Assessment and Testing. The same Labor Management Assessment Panel (as was used for the Battalion Chief) will be used to prepare, develop, and administer the assessment and testing components for the Captain position. The components will include: Experience with the Missoula Fire Department (30%) - o The most-experienced candidate will receive: 30 points o The second most-experienced candidate will receive: 25 points o The third most-experienced candidate will receive: 20 points o The fourth most-experienced candidate will receive: 15 points Education/ Training (20%) Candidates who meet the education I training requirements will receive 15 points. An additional 5 points may be awarded to those candidates who exceed these requirements. Other education & training including technician or EMS certification(s), National Fire Academy courses, instruction &/or program development, GDP/leadership classes, or special projects/ assignments may be considered. A comprehensive list will be posted at each station prior to the test administration. Assessment Scenarios (20%) - Each candidate will be assessed on three emergency incident scenarios worth 5 points each (simulated emergency incident scenarios using power-point visual aids). Candidates will receive information necessary to complete an NFIRS report worth 5 points. Written Test (15%)-The written test will consist of up to 45 questions with a total value of 15 points. Test questions are developed from NFPA standards, department SOGs, and city policy. Oral Interview .(15%)-The interview will consist of 12 questions and scored using the plus/check/minus scoring system (plus= 5, check plus= 4, check= 3, check minus= 2, minus = 0). Cumulative score will be divided by 4 to determine the points given. Specific education and training requirements, scenarios, written test questions, and interview questions will be developed by the Labor Management Assessment Panel. The Human Resources Department will review and approve. Scores will be totaled and the four candidates with the highest scores will be placed on the promotional list for Captain. In the event two or more candidates have equal scores, they will be listed by seniority. When a vacancy occurs, the highest ranking candidate on the current promotion list will be recommended to the Mayor for promotion. The promotional testing will be conducted within the first five months of every even numbered calendar year, e.g. Jan. -May 2010. The promotional list will be used to fill vacancies for a peri...
Assessment and Testing. Supplier maintains policies and procedures that ensure data processing systems, applications and activities are assessed and tested before becoming productive/ operational. These include: • Annual Risk Assessment Identify, estimate, and prioritize risk to organizational operations (i.e., mission, functions, image, and reputation), organizational assets, individuals, other organizations, resulting from the operation and use of information systems. • Vulnerability Assessment Defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures • Threat Assessment Assess threat actors and their respective capabilities to ascertain potential exposures based on current control capabilities. • Penetration Test Testing of a system(s), network or web application to find security vulnerabilities that an attacker could exploit. • Firewall Rule Assessment Formal due diligence review of firewall rules to identify aging or inappropriate access controls • Application Vulnerability Security Assessment Conduct security assessment based on application level exploits • External Penetration Security Assessment Conduct security assessment based on system and application level exploits externally. • SIEM testing for rule tuning Review and/or test of implemented and/or available rules • Social Engineering Assessment Conduct Social Engineering test and assessment (i.e. Phishing, Vishing, DDOS, USB, physical, multi-threat, etc) • Network Security Assessment Conduct security assessment based on Network level exploits • Wireless Security Assessment Conduct security assessment based on wireless network level exploits • Facility Physical Vulnerability Physical security assessment including IT Systems • Insider threat Insider threat and/or privilege security assessment • Proprietary information and personal Data-Risk Data Protection assessment • Compliance Assessment Compliance security assessment (PCI, SOX, GDPR, HIPPA, CSIRT, etc) Exhibit D – List of Sub-Processors
