RETA POLICIES & PROCEDURE MANUAL

Date Last Reviewed: 12-30-2012 Section 000 – Table of Contents

Developed: 09-21-2007 Approved:12-30-2012 Page 000 - 1

RETA

POLICIES

&

PROCEDURE

MANUAL

AMENDED: 12-30-2015



000 - POLICY CREATION AND AMENDMENTS III

100 - ADVERTISING POLICY 1

200 – ASSOCIATION EXECUTIVE DIRECTOR REVIEW 3

300 - AWARDS GUIDELINES 5

400 - 21ST

CENTURY CLUB 7

500 - CERTIFICATION 9

600 - COMMUNICATIONS AND PUBLICATIONS

700 - CONFLICT OF INTEREST POLICY

800 - CONFERENCE COMMITTEE

900 - EDUCATION

1000 - ELECTRONIC COMMUNICATIONS VEHICLES (INTERNET)

1100 - FINANCE

1200 - HEALTH AND ENVIRONMENT

1300 - HISTORIAN

1400 - INDUSTRY RELATIONS

1500 - LOGO POLICY

1600 - LONG RANGE PLANNING

1700 - MARKETING

1800 - MEMBERSHIP

1900 - MEMBERSHIP LIST SALES POLICY

2000 - NOMINATING

2100 – DOCUMENT CONTROL POLICY

2200 – ANTI-TRUST POLICY

2300 - CHAPTERS

2400 - WHISTLE BLOWER POLICY

2500 – CORPORATE SECURITY POLICY

127

131

139

145

173

181

188

190

192

194

196

198

200

207

209

213

219

221

242

246



GENERAL

ALL MATTERS AND QUESTIONS NOT COVERED BY THE POLICIES AND PROCEDURES ARE SUBJECT TO THE

DECISION OF RETA AND ARE GOVERNED BY THE ORGANIZATIONS BYLAWS. THE POLICIES AND

PROCEDURES MAY BE AMENDED OR SUPPLEMENTED AT ANY TIME BY RETA, AND ALL SUCH AMENDMENTS

OR ADDITIONS WILL, UPON REASONABLE NOTICE, BE AS EQUALLY BINDING ON ALL PARTIES AFFECTED AS

THE ORIGINAL POLICIES AND PROCEDURES.

A. POLICY CREATION AND AMENDMENTS

1. PURPOSE OF THE RETA POLICIES AND PROCEDURES

THE PURPOSE OF THE RETA POLICY AND PROCEDURES MANUAL IS TO EXPLICITLY DEFINE THE

POLICIES AND PROCEDURES THAT HAVE BEEN ESTABLISHED BY THE RETA BOARD OF DIRECTORS. THE

POLICIES AND PROCEDURES ARE CONSISTENT WITH AND IN CONCERT WITH BUT DO NOT SUPERSEDE THE

RETA BYLAWS. THEY HAVE BEEN ESTABLISHED TO ASSIST THE BOARD OF DIRECTORS AND THE

NATIONAL OFFICE IN THEIR OPERATION OF THE ASSOCIATION’S AFFAIRS.

2. RESPONSIBILITIES OF THE BOARD WITH REGARD TO POLICIES

a) POLICIES WILL BE ESTABLISHED, REVIEWED AND AMENDED BY THE BOARD.

b) THE BOARD, STAFF, OR COMMITTEE WILL IDENTIFY A PROBLEM OR ISSUE, FOR WHICH THERE IS NO

CURRENT POLICY OR THE POLICY NEEDS TO BE UPDATED. THE KEY ELEMENTS ARE IDENTIFIED AND

THE COMMITTEE ASSIGNED THE TASK DRAFTS THE POLICY. THE DRAFT IS DISSEMINATED TO THE

BOARD FOR REVIEW.

c) THE BOARD VOTES TO ADOPT OR AMEND THE POLICY BY MAJORITY VOTE AND DISSEMINATES THE

POLICY AS NECESSARY.

3. ROBERTS RULES OF ORDER SHALL SERVE AS GOVERNING MECHANISM UNLESS THESE POLICIES AND

PROCEDURES CONFLICT. IN CASE OF A CONFLICT THE POLICY SHOULD BE FOLLOWED.



THIS PAGE IS INTENTIONALLY BLANK

Date Last Reviewed: 4-08-2015 Section 100 – Advertising Policy

Revised: 04-08-2015

Developed: 09-21-2007 Approved: 10-01-2007

Last Approved: 06-24-2015

Page 1

Page 100 - 1

100 - ADVERTISING POLICY

General All matters and questions not covered by the policies and procedures are subject to the decision of RETA. The policies and procedures may be amended or supplemented at any time by RETA, and all such amendments or additions will, upon reasonable notice, be as equally binding on all parties affected as the original policies and procedures.

A. Qualifications

Eligibility is limited to advertisers whose products and services are of interest to RETA. Applicants who are advertising must submit the nature of their business and scope of the information to be advertised. RETA reserves the right to reject any application to advertise.

B. Assignment of Space

Initial space assignments will be made on a first-come, first-serve basis and is at the discretion of RETA. RETA reserves the right to make appropriate changes in spacing and location of advertisement, as it deems necessary for the overall success of the product.

C. Use of Advertising Space

The contracted advertising is to be solely used by the advertiser whose name appears on the contract, and it is agreed the advertiser will not assign any portion of same without written consent of RETA.

D. Hold Harmless

Advertiser assumes entire responsibility and liability for losses, damages, and claims arising out of injury or damage that may occur as a result of said advertising. Advertisers will indemnify, defend, and hold harmless RETA and RETA’s management firm and their responsibility, claim, cost, or expense of any kind whatsoever (including attorney’s fees) which any of them may incur, suffer, pay or be required to pay, incident to or arising directly or indirectly from any intentional or negligent act or omission of the advertiser, its employees, agents, or representatives.

E. No Endorsement

Publication of advertisements in the Breeze, or any other RETA publication does not constitute endorsement of any products, services or advertisers by RETA and shall not be considered or represented by advertiser as such.

F. Restrictions

RETA reserves the right to restrict advertising that may have been falsely entered, or that may be deemed unsuitable or objectionable in RETA’s sole discretion as in direct conflict with the mission statement or goals of the association.

G. Rights in the Event Advertisement is not utilized

Should RETA elect to cancel the advertisement, RETA’s sole liability to advertiser will be the refund of any payments for advertising space received. RETA will not be liable for any consequential special or indirect damages that may arise from such cancellation.

Date Last Reviewed: 04-08-2015 Section 100 – Advertising Policy

Revised: 04-08-2015



Page 2

Page 100 - 2

H. Violations of Advertising Policies and Procedures

Advertisers who violate these policies and procedures may be prohibited from advertising in any RETA publication and/or subject to other penalties imposed by RETA at its sole discretion; provided, however, that nothing herein shall limit the remedies otherwise available to RETA.

I. Advertising in the Breeze Up to 30% of the publication can be sold as advertising. Advertising rates are established annually.

J. Advertising in the Tech Report Association advertisements are the only accepted advertising in this publication.

K. Advertising on the RETA website

1) RETA does not sell our membership’s personal details to a third party, advertisers on RETA’s site may have access to behavior via cookies left by visitors to the website, but not membership data.

2) RETA runs more advertisements than it is reasonable to keep track of, therefore if the advertiser has a complaint about an advertisement for any reason, should be addressed to RETA HQ – it’s not in RETA’s interests to displease the users.

3) RETA does not allow auto-initiated sound. In other words, website advertisements are not allowed to have the sound switched on when the page loads. If this occurs, please notify RETA Head Quarters and it will be switched off as soon as possible

4) RETA does not allow advertisements which require the reader to download anything (especially viruses), or which break the site in any way. If you see an ad which does this, please let us know and we will locate it and switch it off as soon as possible*

Page 3

200 - ASSOCIATION EXECUTIVE DIRECTOR REVIEW

A. PURPOSE The purpose of this association management review is to provide a formal, written review process to evaluate the job performance of the Executive Director of the association.

B. WHO The current Executive Vice President will perform the review process. He/She may, at their sole discretion, perform this duty alone, or assign specific tasks to other officers, board members or committee chairs. In any case, the process will be under his/her authority and direction.

C. WHEN The review process will take place annually, prior to the fall board meeting. All tasks must be completed prior to the board meeting and a formal, written report will be presented to the board by the executive vice president and entered into the minutes of the meeting as means of formal documentation.

D. PROCESS

1. At least all current officers, board of directors will be asked to complete a survey regarding the performance of RETA’s Executive Director.

2. A follow-up phone call will be made by the Executive Vice President or designee to any individual marking “not acceptable” on any point in the survey. The purpose of that call will be to determine the exact nature and specific issues surrounding the negative response.

3. After all survey results are collected and tabulated, a meeting will be held with the Executive Vice President, President, and Executive Director. This meeting should take place in person at a time and place convenient to all. Although less desirable, if circumstances will not allow for a personal meeting to take place, the meeting may take place via conference call. During this meeting, the survey results will be shared with the Executive Director and a list of action items will be developed to address any areas of unacceptable performance.

4. A formal written report (see attachment 200-A) of the meeting will be completed and presented to the officers and board of directors at the annually scheduled fall board meeting. A copy of the tabulated survey results will be attached to the report. Both the written report and survey results will be entered into the official board minutes.

NOTE: This review process is a RETA board function.

.

Date Last Reviewed: 04-09-2015 Section 200 – Management Review Policy

Page 200 - 1


Revised: 04-08-2015 Last Approved: 06-24-2015

Page 4

ATTACHMENT 200-A

ASSOCIATION EXECUTIVE DIRECTOR

ANNUAL PERFORMANCE REVIEW REPORT

Date of report:

Submitted by: , Executive Vice President

Association Management Firm:

1. Survey sent to current officers, board of directors and all chapter presidents.

2. Survey results collected and tabulated (see attachment 1.)

3. Meeting held: Date:

Place:

In attendance: , RETA President

, RETA Exec. VP

, RETA Exec. Director

4. Items discussed at meeting

Survey results discussed

Positive performance items:

Areas needing improvement

Action Items discussed

Items for the Executive Director

Items for RETA

5. Motion items for board approval (if any.)

Date Last Reviewed: 04-08-2015 Section 200 – Attachment 200

Page 200 Attachment 200 - 1



Date Last Reviewed: 04-08-2015 Section 300 – Awards Policy Revised: 04-08-2015


Last Approved: 06-24-2015 Page 300 - 1

Page 5

300 - AWARDS GUIDELINES

A. Goals

The goals of the Awards Committee are three-fold: 1. Fairly determine the people to receive awards at the annual convention. 2. Develop a procedure for the awards committee and Chair to follow. 3. Maintain an accurate and complete listing of past award recipients.

B. Current Awards 1. Guy R. King Memorial Award – Recognizes outstanding job performance in the education and

training of members nationally and locally. 2. Elliot R. Hallowell Award – Honors the member whose record of service to RETA for the current

year merits special recognition and reward. 3. Venneman Award – Recognizes an outstanding RETA member for a career marked by

leadership and service to the profession and the organization. 4. Earl J. McMichael Award – Acknowledges the chapter recruiting the largest number of members

during a fiscal year. No nominations are required for this award. The Earl J. McMichael Membership Award is determined by RETA headquarters based solely on which chapter has the largest increase in chapter membership.

5. Glenn Smith Life Time Achievement Award – This award is not given on an annual basis. it is bestowed on persons periodically who have demonstrated a lifetime of contribution to the industry and to RETA at national and local levels. The Glenn Smith Lifetime Achievement Award is a Board approved honor.

6. Felix Anderson Award – This award recognizes outstanding local chapter leaders who have never held a national board position. Each year two individuals are awarded this distinction.

7. Outstanding Chapter President Award – selected by the current National President.

C. Responsibilities - Solicitation of Nominees Nominees will be solicited in two ways.

1. Starting five months prior to the annual RETA conference, an article in the Breeze describing the awards will run. The article will include a request for nominations with a deadline one month prior to the annual Conference... All subsequent issues of the Breeze through the pre-show issue (providing mail date allows for nomination submission in accord with deadline) will also feature a call for.

2. National will send a letter or e-mail to all chapter presidents, which reviews the awards and requests nominations.

D. Handling Nominations

All nominations will be sent to the Executive Director. The Director will mail, e-mail or fax a notice, which acknowledges receipt of the nomination to the sender. The director sends copies of the nominations to the awards committee members following the nomination deadline.

E. Committee Make-up

The committee will consist of the awards chair, the current national president, and a past national president (selected by the awards chair).

Date Last Reviewed: 04-08-2015 Section 300 – Awards Policy Revised: 04-08-2015



Page 6

F. Final Decision

The chair will coordinate a conference call or other means of meeting to review the nominations and determine the awards recipients for the Elliott R. Hallowell Man of the Year Award, the Venneman Award, the Guy R. King Award and, The Felix Anderson Award. The committee will review the background of each award and of the past award recipients prior to this call or meeting.

G. Awards

RETA headquarters is notified of the award winners by the awards chair. Headquarters procures the awards plaques.

H. Historical Recording RETA headquarters will update the lists of award recipients for future reference and inclusion in the national convention program or calendar.

I. If there are no nominations made, the Board of Directors will be surveyed or no award will be issued.

Page 7

400 - 21ST CENTURY CLUB

A. Purpose

To raise funds specifically for the use of the educational committee, with these funds reserved only for use in securing new instruction manuals, or for revision of existing ones. The 21st Century Club is a continuation of the Century One Club that was established in the late 1960’s to support the Association’s efforts to provide educational materials for the membership. The Century stands for a limitation to 100 members, each contributing $100.

B. Responsibilities

Use every opportunity to obtain $100 contributions to the club. At all national meetings, extol the virtues of the club, and encourage chapters to honor their past president by enrolling the individual as a member of the club.

Date Last Reviewed: 04-08-2015 Section 400 – 21

st Century Club Policy

Page 400 - 1



Page 8

This page is intentionally blank

Section 00 – Space Filler

Revision 0

Page 00. - 0 Developed: 10-10-2010 Revised: 10-10-2010

Last Reviewed: 10-10-2010 © 2010 Refrigerating Engineers & Technicians Association Last Approved: 10-10-2010

Date Last Reviewed: 08-25-2015 Section 500 – Certification Policy ©Refrigerating Engineers & Technicians Association

Developed: 09-21-2007 Approved 11-02-2013 Last Approved: 08-25-2015

Page 9

Page 500 - 1 Revision 8

500 - CERTIFICATION

The following documents and resources are incorporated into the RETA Policies and Procedure Manual by reference. Each of these may be updated as needed to reflect changes in RETA certification programs over time. The current version of each is incorporated into RETA Policies and Procedures. The Executive Director and the Certification Manager will review and affirm the accuracy of certification program information on the RETA website. Their approval is required to assure that no candidate materials on the RETA website are misleading or inaccurate.

RETA Examination Program Schemes

Information Handbook and Application for CARO and CIRO

Online applications for RETA certification (in development in 2015)

RETA Network Test Centers Operations Manual

RETA Certification Committee Handbook

RETA Employee Handbook

RETA Threat Analysis Report

RETA Security Procedures and Plan

Operating procedures for each RETA employee to meet their assigned duties

RETA Certification Procedures Manual

RETA Network Test Center Proctor Guide

RETA Network Test Center Agreements

RETA Document Control Record A. Purpose

1. To provide refrigeration system operators and technicians a means to benchmark their capabilities by passing RETA certification examinations.

2. To provide the most comprehensive examination possible which accentuates safe and efficient operating of refrigeration systems.

3. To work toward national acceptance of this certification by administering agencies and public safety officials.

4. To serve as the Scheme Committee as defined by ANSI 17024 Standards. 5. To assure that RETA certification programs are fair, valid and impartial in evaluating the eligibility

and qualifications of all applicants for RETA credentials. B. RETA Certification (CertComm) Responsibilities

1. To serve as the Scheme Committee as defined under ANSI 17024 Standards. 2. To maintain the fairness, impartiality, validity and integrity of all RETA certification programs.

RETA policies and procedures are designed to assure that all decisions about certifying every candidate are based solely on the candidate’s qualifications and performance on RETA examinations and other certification-related activities.

3. To revise the content of the examinations and related certification criteria as needed to assure balance among of many types of industrial refrigeration systems.

4. To provide operators and technicians as many opportunities to take the exam as possible. 5. To provide an archive of test records for candidates who have taken the test. 6. To keep the membership aware of their opportunities through the RETA Breeze, on the RETA

website, and in other publications and materials that can communicate with potential RETA candidates and their employers about RETA certification programs



Page 10


C. Differentiation between Education and Certification

1. Each RETA certification program is based on a practices analysis of RETA certificate holders and employers to determine the importance of content areas reflected in current industry training materials. The first RETA practices surveys were conducted in 2003; new practices surveys to support RETA exams were completed in 2011 to guide the content of current and future RETA tests. All exams are developed and validated in consultation with the RETA Certification Committee.

2. Each question in every RETA certification examination is documented to reflect current training resources. Following publication of any new edition of these materials, the RETA Certification Committee conducts revalidation workshops to revalidate that each question continues to be supported in the new edition of these training resources.

3. RETA’s Consulting Psychometrician maintains all RETA item pools and test forms in a digital files. No printed copies of RETA examinations are retained by or available to RETA Certification Committee members at any time. All item review and revalidation activities are controlled by RETA’s Consulting Psychometrician so that no committee member can print or reproduce copies of any RETA test material before, during or after item review and revalidation meetings.

4. RETA training resources and education products are developed to reflect best practices in the refrigeration industry such as the Ammonia Refrigeration Training Guidelines – Operators (ARTGO) that were jointly developed and approved in 2005 by RETA and the International Institute of Ammonia Refrigeration (IIAR). While not specifically designed to address the OSHA Process Safety Management standards, ARTGO documents one path to meeting OSHA and EPA training requirements in ammonia refrigeration. RETA’s Education Committee directs development and updating of RETA training materials

5. ARTGO standards jointly approved by RETA and IIAR in 2005 specify entry-level, skilled and technical qualifications for ammonia refrigeration operators. RETA’s Certification Program created its first entry-level exam in 1987 and a skilled operator program in 1988. RETA’s Certified Assistant Refrigeration Operator (CARO) program was created in 2001 for entry-level candidates. Certified Industrial Refrigeration Operator (CIRO) certification for operators with at least two years of engine room experience was created in 2002. CARO requires no prior experience. CIRO requires at least two years employment in the industrial refrigeration industry. New forms of CARO and CIRO exams that were upgraded to meet ANSI 17024 Standards moved to on-demand computer-delivered testing in September 2005.

6. RETA recognizes the importance of separating its roles in design and delivery of training from design and delivery of its certification programs. No RETA board member, task force member or volunteer may serve on the RETA Education and Certification Committees at the same time or for a period of two years after completing service on the other committee.

7. If a CertComm member is hired as RETA staff to assist in developing educational materials, that person will not participate in review or updating of references cited to support RETA exams for which they participated in CertComm item review for one year after the last meeting in which they participated in such CertComm reviews



Page 11


D. Confidentiality and Non-Disclosure Agreements 1. Each RETA Certification Committee member and anyone else involved in test development is

required to sign a non-disclosure agreement that obligates them to protect the security and confidentiality of all RETA examination materials.

2. All RETA test development, analysis and revalidation activities are directed by RETA’s Consulting Psychometrician.

3. No unauthorized access to test content or examination materials is permitted at any time. Unauthorized access, use or disclosure of RETA test materials is a clear violation of the RETA Code of Conduct and is subject to disciplinary action by the RETA Board.

4. All CertComm members, Board members, volunteers, staff and consultants who participate in any way in designing, developing, reviewing or administering RETA certification and credentialing programs are subject to the limitations specified in the Confidentiality and Non-Disclosure Agreements. All RETA records related to applicant processing, review, credentialing and reporting are subject to these limitations.

E. Psychometric Analyses & Test Revalidation

1. RETA contracts with a fully qualified Consulting Psychometrician to guide all RETA test development activities and to conduct quarterly test and item analyses to monitor performance on each RETA examination.

2. All questions on which candidate performance does not match expectations are revalidated with the RETA Certification Committee. Any resulting score adjustments are applied to all candidates. Amended score reports are issued to any candidate whose results change from fail to pass as a result of these adjustments.

3. Test analyses will include review of potential threats to impartiality and security due to repeated use of examination materials, including but not limited to review of item and test score drift over time, performance data for candidates making repeat attempts, and identification of emerging trends that may warrant further investigation.

4. Test analyses also will include monitoring examination results for indications of possible cheating. Evidence of suspected cheating will be accompanied by possible remedies to maintain the fairness, impartiality and integrity of RETA exams.

5. The Consulting Psychometrician will prepare a report for CertComm review at least twice per year and whenever evidence emerges of suspected cheating or threats to the fairness, impartiality, validity, reliability and integrity of RETA exams. This report will identify any suspected deficiencies and recommend strategies to correct and minimize the impact of such deficiencies on RETA exams.

6. CertComm reviews test analysis reports and test performance trends for each RETA examination at least twice annually in reports provided by RETA’s Consulting Psychometrician. CertComm reports to the RETA Board at least twice annually on all policies and practices related to the validity, fairness and impartiality of all RETA credentialing programs.

7. The performance of RETA’s Consulting Psychometrician and ANSI Accreditation Manager is audited annually by CertComm, and RETA’s Executive Director. The Executive Director may, at his/her discretion, include the RETA Board, RETA staff and other interested parties in this evaluation and auditing process.

8. RETA’s Executive Director and CertComm are responsible for selection of the Consulting Psychometrician and ANSI Accreditation Manager.

9. RETA’s Executive Director and CertComm retain all responsibility for auditing subcontracted work performed by the Consulting Psychometrician and ANSI Accreditation Manager in support of RETA certification programs.



Page 12


10. The RETA Executive Director may approve contract extensions with RETA’s Consulting

Psychometrician and ANSI Accreditation Manager as needed to meet RETA goals and objectives for its certification programs.

11. RETA’s Consulting Psychometrician must protect the security, impartiality, fairness and integrity of all RETA certification programs at all times.

12. RETA’s Consulting Psychometrician must report any threat to the security, validity or impartiality of RETA exams to the Executive Director, the CertComm Chair and Certification Manager within two working days after discovery of the possible threat. If one of these persons is among the possible sources of such a threat, he/she will be excluded from this communication.

F. Test Administration and Test Security

1. RETA examinations are administered by computer by Kryterion through its network of about 400 North American testing centers. RETA approves RETA Network Test Centers that deliver the examinations through the Kryterion test delivery system. RETA test centers adhere to the same facility, supervision, environment control policies and procedures as the Kryterion Testing Network (KTN) centers.

2. Refrigeration training programs that elect to become RETA Network Testing Centers must certify that no person who is involved in RETA training is permitted to be in the Testing Center while a RETA certification examination is being administered.

3. RETA Certification Committee members, board members and staff periodically take RETA examinations to evaluate both the performance of its test centers and how candidates are presented all information and questions during administration of its examinations at Kryterion Testing Network test centers and RETA Network test centers.

4. RETA’s Consulting Psychometrician reviews and approves all requests for RETA Network testing centers before they can begin delivering RETA exams. No candidates can be registered in RETA Network centers prior to meeting all test security and administrative requirements.

5. RETA’s Consulting Psychometrician reviews all incident reports and suspected security issues, Kryterion test center facilities and operating procedures.

6. RETA policies prohibit unauthorized possession or use of RETA examination materials in any form, including but not limited to recreating from memory, copying, posting on any website, reproducing or disclosing to others any examination question or test-related materials or content not released by RETA to all certification candidates.

7. Any violation of these rules may constitute copyright infringement of RETA property and can be subject to legal action to recover the cost of creating additional questions and forms of RETA examinations. Any comments about the content of a specific question on a RETA exam can be shared only with RETA directly. Such comments may not be posted on any blog or other online discussion forum without violating US copyright laws that protect secure test materials. Such violations could result in disqualification for RETA certification of all candidates from any school or training program whose staff are found to have compromised the security and integrity of a RETA exam.

8. RETA conducts annual audits of a sample of Kryterion’s Testing Network (KTN) and all RETA Network Test Centers. CertComm also approves the RETA Network Test Center Operations Manual and the RETA Test Network Proctor Guide, which provide detailed policies for delivery of all RETA certification examinations. Audit procedures are conducted by RETA’s Consulting Psychometrician in collaboration with RETA’s Executive Director and staff. Audit findings are reviewed with CertComm as specified in this Manual.



Page 13


9. RETA’s Executive Director and CertComm retain responsibility for selection and approval of all test delivery subcontractors in support of RETA certification programs. These primarily include Kryterion Testing Network (KTN) centers and RETA Network Test Centers. Other subcontractors whose support may be needed may be approved by the Executive Director and CertComm.

10. RETA’s Executive Director and CertComm retain responsibility for auditing all work performed by test delivery vendors, test centers and other subcontractors in support of RETA certification programs.

G. RETA Certification Decisions, Expiration and Documentation

1. All CARO and CIRO certifications issued prior to July 1, 2004, expired June 30, 2007. 2. Any operator who has passed any RETA exam will always be recognized as having passed the

exam as of their exam date. 3. No operator may claim CURRENT certification based on a RETA examination that does not meet

the requirements stated in this policy. 4. All RETA certifications issued after July 1, 2006 must show an expiration date three years after

the candidate passes a RETA exam. 5. No RETA certification is valid without an expiration date. 6. All applications for RETA certification expire one year after the date an application is approved by

RETA and all required fees are paid. A candidate forfeits all application and testing fees when this application period expires unless RETA receives a written request for a 90-day extension before the end of this eligibility period.

7. Applications and fees to retest are valid for 90 days after all required fees are paid. 8. RETA certificate holders with a current credential may recertify either by passing the current

examination or by documenting completion of RETA-approved continuing education. Recertification candidates whose credentials have expired must retest to qualify for a new credential unless they receive CertComm approval for an extension or time as specified in this RETA Policy and Procedures Manual.

9. All RETA certification decisions must follow criteria and procedures approved by CertComm. RETA staff may implement these criteria such as issuing CARO, CIRO or other RETA certifications to individuals who have met all of the requirements specified by CertComm for a RETA credential.

10. Upon completion of the requirements for a RETA credential, RETA staff will issue the successful certification candidate a certificate that includes the following information.

The candidate’s name as shown in RETA certification records

The name of the credential being issued by RETA to the candidate

The RETA logo and seal

The signatures of the RETA President and the CertComm chair

The date on which the candidate met the requirements for the credential

The expiration date of the credential three years after the candidate met all of the required

criteria

The certificate number for the candidate’s RETA credential

RETA staff will issue a pocket-size card to each successful candidate showing the name(s)

and expiration date(s) of all currently held RETA credentials upon completion of each new

RETA certification



Page 14

Page 500 -6 Revision 8

Support Information: RETA recertification policies can be used by employers and employees toward training requirements which specify updating the skills and training of all refrigeration industry technicians and operators at least once every three years. All certificate holders can meet recertification requirements through combinations of training at RETA chapter meetings, the RETA annual convention, employer-based training programs, other special training opportunities, and/or by retaking the RETA examinations that are current at the time the prior certificate will expire.

H. Eligibility for RETA Certification

No individual is eligible for RETA certification unless he/she is in compliance with and agrees to abide by the RETA Code of Conduct. RETA may deny, revoke, suspend, or otherwise act upon certification or membership of any individual who is not in compliance with the RETA Code of Conduct. 1. The individual must truthfully complete and sign the RETA application for certification and

shall provide additional information as requested. All documents and information provided to RETA as part of the certification process are the property of RETA and will not be returned.

2. All RETA members, certification candidates and certificate holders agree to waive all claims against and will hold harmless RETA, its staff, volunteers and agents which arise out of or relate to RETA certification and application review, test administration and certification decisions, document review and records related to RETA investigation and review of eligibility or alleged violations of the RETA Code of Conduct.

3. Any application for RETA certification from a RETA employee must be submitted to RETA’s Executive Director, who will evaluate the application and determine the procedures for the employee to follow as a candidate for a RETA credential. This is to assure impartiality in determining the eligibility for a RETA credential and in administering and evaluating all parts of the credentialing process.

I. Security and Validity of RETA Certification Examinations

In order to protect the validity and security of RETA testing and certification programs, misconduct or circumstances may render a test score invalid. If doubts are raised about a score because of these or other circumstances, RETA expects all individuals to cooperate in any RETA investigation of possible violations of test validity and security. RETA reserves the right to cancel any exam score if, in the sole opinion of RETA, there is adequate reason to question its validity. RETA in its discretion may offer the individual an opportunity to take the examination again at no additional fee, offer the individual an opportunity to take the examination again including payment of all fees, or proceed with disciplinary action as described in these procedures. Following any administrative exam irregularities, the Executive Director, on advice from the Consulting Psychometrician, will review the matter and decide whether to cancel scores, and whether the candidate may be offered a retest at RETA expense or at his/her expense. Such actions may be subject to appeal as described in these procedures.



Page 15


J. Improper Use of RETA Identification and Certification RETA examinations and their content are the property of RETA. These examinations are available only to those persons who desire in good faith to become certified by meeting RETA certification requirements. By applying for RETA certification, each candidate agrees to the following provisions. 1. Refrigeration professionals may use the Certified Assistant Refrigeration Operation (CARO) or

the Certified Industrial Refrigeration Operator (CIRO) designations when they meet all requirements established by RETA. A CARO or CIRO certificate holder has demonstrated expertise gained from study, training and experience in the safe handling of materials and safe operation of refrigeration equipment and facilities.

2. All RETA examinations, certificates, cards, logos, patches and emblems and the names Certified Assistant Refrigeration Operator (CARO) and Certified Industrial Refrigeration Operator (CIRO) are property of RETA and may not be used in any way without the express written consent of RETA. Individuals who pass current RETA examinations must comply with RETA rules in all references to RETA certification.

3. Any individual or program RETA suspends, reprimands, limits or revokes from RETA certification or authorization due to failure to meet RETA requirements shall immediately relinquish, refrain from using and correct at their own expense any outdated, inaccurate or otherwise inappropriate use of any RETA certificate, card, logo, patch, emblem, and references to CARO, CIRO and RETA certification.

4. If the individual refuses to relinquish immediately, refrain from using and correct at his or her expense any misuse or misleading use of such items when requested, the individual agrees that RETA shall be entitled to obtain injunctive relief, damages, costs and attorney's fees incurred in obtaining any such or other relief.

K. RETA Shadow Candidate Program

All members of the RETA Certification Committee (CertComm) and the RETA Board are required to participate in auditing and review of RETA test delivery procedures by serving as RETA Shadow Candidates. This requires that they apply for and experience the same processes of regular RETA candidates who request certification for a RETA credential. Shadow Candidates schedule and take a RETA certification examination as a regular RETA candidate would do without identifying themselves other than with the ID and requirements for other RETA candidates. CertComm and RETA Board members serve as a Shadow Candidate at least once every three years.

Prior to taking a RETA examination, all Shadow Candidates must sign the Shadow Candidate Test Security and Non-Disclosure Agreement. The language in this agreement appears onscreen for every RETA candidate and must be agreed to in order to begin any RETA certification examination. Upon completion of the exam, each Shadow Candidate must prepare a report of their experience as a RETA test candidate. This report will be used as part of RETA’s requirements for auditing the performance of certification program staff and test centers.

