and conditions of the subscriber agreement or this Security Policy. If PMCTEDF denies Subscriber access to the System because of such a violation, the Subscriber shall have no right (1) to access through PMCTEDF any materials stored on the TOP System or the Internet through PMCTEDF, (2) to obtain any records otherwise due to Subscriber, and such records will be forfeited, (3) to access third party services or information on the TOP System or the Internet through PMCTEDF, and PMCTEDF shall have no obligation to notify any third-party providers of services or information nor any responsibility for any consequences resulting from lack of notification.
IV. Right to modify:
PMCTEDF reserves the right to update or modify this Security Policy at any time as may be necessary to further secure its TOP System. Subscriber will be given reasonable advance notice of any such updates or modifications.
V. Policy Provisions:
Subscribers must assign a security administrator(s) to take full responsibility for the requirements contained herein.
The security administrator is responsible for the ongoing administration of Subscriber's user identification codes ("User IDs"). This includes issuing a new User ID to a user and deactivating an active User ID for a user that no longer has a permissible purpose to access the System or that is no longer employed by the Subscriber. The Subscriber and security administrator agrees to keep such User IDs confidential and assign new User IDs only to those employees of the company who have a legitimate permissible purpose. Each individual user must have their own user ID and user IDs should not be shared.
The security administrator will be issued a special User ID that enables him/her to access the portions of the System used to manage User IDs or provided instructions on how to manage user IDs through PMCTEDF's account setup team. PMCTEDF will provide the administrator with training necessary to administer User IDs through the TOP System. The security administrator, where possible, will need to establish the appropriate IP address ranges that are allowed for the user being added to the System.
Once a User ID (and default password) has been activated for a user, the user must change the default password on the first successful login attempt. Passwords and User IDs must be alphanumeric, 6 to 15 characters in length, must contain both letters and numbers, and passwords cannot be the same as the User ID. All passwords are stored in an encrypted state to prevent unauthorized access or viewing by the administrator. The security administrator agrees to audit said User IDs and passwords on a reasonable schedule to ensure adherence to this Policy.
PMCTEDF will require all users to reset their password when prompted by the system. Failure to reset passwords when prompted is a violation of this Security Policy and will result in the revocation of the User ID and the user's privilege to use the TOP System.
PMCTEDF, on a reasonable schedule determined by PMCTEDF, will deactivate inactive User IDs. Once deactivated, the security administrator may be able to delete or reactivate the User ID as appropriate. If a deactivated user contacts PMCTEDF for reactivation, a security representative of PMCTEDF will contact the security administrator of the account as a follow up. The user may only be reactivated by the security administrator of the account. If the security administrator is not available, the User ID will remain deactivated until such time as it is reactivated by the account security administrator.
PMCTEDF reserves the right to monitor and/or conduct audits of Subscriber's User IDs and passwords.
User IDs and passwords and IP addresses may be changed or blocked from time to time by PMCTEDF to prevent unauthorized or suspicious access to services or misuse of its TOP System. Where applicable, if the IP address submitted for a particular login does not match the IP address established by the security administrator for this User ID, the login will be denied. If routine monitoring reveals significant reason for an in-depth inquiry, PMCTEDF reserves the right suspend the account and/or User ID, and/or conduct a full audit immediately without notification to the customer.
Subscriber agrees to take appropriate measures so as to protect against the misuse and/or unauthorized access of PMCTEDF data through any methods, including unauthorized access through or to Subscriber's User IDs or passwords. This includes implementing measures such as ensuring the appropriate use of screensavers (20 minute timeout maximum), not writing down passwords anywhere, not sharing User ID or password with anyone else, and promptly notifying the security administrator if the subscriber has any reason to believe their authentication credentials have been compromised. Such misuse or unauthorized access shall include any disclosure, release, viewing or other unauthorized access to social security numbers, driver's license numbers or dates of birth. Subscriber agrees that PMCTEDF may temporarily suspend Subscriber's access for up to ten (10) business days pending an investigation of Subscribers use or access. Subscriber agrees to cooperate fully with any and all investigations. If any misuse or unauthorized access is found, PMCTEDF may immediately terminate the agreement with Subscriber without notice or liability of any kind.
In the event that Subscriber learns or has reason to believe that sensitive PMCTEDF data has been disclosed or accessed by an unauthorized party, Subscriber will immediately give notice of such event to PMCTEDF. Furthermore, in the event that Subscriber has access to or acquires personally identifiable information (e.g., social security numbers, driver's license numbers or dates of birth) from PMCTEDF, the following shall apply: Subscriber acknowledges that upon unauthorized access to or misuse of such sensitive information (a "Security Event"), Subscriber shall, in compliance with law, notify the individuals whose information was disclosed that a Security Event has occurred. Also, Subscriber shall be responsible for any other legal obligations which may arise under applicable law in connection with such a Security Event.
VI. Redress:
In the event that Subscriber's access has been suspended or Subscriber's agreement has been terminated under this policy, Subscriber may file a written request for review with PMCTEDF's Office of Privacy, Ethics and Compliance.
< Back to TOPS Login |