Shadow Candidates who wish to renew a RETA credential may use their score as a Shadow Candidate to meet the testing requirements RETA recertification.



Page 16


L. Renewal of Certification The RETA Code of Conduct in Section 1800 Membership requires all RETA certificate holders to document their participation in appropriate certification and training activities to demonstrate that they are maintaining competence in the refrigeration industry. Each RETA certificate expires three years after it is issued. Recertification candidates may establish that their knowledge and skills are still current for RETA certification by passing the current examination for that classification or by providing RETA with documentation of training to maintain their qualifications for recertification.

Continuing education credits can be earned by documenting participation in RETA-approved professional training related to RETA certification at RETA chapter meetings, the RETA Annual Meeting, employer-sponsored training, refrigeration training seminars and other sources. Procedures for documenting training credits to apply for recertification are available on the RETA website.

M. Extension of the Time Period for Recertification 1. A recertification candidate may request additional time if special conditions or hardship have

prevented compliance with these requirements. The candidate must send RETA a written request for an extension of time as specified in this section.

2. Such requests will be evaluated on an individual basis by RETA and be defined as an inability to devote sufficient hours to fulfilling the PDH requirements during the applicable renewal period because of: a. Full-time service in the armed forces of the United States of America during a substantial

part of the renewal period; b. An incapacitating illness documented by a statement from a currently licensed physician; c, A physical inability to travel to the sites of approved programs documented by a currently

licensed physician; or d. Any other similar extenuating circumstances.

3. Any recertification candidate who, prior to the expiration date of a RETA credential, submits a request for an extension shall be deemed to be in good standing until the final decision on this request is made by the Certification Committee.



Page 17


N. Continuing Education for Recertification

RETA recertification candidates may qualify for renewal of their RETA credential for three years either by passing the current examination or by documenting training in refrigeration. Training is measured in Professional Development Hours (PDHs) as determined by RETA. CRES and RAI have additional requirements that must be met to qualify for recertification. Details are provided in the candidate handbook for each credential. Each candidate handbook is available free on the RETA website. a) Professional Development Hours (PDH) Requirements

1. RETA recertification candidates must document 24 PDHs relevant to the practice of refrigeration operation / service / repair / maintenance / engineering to meet these requirements.

2. PDHs must be earned during the 36 months a RETA credential is valid. 3. One PDH can be earned for 50 minutes of instruction or participation. If a program awards

continuing education units (CEU) rather than professional development hours, one CEU equals 10 professional development hours of class in an approved continuing education course.

4. Documentation of PDHs for recertification may be submitted in the RETA Recertification Database or with a completed recertification application.

b) Professional Development Activities 1. Successful completion of a college or university course in the area of refrigeration

operating / servicing / installation, related sciences*, and engineering ethics. RETA will award PDHs based on a transcript documenting successful completion of any such course(s).

2. Successful completion of professional engineering courses or programs in which professional development hours are earned.

3. Successful completion of refrigeration operating programs, seminars, tutorials, workshops, short courses, on-line or in-house courses.

4, Completing classes using RETA coursebooks can earn 20 PDHs after the candidate passes a RETA examination on the content of the course.

5. Attending program presentations at related technical or professional meetings, including the RETA Annual Conference.

6. Teaching or instructing. Teaching credit is valid for teaching a course or seminar for the first time only. Two PDHs may be earned for every hour of teaching.

7. Authoring papers or articles that appear in nationally circulated journals or trade magazines or presented to a professional society or organization. A maximum 10 PDHs per paper or presentation per renewal are allowed for this activity;

8. Active participation on a RETA committee or holding an office in a Chapter as an elected officer. Two PDHs will be awarded per committee membership or office held. A maximum of 8 PDHs may be accepted per renewal period.

c) Professional development program, activity and course requirements 1. Each approved course, program or activity must contribute to the advancement of

professional skills and/or scientific knowledge of the recertification candidate in the practice of refrigeration system operations, services, design, installation and/or maintenance.

2. Each approved course, program or activity must foster the enhancement of general or specialized practice and values of refrigeration operations, related sciences and/or engineering ethics.

3. Each approved course, program or activity must be developed and presented by persons with education and/or experience in the subject matter of the program.



Page 18


d) Each RETA recertification candidate shall maintain a record of PDHs that includes

the following information for any PDHs the candidate asks be counted toward RETA recertification. 1. The name and address of the sponsor or provider, the number of hours attended in

each program, the date and place of the program and documentation of the candidate’s attendance.

2. A log of activities that includes the date and number of hours claimed as PDHs, a brief statement of the subject matter, printed program schedules, registration receipts or other proof of participation.

3. Transcripts or records of PDHs maintained by an acceptable provider. 4. This requirement may be met by maintaining a record of PDHs in the RETA

Recertification Database. e) Acceptable providers for structured educational activities shall include, but not be

limited to the following. 1. Coursework provided by RETA Authorized Instructors (RAIs) using RETA educational

materials. 2. Chapter meetings with an educational presentation by a guest speaker

(name/date/topic needs to be recorded on a roster certified by a Chapter Officer and filed with RETA HQ).

3. RETA Annual Conference workshop courses. 4. Regional RETA conference workshop courses. 5. Colleges, universities or other educational institutions presenting courses related to

industrial refrigeration. 6. Other technical or professional societies or organizations including manufacturers

(factory training either site-specific or in factory – procedures for documenting this training will be made available from RETA HQ).

f) RETA shall evaluate whether to award PDHs for training requested in an application for recertification or in the RETA Certification Database based on documentation provided by the candidate.

g) Candidate Notification and Appeals 1. RETA will inform the candidate in writing whenever PDHs requested as part of a

recertification application cannot be applied toward renewing a RETA credential. The candidate must respond in writing within 30 days with any new evidence in support of the candidate’s recertification before a decision to deny credit toward recertification will be reconsidered by RETA. Unsupported claims will be denied.

2. RETA may require additional evidence demonstrating compliance with these requirements from any candidate. Each recertification applicant must provide evidence that training meets these recertification requirements before PDHs will be applied toward recertification.

3. Candidate appeals of decisions regarding recertification are subject to the policies documented in Section 1800, Membership, of the RETA Policy and Procedures Manual.


Developed: 09-21-2007 Approved 11-02-2013


Page 19


O. Internal Audits

Internal Audits are designed to discover, document and correct any problems that may arise in RETA credentialing activities, to assess whether RETA is implementing its certification program policies and procedures, and to provide for continual improvement by identifying corrective and preventive actions in RETA certification programs. RETA internal audits should document each of the following areas to evaluate how RETA informs interested parties, processes applicants, administers exams, reports and records results, and serves certified persons. These audit procedures are intended to:

Ensure that processes and procedures required to comply with ANSI 17024-2012 are included in RETA Policy.

Verify that RETA staff are aware of these policies in areas assigned to them.

Document that RETA staff are implementing and maintaining these policies.

Have qualified persons who are not responsible for the work being examined conduct audits of these requirements at least once each year.

Report audit results to RETA’s Executive Director, who will inform staff responsible for each audited area of the outcomes and any recommendations.

Review and document results and recommendations from internal audits to RETA staff responsible for each audited area, to CertComm, and to the RETA Board.

Evaluate the effectiveness of corrective and preventive actions resulting from these audits and include this information in RETA’s management system review.

Document the stability and effectiveness of RETA’s management system. RETA’s Executive Director is the point of contact for all internal audit activities. Findings may be shared with CertComm’s chair, ExComm, CertComm members, the RETA Board and staff when they impact policies and procedures or require further action at the discretion of the Executive Director. RETA’s Annual Internal Audit Plan provides details. Test Center Audit Frequency and Scheduling Kryterion Testing Network centers and RETA Network Test Centers must be audited each year as RETA subcontractors to meet ANSI 17024-2012 Standards. RETA will conduct four types of test center audits. 1. Shadow Candidate reviews of Kryterion test centers by CertComm and Board members

during their first year as a member and every third year thereafter. Shadow Candidate procedures are documented in Section 500-K.

2. RETA’s Consulting Psychometrician analyses of performance data for all Kryterion and RETA Network Test Centers quarterly and whenever suspected threats to the impartiality, security, fairness or the integrity of RETA exams occur. Results of these analyses are shared with the Executive Director, the Certification Manager, and CertComm.

3. RETA staff and consultant reviews of RETA Network Test Centers based on test center records and video surveillance.

4. Onsite visits by the Executive Director, Certification Manager, Consulting Psychometrician or other persons designated by the Executive Director.

Test Center Audit Procedures 1. These audits are designed to evaluate test center documentation, proctor screening and

documentation, test security and administration, candidate performance, and any other issues that may arise in a test center. Audits also will evaluate candidate comments, complaints and incident reports.



Page 20


2. Shadow Candidates will report results of their experiences using the RETA Shadow

Candidate Report. 4. RETA Network Test Center audits will include review of test center applications, proctors,

records and results, plus periodic reports of surveillance camera recordings of RETA testing activity in each center.

P. Annual Management System Review Meetings A RETA Certification Management Review Meeting will occur annually 60 to 120 days before the RETA Annual Conference to evaluate whether the RETA Management System is meeting all ANSI 17024 requirements and to evaluate certification staffing levels and recommendations for the coming year. The agenda will include review of all audit results, candidate complaints and appeals, test center activity, candidate performance and comments, and other issues related to certification program activity during the prior year. More frequent meetings can be called as needed by the RETA Executive Director as needed. These meetings may include RETA’s Certification Manager, Consulting Psychometrician, and any other staff, test center personnel or volunteers who can share information about certification program operations. Certification Management System Review Meeting agendas will include but not be limited to the following topics:

Candidate complaints and appeals

Kryterion Testing Network (KTN) activities and issues

Primary RETA Network Test Center activities and issues

Temporary RETA Network Test Center activities and issues

Review of candidate performance and comments

Surveillance video reviews of RETA Network Test Center activities

Actual and potential threats to stability, impartiality and test security

The status of corrective and preventive actions and their effectiveness

Follow-up actions from prior management reviews and reports

Other changes that could impact RETA’s management review system

RETA’s Executive Director and Consulting Psychometrician will review all audit reports of certification activities as they are completed and perform the following steps in RETA’s Management Review System.

Collaborate with the CertComm chair in selecting audit teams.

Provide support as needed to enable audit teams to schedule, conduct and document audits and recommend improvements, corrective actions and preventive actions as appropriate.

Confer with auditors about their findings and recommendations

Evaluate other relevant information about these audit findings

Identify opportunities for improving RETA certification programs

Develop corrective and preventive actions to address audit findings

Propose changes in certification program policies and procedures if needed

Discuss audit findings and proposed changes with the CertComm chair

Presents any requests for changes to CertComm for discussion and approval

Train RETA staff and contractors to implement changes that are approved by CertComm and affirmed by the RETA Board

Determine how these changes should be addressed in future internal audits and management reviews



Page 21


Q. Certification Committee Reviews, Minutes and Reports

Minutes of RETA Certification Management Meetings will be shared with CertComm Chair within 10 business days following each meeting. The CertComm Chair will confer with the Executive Director at least quarterly to review Certification Management Meeting minutes and to discuss emerging issues, policies and recommendations. Together they will determine which matters are strictly administrative detail and which should include more detailed review with CertComm members. Topics will follow the same format as in the management review meetings. CertComm minutes and reports will also be provided at least twice per year for the fall and spring meetings of the RETA Board.

R. RETA Authorized Instructor (RAI) Certification

1. Within 90 days after an RAI certification candidate submits all required fees and documentation, the Education Committee may present the Certification Committee a recommendation whether the candidate is qualified to take the RAI examination.

2. CertComm will review the RAI candidate’s application and may request additional information from the candidate. CertComm will inform the RAI candidate of its certification decision within 30 days after receipt of any requested information and achievement of a passing score on the RAI exam.

3. No RAI candidate may take the RAI exam more than once in any four-month period or more than a twice in a 12-month period.

4. An RAI candidate may request reconsideration the decision of the Certification Committee within 60 days after the candidate is informed of the decision. Such a request must be submitted to the Executive Director in writing and include any additional evidence the candidate can offer to support further review of his/her qualifications to be certified as an RAI.

5. The Certification Committee will review any additional evidence submitted by the RAI candidate and provide a recommendation to the Executive Director within 30 days after receive of all documentation related to the request for reconsideration. The Executive Director will inform the candidate of a decision on the request for reconsideration within 30 days after receipt of the Certification Committee’s recommendation.

RAI Eligibility to Instruct Candidates for RETA Examinations 1. RETA conflict of interest and test security protections prohibit RAIs from instructing any candidate

who is preparing for an examination the RAI has taken during the past two years. Violation of this rule could compromise RETA’s ANSI accreditation.

2. An RAI who applies for CARO, CIRO or CRES must agree in writing when they apply that they will not instruct any candidate for the examination they will take for two years after their test date.

3. RAIs may recertify CARO, CIRO or CRES credentials they earned prior to completing an RAI without this restriction only if they meet recertification requirements with CEUs or PDHs.

4. Violation of this rule requires immediate surrender or suspension of the RAI credential



Page 22


Consequences of an RAI Compromising a RETA Examination RETA will revoke all RETA credentials for any RAI whom RETA determines has compromised the security, fairness or integrity of a RETA examination as a violation of the RETA Code of Conduct. RETA may ask the RAI to reimburse RETA for the cost of replacing examinations that are compromised as a direct result of the RAI’s actions. S. Procedures for Corrective and Preventive Actions

ANSI 17024-2012 Standards specify that RETA must document procedures to identify existing and potential nonconformities with ANSI Standards and their causes, evaluate the need for corrective action, determine actions that might prevent future occurrences, implement such changes, record results of these changes, and review the effectiveness of these corrective and prevention actions. RETA board members, staff, volunteers, consultants and other interested parties shall report possible areas for corrective or preventive actions to the Executive Director or the Certification Manager. The Executive Director, Certification Manager and Consulting Psychometrician will investigate the suspected issues related to the possible nonconformity. The President of the RETA Board may be asked to participate or to appoint an investigative panel if one or more of these three representatives appear to have a conflict of interest related to the issues under review. The investigative panel will evaluate evidence and determine whether to recommend any corrective and preventive actions. Their recommendations may be implemented and evaluated based on the panel’s findings. Such changes may occur as amendments to policies, practice, or other appropriate remedies based on the panel’s findings. Corrective and preventive actions will be reported to CertComm and recorded in CertComm minutes. Evaluation of the effectiveness of these actions will be assessed by the investigative panel, included in management review, and reported to CertComm.

T. Candidate Inquiries, Complaints and Appeals

All RETA certification candidates have the right to request further information about any part of their efforts to qualify for a RETA credential from the time that they submit an application through the final decision by RETA regarding whether they have met the requirements for RETA certification. Candidate requests for review and information may be made related to but are not limited to the following steps in the process of earning a RETA credential.

Candidate eligibility following submission of a completed application

Candidate fees and methods of payment

Access to training materials and other resources to help them meet RETA certification requirements

RETA practice examinations

Copies of supplements required during RETA examinations

Scheduling examinations in approved test centers

Test administration problems on the day of a test

Score reporting and access to test results

Concerns about the content of questions on a test

The outcome of RETA certification decisions RETA staff provide the first response to any candidate request. Most candidate inquiries can be resolved directly by RETA staff. This includes but is not limited to explanation of eligibility requirements, explaining fees and payment options, helping candidates order references in support of RETA certification, and assistance in scheduling an examination



Page 23


Test delivery and reporting issues require a RETA Incident Report from test center personnel within three working days after a candidate inquiry or discovery of a possible problem with an examination. These may require consultations with test center proctors and/or supervisors or requests for support from RETA’s test delivery vendor, Kryterion. All RETA Incident Reports are investigated by RETA staff and RETA’s Consulting Psychometrician. These are followed by a report that is reviewed as part of RETA’s Certification Management System Review. All candidate inquiries about the content of questions on a test are referred immediately to RETA’s Consulting Psychometrician. RETA staff have no direct access to test content since that part of all RETA examinations is managed directly by the Psychometrician in Kryterion’s test delivery system. All candidate comments and inquiries are then included in test revalidation review meetings with CertComm at least once each year. The Psychometrician compares the candidate comment to reference information supporting each RETA test question within 30 days after the comment is received. Candidate performance data on each question also is included in the review process. If a problem exists that requires revalidation or rescoring (such as when an OSHA rule has changed or a new edition of an industry reference has been published), the Psychometrician brings the issue to CertComm within 30 days. If CertComm concurs, rescoring is extended to all candidates whose certification results may be impacted by the change in the test content or scoring protocols. Any candidate who disagrees with CertComm’s decision may appeal to the Executive Director for further consideration. The Executive Director then reviews the case and makes a recommendation to the Executive Committee (ExComm) of the RETA Board. ExComm may request additional information from RETA staff and the RETA Psychometrician as part of its consideration of the case. The candidate will be informed of ExComm’s decision within 30 days after receipt of a written request for an appeal. A candidate who disagrees with ExComm’s decision may appeal for a hearing before an Appeal Panel appointed by the RETA Board. The hearing will follow the same rules and procedure documented in Section 1800-H regarding hearings and appeals related to suspected violations of the RETA Code of Conduct. These procedures give the candidate the right to request a hearing and appeal decision if they disagree with a CertComm findings and recommendations.

U. Suspensions and Voluntary Surrender of RETA Credentials

The RETA Code of Conduct specifies that individuals who apply for RETA certification “agree to inform RETA without delay of any changes that restrict my capacity to perform competently, safely and effectively without endangering the welfare of myself or others if I can no longer fulfill my obligations as a RETA-credentialed professional.” The RETA Whistleblower policy also could result in such claims being sent to RETA by a third party. Furthermore, individuals may report such claims by telephone, mail or email to RETA staff, CertComm or others at any time.

RETA will investigate such reports and respond on a case by case basis. Following completion of an investigation, CertComm may accept the voluntary surrender of a RETA credential or suspend a RETA credential if findings from the investigation support the claim that the person is unable to perform as a RETA-certified professional.

CertComm decisions to suspend a RETA credential are subject to appeal under the procedures in Section 1800 Membership of this Manual.



Page 24


A person who has been subject to suspension or voluntary surrender of a RETA credential may apply as a recertification candidate under the following conditions. 1. The candidate must provide evidence that the condition that led to the earlier action no longer

prevents him or her from performing safely and professionally. 2. The candidate must provide any PDHs and other documentation and reports that are required for

recertification. 3. The candidate may retest instead of submitting PDHs for the period during which their RETA

credential was inactive.

Page 25



Revision 0



Date Last Reviewed: 21-23-2012 Section 500 – Appendix 500-A

Developed: 09-21-2007 Approved: 10-01-2007 Page 500 Appendix 500-A - 1

Page 26

LEVEL A - LEVEL B - CARO / CIRO RENEWAL SCHEDULE

Exam Level Date Earned Current until Renewal Means

On-going Renewal Means

Level B 11/1/1988 to present

June 30, 2007 Take the current CARO exam

PDH and CEUs

Level A 11/1/1988 to present

June 30, 2007 Take the current CIRO exam

PDH and CEUs

CARO 1/1/2001 to 6/30/2004

June 30, 2007 Take the current CARO exam

PDH and CEUs

CARO 7/1/2004 to 12/31/2004

3 years from date the credential was earned

Take the current CARO exam

PDH and CEUs

CARO 1/1/2005 to 3/31/2005

3 years from date the credential was earned

Call RETA PDH and CEUs

CARO 4/1/2005 to present

3 years from the date the credential was earned

PDH and CEUs

PDH and CEUs

CIRO 10/1/2002 to 6/30/2004

June 30, 2007 Take the current CIRO exam

PDH and CEUs

CIRO 7/1/2004 to 9/30/2005


Take the current CIRO exam

PDH and CEUs

CIRO 10/1/2005 to present


PDH and CEUs

PDH and CEUs

Date Last Reviewed: 21-23-2012 Section 500 – Appendix 500-A

Developed: 09-21-2007 Approved: 10-01-2007 Page 500 Appendix 500-A - 2

Page 27

WHAT IS A “CEU”? CEU stands for “Continuing Education Unit”. CEUs are distinguished by that there is a means of measuring the understanding of the person involved in the CEU training activity (a test). Studying RETA textbooks or taking RETA On-Line training or attending a college or other training course using RETA materials and using the RETA end of book tests as their measuring means to issue CEUs as a training entity. WHAT IS A “PDH”? PDH stands for “Personal Development Hour”. PDHs are training activities that do not verify understanding by the person involved in PDH activity (no test). Attending the workshop sessions at the RETA National Convention will qualify as PDH activity as does RETA Chapter meeting attendance. One CEU is worth 10 PDH. You need 24 PDH or 2.4 CEU every 3 years to stay current.

Date Last Reviewed: 12-23-2012 Section 500 – Appendix 500-B


Page 28

Page 500 Appendix 500-B - 1

Appendix 500-B Appendix 500-B

PROPOSED PDH / CEU WEIGHT / CLASSIFICATION TABLE Adopted 1-22-07

CODE

Education Activity CEU

Value PDH value

1A RETA IR-1 course study with credit exam - self study 2 20

1B

RETA IR-1 course study with credit exam - Chapter / RAI /Tech School study

3.6

36

1C RETA IR-1 course study with credit exam - ON-Line self study 1.5 15

2A RETA IR-2 course study with credit exam - self study 2 20

2B

RETA IR-2 course study with credit exam - Chapter / RAI / / Tech School study

3.6

36


3 IR-3 coursework will be added following the release of the revised IR-3

4A IR-4 course study with credit test 2 20

4B

RETA IR-4 course study with credit exam - RAI / / Tech School study

3.6

36


5A BE-1 course study with credit test 2 20

5B

RETA BE-1 course study with credit exam - Chapter / RAI / / Tech School study

3.6

36

5C RETA BE-1 course study with credit exam - ON-Line self study 1.5 15

6A BE-2 course study with credit test 2 20

6B

RETA BE-2 course study with credit exam - Chapter / RAI / / Tech School study

3.6

36

6C RETA BE-2 course study with credit exam - ON-Line self study 1.5 15

7A Control Theory 1 & 2 with credit test 2 20

8

RETA Chapter Meetings where a true technical presentation was part of the meeting

0

1

9 RETA Annual Convention Workshops (50 minute length or more) 0 1

10 RETA Regional conference workshops (50 minute length or more) 0 1

11

RETA recognized conference workshops ( i.e. Salinas Valley Ammonia Safety Day - SEPA Expos) sessions (50 minute duration)

0

1



Page 29



CODE


Value PDH value

12 IIAR – Andy Ammonia Series – with test 2 20

13 IIAR / RETA Oil Draining Video and test 0.8 8

14 IIAR workshops - 1 PDH per contact hour – limit 20

15

IARW – Refrigeration Course at University of Oklahoma – ** get more information before a value is assigned - 1 PDH per lesson hour

16 IIAR / Kansas State week long schools 2 20

17 IRC (University of Wisconsin – Madison) week long schools 2 20

18 ASHRAE – continuing education series - limit of 20 PDH

19

Related Sciences - 1 PDH per contact hour or 1 CEU per course credit - Electrical Controls Hydraulics Pnuematics Fluid Dynamics Welding Technology Thermodynamics Related Mathematics Courses Mechanical drawing – Engineering Technology – Environmental Science: geology/ geography /

ecology / hydrology / meteorolgy Chemistry Metrology – (instrumentation)



Page 30



CODE


Value PDH value

20

Manufacturers / Contractor / Supplier Training Sessions 1 PDH per contact hour

21

Other Related Items - 1 PDH per contact hour or 1 CEU per course credit - Maximum of 8 PDH or 0.8 CEU Employee Supervision Budgeting Project Management

22

Company sponsored refrigeration related employee training 1 PDH per contact hour maximum of 8 PDH (NOT 29CFR1910.120(q) training)

PSM / RMP training inclusive to 29CFR1910.119 / Part 68 will apply 1 PDH per contact hour maximum of 8 PDH (NOT 29CFR1910.120(q) training)


Page 31


Section 00 – Space Filler Page 00. - 0 Developed: 10-10-2010 Revision 0 Revised: 10-10-2010

RETA Certification Internal Audit Form 500-C

Developed: 2-4-2008

Page 1 of 15 Approved by: B.O.D Last Reviewed: 7-21-2013

Revised: 8-12-2013

Approved: 8-12-2013

Page 32

Auditor Initials:

Date of Audit: __________________

RETA Internal Audit Procedure and Checklist – Form 500-C

Sample RETA Internal Audit Form: Applicant Processing, Reviews and Records This is part of a series RETA Internal Audit checklists and reporting forms to be used in conducting periodic reviews of RETA certification program activities and records. The checklist may be amended by RETA staff as needed to address emerging issues and concerns in RETA’s certification programs.

ITEM DESCRIPTION / REVIEW STATEMENT

YES NO RECOMMENDATION FOR FOLLOW UP

1 Using the database – run a list of the names of applicants who have applied for certification since the last audit – select 6 names or 5% of the total (whichever is greater) and inspect those records -

A. Are applicant records stored in the proper location based on where they are in the process (pending / completed)?

B. Do the physical and/or digital records agree with the record in the database?

C. For pending applications, is the form filled out completely and is there a copy of the test authorization email attached?

D. For completed applications – Does the record include a full application, records of all test authorization emails sent to applicant, and candidate score reports for each attempt?

E. If the candidate passed the test, does the record confirm the expiration date of the credential issued by RETA?


Developed: 2-4-2008

Page 2 of 15 Approved by: B.O.D Last Reviewed: 7-21-2013

Revised: 8-12-2013

Approved: 8-12-2013

Page 33

Auditor Initials:

Date of Audit: ____________________



2 Security and confidentiality

A. Are physical records locked when staff are not present?

B. Is access to digital records limited to authorized RETA staff and/or consultants?

C. Have candidates signed waivers for release of scores to supervisors or others when these occasions occur?

3 Complaints and problem resolution

A. Has the applicant submitted any complaints or negative comments?

B. Were they responded to by RETA staff or consultants appropriately?

C. Do any unresolved issues require further consideration from RETA’s staff or Certification Committee?

Please use the space below to elaborate on any recommendations or corrective actions proposed – reference the section of the checklist that the comment relates to. Auditor Signatures Printed Names Date of Audit: Date of Non-Disclosure Form ______________


Developed: 2-4-2008

Page 3 of 15 Approved by: B.O.D. Last Reviewed: 7-21-2013

Revised: 8-12-2013

Approved: 8-12-2013

Page 34

Auditor Initials:

Date of Audit: ________________________

Sample RETA Internal Audit Form: Candidate Information Resources and Communications This is part of a series RETA Internal Audit checklists and reporting forms to be used in conducting periodic reviews of RETA certification program activities and records. The checklist may be amended by RETA staff as needed to address emerging issues and concerns in RETA’s certification programs.



1 Is current information about RETA certification programs provided by the following sources?

A. The RETA Website descriptions of current certification programs

B. RETA Applicant Handbooks for each program

C. Access and explanations of the RETA Supplements and how they are used in exams

D. Explanations of study resources and training opportunities to help candidates prepare to test

E. Information about RETA Practice Tests

2 RETA Applicant Handbooks

A. Are certification criteria clearly presented?

B. Are complaint and appeal procedures clearly presented?

C. Is the RETA Code of Conduct and its impact on testing clearly explained?


Developed: 2-4-2008


Revised: 8-12-2013

Approved: 8-12-2013

Page 35

Auditor Initials:

Date of Audit: ________________________



3 Other Sources of Information

A. The RETA Breeze

B. RETA Annual Conference registration information

C. Information to RETA Chapters

4 New Sources of Information Do you wish to suggest new

sources of information to inform potential and current RETA candidates about certification opportunities?



Developed: 2-4-2008


Revised: 8-12-2013

Approved: 8-12-2013

Page 36

Auditor Initials:

Date of Audit: ________________________

Sample RETA Internal Audit Form: Candidate Complaints, Appeals and Feedback This is part of a series RETA Internal Audit checklists and reporting forms to be used in conducting periodic reviews of RETA certification program activities and records. The checklist may be amended by RETA staff as needed to address emerging issues and concerns in RETA’s certification programs.



1 Review of candidate complaints in RETA telephone logs and records

A. Does the log specify the purpose of each call?

B. Does the log identify possible complaints or appeals of certification decisions?

C. Is a summary of online inquiries, complaints and possible appeals provided?

D. Is appropriate action in reply to these issues indicated?

E. Do you recommend any changes in these records?

2 Test administration issues

A. Are problems in administering exams properly documented to allow proper review?

B. Are Proctor Incident Reports provided after problems occur in a RETA Network Center?

C. Do you recommend any changes in test administration policy/procedure based on these reports?


Developed: 2-4-2008


Revised: 8-12-2013

Approved: 8-12-2013

Page 37

Auditor Initials:

Date of Audit: ________________________



3 Test content issues

A. Are candidate comments about test content shared with CertComm during test RETA revalidation reviews?

B. Does RETA inform candidates who comment of the process of evaluating their concerns?

4 Candidate Appeals

A. Have any candidate appeals been submitted?

B. If so, has the RETA Appeals procedure been followed?

C. Do you recommend any changes in the RETA Appeals process based on this review?



Developed: 2-4-2008


Revised: 8-12-2013

Approved: 8-12-2013

Page 38

Auditor Initials:

Date of Audit: ________________________

Sample RETA Internal Audit Form: Confidentiality and Conflicts of Interest for RETA Board and Committee Members This is part of a series RETA Internal Audit checklists and reporting forms to be used in conducting periodic reviews of RETA certification program activities and records. The checklist may be amended by RETA staff as needed to address emerging issues and concerns in RETA’s certification programs.



1 Are Test Security/Nondisclosure forms signed and on file for each RETA Shadow Candidate?

2 Are Test Security/Nondisclosure forms signed and on file for each RETA CertComm member?

3 Are conflict of Interest Statements signed and on file for each RETA certification program staff member?

4 Are conflict of Interest Statements signed and on file for each RETA Board and CertComm member?



Developed: 2-4-2008


Revised: 8-12-2013

Approved: 8-12-2013

Page 39

Auditor Initials:

Date of Audit: ________________________

Sample RETA Internal Audit Form: Document Control Procedures for Certification Records This is part of a series RETA Internal Audit checklists and reporting forms to be used in conducting periodic reviews of RETA certification program activities and records. The checklist may be amended by RETA staff as needed to address emerging issues and concerns in RETA’s certification programs.



1 Are minutes of RETA Board meetings properly recorded and approved by the RETA Board?

2 Are amendments to the RETA By-Laws and Constitution properly recorded and approved?

3 Does the RETA Policies and Procedures Manual record the dates of staff reviews and approvals by the RETA Board?

4 Does the RETA website provide access to the current references, applications and materials to apply for RETA certification?

5 Do RETA internal audits and management review reports date the checklists and forms used to complete each audit?

6 Are minutes of the Certification Management Meetings properly posted for review by CertComm?

7 Are CertComm minutes properly reported and available to the RETA Board for review?


Developed: 2-4-2008


Revised: 8-12-2013

Approved: 8-12-2013

Page 40

Auditor Initials:

Date of Audit: ________________________



Developed: 2-4-2008


Revised: 8-12-2013

Approved: 8-12-2013

Page 41

Auditor Initials:

Date of Audit: ________________________

Sample RETA Internal Audit Form: RETA Personnel Records This is part of a series RETA Internal Audit checklists and reporting forms to be used in conducting periodic reviews of RETA certification program activities and records. The checklist may be amended by RETA staff as needed to address emerging issues and concerns in RETA’s certification programs.



1 Are current job descriptions in each employee record?

2 Does each employee record include a performance review conducted in the past 18 months?

3 Is training activity for each employee in the past 18 months documented, especially for training related to certification programs?

4 Are future training opportunities related to certification programs recommended for each employee who works with or supervises RETA certification activities?

5 Does each employee’s record include his/her signature verifying that they have been informed about the information in their RETA employee record?


Developed: 2-4-2008


Revised: 8-12-2013

Approved: 8-12-2013

Page 42

Auditor Initials:

Date of Audit: ________________________



Developed: 2-4-2008


Revised: 8-12-2013

Approved: 8-12-2013

Page 43

Auditor Initials:

Date of Audit: ________________________

Sample RETA Internal Audit Form: Recertification Candidate Notification and Records This is part of a series RETA Internal Audit checklists and reporting forms to be used in conducting periodic reviews of RETA certification program activities and records. The checklist may be amended by RETA staff as needed to address emerging issues and concerns in RETA’s certification programs.



1 Review the list of active RETA certificate holders. Are those with certifications that expire in less than one year properly identified?

2 Have all holders of certifications that will expire within one year been properly notified by RETA?

3 Based on a sample of 5% of the recertification records since the past audit of these records, have candidates submitted proper documentation of any training they intend to use for recertification?

4 Are training entries submitted by these recertification candidates on the list of pre-approved PDHs? If not, has other training been submitted to CertComm for review?

5 Has the performance of RETA candidates who elected to take current exams to qualify for recertification been reviewed? How do these scores compare with other RETA candidates?

6 Have any RETA Shadow Candidates elected to take current exams to qualify for recertification? How do these scores compare with other RETA candidates?


Developed: 2-4-2008


Revised: 8-12-2013

Approved: 8-12-2013

Page 44

Auditor Initials:

Date of Audit: ________________________



Developed: 2-4-2008


Revised: 8-12-2013

Approved: 8-12-2013

Page 45

Auditor Initials:

Date of Audit: ________________________

Sample RETA Internal Audit Form: RETA Network Test Center and Proctor Records This is part of a series RETA Internal Audit checklists and reporting forms to be used in conducting periodic reviews of RETA certification program activities and records. The checklist may be amended by RETA staff as needed to address emerging issues and concerns in RETA’s certification programs.



1 Is each Network Test Center supported by a signed agreement?

2 Does each Primary Network Test Center have at least one video surveillance of RETA testing activity in the past year?

3 Do video records in each Network Test Center match photos in the test center application? If not, what has changed? Should new photo documentation be provided?

4 Does each center have at least one RETA-approved proctor?

5 Is each proctor’s interview and approval documented?

6 Have any Incident Reports and test administration problems in each Network Test Center been documented, evaluated and resolved?

7 Do you recommend any changes in any RETA Network Test Center based on this review?


Developed: 2-4-2008


Revised: 8-12-2013

Approved: 8-12-2013

Page 46

Auditor Initials:

Date of Audit: ________________________


Section 00 – Space Filler Revision 0

Last Reviewed: 10-10-2010



Page 47

© 2010 Refrigerating Engineers & Technicians Association



Valid Through 01/31/2016 Revised: 01-01-2016

Page 48

Your Name: Membership No: Address:

City: State: Zip code:

Your RETA Operator Certificate Number: Date:

Did you .. YES / NO

Limit of PDH for this renewal Period Total PDH claimed this renewal period

Attend chapter meetings with technical presentations as part of the program of the meeting?

24 PDH - Provide evidence of your attendance at these chapter meetings. RETA chapters are provided authorized sign in sheets to use to provide HQ with the names of those attending and have signed in.

Attend the RETA National Conference and did you sign in with the session moderators? (If you did not sign in, that recognition is not recoverable)

24 PDH - HQ maintains a database of this activity and provided you a certificate recognizing your attendance at those sessions. Submit a copy of your attendance certificate.

Were you a Chapter Officer or held a position on a RETA National Committee / sub-committee?

2 PDH per office held during the renewal period – Maximum 8 per renewal period

Teach or instruct industrial refrigeration or operating techniques in this renewal period?

2 PDH per lesson plan developed – you cannot take repeat credit when presenting a class repetitiously. Attach a copy of a course critique from your student(s)

Author a paper that is printed in a nationally distributed magazine or technical bulletin (RETA Breeze & Tech Reports apply) – OR – did you present a paper at the RETA National Convention or to another professional society’s convention?

10 PDH per article or unique presentation – Attach a copy(s) of the publication index crediting your work – or the listing of presentors at the conference you spoke at

Take a class or participate in a training session that is recognized in the table in Appendix 500A of the RETA Policy and Procedures manual? HAZWOPER 29CFR1910.120(q) training does count for renewal

All 24 PDH can be earned through this training. Provide evidence of your PDH earnings by utilizing the forms provided on the RETA Website.

Total PDH Claimed min of 24 required

Recognizing the consequences of making improper claims as described in the RETA Code of Conduct, by my signature below I swear to the accuracy and truthfulness of the the claims made to ongoing training I have received or presented in the previous 36 months of my RETA Operator’s Certificate currency. Credit Card Type: Signature of applicant CC Number:

Administration Fee Member: $ 100.00 US Authorization Code:

Administration Fee Non-Member: $450.00 US Expiration Date

Name on Credit Card

Credit Card Billing Address:

(required information for processing)

Send receipt to: (fax – email)

Page 49



Revision 0



Primary RETA Test Center Application / Agreement

Revised: 03-16-2012, version 1 Page 1 of 9 Developed: 02-28-2012

Approved: 04-14-2012

Applicant Representative’s Initials

Page 50

Primary RETA Network Test Center Agreement

Organization

Contact Person Phone

The purpose of establishing RETA Network Test Centers is to make RETA certification examinations available as widely as possible throughout the industry while protecting the fairness, test security and integrity of RETA examinations. These RETA test security and administration procedures are designed to protect RETA’s ANSI accreditation.

A. RETA Network Test Center Requirements

All RETA Network Test Centers must meet RETA deadlines for approval of a RETA Network Test Center location. Vendors must accept sole responsibility if they offer to administer RETA examinations without following these timelines and requirements.

1. A Primary RETA Network Testing Center is a facility that has the necessary environment, Internet connection capabilities, test security, computer test stations and access control to appropriately deliver RETA Certification exams. Each test center must be configured to provide the proper examination experience to RETA certification candidates.

2. A Temporary RETA Network Testing Center is a facility that has the necessary environment, Internet connection capabilities, test security, computer test stations and access control to appropriately deliver RETA Certification exams for a fixed time period. Each test center must be configured to provide the proper examination experience to RETA certification candidates while it functions as a Temporary RETA Network Test Center.

3. Only an approved Primary RETA Network Test Center is eligible to operate a Temporary RETA Network Test Center. All provisions in the agreement for a Primary RETA Network Test Center also apply to a Primary center’s operation of a Temporary RETA Network Test Center. The principal difference between a Primary and a Temporary RETA Network Test Center is the length of time that the temporary center is authorized to administer RETA certification examinations.

4. All RETA examinations must be administered under the supervision of a RETA- approved proctor. See pages 9 and 10 of the Operations Manual for details.

5. Industrial refrigeration instructors are important resources to help candidates prepare to achieve RETA certification, but they cannot be in a testing room during any RETA certification test. Any person who trains refrigeration operators should be sufficiently knowledgeable about refrigeration that their presence in a testing center during a RETA exam would compromise test security. This does not apply to RETA Practice Tests, which are intended to help candidates prepare to perform well on a RETA certification examination.





Page 51

B, RETA Network Test Center Security and Proctor Requirements

All RETA testing must be supervised by RETA-approved proctors who do not train candidates for RETA exams. NO industrial refrigeration instructors are permitted in the testing room(s) at any time while a RETA certification exam appears on a RETA candidate’s testing station screen.

All RETA candidates must agree to the following policy statement protecting the security and validity of RETA examinations. Details about these policies are documented in the RETA Certification Exam Application and Handbook. All candidates must reaffirm their agreement to adhere to the RETA Code of Conduct and these rules before they may begin this examination. Proctors are responsible for assuring that all candidates and test center personnel adhere to these requirements.

C. Candidate Security Agreement

Any use of unauthorized materials during administration of a RETA examination may result in immediate disqualification and an automatic failing score. RETA may withdraw eligibility for certification from any candidate who uses prohibited materials during an examination, has any unauthorized contact with anyone other than test center staff during an examination, or engages in other unethical, disruptive or unprofessional behavior at a test center. RETA rules for candidate misconduct or suspicious circumstances, investigations, reexamination, disciplinary action and appeal procedures appear in the RETA Certification Exam Application and Handbook, which also includes the RETA Code of Conduct. All RETA candidates agree to cooperate with RETA in any investigation of test security, validity, conflicts of interest or possible violations of the RETA Code of Conduct as part of their application to take this examination.

RETA policies also prohibit unauthorized possession or use of RETA examination materials in any form, including but not limited to recreating from memory, posting online or on any website, reproducing or disclosing to others any examination question or test-related materials or content that RETA does not release to all certification candidates. Any violation of these rules may constitute copyright infringement of RETA property and can be subject to legal action to recover the cost of creating additional questions and forms of RETA examinations.

Any comments about the content of a specific question on a RETA exam can be shared only with RETA directly. Such comments may not be posted on any blog or other online discussion forum without violating US copyright laws that protect secure test materials. Such violations could result in disqualification for RETA certification of all candidates from any school or training program whose staff or students are found to have compromised the security and integrity of a RETA exam.





Page 52

D. Training and Approval of RETA Proctors

RETA must approve all test proctors who will be present during administration of any RETA examination before RETA will schedule any candidates to take a RETA exam in a test center. All RETA test proctors must demonstrate knowledge of test security, confidentiality and administrative procedures needed to protect and maintain the validity, security and integrity of RETA examinations.

E. RETA Surveillance Camera Specifications

RETA Network Testing Centers that are not supervised directly by RETA staff or its psychometrician must provide video surveillance to RETA Headquarters for every RETA certification exam they administer. RETA will provide one camera and recording device for use by the Primary RETA Network Test Center. The Center provides the internet connection and necessary IP / IT support to record and transfer video files to RETA HQ. This surveillance equipment must be positioned to show all of the testing workstations that are used to test RETA candidates.

Video surveillance will be archived to verify and support implementation of RETA test security procedures. These records also may be used to investigate candidate complaints and reports of suspected test security violations in the administration of RETA examinations.

F. Other RETA Test Center Specifications

Payment

The Primary RETA Network Test Center will receive $40.00 for each candidate who takes a RETA exam in locations managed by that center. Payments to a test center will be made in the first 10 business days of each month for RETA candidates tested during the prior month. Temporary Network Centers that are established by the RETA HQ Primary Network Test Center do not receive this payment.

Reporting Unusual Incidents

All RETA test centers must report irregularities and disruptions in test delivery that could upset or distract RETA candidates or alter their performance on a RETA exam to RETA staff as soon as possible after the examination period is concluded. RETA will attempt to resolve any problems as expeditiously as possible and may reschedule a new examination for a candidate if circumstances warrant. An incident reporting form is provided in this manual. Proctors may fax a copy of this form or send RETA staff an email that includes all of the information specified in the Incident Report.





Page 53

Technical Support

RETA test center proctors receive training to address and recover from test delivery difficulties. RETA staff is available from 8:00 AM to 5:00 PM Pacific Time on regular business days. RETA test procedures require that Test Center exam stations and connectivity are pre-tested by the center to assure good performance on test days.

Cooperation in Investigations

All test center staff are required to cooperate fully in responding to any RETA inquiries about test security or a candidate’s experience during a RETA examination. RETA invites all candidates to share comments and report their concerns about any RETA examination and is required by ANSI Standards to conduct fair and impartial inquiries into any candidate comments that may impact the validity or integrity of its exams.

Network Center “Bulk Purchases” of Test Seats

All RETA Network Test Centers may pre-purchase RETA Certification registrations in blocks of 50 or more at the full RETA member rate. The center has the option to extend the test opportunity to non-member customers at the center’s discretion. RETA issues vouchers to the center to use to manage these registrations and transactions.

RETA Network Test Centers May Establish Temporary Network Testing Sites

The RETA Network Test Center Operations Manual specifies the conditions under which a RETA Network Test Center may be approved to operate a temporary RETA Network Test Center to meet the needs of a particular employer, RETA Chapter or other group representing RETA candidates. Such a center requires completion of a separate RETA Network Temporary Test Center application for each location where such services are requested. No RETA certification candidate will be scheduled to take a RETA exam in a temporary RETA test center without prior approval of RETA staff.

Scheduling Exams for RETA Certification Candidates

RETA staff will coordinate all registration and scheduling for RETA candidates in this test center. RETA staff can be reached for scheduling at RETA HQ on regular business days from 9 a.m. to 5 p.m. Pacific Time at 831-455-8783.





Page 54

G. Required RETA Test Center Documentation

The following documentation is required separately for each test facility and must be approved by RETA before any RETA candidates will be scheduled to test in that location. These must be submitted as digital photos. The final approval comes after a pre-test video surveillance feed from the test center to RETA HQ is confirmed as working.

A RETA Network Test Center may provide this evidence and arrange the same space for instruction as long as the test center is reconfigured to meet RETA requirements during testing. These details will be verified by comparing initial documentation with video surveillance during testing. Certificates for RETA candidates who pass exams in centers that do not meet these requirements may be delayed or denied.

Digital photographs and online video documentation of all proposed RETA testing facilities are required before RETA will schedule any candidates to test in that location. As specified in RETA Network Test Center Operations Manual, these digital records must clearly show:

1. The entry into the testing facility from the outside for RETA candidates 2. The candidate check-in or waiting area for RETA candidates 3. The entry into the room where RETA testing would occur 4. An overview of all RETA testing stations in the room 5. Close-up views of individual testing stations that clearly show spacing and/or

separation of candidates so that they cannot view test content from another candidate’s screen during test administration.

RETA staff may require additional photos to clarify any test security questions that could arise during review of the above documentation.





Page 55

H. RETA Test Facility Requirements

The test center must be located in a facility that conforms to local building, sanitation and health codes. At a minimum, these must meet the following requirements.

General Conditions

Building and grounds must be clean and in good condition.

Restrooms must be located in the same building as the testing room.

Restrooms must be clean, properly stocked and in good working order.

Emergency exits must be clearly marked and unobstructed.

Fire extinguishers, when required, must be in working order. The location of fire extinguishers must be well marked and easily accessible.

The testing area should be in a location that limits distractions, noise and foot traffic so that candidates will not be disturbed by nearby activities, loud conversations or other events that could interfere with testing.

The testing area should provide a pleasant and comfortable atmosphere.

Testing Room Conditions

The testing room must be well-ventilated with continuous air circulation.

The testing room temperature must be consistent and comfortable.

The testing room must be well lit so that each candidate can read their testing computer screen and all diagrams, charts, and test aids without difficulty.

No other activity may occur in the testing room while a test is underway.

Testing Room Physical Space

If more than one testing workstation is in the testing room, each testing terminal must be separated by a suitable partition at least 20” high for the full depth of the testing station or spaced at least five feet from any other testing station.

Each testing terminal should have sufficient work surface to accommodate the computer terminal, keyboard, mouse pad and candidate reference materials. A recommended table size is 42” x 30”.

General Office Equipment and Storage

A locker, cabinet, drawer or bin that can be used to store each test candidate’s personal belongings during their test session should be provided.

Printer A networked or dedicated printer should be available in or near the testing area so that score reports can be printed at the end of each test session.

Electronic Transmittal Capability A facsimile machine or other scanning equipment should be available for communication with RETA HQ if needed during a testing session. RETA fax: 831-455-7856.





Page 56

I. Network, Hardware and Software Requirements Processor 300 MHz or faster, 128MB RAM

Operating System Windows 7/Vista/2000/XP/NT/98

Hard Drive Minimum 500MB available space

Video Minimum 256 colors with video display set to resolution of 1024 x 768

Monitor Minimum 15-inch color display -- 17-inch flat screen monitor preferred

Pointing Device Microsoft mouse or equivalent

Internet Access Direct non-cached connection to Internet via dedicated ISDN, DSL, T1 or cable connection. Special arrangements may be required for networks which use internet acceleration/caching software. or hardware. Dial-up and satellite connections are not acceptable.

Installed Applications Internet Explorer 6.0 or higher with all current Microsoft patches applied. Mozilla Firefox is NOT acceptable. Installation of Adobe Acrobat Reader® Installation of JAVA® runtime environment Installation of Adobe® Flash Player Installation of Apple QuickTime Player® Installation of Microsoft Office 2003® add-in office web components

Firewall Ports 80 and 443 need to be open.

J. Operating Environment

Interfering Software Any scheduled or system/network resident software that has the capacity interrupt, intercept or otherwise interfere with test delivery must be disabled during test sessions. This includes but is not limited to: Contact managers, calendars, email and other

software with the capacity to produce alerts Screen and device capture utilities Pop-Up Blocker Anti-virus Software Windows Update

All software applications except Webassessor™ must be closed prior to the launch of a Kryterion® Exam.





Page 57

K. Suitable Testing Environment Definitions

The layout of the testing center is critical to successfully deter deliberate or inadvertent observation or “cheating” by testing candidates.

Suitable Partition: The partition needs to shield view from station to station. It has to be at least 20” in height and runs the depth of the test station workspace e.g. 27” to 36”.

o Partitions may have end caps across the back to facilitate structural needs or for placement when candidates are positioned at opposite ends of a table facing one another.

o Candidate placement may be such that candidates face one another but are offset one testing position – this creates a 32” wide buffer on either side of a testing station preserving the ability to prevent one candidate seeing the notes and scratch paper work of another

Non-Partition Testing Area: A testing center may have work stations that are mobile kiosks or small tables (32” x 36” work top) that serve as a single testing station. Multiple stations may be arranged provided a spacing of five feet (5’) from edge to edge or 7’-8” on center from side to side is maintained.

o Two or more rows of testing stations shall be arranged in a staggered pattern so that a candidate in row 2 cannot look out beyond their station to observe a test in process in row 3, etc. Arranging so candidates face each other with an offset is acceptable

Multiple Row Testing Workstations: The distance between rows must allow room for comfortable seating for the candidate and have at least 30” clear behind the candidate’s chair when seated at the workstation and the leading edge of the next row or back of the chair of a candidate facing the opposite direction. Practical experience shows this to be 56” from table edge to table edge when all test takers are facing the same direction or 96” when test takers are back to back.





Page 58

Primary RETA Test Center Agreement

Organization

Applicant’s Testing Program Manager:

Printed Name Primary

RETA Test Center Location:

Primary Location

Address

City State Zipcode

Phone(s)

Email

Start Date (when testing would begin)

End Date None or when testing would end

End date may be set to allow candidates who need a second attempt to retest within five calendar days after an initial attempt.

Number of testing stations

Days testing can be scheduled Mon Tues Wed Thur Fri Sat

Hours of operation

RETA requires that the center will be available to test candidates who are not enrolled in the Center’s training program on the dates specified above if it does not conflict with the center’s program candidates.

Signature by Authorized Representative The undersigned agrees to the specifications and requirements of RETA’s Certification Testing Program. The person who signs below also must initial each page of this RETA Test Center Agreement to certify that the test center is aware of and agrees to follow each of the requirements documented in this Agreement and in RETA Network Test Center Operations Manual.

Name:

Title:

Signature:

Date Signed:

Include all pages of this application document when submitting the application and supporting documentation.

Page 59



Revision 0



Temporary RETA Test Center Application / Agreement




Page 60

Temporary RETA Network Test Center Agreement

Organization

Contact Person Phone

The purpose of establishing RETA Network Test Centers is to make RETA certification examinations available as widely as possible throughout the industry while protecting the fairness, test security and integrity of RETA examinations. These RETA test security and administration procedures are designed to protect RETA’s ANSI accreditation.

A. RETA Network Test Center Requirements

All RETA Network Test Centers must meet RETA deadlines for approval of a RETA Network Test Center location. Vendors must accept sole responsibility if they offer to administer RETA examinations without following these timelines and requirements.




4. All RETA examinations must be administered under the supervision of a RETA- approved proctor. See pages 9 and 10 of the Operations Manual for details.






Page 61

B, RETA Network Test Center Security and Proctor Requirements



C. Candidate Security Agreement








Page 62

D. Training and Approval of RETA Proctors


E. RETA Surveillance Camera Specifications



F. Other RETA Test Center Specifications

Payment








Page 63

Technical Support






RETA Network Test Centers May Establish Temporary Network Testing Sites

The RETA Network Test Center Operations Manual specifies the conditions under which a RETA Network Test Center may be approved to operate a temporary RETA Network Test Center to meet the needs of a particular employer, RETA Chapter or other group representing RETA candidates. Such a center requires completion of a separate RETA Network Temporary Test Center application for each location where such services are requested. No RETA certification candidate will be scheduled to take a RETA exam in a temporary RETA test center without prior approval of RETA staff.


RETA staff will coordinate all registration and scheduling for RETA candidates in this test center. RETA staff can be reached for scheduling at RETA HQ on regular business days from 9 a.m. to 5 p.m. Pacific Time at 831-455-8783.





Page 64

G. Required RETA Test Center Documentation

The following documentation is required separately for each test facility and must be approved by RETA before any RETA candidates will be scheduled to test in that location. These must be submitted as digital photos. The final approval comes after a pre-test video surveillance feed from the test center to RETA HQ is confirmed as working.

A RETA Network Test Center may provide this evidence and arrange the same space for instruction as long as the test center is reconfigured to meet RETA requirements during testing. These details will be verified by comparing initial documentation with video surveillance during testing. Certificates for RETA candidates who pass exams in centers that do not meet these requirements may be delayed or denied.

Digital photographs and online video documentation of all proposed RETA testing facilities are required before RETA will schedule any candidates to test in that location. As specified in RETA Network Test Center Operations Manual, these digital records must clearly show:








Page 65

H. RETA Test Facility Requirements


General Conditions
























Page 66

I. Network, Hardware and Software Requirements Processor 300 MHz or faster, 128MB RAM









J. Operating Environment

Interfering Software Any scheduled or system/network resident software that has the capacity interrupt, intercept or otherwise interfere with test delivery must be disabled during test sessions. This includes but is not limited to: Contact managers, calendars, email and other

software with the capacity to produce alerts Screen and device capture utilities Pop-Up Blocker Anti-virus Software Windows Update






Page 67

K. Suitable Testing Environment Definitions












Page 68

Temporary RETA Test Center Agreement

Organization

Applicant’s Testing Program Manager:

Printed Name

Primary RETA Test Center Location:

Primary Location

Address

City State Zipcode

Phone(s)

Email

Start Date (when testing would begin)

End Date (when testing would end)

End date may be set to allow candidates who need a second attempt to retest within five calendar days after an initial attempt.

Number of testing stations

Days testing can be scheduled Mon Tues Wed Thur Fri Sat

Hours of operation

Check here if this location has served as a Temporary RETA Test Center before and will be set up exactly as was documented in the earlier application. Any changes must be supported by new digital photos.

Signature by Authorized Representative The undersigned agrees to the specifications and requirements of RETA’s Certification Testing Program. The person who signs below also must initial each page of this RETA Test Center Agreement to certify that the test center is aware of and agrees to follow each of the requirements documented in this Agreement and in RETA Network Test Center Operations Manual.

Name:

Title:

Signature:

Date Signed:

Include all pages of this application document when submitting the application and supporting documentation.

Page 69



Revision 0



Page 70

RETA NETWORK TEST CENTER OPERATIONS MANUAL

Copyright © 2012 RETA,. All Rights Reserved.

KRYTERION and Webassessor are trademarks of Drake International.

All other brand and product names are trademarks or registered trademarks of their respective companies.

04-12 RETA Network Test Center Operations Manual Developed: 03-01-2012

Revised 04-13-2012, version 1 Page 1 of 22 Approved: 04‐14‐2012 Last Reviewed: 04‐13‐2012

Page 71



Page 72

RETA Network Test Center Operations Manual

Table of Contents

A. Purpose Page 4 B. RETA-Approved Test Centers and Proctors Page 5 C. RETA Test Delivery Options and Requirements Page 6 D. RETA Network Test Center Application Deadlines Page 7 E. RETA Certification Candidate Application Deadlines Page 7 F. RETA Network Test Center Security Page 8 G. Candidate Security Agreement Page 8 H. RETA Surveillance Camera Specifications Page 9 I. Training and Approval of RETA Proctors Page 9 J. Eligibility to Serve as a RETA Test Proctor Page 9 K. RETA Test Proctor Powers and Responsibilities Page 10 L. RETA Test Proctor Application, Screening & Approval Page 10 M. Other RETA Test Center Specifications Page 11 Payment Page 11 Reporting Unusual Incidents Page 11 Technical Support Page 11 Cooperation in Investigations Page 11 Network Center “Bulk Purchases” of Test Seats Page 11 Scheduling Exams for RETA Candidates Page 11 Candidate Identification Page 12 Candidate Sign-in on Candidate Testing Record Page 12

Materials a Candidate May Bring into the Testing Room Page 12

Personal Belongings Page 13 Candidate Breaks during the Test Page 13 Control of the Testing Room during an Examination Page 13 Test Supervision Page 13 Collect Candidate Materials after a Test Page 13 Candidate Sign-out on Candidate Testing Report Page 13 Shred Each Candidate’s Supplement and Notes Page 13 Sign & Fax Candidate Testing Record to RETA Page 13



Page 73

RETA Network Test Center Operations Manual

Table of Contents (continued)

N. Required RETA Test Center Documentation Page 14 O. RETA Test Facility Requirements Page 15 P. Network, Hardware & Software Requirements Page 16 Q. Operating Environment Page 16 R. Suitable Testing Environment Definitions Page 17 S. Examples of Appropriate Testing Station Set-Up Page 18

Required RETA Test Center Forms RETA Network Test Center Proctor Agreement Page 20 RETA Candidate Testing Record Page 21 RETA Network Test Center Incident Report Page 22



Page 74

A. Purpose

The purpose of establishing RETA Network Testing Centers is to make RETA examinations available as widely as possible throughout the industry while protecting test security and the integrity of RETA’s exams. These RETA test security and administration procedures are designed to protect RETA’s ANSI accreditation.

All RETA testing must be supervised by RETA-approved proctors who do not train candidates for RETA certification exams. NO industrial refrigeration instructors are permitted in the testing room(s) at any time that a RETA certification exam appears on a RETA candidate’s testing station screen.

B. RETA-Approved Test Centers and Proctors




4. All RETA examinations must be administered under the supervision of a RETA- approved proctor. See pages 9 and 10 of this Operations Manual for details.




Page 75

C. RETA Test Delivery Options and Requirements

1. RETA certification exams can be administered in RETA-approved Kryterion HOST Test Centers operated by Kryterion throughout the U.S. and Canada.

2. RETA Network Testing Centers may administer RETA exams only if they meet

all RETA test security requirements and procedures in this RETA Network Test Center Operations Manual. Each RETA Network Testing Center location must be approved by RETA before any candidate will be scheduled to take a RETA exam in that facility.

3. RETA Network Testing Centers that are not supervised directly by RETA staff or

its psychometrician must provide video surveillance to RETA Headquarters for every RETA certification exam they administer. RETA will provide the video surveillance equipment. This surveillance must be positioned to show all of the testing workstations that are used to test RETA candidates. Video surveillance will be archived to verify and support implementation of RETA test security procedures. These records also may be used as needed to investigate candidate complaints and reports of suspected test security violations in the administration of RETA examinations.

4. Chapters, employers and training programs may contract with Primary RETA

Network Test Centers to operate a Temporary RETA Network Test Center for the benefit of their members, employees or clients.

5. A signed RETA Network Test Center Agreement is required to support all RETA

Network testing. A center will not be approved until all required RETA Network test center documentation is complete and approved. RETA cannot schedule any candidates to take a test until the test center is established.

6. RETA may assess a penalty charge for cancellation less than three business

days prior to a scheduled exam in addition to forfeiture of the RETA registration fee for the cancelled examination. The candidate is responsible for this fee.

7. RETA Practice Tests for CARO and CIRO may be taken from any computer with

Internet access without RETA approval by selecting this option from the RETA website. Practice test candidates must pay the required fee by credit card online before they can take the CARO or CIRO practice tests.



Page 76

D. RETA Network Test Center Application Deadlines

The only way to assure that RETA candidates can be tested by a vendor who intends to operate a RETA Network Test Center is for the vendor to meet all RETA deadlines for approval of a RETA Network Test Center location. Vendors must accept sole responsibility if they offer to administer RETA examinations without following these timelines and requirements. 1. The application for any RETA Primary Network Test Center must be received by

RETA HQ at least 15 business days before the first testing can occur.

A Primary RETA Test Center application must include designation of who will proctor RETA exams in the test center.

If a proctor who is not already RETA-approved is named in the Test Center Agreement, the application to become a RETA-approved proctor also is due at least 15 business days before the first test date.

All documentation and signed agreements must be completed at least 10 business days before testing can begin.

Submitting an application late could result in delays in approving the test center. Certification candidates cannot be scheduled into the testing system until the center is approved by RETA.

2. The application for any Temporary RETA Network Test Center must be received by RETA HQ at least 15 business days before the first testing can occur.

A Temporary RETA Test Center application must include designation of who will proctor RETA exams in the test center.

If a proctor who is not already RETA-approved is part of the application, the proctor’s application also is due at least 15 business days before the first test date.

All documentation and signed agreements must be completed at least 4 business days before testing can begin.

Submitting an application late could result in delays in approving the test center.

Certification candidates cannot be scheduled into the testing system until the center is approved by RETA.

3. No RETA candidates can be scheduled to test in a RETA Network Test Center location until all documentation for that location is submitted by the vendor and approved by RETA.

E. RETA Certification Candidate Application Deadlines

Candidates who will take RETA certification exams in RETA Temporary Network Test Centers must submit their applications for RETA certification exams at least 10 business days before testing. Late applicants may be charged additional fees to cover added RETA costs if an application or delivery of required materials must be expedited to allow a candidate to test.



Page 77

F. RETA Network Test Center Security

All RETA testing must be supervised by RETA-approved proctors who do not train candidates for RETA exams. NO industrial refrigeration instructors are permitted in the testing room(s) at any time while a RETA certification exam is in progress.


G. Candidate Security Agreement






Page 78

H. RETA Surveillance Camera Specifications



I. Training and Approval of RETA Proctors


J. Eligibility to Serve as a RETA Test Proctor

RETA test proctors must agree to meet the highest standards in protecting the fairness, test security and validity of RETA examinations for all RETA certification candidates. The RETA Proctor Agreement specifies:

1. That the proctor has no personal relationship with the candidates being tested under his or her supervision.

2. That the proctor has limited knowledge of industrial refrigeration content and is therefore unable to offer any candidate assistance in answering questions on a RETA certification examination.

3. That the proctor has no plans to be a candidate for certification as a RETA- certified industrial refrigeration operator, instructor, consultant or specialist.

4. That the proctor does not benefit from whether a RETA candidate who tests under his/her supervision passes or fails a RETA certification test.

5. That the proctor has no role in instructing candidates for RETA certification in their preparation to take a RETA examination.

6. That the proctor is not a chapter officer, personal friend, plant manager or supervisor for any candidate who is taking an exam under their supervision.

7. That the proctor is not a RETA Board member, RETA Certification Committee member, RETA Education Committee member or a RETA Chapter officer.

8. That the proctor agrees to adhere to the RETA Code of Conduct.



Page 79

K. RETA Test Proctor Powers and Responsibilities Follows the rules and regulations of the RETA Network Test Center

Confirms that each required test station is working properly before candidates arrive on the day of the test

If needed, posts signs or staff at building entrances to help guide candidates to the testing room

Validates candidate credentials

Executes steps of site check-in and check-out for each candidate

Properly handles RETA Supplements for each candidate

Controls test environment to maintain fairness of exam to all candidates

Controls access of candidates into the center during a test

Controls breaks and reentry of candidates during testing

Starts the exam at each workstation

Prohibits entry by any unauthorized person during a test, including friends, relatives, and members of the media

NEVER leaves the test room unattended by a RETA-approved proctor while a RETA certification examination is underway

Responds to questions from candidates promptly and sympathetically without attempting to provide any information about the content of a RETA exam

Reports irregularities and disruptions in test delivery that could upset or distract RETA candidates or alter their performance on a RETA exam to RETA staff as soon as possible after the examination period is concluded

Troubleshoots and resolves technical problems as they occur

Ends the exam with proper documentation & signatures from candidate

Submits required documentation for each test to RETA HQ

L. RETA Test Proctor Application, Screening and Approval Process

RETA test proctors must submit the following information to be approved to administer RETA certification examinations.

An online application to RETA HQ with a photo ID

Proctor applications must be submitted at least 15 business days before the date of any test that a proctor applicant wishes to administer in a RETA test center

A copy of a current resume showing education and work experience

Completion of an online proctor assessment of their knowledge of the RETA Network Test Center Operations Manual and the RETA Proctor Guide

Submission of a signed RETA Test Proctor Agreement

All proctors must update their application at least once every three years and whenever their personal information changes

RETA will review all proctor approvals at least once every three years.



Page 80

M. Other RETA Test Center Specifications

Payment




Technical Support








Page 81


RETA staff will coordinate all registration and scheduling for RETA candidates in a test center. RETA staff can be reached for scheduling at RETA HQ on regular business days from 9 a.m. to 5 p.m. Pacific Time at 831-455-8783.

Candidate Identification

Each RETA Test Center candidate must provide positive proof of identification upon arrival to take a test. Applicant identification must include each of the following:

A current photograph

A permanent residential address

Proof of age

The candidate’s signature

The following forms of ID are acceptable if they meet the above requirements:

Valid driver’s license

Government ID card

Military ID card

Passport

Alien residency (green) card

Candidate Sign-In on RETA Candidate Testing Record

Ask the candidate to sign in for testing on the RETA Candidate Testing Log before entering the testing room.

Materials a Candidate May Bring into the Testing Room

Candidates may only bring the following items into the testing room:

Sealed RETA Supplemental Materials for the CARO, CIRO or RAI exam. The proctor must verify that each candidate’s envelope is still securely sealed when the candidate arrives. The seal must be broken in view of the proctor.

A calculator Test Takers can bring in a non-printing calculator. The Proctor must observe the Test Taker clear the memory of the calculator before and after the test. The Proctor is not expected to know how to clear the calculator’s memory or to know if the memory was cleared correctly. If the Test Taker is unable or unwilling to clear the memory they are not permitted to take the calculator into the testing area. A simple calculator is available onscreen during the test.

Two blank sheets of paper and a pencil Test Takers can be provided or bring two blank sheets of paper, a pencil for making notes during the test and a highlighter (optional), but all notes must be surrendered at the end of the test.



Page 82

Personal Belongings

Candidates may not bring any additional materials or belongings into the room. Cell phones and other electronic devices especially are prohibited and must be stored outside the testing room.

Candidate Breaks during the Test

Candidates are permitted to take up to two restroom breaks during a test, but only one candidate should be permitted in a restroom at a time. The test timer continues to operate during each break.

Control of the Testing Room during an Examination

The proctor must be able to restrict access into and out of the testing room throughout any time period when a test is in session. Only properly identified candidates and a RETA-approved proctor are permitted in the testing room during a test.

Test Supervision

The proctor must not leave the testing room unsupervised at any time that testing is underway.

Collect Candidate Materials after a Test

All RETA candidates must surrender their supplemental materials and any notes taken during the test to the proctor. No notes or reference materials may be taken from the test site by any candidate after a test.

Candidate Sign-Out on RETA Candidate Testing Record

Ask the candidate to sign out for testing on the RETA Candidate Testing Log before leaving the testing area.

Shred Each Candidate’s Supplement and Notes

Shred the candidate’s copy of the Supplement used during the test and any notes the candidate may have taken during the test.

Sign and Fax the Candidate Testing Record to RETA

The proctor should sign the Candidate Testing Record and fax or scan and transmit the form to RETA at 541-497-2966.



Page 83

N. Required RETA Test Center Documentation

The following documentation is required separately for each test facility and must be approved by RETA before any RETA candidates can be scheduled to test in that location. These must be submitted as digital photos.

A RETA Network Test Center may provide this evidence and arrange the same space for instruction as long as the test center is reconfigured to meet RETA requirements during testing. These details will be verified by comparing initial documentation with pre-test video surveillance. Certificates for RETA candidates in centers that do not meet these requirements may be delayed or denied.

Digital photographs and online video documentation of all proposed RETA testing facilities are required before RETA can schedule any candidates to test in that location. These digital records must clearly show:




Further details are available from RETA HQ during regular business hours from 9 a.m. to 5 p.m. Pacific Time at 831-455-8783.



Page 84

O. RETA Test Facility Requirements


General Conditions






















Page 85

P. Network, Hardware and Software Requirements Processor 300 MHz or faster, 128MB RAM









Q. Operating Environment Interfering Software Any scheduled or system/network resident software

that has the capacity interrupt, intercept or otherwise interfere with test delivery must be disabled during test sessions. This includes but is not limited to: Y Contact managers, calendars, email and other

software with the capacity to produce alerts Y Screen and device capture utilities Y Pop-Up Blocker Y Anti-virus Software Y Windows Update




Page 86

R. Suitable Testing Environment Definitions










Page 87

S. Examples of Appropriate Testing Station Set-Up

Figure 1 illustrates a four-position testing station set up. The photographer was standing on a step ladder which leads to a bit of parallax distortion.

The candidates face opposite each other

The stations are 36” wide by 30” deep.

The partitions are made of poster board and supported by plastic free standing display units that can be purchased at Office Depot® or other office supply locations. These free-standing units are sometimes called “menu display holders”.

Clearance between the wall and the back of the candidates chair is only 20” – these tables would have to be pulled away from the wall to accommodate the site manager.

Figure 1 -- Example of a four-position testing station set-up.



Page 88

Figure 2 -- Face on view of test station. Note how the candidates face alternate directions to make it easier to observe a candidate who attempts to view another test taker’s notes, calculations or screen.



Page 89

RETA NETWORK TEST CENTER PROCTOR AGREEMENT

Proctor Name Address

City Primary RETA Network Test Center

State Zipcode

Organization Location(s)

Please append: 1. Your current resume showing education and work experience. 2. A copy of your current Government issued ID (such as a driver’s license)

RETA Test Proctor Certifications

As a RETA test proctor, I agree to meet the highest standards in protecting the fairness, test security and validity of RETA examinations for all RETA certification candidates. I hereby certify:

1. To verify that I have no personal relationship with candidates who are tested under my supervision.

2. That I have limited knowledge of industrial refrigeration content and am therefore unable to offer any candidate assistance in answering questions on a RETA certification examination.

3. That I have no plans to be a candidate for certification as a RETA-certified industrial refrigeration operator, instructor, consultant or specialist.

4. That I will not benefit from whether a RETA candidate who tests under my supervision passes or fails a RETA certification test.

5. That I have no role in instructing candidates for RETA certification in their preparation to take a RETA examination.

6. That I am not a chapter officer, personal friend, plant manager or supervisor for any candidate who is taking an exam under my supervision.

7. That I am not a RETA Board member, RETA Certification Committee member, RETA Education Committee member or a RETA Chapter officer.

8. That I agree to adhere to the RETA Code of Conduct. I certify that I have read and agree to follow all test security requirements and administrative procedures for RETA Network Test Center examinations as documented in the RETA Network Test Center Operations Manual and the RETA Proctor Guide.

PROCTOR SIGNATURE

Date Signed by Proctor

Date Approved by RETA

RETA Representative Issuing Approval



Page 90

RETA CANDIDATE TESTING RECORD

RETA TEST CENTER NAME

RETA TEST CENTER LOCATION Street Address

City/State

FAX OR SCAN AND TRANSMIT THIS RECORD TO DIRECTOR OF CERTIFICATION AT RETA HQ AFTER THE TEST RETA FAX NUMBER 541-497-2966



IMPORTANT NOTICE FOR RETA TESTING CANDIDATES

By signing below, you certify that you agree to follow all proctor instructions and to abide by the RETA Code of Conduct throughout your RETA testing experience.

CANDIDATE SIGN-IN

CANDIDATE NAME (print)

TEST TAKEN (MARK ONE) CARO CIRO RAI

TEST DATE SIGN-IN TIME

SIGNATURE CANDIDATE SIGN-OUT

SIGN-OUT TIME

SIGNATURE

TEST PROCTOR VERIFICATION This Proctor Verification certifies that:

You proctored the above candidate’s test. You have documented and reported to RETA regarding any problems and/or deviations from RETA testing procedures related to delivery of this examination. This candidate’s copy of the RETA Supplement and any notes taken during this test were collected and shredded after the candidate finished the test.

PROCTOR NAME (PRINT)

PROCTOR SIGNATURE

Page 91

RETA NETWORK TEST CENTER INCIDENT REPORT



City/State

Candidate Name

Test Taken (Select one) CARO CIRO RAI

Test Date Time Test Started

Proctor Name

When to submit an Incident Report All RETA test centers must report irregularities and disruptions in test delivery that could upset or distract RETA candidates or alter their performance on a RETA exam to RETA staff as soon as possible after the examination period is concluded. RETA will attempt to resolve any problems as expeditiously as possible and may reschedule a new examination for a candidate if circumstances warrant. An incident reporting form is provided in this manual. Proctors may fax a copy of this form or send RETA staff an email that includes all of the information specified in this Incident Report.

Describe what occurred

Describe what you did to address the problem PROCTOR SIGNATURE




Page 92




City/State

Candidate Name



Proctor Name



Describe what you did to address the problem PROCTOR SIGNATURE


4-12 Network Test Center Operations Manual Developed: 03-01-2012

Revised 04-13-2012, version 1 Page 23 of 23 Approved: 04-14-2012 Last Reviewed: 04-13-2012

Page 93



Revision 0



Page 94

RETA NETWORK TEST CENTER PROCTOR GUIDE

Portions amended and reproduced with permission from KRYTERION, Inc.

Copyright © 2012 RETA,. All Rights Reserved.

KRYTERION and Webassessor are trademarks of Drake International.

All other brand and product names are trademarks or registered trademarks of their respective companies.

04-12 RETA Network Test Center Proctor Guide Developed: 03-14-2012

Revised 04-13-2012, version 1 Page 1 of 28 Approved: 04-14-2012


04-12 RETA Network Test Center Proctor Guide

Revised 04-13-2012, version 1


Developed: 03-14-2012

Approved: 04-14-2012 Page 3 of 28

Page 95


Table of Contents

A. RETA Test Candidate Eligibility and Preparation Page 5 B. RETA Candidate Registration and Scheduling Page 5 C. RETA Network Test Center Security Page 6 D. Candidate Security Agreement Page 6 E. RETA Proctor Eligibility and Approval Page 7 F. RETA Test Proctor Powers and Responsibilities Page 7 G. RETA Network Test Center Approval Page 8 H. Security Codes Required to Launch a RETA Exam Page 8 I. Breaks during RETA Exams Page 8 J. RETA Exam Supplements Page 8 K. Cell Phones during RETA Exams Page 9 L. Calculators Permitted during RETA Exams Page 9 M. Video Surveillance Page 9 N. Other Materials Permitted during RETA Exams Page 10 O. Candidate Sign-In on RETA Candidate Testing Record Page 10 P. Control the Testing Room during an Exam Page 10 Q. Logging into Webassessor Page 11 R. Administering the RETA Candidate’s Exam Page 12 S. Test Results Page 16 T. Violation Notice Page 17 U. Other Test Administration Requirements Page 18 Collect Candidate Materials at End of Test Page 18 Candidate Sign-Out on Candidate Testing Record Page 18 Shred Each Candidate’s Supplement and Notes Page 18 Sign and Fax RETA Candidate Testing Record

to RETA HQ Page 18 Report Unusual Incidents to RETA HQ Page 18 Candidate Behavior during an Exam Page 18 V. Technical Support and Troubleshooting Page 19

Premature End of a RETA Exam Page 19 Entry into the Test Room by Unauthorized Persons Page 19 Responding to an Emergency Evacuation Page 20 RETA Proctor Quick Reference Guide:

Troubleshooting Guide Page 21 W. Responding to Threats to Test Security Page 22 X. RETA Code of Conduct Page 23






Page 96


Table of Contents (continued)

Other Resources and Forms

Quick Reference Guide for CLIENT Proctor Use Only Page 25 RETA

Network Test Center Proctor Agreement Page 25

RETA Candidate Testing Record Page 27

RETA Network Test Center Incident Report Page 28






Page 97

A. RETA Test Candidate Eligibility and Preparation

While RETA Network Test Center proctors are prohibited from being involved in training RETA certification candidates to take RETA examinations, it is helpful for all proctors to understand what candidates must do to become RETA certified. This Proctor Guide includes general information about these requirements to help RETA proctors recognize what candidates must do to perform well on RETA exams as well as to clearly define the boundaries that proctors must maintain between their roles of RETA proctors and others who help prepare candidates to succeed in their pursuit of RETA certification.

RETA candidates who will test in Temporary RETA Network Test Centers must submit a completed application for RETA certification at least 15 business days before testing. RETA candidates who will test in a Primary RETA Network Test Center also are encouraged to follow this same timeline because it allows RETA candidates more time to prepare to perform well on a RETA exam. This is true even for candidates for whom a Primary RETA Network Test Center intends to submit candidate applications a few days before a test date.

Most RETA certification candidates are very unlikely to be sufficiently prepared to perform well on RETA certification test when they take less than two weeks to become familiar with appropriate refrigeration training materials and the resources RETA makes available to all certification candidates well before their test date. This includes the CARO and CIRO Supplements that RETA provides for candidates to download from its website. Familiarity with the organization and content of these Supplements and refrigeration resources should be part of every RETA candidate’s preparation well before the few days before they will take a test. Any training program that fails to give candidates sufficient time to study and prepare to use the exam supplements could be placing the RETA certification candidates they are serving at a significant disadvantage when taking a RETA exam.

B. RETA Candidate Registration and Scheduling

RETA candidates are registered and scheduled to take all proctored RETA certification exams by RETA staff only after approval of an application for RETA certification. As soon as a group of candidates is scheduled to take an exam in a RETA Network Center, all approved proctors for the test center automatically receive a notice by email providing details about these candidates. Candidates also receive emails providing their unique Test Taker Authorization Code, which is required as part of the sign-in procedure to start each exam.






Page 98

C. RETA Network Test Center Security



D. Candidate Security Agreement









Page 99

E. RETA Proctor Eligibility and Approval

All proctors who will participate in administering a RETA exam must be approved before candidates can be scheduled in a RETA Network Test Center. No RETA candidate can be scheduled in a RETA Network Test Center until after the center has qualified at least one RETA-approved proctor.

The RETA Network Test Center Operations Manual documents proctor eligibility, training, approval, powers and responsibilities. The Manual also describes test center operational requirements, test center set-up and site approval criteria, test administration procedures, and related requirements. All RETA Network Test Center proctors are required to verify that these operating specifications have been met while administering any RETA certification examination. The Manual and this Proctor Guide both include the RETA Network Test Center Proctor Agreement, which must be submitted for RETA review and approval at least 15 business days before the date of any test that a proctor applicant intends to administer in a RETA test center. New proctors must complete an approval process and will receive an online orientation showing how Webassessor works.

F. RETA Test Proctor Powers and Responsibilities

Follows the rules and regulations of the RETA Network Test Center

Confirms that each required test station is working properly before candidates arrive on the day of the test

If needed, posts signs or staff at building entrances to help guide candidates to the testing room

Validates candidate credentials

Executes steps of site check-in and check-out for each candidate

Properly handles RETA Supplements for each candidate

Controls test environment to maintain fairness of exam to all candidates

Controls access of candidates into the center during a test

Controls breaks and reentry of candidates during testing

Starts the exam at each workstation

Prohibits entry by any unauthorized person during a test, including friends, relatives, and members of the media

NEVER leaves the test room unattended by a RETA-approved proctor while a RETA certification examination is underway

Responds to questions from candidates promptly and sympathetically without attempting to provide any information about the content of a RETA exam

Reports irregularities and disruptions in test delivery that could upset or distract RETA candidates or alter their performance on a RETA exam to RETA staff as soon as possible after the examination period is concluded

Troubleshoots and resolves technical problems as they occur

Ends the exam with proper documentation & signatures from candidate

Submits required documentation for each test to RETA HQ






Page 100

G. RETA Network Test Center Approval

No RETA candidate can be scheduled to take a test in a RETA Network Test Center without completion of the appropriate Test Center Agreement. The RETA Network Test Center Operations Manual documents these specifications.

H. Security Codes Required to Launch a RETA Exam

After approval by RETA, each proctor receives a unique KCP Security Code that is required for the proctor to start the testing process for any candidate.

After a candidate is scheduled to take a RETA exam, the candidate receives an email that includes a unique Test Taker Authorization Code.

Most RETA Network Test Centers receive a list of the test authorization codes from RETA staff prior to the test date.

Both security codes are required to start any RETA certification exam.

CAUTION: RETA test security codes are case sensitive and often include

special characters such as #, !, and &. Each character must be entered exactly as it appears in the email from Webassessor to launch an examination. Some RETA proctors have been unable to start exams for RETA candidates due to misreading test security codes or entering them incorrectly.

I. Breaks during RETA Exams

The testing session clock continues to run during any restroom break taken by a candidate during a RETA exam. Candidates should be advised to attend to any personal needs BEFORE they begin to sign in to start a test. If candidates do need to take a restroom break during a test, only one candidate should be permitted to do so at a time.

J. RETA Exam Supplements

RETA candidates are permitted to use the appropriate exam Supplement during a test only if it is properly sealed when the candidate arrives and is opened in front of the proctor. No candidate may use a Supplement that was opened prior to the candidate’s arrival at the test center. RETA Network Test Centers may order a supply of sealed supplements, but these must be requested early to avoid additional charges to expedite delivery of exam materials.






Page 101

K. Cell Phones during RETA Exams

All use of cell phones and similar electronic devices is prohibited during a test. Candidates who bring cell phones into a testing room must turn them off completely while a test is in session to prevent disturbing other candidates. All candidate cell phones must be stored so that they cannot be used at any time during a RETA examination.

L. Calculators Permitted During RETA Exams

RETA candidates are permitted to use non-printing calculators during the test. The Proctor must observe while the candidate clears the memory of the calculator before and after the test. The Proctor is not expected to know how to clear the calculator’s memory or to know if the memory was cleared correctly. If the candidate is unable or unwilling to clear the memory, the candidate is not permitted to take the calculator into the testing area. A simple calculator is available onscreen during the test.

M. Video Surveillance

RETA Network Testing Centers that are not supervised directly by RETA staff or its psychometrician must provide video surveillance to RETA Headquarters for every RETA certification exam they administer. RETA will provide the video surveillance equipment. This surveillance must be positioned to show all of the testing workstations that are used to test RETA candidates. Video surveillance will be archived to verify and support implementation of RETA test security procedures. These records also may be used as needed to investigate candidate complaints and reports of suspected test security violations in the administration of RETA examinations.


The proctor must verify that the surveillance camera is recording before logging into Webassessor and starting any candidate’s examination. The proctor should follow these steps to start the video system.

Refer to the Qnap Recording Equipment Procedure Document






Page 102

N. Other Materials Permitted During RETA Exams

Candidates can be provided two blank sheets of paper, a pencil for making notes during the test and a highlighter (optional), but all notes and copies of the RETA Supplement must be surrendered at the end of the test. Proctors should be prepared to provide paper and pencils if requested.

O. Candidate Sign-In on RETA Candidate Testing Record

The RETA Candidate Testing Record is provided in the RETA Operations Manual. Each candidate should sign a copy of the testing log before being seated at a test station terminal.

P. Control the Testing Room during an Exam

The proctor must restrict access to the testing room throughout any time period when a test is in session. Only properly identified candidates and a RETA- approved proctor are permitted in the testing room during a test. The proctor must not leave the testing room unsupervised at any time that testing is underway. Procedures for coping with the presence of an unauthorized person in a testing room during a test are addressed on page 15 of this Proctor Guide.

.






Page 103

Q. Logging into Webassessor

1. Navigate to the Webassessor login page by going to

http://www.webassessor.com

Webassessor login page

2. Enter your Proctor Login and Password. Webassessor may prompt you for a security alert. If this happens, click Yes and you will be directed to your Proctor Home Page.

3. If you would like to change your password, click the Change Password link

located in the toolbar on the upper right corner of the page.

4. The Change Password page will appear. Enter the Current Password, and then enter a new password in the New Password field and Re-Enter New Password field. Click Submit at the bottom right of the page. Webassessor will accept the new password.

5. You will receive an email notification indicating that you have changed your

password. Use the new password to log into Webassessor for an exam.

http://www.webassessor.com/






Page 104

R. Administering the RETA Candidate’s Exam

1. Navigate to the Webassessor login page by going to

http://www.webassessor.com if you have not done so already.

2. Enter your Proctor Login and Password. Webassessor may prompt you for a security alert. If you are, click Yes and you will be directed to your Proctor Home Page.

3. Click Details under the Actions Column. This will bring you to the Testing

Location Details page.

4. RETA candidates will be listed in the Scheduled Assessment Section of your Testing Location Details Page. The Proctor Instructions are listed to the right of the list of candidates.

5. From the Testing Location Details page, click on the Launch tab located in

the upper right hand corner.

6. The Launch Assessment – Step 1 screen will display as follows:

Launch Assessment – Step 1







Page 105

7. Enter the Test Taker Authorization Code provided by the candidate and click Next. The Launch Assessment – Step 2 page will display as shown below. The Test Taker Authorization Code also should be available on a list provided to the proctor from RETA staff. (Screens are subject to change)


8. Webassessor will present the Test Taker information on the screen. Several steps must be completed before leaving this screen:

Verify the candidate’s photo ID. A valid photo ID must include each of the following. o A current photograph o A permanent residential address o Proof of age o The candidate’s signature

Acceptable photo IDs may include.

o A valid state-issued driver’s license o A government-issued ID card o A military ID card o A valid passport o A current alien residency (green) card

Confirm that the correct RETA examination is shown in the Assessment line of the above screen.

9. Mark each item in the checklist that appears on the bottom part of the screen. After verifying that you have performed each task, check each box and then enter your Proctor KCP Security Code.






Page 106

10. Click on the Next button to display the Launch Assessment – Step 3 page. Proctor Home Page


11. Launch Assessment – Step 3 prepares you for a security pop up window that will appear next. Click on the Next button. You will receive one of two possible screens depending on the operating system used on your computer as shown below. (Screens are subject to change)

12. Depending on the Pop Up Window you receive, click Run or Open ONLY ONCE.






Page 107

13. When Webassessor displays the WELCOME TEST TAKER screen, verify that the candidate’s name and the test match the registration information you received from RETA HQ.

14. If the candidate name or test do not match the registration information you

received from RETA HQ, you should then click on the End Test button and the following screen will appear. It is not possible for the Test Taker to close the test session - only the Proctor has the authorization to complete this process. Enter your Proctor Login and KCP Security Code to end the test session. After this step is completed, contact RETA HQ to schedule the candidate for the correct exam.

Assessment End Test screen

15. If the candidate name and test match the information provided by RETA

HQ, you can seat the Candidate at the Testing workstation when the Welcome Test Taker screen appears.

Welcome Test Taker screen






Page 108

16. Instruct the candidate to read the text on the screen before clicking the Start Test button. Encourage the candidate to organize the Supplement and test station work space before starting the clock on the test.

17. If the Test Taker Name and Assessment name ARE correct on the screen,

the candidate will click the Start Test button to begin the test session.

18. If the Test Taker proceeds to complete and submits the exam,

Webassessor will display the Assessment Submission page as seen below.

Assessment Submission screen

19. To close the test session, type in your Proctor Login and KCP Security Code, and click on the End Test button.

20. Webassessor will automatically log you off the system.

S. Test Results

RETA candidates receive test results onscreen after they complete an end-of- test survey. If the test center has a printer available, candidates also may receive a printed copy of these results to take with them.

All candidates also receive an email directly from the system at the email address they submitted when they registered that provide results of their exam.






Page 109

T. Violation Notice

If a RETA candidate attempts to tamper with the test or if the Internet connection is lost at any time during a test session, the Restart Authorization Required screen will appear asking the candidate to notify the Proctor.

Restart Authorization Required screen

You can restart the test by entering your Proctor Login and KCP Security Code and then click the Restart Test button. Webassessor will restart the session at the point the disruption occurred and the candidate will not lose any of the answers that were submitted before the interruption occurred.

The following are possible reasons why a Test Session stops and the Restart Authorization Required screen appears. In each instance, the Test Taker should stop taking the test and alert you.

CTRL Key was pressed

ALT Key was pressed

Alert Box: Start Menu was activated

Backspace Key was pressed

Escape Key was pressed

Function Key was pressed

Help Key was pressed






Page 110

U. Other Test Administration Requirements

Collect Candidate Materials at End of Test

All RETA candidates must surrender their supplemental materials and any notes taken during the test to the proctor. No notes or reference materials may be taken from the test site by any candidate after a test.

Candidate Sign-Out on RETA Candidate Testing Record

Ask the candidate to sign out for testing on the RETA Candidate Testing Record before leaving the testing area.

Shred Each Candidate’s Supplement and Notes

Shred the candidate’s copy of the Supplement used during the test and any notes the candidate may have taken during the test.

Sign and Fax RETA Testing Record to RETA HQ

The proctor should sign the Candidate Testing Record and fax or scan and transmit the form to RETA at 831-455-7856.

Report Unusual Incidents to RETA HQ


Candidate Behavior during an Exam

Any use of unauthorized materials during a RETA certification exam may result in immediate disqualification and an automatic failing score. RETA may withdraw eligibility for certification from any candidate who uses prohibited materials, has an unauthorized contact with anyone other than test center staff during a test, or engages in other unethical, disruptive or unprofessional behavior at a test center.






Page 111

V. Technical Support and Troubleshooting

RETA test center proctors must be familiar with the Test Center Operations Manual and this Proctor Guide to help them address and recover from test delivery difficulties. RETA staff is available from 8:00 AM to 5:00 PM Pacific Time on regular business days. RETA test procedures require that Test Center exam stations and connectivity are pre-tested by the center to assure good performance on test days. The RETA Network Test Center Incident Report form appears in both the Operations Manual and the Proctor Guide.

Premature End of a RETA Exam

If a RETA candidate claims that the test ended before the expired, ask the candidate to wait while you complete the following steps:

1. Check the sign-in time on the RETA Candidate Testing Record. If less than three hours have passed since then, you may be able to restart the test from where the candidate ended the test prematurely.

2. If it appears that the candidate still has time remaining, call RETA HQ. RETA must then call Kryterion to authorize the candidate to restart the test. Do not end the candidate’s test session.

3. If the candidate has reached the 3-hour time limit, inform him or her that you will submit a request for an investigation by RETA and sign the candidate out using the normal procedures. The candidate also can inquire with RETA HQ to learn the results of the investigation.

Entry into the Test Room by Unauthorized Persons

Complete the following steps if anyone other than approved proctors or RETA candidates enters the testing room while a RETA exam is being administered:

1. Quietly explain that a secure test is underway and ask the unauthorized person to leave the testing room until all candidates have finished testing.

2. If the problem persists, inform the unauthorized person that such violations of RETA test security could result in disqualification for RETA certification of all candidates from any school or training program whose staff of students are found to have compromised the security or integrity of a RETA exam.

3. If the unauthorized person remains in the room, instruct all candidates to select the end test button on their screen to suspend the exam. Explain to them that any time lost will be added to the time they have to complete the test after the unauthorized person leaves. Candidates should NOT reply to the Are you Sure question that appears on the screen until after the matter is resolved.

4. After the unauthorized person leaves the testing room, instruct all candidates to select the Return to Test button on their screens.

5. Contact RETA HQ to inform them of the problem and ask that time be added to each candidate’s time to compensate for any time the click may have been running while the unauthorized person was in the testing room.






Page 112

Responding to an Emergency Evacuation

Complete the following steps if an emergency occurs that requires evacuation of a test center during a test:

1. Instruct all candidates to select the end test button on their screen to suspend the exam. Explain to them that any time lost will be added to the time they have to complete the test if the emergency situation is resolved within a few minutes. Candidates should NOT reply to the Are you Sure question that appears on the screen until after the matter is resolved.

2. Instruct all candidates to leave the testing area by following the evacuation procedures appropriate facility where the test center is located.

3. If it is safe to return to the testing room before the 3-hour time limit for the exam has expired, instruct all candidates to select the Return to Test button on their screens.

4. Contact RETA HQ to inform them of the problem and ask that time be added to each candidate’s time to compensate for any time the click may have been running while candidates were required to evacuate from the test center.

5. Depending on the circumstances, it may be necessary to call RETA HQ. RETA must then call Kryterion to authorize the candidate to restart the test. During regular business hours, this process should require 10-15 minutes to return the candidates to the test.

6. If the 3-hour time limit was reached during the emergency, inform all candidates that you will submit a report to RETA. RETA HQ will contact each candidate to take the appropriate steps to schedule a new test date.






Page 113

RETA PROCTOR QUICK REFERENCE GUIDE

Troubleshooting Guide

TIP:

If during an Examinee’s test session you lose internet connection or Webassessor goes down, the Examinee WILL NOT LOSE ANY OF THE ANSWERS THEY HAVE SUBMITTED. Additionally, the clock will stop and the Examinee will not lose any time left on the test.

PROBLEM SOLUTION

The Candidate or proctor security code is not working.

All security codes are case sensitive and may include special characters such as #, ! or &. Each code must be entered exactly as shown on the email from Webassessor.

White, black, blue, or frozen screen appears during a test launch or test session.

1. Press the F5 button to refresh the screen. The screen should refresh allowing you or the Examinee to proceed.

2. If pressing F5 does not work, completely shut down the computer and then turn the computer back on. Log back onto to Webassessor and re-launch the exam. Inform the Examinee that he/she will not lose answers that have been submitted nor any time left on the test.

3. If rebooting does not work and another test station is available, try logging the candidate into Webassessor from another test station.

4. If you still are unable to re-launch the test contact RETA HQ.

Internet connection is lost or interrupted.

Verify that you have an Internet connection: 1. If you believe you are connected, but cannot

connect to www.webassessor.com, attempt to access another website. If you are unable to access another website, contact your technical support department.

2. If you are able to access another website but not www.webassessor.com contact RETA HQ.

If you are not connected, attempt to connect to the Internet. If unable to do so, contact your technical support department.

When the Candidate clicks the NEXT button during a test, the test does not proceed to the next question.

Inform the Candidate their submitted answers will not be lost. This issue can happen if your Internet connection is interrupted or lost. Follow the process listed in the box above.








Page 114

W. Responding to Threats to Test Security

RETA test center proctors must be prepared to protect and maintain the security and validity of RETA examinations whenever a candidate or other persons show any signs of attempting to compromise a test. All RETA candidates must affirm their agreement to adhere to the RETA Code of Conduct when they apply for RETA certification. They also must agree to the Candidate Security Agreement that appears on-screen and in both the Operations Manual and this Proctor Guide before they can see any questions on a RETA certification exam. Any candidate who engages in inappropriate behavior that could compromise test security risks disqualification from RETA certification.

There is no limit to the creativity that may be part of an deliberate attempt to compromise a test. Such efforts to compromise test security in certification testing programs may include many variations of the following examples. 1. Impersonation occurs when a person other than the candidate named in

the original RETA application tries to take a test for someone else. The best protection from this threat is to check the photo ID carefully before a candidate is seated at a RETA Network Test Center terminal.

2. Substitution is a variation of impersonation. It occurs when a candidate takes a break and an impersonator who is dressed to appear to be the candidate enters the testing room to complete the test for the candidate.

3. Inappropriate communication during a test may occur by talking to, texting or tweeting with one or more people who are outside the test center during a test. This is one of many reasons why cell phones and similar electronic devices are prohibited during a test.

4. Frequent or improper breaks taken during a test may signal that a person is consulting another person or looking up information in a prohibited reference during a test. This is why only one candidate should be permitted to take a restroom break at a time during an exam.

5. Concealed cameras are available in pens, clips, watches and other items that could enable a candidate to capture images of test screens during a test. Such cameras also may be concealed in a cap or eyeglass case that can be placed in a shirt pocket. Such cameras can be used to transmit test screens to a person outside the test center. The collaborator then transmits messages to the candidate, who receives answers using a companion earpiece about the size of a hearing aid.

6. Use of forbidden notes often includes substantial ingenuity. Candidates have written notes on tissues, gum wrappers, the inside labels of water bottles, and on a wide variety of concealed and folded cards or paper. RETA attempts to control this threat by permitting use of a clean, unmarked, sealed copy of the appropriate Supplement, but no other notes or sources are allowed during an exam.






Page 115

X. RETA Code of Conduct

All candidates for RETA certification must agree to adhere to the following standards as part of their application.

The RETA Code of Conduct sets the professional standards required of all RETA members and certificate holders. RETA certification and membership affirms your agreement to abide by these standards to advance the integrity, honor and prestige of all persons and organizations in the refrigeration industry. By signing the RETA Code of Conduct you agree to strive to meet the following professional standards of behavior:

1. I recognize the urgency of protecting the health and safety of all personnel

in refrigeration facilities and the public and agree to safely handle and operate refrigeration equipment and supplies at my level of knowledge, skill and experience.

2. I accept responsibility for assuring that those persons for whom I am responsible will be qualified by training, education and experience to operate the specific equipment in the refrigeration facility at which I am employed.

3. I will promote training and education of those refrigeration personnel with whom I come in contact to assure that they are qualified to maintain and improve the safety and energy-efficient operation of refrigeration facilities for which they have any responsibility.

4. I accept responsibility for my own continued professional development as well as that of those I supervise and will participate in appropriate certification and training activities to acquire, demonstrate and maintain competence in the refrigeration industry.

5. I will comply with all laws, rules and regulations that apply to safe operation of refrigeration facilities.

6. I will act responsibly and with integrity in all refrigeration industry and RETA activities by adhering to high standards of professional conduct to protect the health and safety of employees, employers, the public and all others affected by refrigeration facilities and practices.

7. I will avoid conduct or practices that could discredit the refrigeration industry like deceiving or harming employees, employers or the public.

8. I will provide accurate and truthful information related to all aspects of my RETA membership, certification and refrigeration training and experience.

9. I will follow all requirements established by RETA regarding references to my RETA certification and membership when describing my qualifications, training and experience in the refrigeration industry.

10. I will cooperate with RETA in any investigation of test security, validity, conflicts of interest or possible violations of the RETA Code of Conduct that warrants my participation.






Page 116

RETA Code of Conduct (continued)

11. I will maintain open and constructive relationships with those governmental and regulatory authorities relevant to the refrigeration industry with the intent of fostering an atmosphere of mutual trust and respect on behalf of myself and those for whom I am professionally responsible.

12. I will refuse to engage in any behavior that could be perceived as a threat to the health and safety at refrigeration facilities, of other employees and the public. This includes but is not limited to problems with chemical dependency, substance abuse, verbal threats or physical violence that could adversely affect the safety of refrigeration facilities.

13. I will support RETA local chapters to advance local influence and adherence to the RETA Code of Conduct.






Page 117

QUICK REFERENCE GUIDE FOR CLIENT PROCTOR USE ONLY

Please Note: Do NOT log in more than 60 minutes prior to the test event. Webassessor times out after 60 minutes of inactivity for security reasons.

Launching a Webassessor Exam

1. Greet the RETA Candidate and obtain their Test Taker Authorization Code.

2. Close all software applications prior to the launch of a Webassessor exam.

3. Navigate to www.webassessor.com.

4. Enter your Proctor Login and Password. Keep these confidential.

5. If prompted for a security alert. Click ‘Yes’.

6. To initiate the RETA Candidate’s test, click the ‘Launch’ tab located on the top toolbar on the right of the screen.

7. Launch Assessment - Step 1: Enter the ‘Test Taker Authorization Code’ provided by the Candidate and click ‘Next’.

8. Launch Assessment - Step 2: Verify that the RETA Candidate and RETA test name on the screen are correct and check off each box after you have confirmed that the step has been completed.

9. Enter your Proctor Security code and click ‘Next’.

10. Launch Assessment - Step 3: This screen prepares you for a security pop- up. Click next and then “Open” or “Run” on the pop-up window.

11. You will now see the Welcome Test Taker/Examinee screen. This is the first screen the RETA Candidate should see.

12. Supervise while the RETA Candidate unseals the correct test Supplement and escort the Candidate to the assigned test station in the testing area.

13. Instruct the RETA Candidate to read the entire screen and then click ‘Start Test’ when they are ready to begin the test.

14. When the Candidate has completed the exam, close the test session by entering your Proctor Login and Proctor Security Code.







Page 118

RETA NETWORK TEST CENTER PROCTOR AGREEMENT

Proctor Name Address

City Primary RETA Network Test Center

State Zipcode

Organization Location(s)

Please append: 1. Your current resume showing education and work experience. 2. A copy of your current Government issued ID (such as a driver’s license)

RETA Test Proctor Certifications

As a RETA test proctor, I agree to meet the highest standards in protecting the fairness, test security and validity of RETA examinations for all RETA certification candidates. I hereby certify:

1. To verify that I have no personal relationship with candidates who are tested under my supervision.

2. That I have limited knowledge of industrial refrigeration content and am therefore unable to offer any candidate assistance in answering questions on a RETA certification examination.

3. That I have no plans to be a candidate for certification as a RETA-certified industrial refrigeration operator, instructor, consultant or specialist.

4. That I will not benefit from whether a RETA candidate who tests under my supervision passes or fails a RETA certification test.

5. That I have no role in instructing candidates for RETA certification in their preparation to take a RETA examination.

6. That I am not a chapter officer, personal friend, plant manager or supervisor for any candidate who is taking an exam under my supervision.

7. That I am not a RETA Board member, RETA Certification Committee member, RETA Education Committee member or a RETA Chapter officer.

8. That I agree to adhere to the RETA Code of Conduct. I certify that I have read and agree to follow all test security requirements and administrative procedures for RETA Network Test Center examinations as documented in the RETA Network Test Center Operations Manual and the RETA Proctor Guide.

PROCTOR SIGNATURE

Date Signed by Proctor

Date Approved by RETA

RETA Representative Issuing Approval






Page 119

RETA CANDIDATE TESTING RECORD



City/State


IMPORTANT NOTICE FOR RETA TESTING CANDIDATES

By signing below, you certify that you agree to follow all proctor instructions and to abide by the RETA Code of Conduct throughout your RETA testing experience.

CANDIDATE SIGN-IN

CANDIDATE NAME (print)

TEST TAKEN (MARK ONE) CARO CIRO RAI

TEST DATE SIGN-IN TIME

SIGNATURE CANDIDATE SIGN-OUT

SIGN-OUT TIME

SIGNATURE

TEST PROCTOR VERIFICATION This Proctor Verification certifies that:

You proctored the above candidate’s test. You have documented and reported to RETA regarding any problems and/or deviations from RETA testing procedures related to delivery of this examination. This candidate’s copy of the RETA Supplement and any notes taken during this test were collected and shredded after the candidate finished the test.

PROCTOR NAME (PRINT)

PROCTOR SIGNATURE






Page 120




City/State

Candidate Name



Proctor Name



Describe what you did to address the problem

PROCTOR SIGNATURE


Page 121

RETA HQ Fees to Support Temporary RETA Network Test Centers

April 2012

1. Temporary Test Center Managed by RETA HQ RETA Fee

Any candidates are RETA non-members $3400 All candidates are RETA members $2500

Option A Temporary Test Center host identifies local proctor to be trained

and qualified by RETA (may be an employee of host company)

Option B RETA-Approved proctor sent to Temporary Test Center. RETA sends one of its approved proctors to the Temporary Test Center Proctor fees and expenses paid by Temporary Test Center host

Services provided by RETA HQ:

Testing for up to five RETA candidates (CARO and/or CIRO)

Standard RETA application fees apply to additional candidates

Review of test center application and support required through successful approval of temporary center

Review of proctor application, training, interview and approval of local proctor candidate (Option A)

Find and schedule a RETA-approved proctor (Option B)

Ship and return sealed supplements as needed for RETA candidates

Ship and return RETA video equipment

One retest date for candidates who require a second attempt within five calendar days after initial testing

Not included:

Recovery of damaged video equipment expenses

Proctor fees and expenses

Attachment 500-5B Temporary Network Center Fee Schedule Developed: 02-28-2012

Revised: 03-16-2012, version 1 Page 1 of 2 Approved: 04-14-2012

Page 122

Fees to Support Temporary RETA Network Test Centers April 2012 Page 2

2. Temporary Center Managed by a Primary RETA Network Test Center other than RETA HQ

RETA Fee Option A RETA trains a local proctor and provides

video equipment to Temporary Test Center $750* Option B RETA trains a local proctor and Primary

Test Center uses RETA video equipment already provided by RETA HQ $425*

Option C Primary Test Center provides RETA-approved proctor and RETA provides video equipment to Temporary Test Cdenter $425

Option D Primary Test Center provides RETA-Approved proctor and uses RETA video equipment already provided by RETA HQ None

Option E RETA provides an approved proctor and Primary Test Center sends video equipment already provided by RETA HQ None*

*Options A, B & E require Temporary Test Center to pay proctor fees & expenses

Services provided by RETA HQ:

Standard RETA application fees apply to all candidates

Review of test center application and support required through successful approval of temporary center

In Options A and B, Review of proctor application, training, interview and approval of local proctor candidate

In Option A, Shipment and return of video equipment

In Option E, Find and schedule a RETA-approved proctor

In Options A and C, Ship and return RETA video equipment

Ship and return sealed supplements as needed for RETA candidates

One retest date for candidates who require a second attempt within five calendar days after initial testing

Not included:

Recovery of damaged video equipment expenses

Proctor fees and expenses

Attachment 500-5B Temporary Network Center Fee Schedule Developed: 02-28-2012

Revised: 03-16-2012, version 1 Page 2 of 2 Approved: 04-14-2012

Attachment 500-5B Temporary Network Center Fee Schedule

Revised: 03-16-2012, version 1

Page 1 of 3 Developed: 02-28-2012


Page 123

Temporary Center - Managed By RETA HQ Center Application Proctors Video Surveillance Supplement One retest date for Fee - all Fee - any

Packages candidates who candidates are candidates

require a second RETA members are non-

attempt within five members

calendar days after initial testing

Temporary center Review of test center Review of proctor Temporary RETA HQ provides Standard candidate $2,500 for first $3,400 for

- managed by application and application, training, video surveillance sealed test taker re-test rates apply five first five

RETA HQ support required interview and equipment provided supplements for candidates, candidates,

through successful approval of local by HQ. Shipping to test takers, member rate for non-member

approval of temporary proctor candidate and from center including spares. each additional rate for each

center included Shipping to / from person additional

provided person

Temporary center Review of test center RETA-Approved Temporary RETA HQ provides Standard candidate $2,500 for first $3,400 for

- managed by application and proctor sent to video surveillance sealed test taker re-test rates apply five first five

RETA HQ support required Temporary Test equipment provided supplements for candidates, candidates,

through successful Center. RETA sends by HQ. Shipping to test takers, member rate for non-member

approval of temporary one of its approved and from center including spares. each additional rate for each

center proctors to the included Shipping to / from person additional

Temporary Test provided person

Center Proctor fees and expenses covered by temporary center





Page 124

Temporary Center - Managed By Primary RETA Network Test Center Center Application Proctors Video Surveillance Supplement One retest date for RETA HQ Fee & Registration

Packages candidates who Candidate Fees

require a second attempt within five calendar days after initial testing

Primary center Review of test center Review of proctor Temporary RETA HQ provides Standard candidate $750 standard candidate rates

manages the application and application, training, video surveillance sealed test taker re-test rates apply apply

temporary center support required interview and equipment provided supplements for through successful approval of local by HQ. Shipping to test takers, approval of temporary proctor candidate and from center including spares. center included Shipping to / from provided

Primary center Review of test center Primary center Temporary RETA HQ provides Standard candidate $425 standard candidate rates

manages the application and provides authorized video surveillance sealed test taker re-test rates apply apply

temporary center support required proctor equipment provided supplements for through successful by HQ. Shipping to test takers, approval of temporary and from center including spares. center included Shipping to / from provided

Primary center Review of test center Review of proctor Primary center uses HQ provides Standard candidate $425 standard candidate rates

manages the application and application, training, the surveillance gear sealed test taker re-test rates apply apply

temporary center support required interview and provided by RETA for supplements for through successful approval of local the primary center test takers, approval of temporary proctor candidate including spares. center Shipping to / from provided





Page 125

Temporary Center - Managed By Primary RETA Network Test Center Center Application Proctors Video Surveillance Supplement One retest date for RETA HQ Fee & Registration

Packages candidates who Candidate Fees

require a second attempt within five calendar days after initial testing

Primary center Review of test center RETA-Approved Primary center uses HQ provides Standard candidate $0 standard candidate rates

manages the application and proctor sent to the surveillance gear sealed test taker re-test rates apply apply

temporary center support required Temporary Test provided by RETA for supplements for through successful Center. RETA sends the primary center test takers, approval of temporary one of its approved including spares. center proctors to the Shipping to / from Temporary Test provided Center Proctor fees and expenses covered by temporary center Primary center Review of test center Primary center Primary center uses HQ provides Standard candidate $0 standard candidate rates

manages the application and provides authorized the surveillance gear sealed test taker re-test rates apply apply

temporary center support required proctor provided by RETA for supplements for through successful the primary center test takers, approval of temporary including spares. center Shipping to / from provided

Page 126



Revision 0



Date Last Reviewed: 04-09-2015 Section 600 – Communcations Publications Policy Revised: 10-10-2010



Page 127

Page 600 - 1

600 - COMMUNICATIONS and PUBLICATIONS

A. Purpose

The staff Communications Director serves several purposes in service to the RETA Board of Directors and the RETA membership. 1. To set editorial guidelines for the Breeze and Technical Report and to supervise the

publication of these 2. Oversees manuscript solicitation and review process to encourage the writing of technical

papers on aspects of the refrigeration industry and to collect and index such articles for the benefit of RETA members.

3. Works with authors and volunteer editor/reviewers to revise manuscripts for publication. 4. To facilitate communication of information between the National Board of Directors, its

various committees and subgroups, and the membership. 5. Oversees and expedites input from authors of columns (Breeze) in accordance with

publication schedules. 6. Completes all work within established publication schedule and approved budgets.

B. Responsibilities

1. The Communications Director’s stated purpose is to facilitate communication with a specific interest in issues of importance and relevance to the membership. Currently the printed forms of communication are the organization’s newsletter, the Breeze and The Technical Report.

2. The Breeze - This publication is the news carrier to the organization’s membership. As such, it should

be used to notify the membership of the actions of the Board of Directors, issues about areas in the industry, activities by chapters and members of the industry, etc.

- The Communications Director will work to gather articles, news briefs, new releases, biographies, advertisements, etc. which may be of interest to the membership. Contents of items placed in the Breeze should relate to the refrigeration industry. They should inform and may stimulate thought and/or discussion. The Breeze should not avoid controversial issues, but must remain neutral in the presentation and should encourage open discussion from all sides of the issues.

- The Board of Directors shall set the rate of advertisements taken and published in the Breeze.

- Suggested topics and possible regular articles are listed in Appendix 600-A. 3. The Technical Report

- This publication is for the purpose of introducing issues of an educational nature of the membership. They may be of a specific technical nature or a general idea. The primary guideline is that they relate to the refrigeration industry and endeavor to be factual and accurate. It is recommended that papers be reviewed by the Editor, a member volunteer prior to publication. It is further recommended that authors quote sources of their information at the end of their papers. Papers may be requested from companies or individuals or may be submitted without request.




Page 128

Page 600 - 2

C. Editorial

I. Technical Report

A. General Policies

The Technical Report is an official publication of, and is wholly owned by, RETA. The production year of the journal is the calendar year. It is inserted in the Breeze six (6) times per year and may be published as a stand-alone publication at the discretion of the Board.

B. General Objectives

The Purpose of the Technical Report is to

provide a variety of technical information to members

provide a benefit to RETA members

publish submissions from authors that are accurate, well-written, and relevant to industrial refrigeration

provide a medium for professional development in industrial refrigeration

provide information of interest to members

C. Advertising

Advertising cannot be sold in this publication. RETA Headquarters may include advertising for membership or services.

D. Editor (a volunteer position)

1. Qualifications

a. Membership in RETA

b. Demonstrated interest in writing and/or publishing

c. Demonstrated industrial refrigeration experience

d. Active involvement in RETA preferred

2. General Responsibilities

The editor is responsible to the RETA Board of Directors for review and comment of the Technical Report, consistent with the goals and philosophy of RETA.




Page 129

Page 600 - 3

3. Specific Responsibilities

Works within the written objectives set by the RETA Board of Directors.

Keeps abreast of the literature in the industrial refrigeration industry.

Works with RETA staff to develop an editorial (journal content) calendar for the year.

Adheres to the established publication schedule.

Reviews the content of articles, columns, and advertising in the draft prior to its being printed.

Actively solicits articles for publication during annual conference

Page 130

Appendix 600-A

Breeze Articles and Topical Ideas

Presidents Note

Editorial

Chapter News

Company Profile - Biographical - Industrial Member

New Briefs from Other Sources - Press release from industrial members - Permitted print from other publications

Technical Problem and Solution

Cartoons

Quotations from famous people

Paid Advertisements

RETA History (Historian’s Column)

Certification Chair

Education Chair

APPENDIX 600-B

Technical Report Guidelines

Technical papers written on a high school level dealing with issues relating to the refrigeration industry.

Length should be 4-6 single-spaced typed pages.

Graphs encouraged. May include drawings or photos.

Biographical data on author.

Reference and/or footnote of resources on material quoted.

When space permits, association ads such as membership, products, etc.

Date Last Reviewed: 04-09-2015 Section 600 – Appendix 600

Page Appendix 600 - 1



Section 700 – Conflict of Interest Policy Revision 2 Date Last Approved: 06-24-2015

Page 700 - 1 Date Developed: 05-12-2007 Date Approved: 10-01-2007

Date Last Reviewed: 04-09-2015

Page 131


700 - CONFLICT OF INTEREST POLICY

A. Scope and Purpose

RETA (the Association) is primarily concerned with conflicts of interest involving those individuals participating directly in decision-making processes that affect RETA programs or activities. The integrity of their decisions and activities is dependent on the avoidance of actual, potential, or apparent conflicts of interest.

1. This policy reflects RETA’s recognition of the many factors that can influence one’s judgment

and its desire to make as much information as possible available to other participants in RETA-related matters; it does not create a presumption of impropriety.

2. All members of the RETA Board of Directors, committee chairs, and the Editor of the Technical Report must comply with the RETA Conflict of Interest Policy.

3. When participating in activities financed by the Association, members of the RETA Board of

Directors and the Editor of the Technical Report, are expected to refrain from activities that advance their personal financial interests.

4. Every year in advance of the Annual Meeting the sitting board members will review this policy and submit a signed disclosure form (attachment 700-1).

a. Incoming Board nominees will review the Conflict of Interest Policy and submit their signed disclosure forms prior to their election at the Annual Meeting.

b. Persons that are appointed to fill unfinished terms of directors that do not finish their term will review the Conflict of Interest policy and submit their signed disclosure forms prior to their appointment.

B. Disclosure

1. The most appropriate manner in which to address actual, potential, or apparent conflicts of interest is through liberal disclosure of any financial or other interest that might be construed as resulting in such a conflict.

2. All individuals who are required to comply with this policy must complete a Conflict of Interest

Disclosure Form (Attachment 700-A) and shall have a continuing obligation to disclose a significant financial interest in, or other relationship with, an entity having a commercial interest in any RETA activities, programs, or decisions.

a. A commercial interest may exist where the entity’s products or services are in

competition with those of, or under consideration by, the Association or where the entity’s products or services are themselves under consideration by the Association. By the disclosure of such interests, RETA will be in a better position to determine whether the participant may have an interest that is in conflict with the interests of RETA.




Page 132


b. Potential conflicts of interest also may arise if the participant directly shares income (as

in the case of a spouse) with an individual who has a financial interest in, or other relationship with, an entity having a commercial interest in any RETA activity, program, or decision.

3. Financial interests or relationships requiring disclosure include, but are not necessarily limited

to, the following. a. Employment

Any full- or part-time employment that may give rise to an actual, potential, or apparent conflict of interest must be disclosed.

b. Consultancies Any consultant arrangements that may give rise to an actual, potential, or apparent conflict of interest must be disclosed if (a) the consultation is current or proposed; or (b) the consultation was performed within the prior two years; or (c) payments or royalties were made for such consultation within the prior two years.

c. Ownership Interests Any ownership interests in an entity having a commercial interest in any program, activity, or matter under consideration by RETA must be disclosed.

d. Honoraria, Royalties, and Funding Any payments for specific speeches, seminar presentations, publications, or appearances, and any receipt of funds for conducting research that may give rise to an actual, potential, or apparent conflict of interest must be disclosed.

e. Leadership Roles Any leadership role (e.g., as a board or committee member or advisor) in another organization, including a chapter of RETA, must be disclosed.

C. Interpretation and Application

The President and the Executive Director are specifically designated by the RETA Board of Directors to interpret and apply this policy and are expected to use their best judgment.

2. The President and the Executive Director will determine if an individual engaged in, or about to engage in, a RETA-related program, activity, or decision has an actual, potential, or apparent conflict of interest requiring a response.

3. If the issue cannot be resolved by discussion among the President, the Executive Director, and the individual, the issue will be brought to the board for further discussion.

4. In most instances, discussion with the individual and disclosure of the conflicting or potentially conflicting interest will itself suffice to protect the Association’s interests. In other words, once a conflict is fully disclosed to the relevant parties, they generally will be able to evaluate the possible influence of the disclosed interest.

5. In situations where disclosure does not appear to deal with actual or potential problems, additional action may be necessary. Such action may include:

a. Denial of the individual’s request to be nominated to the RETA Board of Directors. b. Disclosure of the interest to the other participants in the RETA-related program, activity,

or decision-making body;




Page 133


c. Recusal from voting on a matter and limitation of the individual’s participation only to the

provision of factual information of benefit to the group discussion. d. Complete recusal from a portion of a meeting or from other consideration of the subject

matter; e. Replacement of the individual in the program or activity; f. Removal by a majority vote of the Board of Directors whenever, in their judgment, the

best interests of the Association would be served thereby

Page 134



Revision 0



Revision 1 Section 700 – Attachment 700.1 Conflict Disclosure FormPage Attachment

Date Developed: 05-12-2007 Date Last Reviewed: 10-01-2007

Date Approved: 10-01-2007 700.1 - 1

Page 135

ATTACHMENT 700.1

RETA CONFLICT OF INTEREST DISCLOSURE FORM

SUMMARY OF POLICY

RETA is primarily concerned with conflicts of interest involving those individuals participating directly in decision-making processes that affect RETA programs or activities. The integrity of their decisions and activities is dependent on the avoidance of actual, potential, or apparent conflicts of interest. This policy reflects RETA’s recognition of the many factors that can influence one’s judgment and its desire to make as much information as possible available to other participants in RETA-related matters; it does not create a presumption of impropriety. All individuals who are required to comply with this policy must complete a Conflict of Interest Disclosure Form and shall have a continuing obligation to disclose a significant financial interest in, or other relationship with, an entity having a commercial interest in any RETA activities, programs, or decisions.

NAME:

In the space provided below, please describe any of your financial or other interests that reasonably may be anticipated to conflict with the interests of RETA.

1. Employment Any full- or part-time employment that may give rise to an actual, potential, or apparent conflict of interest must be disclosed.

2. Consultancies Any consultant arrangements that may give rise to an actual, potential, or apparent conflict of interest must be disclosed if the consultation is current or proposed or if the consultation was performed, or payments or royalties were received for such consultation, within the prior two years.

3. Ownership Interests Any ownership interests in an entity having a commercial interest in any program, activity, or matter under consideration by RETA must be disclosed.

Revision 1 Section 700 – Attachment 700.1 Conflict Disclosure FormPage Attachment


Date Approved: 10-01-2007 700.1 - 2

Page 136

4. Honoraria and Funding Any payments for specific speeches, seminar presentations, publications, appearances, that may give rise to an actual, potential, or apparent conflict of interest must be disclosed.

5. Leadership Roles Any leadership role (e.g., as a board or committee member or advisor) in another refrigeration industry organization, including a chapter of RETA, must be disclosed.

6. Other Any other significant financial interest in, or other relationship with, an entity having a commercial interest in any RETA activities, programs, or decisions must be disclosed.

AGREEMENT I have read, understand, and hereby agree to abide by RETA’s Conflict of Interest Policy. I have disclosed above all significant financial interests in, and other relationships with, entities that have a commercial interest in the RETA programs and activities in which I am involved or the outcomes of decisions, which I am in a position to influence. I have disclosed above all actual potential, and apparent conflicts of interest arising from my own interests and relationships as well as from those of persons with whom I directly share income. I understand that I have an ongoing obligation to disclose such interests as long as I continue as a participant in decision-making processes that affect RETA programs or activities.

SIGNATURE: DATE:

Thank you for your interest and participation in RETA.

Page 137

Non-Disclosure Agreement - RETA Organization Information

Applicable to RETA Board Members

Date:

I, the undersigned, (printed name)

understand that the information provided regarding RETA organization 's information is

privileged and considered confidential.

The information I have access to ranges from names and addresses of members through

sensitive financial and legal matters. The use of this information is restricted to the

purposes of serving the membership of the Refrigerating Engineers & Technicians

Association and will remain in my confidence.

I will use this information for its intended purpose and not release it to others who have

not committed to this agreement.

________________________________________________________________________________ Signature

Please date and sign the agreement and return to RETA Headquarters Fax 541-497-2966

Revision 1

Section 700 - Attachment 700.2 Non-Disclosure Form [Board]

Approved by: DT

700.2 - 1

Date Developed: 08-21-2011


Date Approved: 08-21-2011

Page 138



Revision 0



Date Last Reviewed: 04-09-2015 Section 800 – Conference Committee Approved: 20-01-2007

Developed: 09-21-2007 Revised: 03-09-2015


Page 139

800 – NATIONAL CONFERENCE A. Purpose

To coordinate a successful national Conference, which is well attended by all categories of members and profitable to the level budgeted or better.

B. Description of leadership structure

As of April 2007, by action of the RETA Board of Directors, the Conference Committee is one that is national in scope, working on the needs of future Conferences as well as the next Conference to be executed. The voluntary leadership and members of the committee will serve multi-year terms in order to bring continuity and strength to the educational program and success to the sales of sponsorships and exhibitor booths for Conference. The National Conference Committee shall consist of at least:

A Chairperson Board liaison (appointed by President – must be a member of the Executive

Committee) Conference and Exhibition Manager or staff member responsible for

Conference/Exhibition Volunteers as recruited by the Committee Chairperson or Board Liaison in

conjunction with Committee Chair and Conference / Exhibition Manager C. Conference Responsibilities

1. HQ is responsible for:

- Handling all logistical arrangements with the hotel/facility - Negotiating all contracts with vendors and purchasing of all materials needed - Develop and implement a marketing plan - Organizing, promoting and executing all Conference and ancillary activities (including

contract negotiations) - Determining Conference programming and schedule - Ensuring that technical speakers and papers are acquired - Coordinating Speaker contracts and arrangements - Creating a budget, projecting revenue and reflecting all purchasing, contract

negotiations and expenses - Recruitment and management of volunteer staff - Development of educational programming (with input from appropriate Conference

Committee members) - Identify location and venue; review, select and negotiate contract - Acquire promotional video/PPT for 2-3 minute promotion of event at preceding year’s

National Conference - All sponsorship, exhibit, advertising and Hot Point sales

2. Host Committee is responsible for working with HQ staff to:




Page 140

- Promote Conference attendance locally and regionally. Compensation for this

activity will be based upon a point system as described in attachment 800-C with each point having a value of 1 percent.

NOTE: This section expires following the 2017 conference.

D. Conference Planning

1. National Conference Date and Location

a. The traditional time for the national Conference is October – November. The staff establishes the long-term plan for Conference sites; rotating the venue East/Central/West with a total of 6 venues to be repeated in rotation every sixth year (e.g., Orlando, FL; San Antonio, TX; Las Vegas, NV; Hershey, PA; New Orleans, LA; Reno, NV and then back to Orlando, FL and so on and so forth, as feasible).

b. The venue is to be as self-contained as possible (all under one roof) with allowance for an expanding exhibit hall that provides for the exhibiting company to bring in heavy equipment at their discretion (as of 2019 no one year hosts a heavy equipment show; every show beginning with that year may host heavy equipment at the exhibitor’s discretion.).

c. Conference venue is selected at least five years in advance to accommodate best options for contract negotiations and pricing.

2. Host Committee Activities

a. The Host Chapter (Through the year 2018 but not beyond) will assist with the local and regional promotion of the event. The remuneration provided to the Host Chapter will be dependent upon a designated percentage of Chapter member attendance. Starting in 2018, there will no longer be a host chapter.

E. National Conference Committee Activities

1. May meet during the Conference to assist with planning the Conference for the following year. Provide assistance and input through correspondence and via conference calls throughout the year.

2. Assist the RETA HQ to recruit speakers; review potential speakers’ credentials and make selections. Meet, greet, and introduce speakers or serve otherwise as session moderators at the Conference.

3. With participation by the Executive Committee, determine the amount of Chapter Conference Rebate to be awarded to the Host Chapter (see Attachment 800-C for rebate methodology). This function becomes null and void for years 2018 and beyond.




Page 141

F. National Conference Committee Chair Responsibilities

1. Recruit RETA members to serve on committee. 2. Schedule and chair all committee meetings and calls. 3. Work with HQ as needed on educational programming and speakers. 4. Review RETA Conference policies with Host Chapter committee members (up until

the 2018 National Conference.) 5. As needed, review brochure copy for accuracy and appropriateness of session

descriptions prior to publication. 6. Work with staff, as needed, to coordinate activities of both the national committee and

the volunteer staff during the Conference. 7. Serve as a resource to Host Chapter committee chairs. This expires following 2017

conference. G. Conference and Exhibition Manager’s Responsibilities

1. Conduct site inspections and recommend venues for future conferences to the ExComm.

2. Manage all on-site logistics and scheduling including conference site room arrangements, hotel accommodations, transportation, contractual agreements, financial negotiations, vendor relationships, registration, volunteer orientation, and sales efforts.

3. Prepare budget for presentation to and approval by the Board. Responsible for the financial management of the Conference based on the budget approved by the Board (including all purchasing, contract negations, etc. Keep Board liaison (Board President) and national Conference committee chair(s) apprised of budget variances and recommend changes to correct deficits.

4. Negotiate any honoraria and expense reimbursement with speakers according to the policies and budget approved by the Board.

5. Manage the development and implementation of educational program. 6. Assume primary responsibility for developing and producing all promotional

materials. All promotional materials may be reviewed by the national Conference Chair and Board Liaison.

7. In concert with the national Conference chair, makes final approval of Conference theme and educational topics.

8. Assume responsibility for all correspondence with speakers and faculty including confirmation letters, reimbursements, and thank-you letters.

9. Assume primary responsibility for obtaining speaker biographical information, topical outline, and presentation handouts.

10. Work with the technical review committee to review handout materials for appropriateness, copyright infringement, and self-promotion.

11. Prepare and produce technical papers for distribution to attendees. 12. Produce all collaterals. 13. Provide exhibitor prospectus to all potential sponsors and exhibitors. Identify and

secure sponsors, advertisers, Hot Point vendors and exhibitors. 14. Recruit and manage moderators.




Page 142

15. Provide evaluation form to Conference attendees for future reference. 16. Manage the provision of PDH records to attendees post-Conference. 17. Work with Host Chapter committee chairs. This expires following 2017

conference. 18. Provide management and control of sponsorship collateral selection and

distribution. 19. Manage the operator scholarship program. 20. Oversee the Technical Paper Review Committee established by the national

Conference Chair and Board Liaison and comprised of volunteers chosen by this body.

H. Conference Fees

1. The Executive Committee establishes conference fees with recommendations from staff – subject to Board approval.

2. The registration fee may be waived for speakers, volunteer staff and others as deemed necessary.

I. Speakers

1. Selection If selecting professional speakers, the Conference and Exhibition Manager will work

to both minimize expense to the Association while offering a quality program to Conference registrants.

2. Honoraria and Reimbursement

RETA traditionally does not pay speakers

However, in special circumstances, the Conference and Exhibition Manager will negotiate fee waivers, honoraria, and reimbursement for travel, hotel, and per diem expenses for speakers. One or more of the following may be offered, based on the speaker’s needs and preferences and on the committee’s interest in securing the speaker: waiver of conference registration fee; honorarium; hotel; travel; per diem expenses.

a) Registration Fee - Speakers may be offered a waiver of the full or one-day conference registration fee.

b) Honorarium - Speakers may be offered an honorarium only in very special cases.

C) Hotel - Speakers may be offered a complimentary night’s stay at the conference hotel.

d) Travel - Speakers may be offered reimbursement for travel expenses.

e) Per Diem Expenses - Speakers may be reimbursed for incidental expenses as negotiated by staff.




Page 143

3. Speaker Agreement Form

RETA Conference Speakers sign an agreement form that defines the expectations and limits of the presentation.

J. Technical Papers

1. The electronically published papers may contain for each speaker: c) Contact information of the presenter; d) A disclaimer.

2. Any speaker who misses the deadline for submission of materials will be

subject to cancellation at the discretion of the Conference/Exhibition Manager or other designated HQ staff.

3. Technical papers are reviewed by a Technical Paper Review Committee to assure compliance with the standards presented in the speaker’s agreement.

4. One copy of the technical papers will be provided to each full Conference registrant.

Date Last Reviewed: 07-25-2014 Section 800 – Attachment 800-C Approved: 10-01-2007


Last Approved: 08-08-2014 Page 800 – C-1

Page 144

Attachment 800-C RETA Conference Compensation to Host Chapters

The Executive Committee, National Conference Committee and HQ Staff participate in the

meeting that determines the financial reward to the Host Chapter.

Maximum Reward is 8% of the net profitability (up to a maximum reward of

$8,000). Net profit is determined after all Conference income and expenses have been

accounted for. Minimum Reward is $1,000 subject to the Conference making $1,000 net

profit. The award system is based on Points as follows with each point being values at 1

percent:

LOCAL ATTENDANCE

(Defined as including exhibitors and speakers with full registration)

20-29% of Host chapter membership attends as a paid participant

1 point

30-39% of Host Chapter membership attends as a paid participant

2 points

40-49% of Host Chapter membership attends as a paid participant

3 Points

50% or more of Host Chapter membership attends as a paid participant

4 Points

OVERALL PAID CONFERENCE ATTENDANCE

10% paid attendance within 100 mile radius*

1 point

20% paid attendance within 100 mile radius*

2 points

* Radius value may be adjusted to give consideration to the regional

constraints.

VOLUNTEER PARTICIPATION AT CONFERENCE MOVE-IN.

Provide volunteer-days for move-in day. A volunteer-day is 8 hours

5-10 volunteer days

1 point

11+ volunteers days

2 points

I have read and understand the Conference Host Chapter responsibilities and rewards (Section

800 and Attachment 800-C of RETA Policy).

Host Chapter Committee Chair/Date National Conference Committee Chair/Date

Section 900 – Education Policy Date Last Revised: 02-19-2015 Revision 04


Approved on: 03-18-2015

Page 145

Page 900 - 1

900 - EDUCATION

A. Purpose

1. To ensure the membership and refrigeration industry is provided with Educational and Training material that conforms with the RETA mission statement “To Enhance the Professional Development of Industrial Refrigeration Operating and Technical Engineers”.

2. The Education, Marketing, and Certification Committees provide RETA membership and industry “Education” through publications, schools and seminars, industry training, and conventions to provide valuable resources to the membership and industry. The Publications and RETA workbooks include: Industrial Refrigeration I, II, III, and IV; Basic Electricity I and II; Control Theory and Fundamentals I and II, Engine Room Safety Video; and Save Energy Wall Charts (plain and laminated).

B. Responsibilities

1. Continually review the text and graphics in RETA workbooks on a five year cycle. This will be accomplished by a material review task force (for each publication) consisting of committee members, volunteers from the membership or the industry. The Chair and the Board President will select the task force members.

2. The Material Task Force responsibilities are: a. Lessons will be assigned to each task force member. b. Review lesson material and determine need for revision. c. All members of the Material Review Task Force and Authors are

requested to sign a “Copy Right release” to RETA. This covers CD and video material.

d. The format for rewriting the text and graphics - Written material to be submitted in a Microsoft Word document - Graphic material should be in a JPEG or TIF format.

e. The beginning of each lesson must have 3 or more objectives that will be accomplished in the lesson.

f. Text material content must be directed to entry level person who wishes to enter the industrial refrigeration field and use as a correspondence source.

g. The lesson should be written with a bold paragraph title as Refrigeration I “Revision”.

h. Mini quizzes are not used. i. A copy of the lesson from all “Revisions” published will be provided as

additional reference material. j. Authors must also provide bibliography on workbook material that has

been added. k. Authors are asked to highlight areas where additional information and

visual aids would help. They are asked for suggestions on supplemental visual aids; slides, overheads, video footage, graphs for use with instructor’s tools.




Page 146

Page 900 - 2

l. The lesson (at the end) must include at least 10 multiple choice

questions: five basic, five intermediate, and 5 advance level, referencing the material in the lesson. All answers to the questions must appear in the lesson material.

m. Instructor’s Tools: 1. Authors are asked to note any instructions that could be helpful for

the instructor and mark material that should be included as transparency.

2. Study hints the author feels will be beneficial should be included. The suggestions will be used in the workbooks and included in the instructor’s tools.

n. Graphics: 1. All tables and charts should be in IP units, and if complicated,

should be separated into 2 figures (a) – (b). 2. All graphics, tables and charts inserted in the lessons should be

as near the written explanation as possible. 3. All graphics of piping should be color-coded and labeled

according to IIAR Bulletin No. 114 and ANSI A13.1 (labeling). o. Work book layout:

1. Introduction – Forward 2. Objectives of RETA – Industry History 3. Study Hints 4. Lesson (#1-10)

- Lesson objective - Lesson - Lesson questions

5. Glossary at end of book 6. Final review of test (Course credit exam)

The final test can be distributed by Headquarters and can be taken as a manual exam or on the Internet at RETA.com. Both services have fees.




Page 147

Page 900 - 3

C. Acceptable Electronic Teaching / Instructor Delivered Courses Using RETA Materials 1. Instructors are allowed to project / present RETA Coursework via the

Internet or other network means provided: a. Each student receives or has received a hard copy of the

coursework material (RETA Book(s)) of the course being taught. The following are acceptable ways for the instructor to assure this has taken place. a. The instructor may supply the coursework material

(RETA Book(s)). b. The instructor may have supplied the student the

coursework material (RETA Book(s)) previously. c. The Student or the student’s employer may supply the

coursework material (RETA Book(s)). In this instance the instructor should retain documentation (such as a statement from the student) that the student has procured the material independently.

b. Instructors may generate a presentation with content from the RETA Instructor’s Tools CD or the RETA Book(s) for the purpose of supporting a presentation whether it is an in- person presentation or presented by electronic means at a distance. a. RETA material is to be credited as source within the

presentation. Sources sited within the RETA material must also be credited.

b. Instructors may NOT package a presentation product using RETA materials when this package is intended to be sold as a new product disassociated from the teaching services of the instructor. An instructor may make a copy of the training presentation available for the record of the student provided the provisions of D.1.a above is met.




Page 148

Page 900 - 4

D. RETA POLICY ON ENDORSEMENT OF TRAINING PROGRAMS

1. RETA has maintained a long-standing practice of encouraging alternate pathways for refrigeration operators to acquire the knowledge and skills required to perform their roles safely. While RETA commends training and scholarship programs that are designed to improve safety and practice in industrial refrigeration facilities, RETA does not endorse, sponsor or promote individual training institutions or programs.

2. RETA publications reflect the best judgment of its Education Committee

on the content of effective training programs. Its Certification Committee documents the qualifications and requirements to receive RETA certification from its examinations and related programs. These RETA sources are available to all training organizations and vendors as resources to guide their efforts to assist possible candidates for RETA certification in meeting the objectives of RETA to promote safe and efficient operation of industrial refrigeration systems.

3. The instructors that have obtained the RETA credential “RAI®” have demonstrated mastery of the content of RETA educational materials and documented their ability to deliver a training message. RETA does not endorse any RAI educational programs they would operate as individual providers of instruction. RAIs are subject to the policies and requirements of the RETA policy and procedures manuals.

Date last Reviewed: 08-13-2011

Attachment 900-1 RAI Requirements and Guidelines

Date Last Approved: 09-18-2011 Page 900.1 - 1

Revision 06


Page 149

RETA Authorized Instructor (RAI) Requirements and

Guidelines

The goal of the RETA Authorized Instructor program is to make quality Industrial

Refrigeration instruction widely available to businesses and individuals who operate

industrial refrigeration systems.

A RETA Authorized Instructor (RAI) provides high-quality training focusing on safety

and the improvement of operational and maintenance competency in the industrial

refrigeration environment. The RAI may use RETA’s standardized training material as

well as other materials such as machinery specific operating and maintenance manuals

necessary to provide the instruction.

RAI Benefits

1. RAIs are nationally recognized as qualified providers of industrial

refrigeration instruction and/or training to the industrial refrigeration

industry.

2. RAIs will receive recognition in RETA communications and will thus gain

national exposure to a wide market as providers of industrial refrigeration

training to the industrial refrigeration industry.

3. RAIs are provided the correction key information for the RETA book for-

credit final exams. RAI’s are encouraged to correct their student’s final tests

and review information that needs to be reinforced based on test score

results.

4. RAIs have the option of using the RETA WebEx® subscription system to

deliver distance training to the customer. Details, policy, fees are found in

Attachment 900-6.

5. RETA resources sold at discounted rate.

RAI Qualifications

1. All RAIs must sign and operate under the specifications of the RETA Code

of Conduct.




Revision 06


Page 150

2. RAI applicants shall demonstrate through documentation that they have been

evaluated as an instructor from an acceptable training center.

RAIs must be capable of:

properly doing a needs assessment,

developing a curriculum,

developing and using lesson plans,

establishing and maintaining a good learning environment,

delivering a training message and instruction effectively,

establishing a measurement system for student learning,

demonstrating an ability to establish and maintain a record

keeping system.

3. RETA expects each RAI to refrain from teaching topics for which he/she is

not fully qualified by training, education and experience.

4. Each RAI shall submit documentation of six years of industrial refrigeration

industry experience subject to review by the RETA education committee

prior to issuance of RAI certificate.

5. All RAIs shall sit for and pass an RAI qualification examination with a score

profile as determined by the Certification committee. The certification

committee may recommend alternate pathways or documentation to meet

this requirement.

6. No RAI applicant will sit for the RAI examination until review of credentials

and references are completed satisfactorily.




Revision 06


Page 151

RAI Application Review and Approval

1. RAI applicants shall submit a completed RAI Instructor Application Form

(Form: AI 3504), a resume and, the names of four professional references.

2. RAI credentials are issued only after review by the RETA staff and the RETA

Education Committee and approval of the candidate’s application. The RETA

Education Committee may request a verbal interview prior to approval.

3. The initial instructor’s credential fee is set by the board, and renewal of the

credential is required every three years. RETA reserves the right to adjust fees

as RETA deems appropriate.

RAI Curriculum Approval

RAIs are not required to submit an all-inclusive curriculum, only documentation

supporting a comprehensive curriculum. Provide an example of an outline of

training objectives and how you will meet those objectives. The use of

supplemental training material from original equipment manufacturers (OEMs),

design and engineering firms, and other vendors is encouraged; supplemental

material should be listed as an addendum to the curriculum. Supplemental

material shall support the aims of the curriculum and not conflict with the RETA

Mission Statement.

The RAI shall submit a curriculum (Form AI 3504-2) to the RETA staff with the

initial application. It is expected that RETA’s most current standardized

training material will be used. Course plans using other material shall

demonstrate that the material supports RETA’s Mission Statement for the

industrial refrigeration industry. The committee reserves the right to request

additional information if necessary.

Submitted course plans shall list specific areas of instruction in systems and

components, including theories. An RAI may go beyond the submitted

curriculum in order to tailor a course to a client’s specific needs (for example,

site specific SOP training). Special system training should be noted as an

optional service provided by the RAI when curriculum is submitted.




Revision 06


Page 152

RAI Credential Maintenance Requirement

Renewal of the RAI credential is required every three years. Renewal is contingent on:

1. Maintaining RETA membership in good standing.

2. RAIs must present 24 PDH or 2.4 CEU documentation on or before the 3rd

anniversary of their accreditation.

3. Satisfactory adherence to the requested documentation necessary for RETA’s

RAI Program. RAI “Trainer Evaluation Form” (Form AI 3504-3) shall be

submitted to RETA headquarters subsequent to RAI training.

The RAI shall supply students with a trainer evaluation form (Form

AI 3504-3) to be completed and forwarded to RETA Headquarters by the

student, or class, in an instructor provided pre-addressed envelope.

RAI’s are required to forward students’ test answer forms to RETA

Headquarters for grading and processing so that the RETA Certificate of

Completion (CoC) may be issued. CoCs are then sent to the instructor in

unsealed oversized envelopes for signature and distribution.

4. RAI performance reviews are satisfactory.

5. Renewal application forms and fees are correctly submitted.

Restrictions

1. RAI marketing claims shall be in compliance with the policies and procedures

of the RETA Certification Program.

2. RAI advertising and marketing claims shall not state the courses are “RETA

Certification Exam Preparation” courses. Allowable language states that the

course content covers information published by RETA, or other authors, that

may be represented in RETA Certification Exams.

3. RETA does not authorize any course or class that is given solely for the purpose

of passing a RETA certification exam.

4. RETA does not approve specific courses. RAI’s may not advertise courses as

“RETA Approved”. RAIs may market themselves as RETA Authorized

Instructors, i.e. Instructors name followed with RAI® on business cards and

other correspondence documents.

5. RAI self styled certificates may not reference RETA, nor contain the RETA

logo. The RAI emblem and registration number may appear on the RAI’s




Revision 06


Page 153

certificate.

6. Self-styled certificates shall be approved by RETA

7. RAI agrees that usage of RETA’s name and RAI seal will be restricted to matters

related to this Agreement or in conjunction with the RAI’s organizational name,

and that the exploitation of such right of usage shall be to the best advantage

of the protection of the name and good will of RETA

8. In connection with the use of the RETA’s name and RAI seal, RAI agrees to not

represent that it has any ownership in the RETA’s name and RAI seal.

RETA’s Responsibilities to RAIs

1. To protect the RETA RAI emblem by registering it with the United States Patent

and Trademark Office.

2. To promote RAIs through the RETA web site - “Education Resources” page(s).

3. To direct persons calling or writing RETA in search of trainers or instructors to

the RETA website or by other means to provide the current contact listing of

RAIs.

4. To support RAIs with available RETA resources sold at a discounted rate to

RETA RAIs.

5. On direction from the RAI, RETA Headquarters will drop ship book orders to

the RAI customer.

6. To correct and/or process the RETA Course final exams and the certificates of

completion and student letters of accomplishment. These documents are

returned to the RAI in an un-sealed oversized envelope for the RAI to sign, and

include any additional supplemental communications, and mail to the student(s).

7. To document the achievement of students at RETA Headquarters including who

they received their training from, i.e. RAI, and maintain these records.

8. To monitor the performance of all RAIs by observing student success rates and

reviewing student evaluations of their instructors.

9. To continue to improve RETA coursework materials.




Revision 06


Page 154

10. To enforce RETA policy and procedures.

Relationship Between RAI and Clients – Separation from RETA Headquarters

1. The agreement for training is between the RAI and the client or company hiring

them.

2. All fees are paid to the RAI directly by the customer.

3. RETA shall not be responsible for any financial obligations of any RAI entities

in the course of their business affairs.

4. RETA Headquarters does not provide booking and logistical services for RAI

classes. All logistical arrangements are between the RAI and the student or

company by the RAI.

5. RETA and RAI agree that this Agreement is not intended to create any agency

relationship of any kind; and RETA and RAI agree not to contract any

obligations in the name of the other, or to represent that RETA is in the business

of providing the products and/or services provided by RAI.

License and Privileges

RAIs are permitted to use the RETA name and RAI seal in conjunction with their

organizational name. The RAI seal remains the property of the RETA national

organization and may not be otherwise reproduced without written consent and approval

from RETA.RAI shall at no time adopt or use, without RETA's prior written consent, any

word or mark which is so similar to the RETA’s name and RAI seal so as to cause

confusion with the RETA’s name and RAI seal.

Termination

1. The RAI agreement may be terminated upon written request by an RAI who

chooses to end the relationship.

2. RETA may initiate termination when an RAI fails to maintain their credential

through the renewal process, or by cause.

3. The effective date for execution of a termination is 30 days after the date of notice.

4. Upon termination of this Agreement in any manner, RAI shall immediately cease

and desist from all use of the RETA’s name and RAI seal.




Revision 06


Page 155

Refund of Application Fee

There will be no refunding of application fees once the process has been started.

Indemnification

The RAI shall indemnify, defend and hold and save RETA, its officers, directors,

employees and agents and their heirs, administrators and executors, and each of them,

harmless from any and all actions and causes of action, claims demands, liabilities,

losses, damages or expenses, of whatsoever kind and nature, including judgments,

interest and attorney's fees and all other reasonable costs, expenses and charges which

RETA, its officers, directors, employees and agents and their heirs, administrators and

executors, or any of them shall or may at any time, or from time to time, subsequent to

attaining RAI status sustain or incur, or become subject to by reason of any claim or

claims against RETA, its officers, directors, employees and agents and their heirs,

administrators or executors or any of them for any reason resulting from any of them,

carrying out the terms and conditions of this Agreement, except for gross negligence,

willful misconduct, criminal acts or omissions, or breach of this Agreement on the part

of RETA, and provided further that RETA, its officers, directors, employees and agents

and RETA, its officers, directors, employees and agents and their heirs, administrators,

executors, or any one of them promptly notifies the RAI and its general counsel of

adverse claims or threatened or actual lawsuits. RETA, its officers, directors, employees

and agents and their heirs, administrators or executors, as appropriate, shall provide

complete cooperation to RAI, its attorneys and agents in such case to the extent possible.

RETA shall indemnify, defend and hold and save the RAI harmless from any and all

actions and causes of action, claims, demands, liabilities, losses, damages or expenses, of

whatsoever kind and nature, including judgments, interest and attorney's fees and all other

reasonable costs, expenses and charges which the RAI shall or may at any time or from

time to time subsequent to the date of this Agreement sustain or incur, or become subject

to by reason of any claim or claims against the RAI for any reason resulting from any

allegation that the standardized training materials infringe any third party intellectual

property rights and provided further that the RAI promptly notifies RETA and its general

counsel of adverse claims or threatened or actual lawsuits. The RAI shall provide complete

cooperation to RETA, its attorneys and agents in such case to the extent appropriate.




Revision 06


Page 156

THE APPLICATION REVIEW PROCESS

RETA Staff will review your application upon its arrival. This is a description of the

process they will go through:

Staff will:

Contact you to confirm that your application did arrive intact at headquarters.

Review your application for completeness.

Deposit your fee

Contact the institution or learning center that you state trained and evaluated

you as an instructor.

Contact the references you provide in the application.

Review the curriculum you provide.

Receive your application to sit for the RAI qualification examination.

Process the application and schedule the administration of the test.

Send a recommendation to the Education Committee regarding your

application. A meeting will be scheduled.

Meet with the Education Committee to review your application

o If necessary, a conference call will be scheduled with you to interview

with the Education Committee – it is possible that you will be asked to

present a portion of a lesson via the internet using the WebEx tool RETA

subscribes to.

Upon acceptance RETA Staff will:

o generate your credential.

o issue a certificate of recognition as an RAI. o establish your registration number (the numbering is randomized so as

to not indicate #1, #2 and so on).

Contact you again to receive your updated contact information for posting on

the RAI resource page on the RETA Website.

Send you the hardcopy of the paperwork and resources you’ll use as an RAI.

Include your name in a press release announcing your achievement as an RAI.

Announce your achievement in the next RETA Breeze.

This process may take 3 to 4 weeks, depending upon the thoroughness of the

application data and the reference check process.

Date Last Reviewed: 10-10-10 Attachment 900-2 RAI Application Review Form

Revision 04

Date Last Revised: 07/15/2008

Approved on:07/17/08

© 2008 Refrigerating Engineers & Technicians Association Page 900.2- 1

Page 157

Authorized Instructor INSTRUCTOR APPLICATION FORM AI 3504

DATE: Please print.

NAME: ADDRESS:

CITY: STATE: ZIP:

PHONE NO. FAX NO.

RETA MEMBER NUMBER:

I have read and agree to the terms and specifications listed in Attachment 900-1 RAI Program policy and procedure and submit this application to be a RETA Authorized Instructor.

Signature

Four References Required:

1. Name:

Company:

Phone: Professional Relationship:

2. Name: Company:


3. Name: Company:


4. Name: Company:


Additional Information may be attached to this form.

INSTRUCTOR ID Official use only

.


Revision 04




Page 158

Authorized Instructor INSTRUCTOR APPLICATION FORM AI 3504

Attach your resume to the application

Please attach your payment of $850

Include documentation of your evaluation as an instructor by a training center.


Revision 04




Page 159

Authorized Instructor SAMPLE CURRICULUM SUBMISSION FORM

DATE: Please print.

NAME: ADDRESS:

CITY: STATE: ZIP:

PHONE NO. FAX NO.

Select all that apply RETA Coursework Customized RAI Program Supplemental Material Site-specific Facility Training

Attach proposed curriculum and objectives statement. It is expected that RETA’s most current standardized training material will be used; course plans using other material must demonstrate that the material supports RETA’s mission statement for the industrial refrigeration industry. Submitted course plans must list specific areas of instruction in systems and components, including theories. RAIs are not required to submit an all-inclusive curriculum, only documentation supporting a comprehensive curriculum.

Date: Official Use Only

CURRICULUM ID:

Approved by Educational Committee Denied by Educational Committee

Committee Chair person: Signature:

Form: AI-3504-1

INSTRUCTOR ID Official use only

.


Attachment 900-3 RAI Evaluation Form

Revision 03


Approved on: 07/17/2008


Page 160

Authorized Instructor TRAINER EVALUATION FORM AI 3504-3

DATE OF TRAINING:

ARE YOU A RETA MEMBER?

STUDENT’S CONTACT INFORMATION:

Official use only

NAME: PHONE NO.

LOCATION OF TRAINING:

COURSE NAME: IR-1 IR-2 IR-3 IR-4 BE-1 BE-2 CT&F 1 CT&F 2

NAME OF INSTRUCTOR(S):

Please respond to the following statements where 1 represents “Strongly Disagree ” and 5

represents “Strongly Agree .” Please feel free to provide comments in the lines below each

statement.

The teaching environment was clean and satisfactory.

1 2 3 4 5 COMMENTS:

The instructor was effective in teaching the material.

1 2 3 4 5 COMMENTS:

The instructor was able to relate the material taught to my application.

1 2 3 4 5 COMMENTS:

INSTRUCTOR ID


Attachment 900-3 RAI Evaluation Form

Revision 03




Page 161

Authorized Instructor TRAINER EVALUATION FORM AI 3504-3 - PAGE 2

DATE OF TRAINING: STUDENT NAME:

The instructor conducted him/herself in a professional manner.

1 2 3 4 5 COMMENTS:

I would recommend the instructor to others.

1 2 3 4 5

COMMENTS:

What did you like most about this training experience?

What did you like least about this training experience?

Please mail to OR Fax to (541-497-2966) RETA Headquarters c/o: Education Committee Phone Number: (541)-497-2955 1035 2nd Ave SE Albany, OR 97321

Page 162



Revision 0



Date Last Reviewed: 06-09-08 Attachment 900–4 RAI Application Evaluation Form

Revision 04



© 2008 Refrigerating Engineers & Technicians Association Page 900.4 - 1

Page 163

Authorized Instructor EDUCATION COMMITTEE

APPLICATION EVALUATION FORM Confidential Document: For Official Use Only

DATE: INSTRUCTOR ID Please print. Official use only APPLICANT NAME:

ADDRESS:

CITY: STATE: ZIP:

PHONE NO.

FAX NO.

Evaluation of Credentials for an RAI Permit: 1. Current CIRO level certification: ( ) yes ( ) no 2. Is applicant’s professional résumé adequate? ( ) yes ( ) no 3. Has the applicant provided documentation of successful completion of a qualified “Train the Trainer”

program or equivalent? ( ) yes ( ) no

4. Evaluation of responses by references: RESEARCHER NAME:

4a Reference 1: i. Attesting to one or more of the following items:

1. Technical knowledge in industrial refrigeration field ( ) yes ( ) no 2. Hands-on experience in industrial refrigeration field ( ) yes ( ) no 3. Teaching experience and ability ( ) yes ( ) no 4. Professional conduct ( ) yes ( ) no

ii. Additional comments by reference:

iii. Comments by interviewer:


Revision 04




Page 164


APPLICATION EVALUATION FORM - PAGE 2

Confidential Document: For Official Use Only DATE: INSTRUCTOR ID Please print. Official use only APPLICANT NAME:

4b Reference 2: i. Attesting to one or more of the following items:




4c Reference 3:

i. Attesting to one or more of the following items:

1. Technical knowledge in industrial refrigeration field ( ) yes ( ) no

2. Hands-on experience in industrial refrigeration field ( ) yes ( ) no

3. Teaching experience and ability ( ) yes ( ) no 4. Professional conduct ( ) yes ( ) no




Revision 04




Page 165


APPLICATION EVALUATION FORM - PAGE 3

Confidential Document: For Official Use Only DATE: INSTRUCTOR ID Please print. Official use only APPLICANT NAME:

4d Reference 4: i. Attesting to one or more of the following items:




5. Is the information supplied by the references sufficient to support the application? ( ) yes ( ) no

6. Evaluation of any additional information supplied:

Date: Official Use Only

Instructor ID:

Approved by Education Committee Denied by Education Committee

Committee Chair: Signature:

Page 166



Revision 0



Page 167

Authorized Instructor

Procedure for evaluating an RAI application: Applicable to RETA Headquarters Staff

1. Review the entire application for completeness before reviewing section by section.

2. Follow the review form provided in Attachment 900-4 Application Evaluation Form.

3. Review the content of the documentation of training and evaluation as a trainer from the accrediting party. Investigate the accrediting party’s coursework / objectives to ascertain that the training and instruction received meets the minimum objectives of the RETA “Training the RETA Trainer” course listed at the end of this document.

a. When deemed needed, personally contact the accrediting party to gain more insight or information that supports the applicant’s claim of being trained and evaluated satisfactorily as an instructor.

4. Contact the personal references listed by the applicant.

a. Follow the prompts listed in the Attachment 900-4 Application Evaluation Form when conducting the interview with the reference party.

5. After completing the initial review of the documentation, inform the Education Chairman of the results of review and provide recommendation(s). i.e. recommend approval or perhaps schedule a personal interview with the candidate via webex or some other appropriate next step as required.

From the RETA “Training the RETA Trainer” program

Primary Learning Objective (PLO): The student shall objectively demonstrate understanding of, and competency in the 9 areas listed below. 1. Adult learning characteristics and learning styles 2. Learning theories 3. Instructional characteristics and teaching styles 4. Speaking before a group 5. Communication methods 6. The learning environment 7. Instructional materials and their use 8. Exams and evaluations 9. Record keeping

Competency will be gauged by evaluation of end of lesson quizzes, presentation evaluations, the final written exam and the final project.

Date Last Reviewed: 07-15-08 Date Last Revised: 07/15/2008 Attachment 900–5 RAI Application Evaluation Procedure Page 900.5 - 1 Approved on: 07/17/2008

Revision 01 © 2008 Refrigerating Engineers & Technicians Association

Page 168



Revision 0



Page 169

RAI WebEx Use Policy

A. Purpose

1. To ensure the membership and refrigeration industry is provided with

Educational and Training material that conforms with the RETA mission

statement “To Enhance the Professional Development of Industrial

Refrigeration Operating and Technical Engineers”.

2. To provide an infrastructure at reasonable expense to the RETA

Authorized Instructor (RAI) as a benefit of being an RAI.

B. Policy

1. An RAI is eligible to enroll as a WebEx “host” through RETA’s annual

subscription with WebEx. There is a $75 per month* system access fee for an

RAI as host. *subject to change as WebEx changes fees to RETA

2. All WebEx rules and regulations must be adhered to by the RAI serving as

host.

3. Copyright regulations must be adhered to always.

4. RAI time of use of the basic WebEx platform is not limited.

5. RAI’s may use the full communications suite of WebEx. RETA will bill the

RAI at cost plus 10% for the use of (voice) communications (currently $0.11

per minute per line connected). The billing will be itemized.

6. RAI’s may not assign or designate other users to RETA’s subscription.

7. RETA owns the right to the RAI host designation and may suspend or cancel

an RAI’s hosting privilege if deemed necessary.

Date Last Reviewed: 06-16-08 Date Last Revised: 07/15/2008 Attachment 900-6 RAI WebEx Policy Page 900.6- 1 Approved on: 07/17/2008


Page 170



Revision 0



Page 171

RETA AI #063008001

REFRIGERATING ENGINEERS

AND

TECHNICIANS ASSOCIATION

Issues this document to

APPLICANT

RETA Authorized Instructor Credential

Authorized Field: Industrial Refrigeration Operation – Maintenance as defined in

ARTG-GDL1 (Ammonia Refrigeration Training Guideline)

This credential authorizes the holder to teach RETA industrial refrigeration coursework

and all subjects pertaining to the field of industrial refrigeration in classes organized

primarily for adults. In addition, this credential authorizes the holder to develop

curricula and specially designed content instruction to meet the specific educational

needs of the student(s).

Valid: <date issued> to <date issued + 3yrs>

To renew this credential, the holder must complete the requirements specified by RETA.

* * * * *

Jim Price <current President>

RETA – Education Manager President <term years>

Date last Reviewed: 06-30-08 Date Last Approved: 07/17/2008 Attachment 900-7 RAI Credential Page 900.7 - 1


Page 172

Dear RETA AI Applicant,

After careful consideration of your RETA Authorized Instructor application delivered

to RETA Headquarters, we regret to inform you that we cannot grant your request at

this time. The reason(s) for non-issuance may stem from one or more of the following

examples:

1. Application incomplete

2. RETA CIRO certification not current

3. Educational training component not met or is insufficient

4. References not applicable OR information gleaned from references not

favorable

Please contact RETA Headquarters for further information.

It is RETA’s hope that you will meet the qualifications set forth in the RETA AI

Program. We welcome your future efforts in achieving RETA AI status.

Kind Regards,

Jim Price

RETA Education Manager

Date last Reviewed: 06-30-08 Date Last Approved: 07-17-2008 Attachment 900-8 RAI notification Page 900.8 - 1


Electronic Communications Vehicle Policy Revision 1



Approved:04-30-2011

Page 173

Page 1000 - 1

1000 - Electronic Communications Vehicles (Internet)

A. Statement of Purpose and Objectives

1. RETA is committed to making use of the technological advances in

communication that further the Association’s mission to promote the professional

advancement of industrial refrigeration industry operators and technical

engineers.

2. Electronic communications vehicles will be used, as appropriate to:

a. encourage membership and participation in the Association;

b. market the Association’s products and services;

c. improve the quality of membership benefits while maintaining their

integrity;

d. facilitate communication among staff, the board, and members in

matters pertaining to RETA business; and

e. promote industrial refrigeration.

3. Website

Purpose

The purpose of the RETA Website is to inform members about the goals and

activities of the Association through the electronic medium of the World

Wide Web. The goal is to have THE Website where members want to “check

out” what is happening.

The Association uses RETA.COM to market the offerings and activities of

RETA to members and to the Internet public at large.

The RETA website is a place for finding solutions and is to be designed to be

useful to the reader to find resources and information related to industrial

refrigeration, safety, personal development, educational opportunity,

certification, regulatory initiatives, energy and other driving forces that affect

the industrial refrigeration community.

a. Location

The RETA website was inaugurated in 1997 at http://www.reta.com

b. Maintenance

The staff of RETA, under the direction of the Executive Director,

maintains the website.

c. Content

The Website is organized into areas of interest and activity that speak to

http://www.reta.com/




Approved:04-30-2011

Page 174

Page 1000 - 2

the intended audience. Each area has subsections that expand to offerings

of information and opportunity supported by RETA.

Links to and from other websites that are beneficial to the RETA audience

are allowed as deemed appropriate. An example of a link group would be

RETA’s Corporate members that offer goods and services. A page could

be organized that presents links to these members from a themed index.

A reciprocal link from the Corporate member’s site is a requirement to

this offering.

1. About RETA

Membership information, Industry news, Headquarters information,

Leadership information and Governance information are found in

this section

2. Certification

Information about the examination program is found in this section.

It consists of Exam Application, Pricing information, Preparation

materials, Practice exam information, Test center location

information, Recertification information and an input section for

reporting possible violations of RETA Code of Conduct by certified

operators.

3. Education

This section brings training materials content information, a

reference page to find RETA Authorized Instructors, On-Line

Training information, Training materials order forms, and a

pressure/temperature chart. This section may also provide access to

video clip links and interactive training sessions developed in the

future.

4. Industry Resources

This section is where the reader will access information to related

publications from other groups, links to kindred organizations, a

page listing providers (for example the corporate members who

offer goods and services), a regulatory page with indexed links to

federal and state sites, an events page where information to

appropriate seminars and sessions is found.




Approved:04-30-2011

Page 175

Page 1000 - 3

5. RETA Publications

This section consists of a Breeze description page, a Tech Report

page, the Conference Chronicle page, and a page that informs about

advertising in the Breeze.

6. Chapters section

This section provides access to a page where chapter newsletters are

posted, a section where the chapter contact information is available

to the reader and, guidance for establishing a chapter is available.

7. Conference

This section provides information on the upcoming conference to

the reader and provides readers registration forms, sponsorship

information forms, program activity documents, promotion of

sponsors of recent and future conferences. Slide shows of

conference activities may be found in this section.

8. Members Only

The site is partitioned with a public section and a Members’ Only

section. Members will access archived RETA Breeze issues,

Technical Report issues, Certain conference white papers, the

RETA Organization Chart, a utility to update their information for

the operative database and a utility to change their password. Other

member benefits may be added to this section as deemed

appropriate.

e. Frequency

The RETA web site will be reviewed and updated at least quarterly by staff.

When important information such as dues, product pricing, or program

dates changes, the home page will be updated as soon as possible.




Approved:04-30-2011

Page 176

Page 1000 - 4

f. Forum

The RETA Forum exists to:

Encourage exchange of ideas amongst RETA members

Communicate changes and clarifications to the members and

others about RETA program and opportunities

Receive feedback from the membership about issues and items of

concern of the members.

Rules of Usage and Participation: - Participants in the forum will agree to

this policy before they may post comments on the forum.

While the administrators and moderators of this forum will attempt

to remove or edit any generally objectionable material as quickly as

possible, it is impossible to review every message. Therefore you

acknowledge that all posts made to these forums express the views

and opinions of the author and not the administrators, moderators or

webmaster (except for posts by these people) and hence will not be

held liable.

You agree not to post any abusive, obscene, vulgar, slanderous,

hateful, threatening, sexually-oriented or any other material that

may violate any applicable laws. Doing so may lead to you being

immediately and permanently banned (and your service provider

being informed). The IP address of all posts is recorded to aid in

enforcing these conditions. Disciplinary actions may lead to

execution of the RETA Code of Conduct depending on the nature of

the infraction.

You agree that the webmaster, administrator and moderators of this

forum have the right to remove, edit, move or close any topic at any

time should they see fit. As a user you agree to any information you

have entered above being stored in a database. While this

information will not be disclosed to any third party without your

consent, the webmaster, administrator and moderators cannot be

held responsible for any hacking attempt that may lead to the data

being compromised.

This forum system uses cookies to store information on your local

computer. These cookies do not contain any of the information you

have entered above; they serve only to improve your viewing

pleasure. The e-mail address is used only for confirming your

registration details and password (and for sending new passwords

should you forget your current one).

By clicking Register below you agree to be bound by these

conditions.




Approved:04-30-2011

Page 177

Page 1000 - 5

g. Mention of RETA on other websites – Facebook® - Linked-In® and

other social networking media

i) Individual opinions expressed on non-RETA websites or social

networks do not represent the official position of RETA. Matters

expressed on these non-RETA websites that pertain directly to

RETA activities or policies may be brought to the attention of

the Board of Directors. If any clarification is deemed necessary,

the Executive Director, as the official spokesperson for RETA,

will respond utilizing the currently established communication

tools of the association and will notify the website owner, as

appropriate.

ii) Chapters should refrain from accepting overtures to post their

meetings, newsletters, communications, membership rosters,

educational sessions (printed or video/audio format) etc. on

websites or forums where RETA does not have control.

Such postings can be arranged when a written agreement that

defines the terms of the relationship and the boundaries of the

benefit to both parties.

Care has to be taken that participation by a chapter on others’

websites can be deemed an endorsement of the business

operation of the website, their services and goods. This includes

comments posted on bulletin boards, Facebook®, LinkedIn®

and so on. RETA exercises great caution in this regard. The

primary point to be taken is this: The comments made that

expresses a personal opinion of the writer can be construed as an

official statement by RETA or the chapter / owner of the social

network page. RETA does not endorse any particular vendor,

instructor, contractor, learning center, or agency when articles or

links to such resources are posted on RETA.COM. The chapters

must follow the same protocol (see the rules of the forum in

section 8(f).




Approved:04-30-2011

Page 178

Page 1000 - 6

h. Bi-directional links to / from RETA website

Corporate members receive a bi-directional “hot link” from a “corporate

members” page. This is an optional benefit. Staff has responsibility to

maintain the links and to periodically survey the linked sites to confirm

conformity to RETA policy.

Non-Corporate members may also qualify to establish a bi-directional link

to/from the RETA website under the same agreement conditions as

corporate members.

i. Chapter owned websites

Chapters may own and service their own websites.

At a minimum – Chapters must follow the guidelines observed by RETA

National regarding content, sales of ad space, sponsor recognition, etc.

Chapters may want to post videos of the proceedings of their meetings or

other instructional sessions. Doing so is fraught with peril for the chapter,

the persons involved, and for RETA in general.

RETA Counsel was consulted for policy and protection. The following is

input from RETA’s attorney.

There are some considerations you will want to take into account

in determining whether and what to record.

Do not tape any portion of the meeting which reflects the

official business of the association. From a risk management

perspective, the minutes are the only record of this you will

want. Having an exact record of everything that was said by

anybody would be something a plaintiff’s attorney would

certainly want to have as a resource to scrutinize the

association’s activities from an antitrust or other legal

perspective. You do not want to create that possibility.

Make sure you have the right to record what it is you are

recording.

Typically there are two concerns here:

o Make sure the individuals who are being recorded

have consented to being taped and are informed as

to the nature and extent of the distribution of the

recording.




Approved:04-30-2011

Page 179

Page 1000 - 7

Any other potential uses of the recording should be

disclosed (e.g., compilations, translations,

derivative works, advertising, etc.)

Here you need to consider not only any presenter(s)

but participants as well.

Anyone who is identifiable should manifest their

consent in a way that RETA could verify if it ever

had to make sure the presenter has the right to use

all of the materials in the presentation and have

them recorded.

To the extent the presenter incorporates anything that

belongs to a third party, infringement can be an issue.

Make sure the presenter confirms that he or she will only

use materials to which he or she has adequate rights.

It’s a good idea to get the presenter to provide

indemnification as to this issue so that RETA will be free

from liability as to any infringement claims.

It is also important to address how any supplementary

materials (PowerPoints, notes, etc.) will be handled. Will

these be posted online or otherwise distributed?

The discussion points above are introductory and give minimum guidance for

appropriate administration of electronic communication practices.

Note to Board and staff: several forms need to be developed and approved in order to protect RETA and

chapters from inappropriate exposures and conduct on other’s websites and

forums. This will need to be as structured and maintained as the Certification

program forms.

Page 180



Revision 0



Page 181

1100 - FINANCE A. Purpose

1. To act as a double check on dispersion of payments for services and material. 2. To work with the national office in setting up budgets for the organization, or for

national conferences.

B. Responsibilities 1. Verify that all payments for services or material rendered to RETA are properly

accounted for.

2. Study the invoices and ascertain that purchases for material are legitimate, and proper.

3. Check that refunds to chapters, or individuals, are proper and can be verified.

4. Adhere to and enforce the RETA Financial Reserve Policy (Attachment 1100.1) 5. Review RETA’s Income Tax form 990, when delegated by the Board of Directors,

prior to it being signed by an officer of the Board.

C. Make up of committee 1. The Executive Committee serves as the Finance Committee.

D. Board Responsibilities 1. The Income Tax Form 990 prepared by the RETA CPA must be reviewed and

approved by the Board of Directors prior to being signed and filed by an officer of the Board.

E. Capitalization Definition and Threshold: Capital purchases comprise furniture, fixtures, equipment, software, leasehold improvements, etc. that meet two criteria:

1) a useful life of more than one year, and 2) cost more than a certain amount.

The RETA Board of Directors has established $2,000 as the threshold amount for capitalization.

Section 1100 –Finance Policy Developed: 10-01-2007 Revision 2 Page 1100 - 1 Approved 09-22-2008 Last Approved: 09-17-2015 © 2009 Refrigerating Engineers & Technicians Association Last Reviewed: 09-17-2015

Page 182

Competitive bid: For purchases in excess of $2,000, competitive bids (preferably three, minimum two) should be sought when appropriate. Approval: RETA’s Capital Budget is updated each year and should include proposed capital purchases that are anticipated to take place during the year. Those purchases itemized within the approved capital budget are considered approved. Capital purchases not within the approved capital budget, must be specifically approved by RETA Board. To seek such approval, the Executive Director must provide the price and rationale for the purchase and assurance of availability of financial resources to support the purchase. Recordkeeping: RETA shall maintain a list of fixed assets showing the date of the acquisition, its cost, and a schedule for depreciation of the asset. RETA shall keep on file documentation for each purchase. Annual depreciation expense will be included in RETA’s annual operating budget. For each purchase, the Executive Director shall evaluate whether the acquisition will have an impact on insurance coverage, determine if present coverage valuations are adequate, and obtain additional coverage if necessary. F. Managing Bad Debt RETA processes invoices for new membership, membership renewal, publication materials, conference exhibitors/sponsors, conference attendees, advertising, etc. Invoices are typically due upon receipt unless otherwise noted; however, it is understood that it does take time for industry to process invoices for payment. RETA’s financial statements are prepared on the accrual basis of accounting and, accordingly, reflect all significant receivables, payables and other liabilities in accordance with generally accepted accounting principles. RETA reconciles its books monthly and closes the accounting period on the last day of each month. With this in mind, RETA has adopted the following Bad Debt – Write Off Policy:

At the end of each month when reconciling the financial statements, RETA will write-off 100% of all invoices that are at 180 days past the due date. If that receivable eventually becomes “collectable”, RETA will re-issue an invoice. To track the “write-off”, RETA codes the write-off against the corresponding revenue. This ensures that for each revenue classification, RETA has an accurate reflection of actual revenue for the year for preparation of upcoming budgets.


Page 183

G. Collections RETA’s invoices are due upon receipt unless otherwise noted; however, it is understood that it does take time for industry to process invoices for payment. RETA provides a 60-day grace period. Non-payment may result in cancellation of purchase, forfeiture of future participation in RETA events, and/or a 1.5% fee per month compounded monthly. RETA clients are noticed of this policy by inclusion on every invoice.


Page 184



Revision 0



Page 185

ATTACHMENT 1100.1 - RETA FINANCIAL RESERVE POLICY

Maintaining an appropriate financial reserve for RETA is an extremely important responsibility of the Board of Directors. Failure to maintain the necessary financial reserves could lead to insolvency during difficult economic times. RETA cannot serve its members and its mission if it ceases to exist. It would be unconscionable to allow RETA’s financial reserves to shrink to a level incapable of sustaining the organization through any foreseeable economic circumstance. Founded in 1910, this organization has survived two World Wars, the Great Depression and many other conflicts, recessions and economic setbacks. It is incumbent upon the Board of Directors to see that RETA remains alive and healthy as long as there are members to serve. There are many opinions on what amount is needed in financial reserve. The normal rules of thumb would suggest that the reserves should never be less than 6 months of budgeted operating expenses to a maximum of one year of operating expenses. Beyond that amount, it could be argued that the organization is not just insuring its survival but also tying up funds that should be actively working in support of the Mission. It shall be the responsibility of the Finance Committee (currently comprised of the Executive Committee members) when setting each annual budget to perform an analysis of the adequacy of current financial reserves. There are various methods to review the financial health of the organization and it is the responsibility of the Finance Committee to document the methodology used for each budget preparation in the Treasurer’s report when the budget is presented to the board. This analysis should include Worst Case Scenarios projecting what income could be lost in a major economic upheaval compared to what fixed expenses could not be readily shed and for what length of time. The result of this analysis should determine the financial reserve target amount. If the current financial reserve is less than the targeted amount, the budget must include income and expense adjustments specifically intended to balance the financial reserves in the shortest time possible or practical. In the event of a Worst Case Scenario, RETA’s Executive Director will institute RETA’s Brown-Out Plan which will outline various situations and operating expenses that could be eliminated during such a situation. An exception to the six month operating expense reserve would be for the Association to be able to use 25% of the reserve to re-invest into Association improvements or special projects. The Finance Committee would be responsible for outlining for Board approval the dollar amount, the type of improvement, and the pay-back schedule.

Attachment 1100-1 –Finance Reserve Policy Developed: 10-01-2007 Revision 1 Page 1100.1 - 1 Approved 09-22-2008

Last Approved: 09-17-2015 © 2009 Refrigerating Engineers & Technicians Association Last Reviewed: 09-17-2015

Page 186

Use of the Association’s reserve fund for re-investment can be for activities that include but are not limited to projects such as infrastructure upgrades or new program development. Borrowing from the reserve fund should not be used to routinely support normal operational activities such as salaries, rent, utilities, etc. Regardless, in no case should the Financial Reserves be allowed to remain at a level less than three months of calculated operating expenses without immediate action to correct this deficiency. If borrowing will drop the reserve to below the minimum three month criteria, the “loan” shall not be approved. Conversely, if Financial Reserves exceed one year of budgeted operating income the excess funds should be put to work in Mission related activities and/or dues and other income should be re-evaluated in light of such windfall unless a compelling case can be made before the Board of Directors as to why the excess Reserves are necessary at that time. One possible example would be building reserves for anticipated unusual and extraordinary expenses, however a separate fund specifically for that purpose would be more appropriate.

Attachment 1100-1 –Finance Reserve Policy Developed: 10-01-2007 Revision 1 Page 1100.1 - 2 Approved 09-22-2008

Last Approved: 09-17-2015 © 2009 Refrigerating Engineers & Technicians Association Last Reviewed: 09-17-2015

Page 187



Revision 0



Page 188

1200 - HEALTH and ENVIRONMENT

A. Purpose 1. To keep the membership informed of all changes in government and industry

regulations and codes as we become aware of them. 2. To inform the Board of Directors of any gaps in our education and certification

programs that need to be addressed in light of such changes.

B. Responsibilities 1. To advise the Board of Directors of any proposed or new legislation/regulation

that may require action by RETA to properly inform our members. 2. To maintain meaningful dialogue between sister-organizations such as IIAR,

IARW, RSES pertaining to regulation/code activities for purposes of awareness and preparedness of our members.

Date Last Reviewed: 10-01-07 Section 1200 – Health & Environment Policy

Page 1200 - 1


Revised:

Page 189



Revision 0



Page 190

1300 - HISTORIAN

A. Purpose 1. Gather information, facts, and data. This will include RETA Breeze, RETA

Technical Reports, RETA Advertisements, RETA Educational Materials, National Convention News, RETA Chapter News, RETA Member News and any additional miscellaneous data.

2. RETA National Headquarters will serve as the “committee” to help collect and forward information, facts and data of interest. All archives shall be maintained at RETA Headquarters or an approved location.

B. Responsibilities

1. Work with HQ to organize the information, facts and data.

Date Last Reviewed: 04-23-2011 Section 1300 – Historian Policy

Page 1300 - 1



Page 191



Revision 0



Page 192

1400 - INDUSTRY RELATIONS

IIAR/IARW

A. Purpose 1. To develop and maintain a long-term relationship for the benefit and

advancement of both associations and their membership.

B. Responsibilities 1. Develop a good working relationship through frequent contact with the IIAR’s

Executive Director, Officers, Board of Directors and various committee members pertaining to RETA’s common goals.

2. Maintain a meaningful dialogue and a willingness to develop educational programs on a joint venture basis.

3. Represent RETA for various joint projects and at the direction of RETA’s president, attend various meetings.

RSES

A. Purpose

1. To assist both organizations in maintaining a fluid conduit to pursue independent goals, enhance common goals and develop future goals. RETA is primarily industrial refrigeration oriented while RSES is primarily residential and commercial refrigeration service oriented. (Both organizations and pursuing certification programs).

B. Responsibilities

1. Try to develop a network, which allows the local organizations to communicate about future conventions, regional seminars and local meetings. Short-term goals encourage RSES to assign a RETA liaison.

2. Complete any specific requirement as directed by the national Board.

Date Last Reviewed: 10-01-07 Section 1400 – Industry Relations Policy

Page 1400 - 1


Revised:

Page 193



Revision 0



Page 194

1500 - LOGO POLICY

A. Purpose To promote the RETA logo, all members are encouraged to add the logo to their business cards and stationary.

From the RETA Website: The RETA Member Logo

Your Symbol of Top Quality

To download a copy of the logo simply right click on the logo image above and then choose "Save". Before downloading the RETA logo, please read and abide by the following logo guidelines.

It’s time for RETA members to take their rightful place in the marketplace: at the top. When people see the RETA logo, they should automatically think, "The best there is in the refrigeration industry."

Before this can happen, the RETA logo has to be constantly and accurately displayed. The public has to be made aware of our Association by your use of the logo. Proudly display the "RETA" logo on your business cards, brochures, Yellow Page ads, Web sites, magazine ads, catalogs and more. When your customers ask what the logo means, tell them about your professional association—with knowledge and pride!

Only by consistently using the appropriate logo in all of your promotional materials will consumer awareness move forward. With your help, eventually RETA will be instantly identified as the leading source for awards and recognition needs. And, you’ll benefit, too, by being known by the quality company that you keep.

Do . . . Do Not . . .

Keep reasonably clear space around the logo.

Do not skew, italicize or otherwise alter the logo’s proportion or appearance.

Use the logo without embellishments, alterations or additions.

Do not print the logo on a patterned background or with other wording or graphic in close proximity.

Logos must stand alone, not in conjunction with slogans, messages or overlapping graphics.

Do not use the logo within the text of an article, message or ad.

Date Last Reviewed: 10-01-07 Section 1500 – Logo Policy

Page 1500 - 1


Revised:

Page 195



Revision 0



Date Last Reviewed: 10-01-07 Section 1600 – Long Range Planning Policy Revised:

Developed: 09-21-2007 Approved: 10-01-2007 Page 1600 - 1

Page 196

1600 - LONG RANGE PLANNING

A. Purpose

The Long Range Planning Committee was formed to take a fresh long-range look at RETA as an organization. In April of 1991, the RETA Board recognized that we were entertaining tough economic times and if RETA continued business as usual, the organization would be subject to the same cutbacks and failures that would face other trade associations and business in general. The committee was formed to evaluate the strengths and weaknesses of RETA and develop a well thought out long range plan with realistic, down-to-earth implementations by the association’s staff and volunteer time which would assure the success of RETA and implement the developed “Mission Statement”.

Mission Statement

TO ENHANCE THE PROFESSIONAL DEVELOPMENT OF INDUSTRIAL REFRIGERATION OPERATING AND TECHNICAL

ENGINEERS

B. Responsibilities 1. The responsibility of the Chair of the committee is to continuously ask the committee

to determine the following:

Where are we?

Where do we want to be?

How are we going to get there? 2. The determinations agree to be implemented throughout the following parts of the

plan:

Mission Statement – The reason the organization exists.

Key Assumptions – Forces outside the organization over which we have no control, but which will affect it positively or negatively.

Situation Analysis – An analysis of the organization’s strengths, weaknesses and problems as they currently appear, plus existing perceptions of the organization by its members.

Five Year Goals – Specific goals as an organization, reachable within five years.

Annual Objectives – Priority areas of accomplishment reviewed and set annually, measurable and quantifiable – the “how to” of goal setting. Examples are projects and activities, organization and structure changes, leadership training and identification, financial planning and organizational growth.

3. The listed characteristics of the plan are to be maintained. The committee is to note that if a long-range plan is to be successful, it is absolutely essential that it have all of the following characteristics:

Volunteer developed is absolutely key that it be the product of the association leaders and members, ensuring “their” ownership of it – not developed and handed to them by an outside consultant or the association staff.

Commitment of each level of the organization at each stage of its development, from the LRP Committee down through the Board and the membership.

Date Last Reviewed: 10-01-07 Section 1600 – Long Range Planning Policy Revised:


Page 197

A “real plan” that is member developed, used for annual planning, as a benchmark for suggested new directions or programs, and continually updated and revised.

Not a “window-dressing plan” developed because it’s the thing to do and an outside source was hired to prepare one.

Team implemented by officers, LRP Committee, Board, staff, committees and

members.

Basis for annual objectives as the five-year goals are broken down into a series of manageable annual “chunks”.

Carried on through Committee changes through written job descriptions to carry out annual objectives.

Time frame of approximately two years to complete the Plan if it is to be taken seriously and not viewed as just going through the motions.

Revised: 08-27-2011


Page 198

1700 - MARKETING

A. Purpose 1. To serve the publications, conference and membership committees, adopting

agendas from them and promoting their programs. The overall goal would be to increase membership and revenues. The Marketing Committee would promote such programs to two tiers of target groups: internal target group consisting of individual chapter members, members at large, and industrial members; then external target group consisting of international members, emergency response community members, trade schools and colleges, and finally associated groups (IIAR, IARW, ASHRAE, etc.)

B. Responsibilities

1. Work with staff to develop drafts of promotional material for review by the Publication/Membership/Conference Committees and the Board.

2. Budget production and distribution of promotional materials for review by the Board. 3. Coordinate with staff to distribute such materials.

C. Committee Make Up

1. The Marketing Committee members are volunteers from the general membership and assigned staff members.

2. The Chairpersons of these working committees are compulsory members of the Marketing Committee:

Membership

Conference

Education

Certification

Publications

Date Last Reviewed: 10-01-07 Developed: 09-2-2007 Section 1700 –Marketing Policy Page 1700 - 1 Approved: 10-01-2007

Page 199



Revision 0



Date Last Reviewed: 08-25-2015 Section 1800 – Membership Policy Revised: 08-25-2015


Page 200

1800 - MEMBERSHIP

A. Introduction

RETA headquarters sends invoice dues directly to all individual and corporate members on an anniversary basis.

If membership has expired for more than three months or an individual has cancelled membership, he/she must pay the processing fee.

TRANSFER OF CORPORATE MEMBERSHIP. Corporate members may assign a person to fill the remainder of an employer’s membership period.

No transfer of individual membership is permitted. B. Classes Membership fo the Association shall be composed of four (4) classes: Student,

Individual, Corporate and Honorary. 1. Student: An person who qualifies for student membership must be registered as a full-time

student at an accredited university, junior college or professional trade school and pursuing study in preparation for a career in the refrigeration industry. Short-term enrollment in such a program does not qualify for the student classification.

2. Individual: An individual member is a person who is involved in operating, maintenance, design, construction, educating/teaching and/or manufacture of components for industrial refrigeration systems. Individual members may join any RETA chapter regardless of whether they live in the state where that chapter is organized.

3. Corporate: Membership is open to all companies engaged in educating, selling, distributing, consulting, jobbing, contracting, installing, servicing, manufacturing and operating in the industrial refrigeration industry.

Corporate additional (persons other than the primary contact) do not have to be members of the same chapter as the corporate membership.

Corporate additional may have people distributed throughout the United States.

The contact name is one of the five additional in a corporate membership. The contact is the representative and must have a company address listed under his/her name. Changes can be made to the contact information during the year.

Changes can be made to corporate membership throughout the year, including adding names to open vacancies. Corporate membership allows up to five members.

4. Honorary: Membership shall be restricted to otherwise qualified persons rending such an eminent service to the profession or the Association on a national level to merit this distinction. The Governing Board shall appoint honorary membership.

C. Classification

1. Chapter Affiliation: All members are encouraged to join a chapter. Chapter members are eligible to participate in all chapter activities and to serve in board positions for their chapters. RETA staff may assign a member to a chapter that is within a 2.5 hour drive if the member does not select a chapter.

2. Member at Large: This category is restricted to members who are unable to participate in chapter activities because a charter chapter is not established in their geographic location.



Page 201

D. RETA Code of Conduct

The RETA Code of Conduct sets the professional standards required of all RETA members and certificate holders. RETA certification and membership affirms your agreement to abide by these standards to advance the integrity, honor and prestige of all persons and organizations in the refrigeration industry. By signing the RETA Code of Conduct you agree to strive to meet the following professional standards of behavior: 1. I recognize the urgency of protecting the health and safety of all personnel in refrigeration

facilities and the public and agree to safely handle and operate refrigeration equipment and supplies at my level of knowledge, skill and experience.

2. I accept responsibility for assuring that those persons for whom I am responsible will be qualified by training, education and experience to operate the specific equipment in the refrigeration facility at which I am employed.

3. I will promote training and education of those refrigeration personnel with whom I come in contact to assure that they are qualified to maintain and improve the safety and energy-efficient operation of refrigeration facilities for which they have any responsibility.

4. I accept responsibility for my own continued professional development as well as that of those I supervise and will participate in appropriate certification and training activities to acquire, demonstrate and maintain competence in the refrigeration industry.

5. I will comply with all laws, rules and regulations that apply to safe operation of refrigeration facilities.

6. I will act responsibly and with integrity in all refrigeration industry and RETA activities by adhering to high standards of professional conduct to protect the health and safety of employees, employers, the public and all others affected by refrigeration facilities and practices.

7. I will avoid conduct or practices that could discredit the refrigeration industry like deceiving or harming employees, employers or the public.

8. I will provide accurate and truthful information related to all aspects of my RETA membership, certification and refrigeration training and experience.

9. I will follow all requirements established by RETA regarding references to my RETA certification and membership when describing my qualifications, training and experience in the refrigeration industry.

10. I will cooperate with RETA in any investigation of test security, validity, conflicts of interest or possible violations of the RETA Code of Conduct that warrants my participation.

11. I will maintain open and constructive relationships with those governmental and regulatory authorities relevant to the refrigeration industry with the intent of fostering an atmosphere of mutual trust and respect on behalf of myself and those for whom I am professionally responsible.

12. I will refuse to engage in any behavior that could be perceived as a threat to the health and safety at refrigeration facilities, of other employees and the public. This includes but is not limited to problems with chemical dependency, substance abuse, verbal threats or physical violence that could adversely affect the safety of refrigeration facilities.

13. I will support RETA local chapters to advance local influence and adherence to the RETA Code of Conduct.

14. I agree to inform RETA without delay of any changes that restrict my capacity to perform competently, safely and effectively without endangering the welfare of myself or others if I can no longer fulfill my obligations as a RETA-credentialed professional



Page 202

E. Adhering to the RETA Code of Conduct

All activities of the Refrigerating Engineers and Technicians Association (RETA) shall be conducted with policies and procedures consistent with RETA Bylaws and the RETA Code of Conduct. The RETA Code of Conduct shall apply to all RETA members, directors, officers, staff, task force members, certification candidates, certificate holders, employees and consultants. The RETA Code of Conduct is intended to maintain the confidence and respect of industry employers and their employees. It also is intended to protect the public’s health and safety as well as every person in a position of responsibility in the refrigeration industry.

F. Leadership Requirements of RETA Directors, Staff, Volunteers and Consultants

In addition to demonstrating their commitment to the RETA Code of conduct, RETA directors, staff, volunteers, and consultants have a special responsibility to provide leadership consistent with the highest standards of integrity in all REA business and activities. These duties include: 1. Promote the interests of RETA members, volunteers, certificate holders, employees and

employers. 2. Seek, listen respectfully and respond to the concerns of all parties involved in or affected by

the refrigeration industry. 3. Protect confidential information from unauthorized disclosure or misuse in all investigations of

suspected violations of the RETA Code of Conduct. 4. Conduct their professional relations by the highest standards of integrity and refuse to

participate in illegal or unethical conduct. 5. Handle all actual and apparent conflicts of interest with diligent adherence to the highest

standards of conduct. 6. Listen respectfully and respond to the views and concerns of all members of the refrigeration

industry. G. Filing Charges of Suspected Violations of the RETA Code of Conduct

Any individual with evidence that a person who is subject to the RETA Code of Conduct has violated one or more provisions of the Code of Conduct should submit a written report of the suspected violation(s) to the Executive Director of RETA. Rules for conducting an investigation and all related hearings and appeals are documented in this section of the RETA Policies and Procedures Manual. Disciplinary actions may include but are not limited to the following sanctions for violations of the RETA Code of Conduct. 1. Terminate or suspend a candidate’s eligibility for certification. 2. Suspend, refuse to recertify or revoke RETA certification. 3. Suspend or terminate RETA membership, leadership position, status as an approved

instructor or other affiliation with RETA.



Page 203

H. RETA Disciplinary Policy and Procedures

1. Grounds for Disciplinary Action a. Engage in fraud, misrepresentation, deception, misuse of RETA funds, or concealment

of a material fact in connection with obtaining or renewing RETA certification or membership on one’s own behalf or that of another person.

b. Engage in illegal, unethical or unprofessional practices that undermine the integrity of RETA and its members.

c. Engage in practices that endanger the health and safety of refrigeration employees, facilities or the public due to lack of knowledge, ability or judgment to apply safe practices in the operation of industrial refrigeration systems.

d. Fail to cooperate with REA in investigations of possible disciplinary action under the RETA Code of Conduct.

2. Initial Investigation and Action a. Upon receipt of information indicating that a person may be subject to discipline for

violations of the RETA Code of Conduct, a Disciplinary Review Panel (DRP) consisting of the RETA Board Chairman and two other RETA Board members appointed by the Board Chairman shall begin an investigation. Those appointed shall not have any prior involvement in the case, nor shall they have any personal or professional conflicts of interest with regard to the subject. Within 10 business days after receipt of a claimed violation, the Executive Director shall prepare and send a letter to the subject of the inquiry on behalf of the DRP requesting his/her response to the allegations.

b. The DRP shall review the evidence and recommend whether the RETA Executive Committee (ExComm) should refer the matter for further investigation or dismiss the complaint due to insufficient evidence.

c. If the matter is referred for a hearing, the Executive Director shall send the subject a letter that sets forth the alleged facts and grounds for discipline under the RETA Code of Conduct. The letter will include a copy of the complaint, including all supporting documentation and evidence as reviewed by the DRP, a copy of the RETA Disciplinary Policy and Procedures, and a request for a written response. The letter shall inform the subject of his/her right to respond and request a hearing within 30 days after receiving the letter. If no hearing is requested, ExComm will review the DRP recommendations and determine what actions to take within 45 days after the DRP reports its findings. The DRP is not required to conduct a hearing but may do so at its discretion. The Executive Director will inform the subject of ExComm’s decision within 30 days after the decision is made.

3. Hearing a. If a subject requests a hearing, the Executive Director shall arrange a meeting of the

DRP and send a hearing notice to the subject at least 21 calendar days in advance of the hearing. The notice shall state the time and place of the hearing, which may be conducted by teleconference at the discretion of the DRP.

b. The subject may be represented at the hearing by legal counsel. The subject shall be solely responsible for his or her own expenses related to the hearing.

c. All documents properly submitted shall be made a part of the record of the hearing. The DRP may consider any other evidence which it deems appropriate and relevant.



Page 204

d. The hearing procedure shall be as follows. 1. An opening statement is made by the Board Chairman citing the appeal panel’s

authority to hear the case, explaining the reason for the hearing, and introducing all persons present. The Chairman presides during the hearing.

2. The complaint and response are read into the record, provided that with the approval of the parties, this reading may be waived and those documents made part of the record.

3. The complainant is called up to state his or her case and present any witnesses that he or she may desire.

4. Members of the DRP and RETA level counsel shall have the opportunity to question the complainant and his or her witnesses.

5. The respondent is called upon to state his or her case and present any witnesses that he or she may desire.

6. Members of the DRP and RETA level counsel shall of the opportunity to question the respondent and his or her witnesses.

7. The complainant may question the respondent and his or her witnesses. 8. Both parties are asked if they wish to make any final statements or rebuttals that

they consider necessary to complete the record. The complainant makes the opening summary and the respondent makes the closing summary.

9. Members of the DRP and RETA legal counsel shall have a final opportunity to question the parties and to call additional witnesses or request additional information they deem necessary or appropriate for a full hearing of the case.

10. The Chairman shall adjourn the hearing, dismisses the parties and recess the DRP meeting.

11. The Chairman shall convene the DRP in executive session\, which may include RETA legal counsel, designated staff and any other persons the DRP or Chairman believes should be included in the session.

12. The Chairman shall permit each member of the DRP and all other authorized participants to express their views of the case.

13. The DRP may waive or modify the procedural requirements as it deems necessary or appropriate.

e. The DRP may recommend disciplinary action only when there is clear and convincing evidence of grounds for such action for violation of the RETA Code of Conduct.

f. The DRP shall render its decision by majority vote and shall issue a written opinion within 30 calendar days after the hearing. The opinion shall describe its findings of fact and any disciplinary action recommended to ExComm.

g. ExComm will review the DRP recommendation and determine what action to take within 45 calendar days after the DRP reports its findings to ExComm.

e. The Executive Director shall inform the subject of the ExComm decision within 30 calendar days after the decision is made.



Page 205

4. Appeals

1. A subject must request an appeal in writing within 30 calendar days after RETA sends notice of the ExComm decision. The request must state the reason for the appeal along with any newly discovered facts, information or evidence. If no appeal is made the matter is considered final at the end of the eligible appeal period.

2. If an appeal is requested the RETA Executive Director shall appoint three Board members to serve as the Appeal Panel. Those appointed shall not have any prior involvement in the case, nor shall they have any personal or professional conflicts of interest with regard to the subject.

3. The Executive Director will send a letter acknowledging receipt of the appeal within 14 calendar days. The letter will explain RETA’s appeals review process.

4. The appeal normally shall be heard within 60 calendar days of the appeal request. Notice of the hearing date, time and place shall be given to the appellant and appellee at least 21 calendar days prior to the date of the hearing. The appeal hearing is not a rehearing of the facts and only evidence newly discovered or otherwise not presented at the initial DRP hearing may be introduced. If any such evidence is allowed, the other party must have had ample opportunity to be aware of that testimony prior to the hearing. The appellant has the burden of showing good cause as to why the DRP recommendation should be modified or dismissed.

5. The Appeal Panel will recommend a final decision to the RETA Board within 90 calendar days of the appeal request.

6. The RETA Board will make a decision within 45 calendar days after the Appeal Panel makes its recommendation.

7. The Executive Director will send the subject a final written opinion within 30 calendar days after the RETA’s Board’s decision. The matter is considered final upon issuance of the Executive Director’s letter.

4. Sanctions Violations may result in one or more the following sanctions. 1. Revocation or permanent loss of RETA certification or membership. 2. Suspension or the loss of certification or membership for a specified period after which

the individual may apply for reinstatement. 3. Probation during which continued certification is subject to fulfillment of specified

conditions such as reexamination, educational requirements, monitoring, supervision and/or other appropriate conditions.

4. Censure or a formal expression of disapproval that is publicly announced. 5. Reprimand or a formal expression of disapproval addressed to the individual that is not

publically announced. 6. Ineligibility for certification or membership, either indefinitely or for a specified period.



Page 206

I. Reinstatement

A person who has been disciplined by RETA may request reinstatement in a written request to the Board of Directors that sets forth the grounds he/she believes justifies reinstatement. The RETA Board may request additional information and documentation concerning the grounds for reinstatement. If the individual’s request for reinstatement is granted, the individual shall apply as a first-time applicant.

J. Settlement Informal dispositions may be made of any uncontested case by settlement or by another method agreed upon to the subject and the RETA Board without prejudice to RETA’s ability to institute disciplinary proceedings based upon the same or related material if circumstances so warrant.

K. Notification All notifications referred to in these procedures shall be in writing and shall be certified, return receipt mail or commercial delivery service that tracks and confirms delivery.

L. Documentation RETA shall make available to the public, employers and its members by electronic or print means lists with appropriate definitions and explanations of the following groups of individuals. Each list must specify the period of time during which each individual’s RETA certification was current. 1. Persons holding current RETA certificates 2. Persons currently under RETA Sanction 3. Persons whose RETA certifications are no longer current

Page 207

1900 - Membership List Sales Policy

A. General Policies

RETA will not sell membership lists or labels.

Date Last Reviewed: 10-01-07 Section 1900 – Membership List Sales Policy

Page 1900 - 1


Revised:

Page 208



Revision 0



Date Last Reviewed: 10-01-07 Section 2000 – Nominating Policy Revised: 08-27-2011



Page 209

Page 2000 - 1

2000 - NOMINATING

A. Purpose The committee shall solicit individuals who are willing and able to serve as officers and directors on the National Board of RETA.

B. Responsibilities

1. The Nominating Committee Chair is the immediate Past-President and continues to stay in touch with RETA, attends the National conferences and is aware of the “pulse” of RETA on a current basis. The Chair appoints two people to help him serve on the committee. These people are not “Co-Chair”, but rather committee members. Typically, but not necessarily, these people are also past National Presidents who are in current touch with RETA.

2. Nominations normally involve only the Vice President, as well as the required incoming Directors, depending upon the number of Directors vacating their seats on the Board that year.

3. Before placing the names of nominees for office in formal nominations, a recommendation from the current president may be considered. Further, a geographical balance should be considered so that one area of the country, or one RETA chapter, does not dominate the executive chairs, or the director chairs, and all of the association membership is represented.

4. In all cases, and particularly with the Vice President, a personal discussion must be held between the potential nominee and the Chair of the Nominating Committee. The purpose is to establish that person’s willingness to serve in the position being recommended, as well as his ability to serve taking into account the time required, expenses and travel

5. Prior to public announcement of the Nominating Committee’s slate of nominees, discussions regarding potential nominees and the final list of nominees shall be kept confidential and restricted to the Nominating Committee, current President, and Chair of the Board.

6. The Nominating Committee Chair, at a business meeting of the National Conference, submits nominations directly to the association membership. By parliamentary procedure a call for “nominations from the floor” is required before nominations are closed. Historically, the Nominating Committee Chair offers only one name for each office, selecting the best qualified for the office. However, “nominations from the floor” may create more than one nominee for an office, which is acceptable.

C. Selection Procedure

1. It is the purpose of the guidelines to guide the Nominating Committee through their selections of new national officers and directors. RETA is seeking the best individuals available who will commit to keep RETA strong in membership, financially healthy and who will keep the education of industrial refrigeration operators as their driving force.




Page 210

Page 2000 - 2

2. The Nominating Committee will strive to keep a balance of representation and

leadership on the Board. This is to say that a fair number of Board members should have background and experience in the operational and service end of the industry (as opposed to having, for example, only engineers and salesmen on the Board who have only been engineers and salesmen). It is not the purpose of these guidelines to “absolutely dictate” to the Nominating Committee who they can nominate. RETA is a national organization, and we should keep this in mind with our selections. It is in RETA’s best interest to spread the leadership around the country, and to have a diversity of individuals and companies represented on the national Board.

3. A call for nominations will be mailed out to the entire membership to give equal

opportunity to everyone in the organization. This is published as a public announcement in the spring RETA Breeze.

4. The Nominating Committee reviews the written submissions from the candidates.

These written submissions are for individuals who will be selected as new directors for three-year terms.

5. The Nominating Committee begins selecting the candidates based on the

Selection Guidelines. The appropriate number of candidates will be selected to fill the vacancies that will be created by outgoing board members.

6. The Executive Director contacts each candidate and provides them with the

“scope of obligations and responsibilities”.

7. The Executive Director receives the final commitment from each candidate.

D. National Officer Guidelines 1. To be nominated for an officer position, the individual should have served as a

director on the national Board for at least three years.

2. The newest officer, who will usually be the incoming Vice President, should not be an employee of the same company as any of the present national officers. There are a few solid reasons for this. RETA does not want to overburden any single company with the financial and time requirements that are involved in proper Board participation. RETA should spread the participation in this organization around and not give the perception that any one company is dominating RETA.

3. The new nominee should have leadership skills.

4. The new nominee should have shown interest in moving upward through the

officer positions to the presidency.




Page 211

Page 2000 - 3

5. Consideration should be given to the geographical location or region of the country

that the nominee is from, compared to his two immediate predecessors. RETA should try to spread the leadership of the organization around the country, and not overload (or exclude) any particular region.

E. National Director Guidelines

1. The nominee must be associated with the industrial refrigeration industry. 2. The nominee must have submitted a written response to the call for nominations

that RETA headquarters sends out in the spring issue of RETA Breeze. 3. The nominee should have his or her company’s support and backing. 4. The nominee must be able to serve a three-year term. 5. The nominee must be a member of RETA. 6. The nominee will have shown a keen interest in the organization, and has

preferably participated as an officer on the chapter level.

F. Duties of RETA National Officers and Directors 1. Introduction

RETA is classified as a 501(c)(6) organization, which is led by volunteers. RETA’s mission statement TO ENHANCE THE PROFESSIONAL DEVELOPMENT OF INDUSTRIAL REFRIGERATION OPERATING AND TECHNICAL ENGINEERS. The driving force of the organization is primarily to continue to educate the operators and technicians in the industrial refrigeration field. A secondary purpose is to continue to educate and inform the industrial refrigeration industry in general regarding all aspects of education, safety, training, etc.

2. Scope of Obligations and Responsibilities for National Officers and Directors RETA does not subsidize any travel or expenses related to attending Board meetings. The national Board of RETA meets twice per year. Once at the national conference in the fall and once at a mid-year Board meeting in the spring. All national officers and directors are expected to attend Board meetings. All national officers and directors are expected to continue to show interest and dedication to the organization throughout their terms.

It is our sincere hope that the employers of our national officers and directors will support their employees with the resources to perform their duties. These resources fall under three general categories. They are money, time and utilities. Financial support will come in the form of paying for the travel, lodging, meals, etc. to attend Board meetings. Time will be spent on Board meetings, travel on the telephone. Estimated average time may be from 30 minutes to four hours per week.

Board members may be asked at some point to chair one of RETA’s many committees or at least to assist a committee Chair.

National directors serve three-year terms




Page 212

Page 2000 - 4

National officers will advance through the chairs annually. The yearly terms in order are:

-First year Vice President -Second year: Treasurer -Third year: Executive Vice President -Fourth year: President -Fifth year: Chair of the Board

Note: There is one national officer position not listed above which is the Executive Director. The Executive Director is from RETA’s association headquarters.

For these reasons, becoming a national officer should be considered a five- year term. Each chair or officer position also has specific duties attached to it.

Section 2100 – Document Control Policy Page 2100 - 1 Developed: 02-15-2015

Last Approved: 02-19-2015 Revision 0


© 2015 Refrigerating Engineers & Technicians Association Approved by Certification Committee

Page 213

2100 – DOCUMENT CONTROL POLICY

A. Scope and Purpose The Refrigerating Engineers & Technicians Association manages and maintains control of many forms and documents in its Management System. This policy specifies how these documents are created, reviewed, approved, revised, reapproved, and distributed. It also specifies RETA policies for document and records retention and disposal.

B. RETA Document Control Footer The footer for each RETA document serves as the Document Control Record and appears at the bottom of each page. The sample below uses the footer at the bottom of each page of this document.

Sample Document Control Footer

Section 2100 – Document Control Policy Page 2100. - 1 Developed: 02-15-2015

Revision 0 © 2015 Refrigerating Engineers & Technicians Association Last Approved: 02-19-2015 Last Reviewed: 02-15-2015 Approved by Certification Committee

Elements in the RETA Document Control Footer Item Label Description of Item Content in Sample Footer

Name Document name Section 2100—RETA Document Control Policy

Developed Date document was created 02-15-2015

Revision Revision number since original 0

Last Reviewed Date of most recent review 02-15-2015

Page Page number or identifier Page 2100-1 to 2100-5

Last Approved

Date most recently approved 02-19-2015

©RETA RETA copyright Refrigerating Engineers & Technicians Association

Revision Revision number since original 03

Approved by Who approved document (may be RETA staff member, consultant, committee or Board)

Certification Committee

As documents are updated, the previous generation of the document is stored in the

associated ‘archive’ folder in RETA archives. These document control records and

footers have been maintained in all RETA policy, forms and records since 2007.

Page 2100 - 2

Page 214

Section 2100 – Document Control Policy Revision 1 Last Reviewed: 02-15-2015




Approved by Certification Committee

A. Master Files for RETA Document and Forms Document Control Master Files are maintained in Microsoft Word. These are accessible only to approved staff and consultants. This is to facilitate editing and revisions as needed to keep these documents and forms up to date. Only persons authorized in this policy should have access to these Document Control Master Files.

B. Current Versions of RETA Documents and Forms

The current version of each RETA document and form is maintained as a PDF to facilitate access to all staff, consultants, board members and other interested parties. PDFs of each RETA document and form should never be edited or revised by any person not authorized in this policy.

C. Distribution of RETA Documents and Forms

Only the PDF or a comparable version of each RETA policy, form or record should be circulated outside RETA staff and consultants with the authority to revise them. All RETA staff, Board members, Committee members and consultants should refer to the Current Document Files whenever a copy of a RETA policy, form or other record is needed.

D. Authority to Create and Revise RETA Documents and Forms

Only the RETA Executive Director, Certification Manager and Consulting Psychometrician may create or revise certification-related forms and documents. Other RETA staff may draft or propose revisions in forms and documents at the direction of the Executive Director.

E. Authority to Approve RETA Documents and Forms

The Certification Committee (CertComm) must approve all certification-related RETA forms and documents and substantive revisions to those master forms. Corrections and amendments that do not involve changes in RETA policy may be made with the approval of the Executive Director without further review by CertComm. Such corrections and amendments may involve changes in location or contact information, format and detailed questions that are consistent with the original intent and purpose of the document or form as approved by CertComm. Documents and forms unrelated to certification require approval of the Executive Director. Such forms and revisions to them may be submitted to the RETA Board for approval at the discretion of the Executive Director.

Section 2100 – Record Retention Policy Revision 1 Last Reviewed: 02-15-2015

Developed: 02-15-2015 Last Approved: 02-19-2015 Approved by Certification Committee

Page 2100 - 3

Page 215


C. List of RETA Documents, Forms and Records Subject to This Policy The list that follows specifies the RETA documents, forms and records that will be maintained in the Master Files and as PDFs (or comparable formats) for each section of the RETA Policy and Procedures Manual. Corrections and adjustments in these documents, forms and records can be approved by the Executive Director if they do not involve a change in the intent or purpose of the RETA policy that uses it.

Section 200 Review of Executive Director Performance

Section 400 21st Century Club Nomination Form Section

500 Certification Primary and Temporary RETA Network Test Center Agreements RETA Network Test Center Operations Manual RETA Network Test Center Proctor Guide Temporary RETA Network Test Center Fees Certification Committee Handbook Certification Committee Test Security and Nondisclosure Form Shadow Candidate Test Security and Nondisclosure Form Shadow Candidate Report CARO/CIRO Candidate Application and Handbook CRES Candidate Application and Handbook RAI Candidate Application and Handbook

Section 700 Conflict of Interest

RETA Conflict of Interest Disclosure Form



Page 2100 - 4

Page 216


A. Document and Records Retention and Disposal The list that follows specifies the retention period for RETA documents, forms and records related to accounting, corporate records, insurance, legal matters, membership, educational certificates, certification, personnel, real estate, taxes, general business documents, committee documents and reports, journals and RETA publications, and Continuing Education Units (CEUs) and Professional Development Hours (PDHs). This Records Control Policy and its companion document, the RETA Document Control Record, are designed to protect the confidentiality and security of all RETA records related to credentialing, finance and program operations. Any personal or financial information in these records must be treated as strictly confidential. At the discretion of the Executive Director, RETA may archive or dispose of records and documents that are beyond the specified period.

Type of Record Retention Period

Accounting

Auditors' reports/work papers Permanent Bank deposit slips 3 years

Bank statements, reconciliation’s 7 years Budgets 2 years

Canceled checks, generally 7 years

Cash disbursements journal Permanent

Cash receipts journal Permanent

Depreciation records 3 years

Employee expense reports 3 years

Employee payroll records (W-2, W-4, annual earnings records, etc.) 4 years

Annual financial statements Permanent

Interim/Internal financial statements 3 years

General journal or ledger Permanent Inventory lists 3 years

Invoices 3 years

Payroll journal 4 years

Petty cash vouchers 3 years



Page 2100 - 5

Page 217


Corporate Records

Annual reports Permanent Articles of Incorporation Permanent

Constitution and Bylaws Permanent

Qualifications to do business Permanent

Minutes (Board and Teams with Board authority) Permanent

Minutes (Teams without Board authority) 3-5 years Authorizations and appropriations for expenditures 3 years

Contracts, generally 10 years

Contracts, government 4 years

Contracts, sales (UCC) 4 years

Insurance

Accident reports 6 years Insurance claims 6 years

Insurance policies 6 years

Legal

Claims and litigation files 10 years Copyright, trade name, trademark registration Permanent

Membership Permanent

Educational Certificates Permanent

Certification Permanent

Personnel

Applications 1 year Employee earnings/payroll records 6 years

Employee files 6 years

Employment contracts 10 years

Garnishments 5 years

Medical or exposure to toxic substance records 30 years

Pension, profit sharing plans Permanent

Government Reports 6 years

Employee pension records, including service, eligibility,

personal information, pensions paid 6 years

Time cards/sheets 4 years



Page 2100 - 6

Page 218


Type of Record Retention Period*

Real Estate

Leases 10 years Purchases, including title abstracts, opinions, insurance

policies, sales agreements, mortgages, deeds 20 years after sale

Taxes Income tax returns and canceled checks (federal, state and local) Permanent

Payroll tax returns 4 years

Property tax returns Permanent

Sales and use tax returns 4 years

General Business Records Supporting correspondence and notes re patents, copyrights, For life of principle

licenses, agreements, bills of sale, permits, contracts, document which it

liabilities, etc. supports

Committee

Final reports to Board Permanent Working papers, correspondence related to reports 2 years

Journal

Final editions Permanent Inquiry letters 1 year

Requests for Reprints 1 year

Requests for permission to copy articles 2 years

CEUs (Continuing Education Units)

Evaluations and other related materials 6 years

2200 – ANTI-TRUST POLICY

RETA ANTITRUST LEGAL GUIDELINES

The members of the Refrigerating Engineers and Technicians Association

(“RETA”) compete in the marketplace. U.S. antitrust laws at the federal and state levels

promote competition and prohibit unlawful restraint of trade. These laws are vigorously

enforced to keep companies from engaging in anti-competitive practices. Any discussions

among competitors of prices, terms and conditions of sale, sales warranties, allocation of

markets or customers, production costs and plans could be interpreted as signaling or tacit

agreement leading to collusion. This is serious criminal conduct resulting in fines and jail

sentences and treble damages in civil lawsuits.

RETA strictly adheres to the antitrust laws. Each member and company

representative bears a serious responsibility at all times to comply with the laws, both at

formal meetings and in informal discussions. Think before you speak (or write) – always

consider how your remarks could be interpreted – in and out of context. Avoid creating

or participating in any situation which could be misinterpreted as noncompliance. And

finally, consult legal counsel whenever any uncertainty arises.

GENERAL GUIDELINES FOR ALL ASSOCIATION ACTIVITIES

A. Neither RETA nor any of its committees or activities shall be used for the purpose

of bringing about, or attempting to bring about any understanding or agreement

among the members with regard to prices, terms or conditions of sale, territories,

customers or other aspects of competition.

B. No RETA activity or communication shall include any discussion of pricing

methods, terms or conditions of sale, allocation of territories or customers or other

aspects of competition. An individual member’s future sales plans should not be

revealed nor should they be discussed.

C. No RETA activity or communication shall include any discussion that might be

construed as an attempt to: (i) prevent any business entity from gaining access to

any market or customer for its services, (ii) prevent any business entity from

obtaining services freely in the market through competition.

D. No RETA activity or communication shall include any discussion that might be

construed as an agreement or understanding to refrain from purchasing any

materials, equipment, services, or other supplies from any supplier.

Date Last Reviewed: 10-01-07 Section 2200 – Anti-Trust Policy

Page 2200 - 1



Page 219

Page 220

E. All RETA meetings shall be conducted in accordance with an agenda, and

minutes shall be kept.

F. All RETA members are expected to observe the foregoing rules both at formal

meetings and in informal discussions.

Date Last Reviewed: 10-01-07 2 Validation Initials:

Section 2200 – Anti-Trust Policy Page 2200 - 2

RETA Chapter Policy Revision 3 Last Reviewed: 06-16-2013

Page 2300 - 1 Developed: 03-01-2009 Revised: 06-16-2013


Page 221

2300 - CHAPTERS A. Purpose

1. To guide and assist in the planned development, organization and improvement of RETA Chapters.

B. Responsibilities

1. Chapter officers should a. Conduct regular membership meetings and officer/board meetings. b. Have consistent communication with Chapter members. c. Encourage the enlistment of as many members as possible in the

managing of the Chapter. d. Make use of the Chapter Operation Guidelines provided by RETA HQ

to manage and grow their Chapter.

C. Policy 1. Chapter officers must be RETA members. RETA membership of officers is

required by RETA bylaws so that at least one elected person can fulfill fiduciary responsibility on behalf of the Chapter.

a. When necessary more than one officer role may be fulfilled by a sole individual.

b. The general responsibilities of each officer position are found in the Chapter Operation Guidelines – a supplement to this policy section.

c. Chapter officers must sign a Non-Disclosure Agreement. RETA Chapter officers have access to contact information or other private information about their members. The Non-Disclosure form states that the member contact information provided by RETA HQ and expanded by the Chapter is used solely for the purposes of the Chapter and will not be used to further the marketing efforts of the officers’ business. Contact RETA HQ to receive the current form.

d. All RETA members are required to abide by the RETA Code of Conduct.

2. Chapters are responsible for their own financial activities. a. RETA National will not be financially liable for Chapter obligations.

b. Chapters receive a rebate for each new member, each renewing member, or re-activated member. The income is distributed from the national treasury. Chapters receive $25.00 USD rebate annually for each new member or renewing member.

i. Chapters that receive members who transfer in from an “at-large” classification receive a rebate when written notification from the member is received at RETA HQ that he/she requests to be affiliated with the Chapter. When the person renews his/her membership, the renewal rebate is also accrued to the Chapter.




Page 222

ii. Chapters that receive members that transfer from another Chapter do not receive a rebate for that persons entry into the Chapter if the previous Chapter has already received the rebate for that members’ renewal or initiation. This includes newly established chapters receiving their first rebate funding.

iii. RETA checks are valid for 90 days after issuance. Chapters that allow six (6) months to pass without depositing or processing checks that are distributed to them from Headquarters will forfeit the funds to the National General Fund.

1. Chapter officers will receive notice from Headquarters prior to the sixth month that their checks are at risk of being voided.

2. Chapters that return checks for re-issuance after the void date will pay a service fee of $45 which will be by reduction of the amount of the original check.

c. Chapters are restricted from establishing a dues structure for Chapter members.

d. Chapters may organize and charge for training sessions and seminars to provide income to build the financial strength of the Chapter as they work to meet the RETA Mission Statement.

e. Chapters may establish scholarships to assist in payments of dues or training seminar / conference attendance for its members.

f. Chapters that earn more than $50,000 USD in a year must file their own IRS 990 and State income tax forms. The filing deadline is May 15th each year. Once a Chapter has filed its tax forms independently it must continue to do so.

g. Chapter Financial Reporting To State and Federal Tax Authorities

i. Chapters must file their annual financial activities to the state authority that they are incorporated in. Most states have a tiered system depending on the dollar amount that the receives as income for the year. The complexity of the return depends on which tier the chapter’s income stream aligns to.

ii. Chapters must file their annual financial activity to the Federal IRS annually.

1. The filing date is 4-1/2 months after the close of the organization’s year. May 15th is the filing due date.

2. As of 2010, Chapters with an income stream (not total assets) that exceeds $50,000 must report their financial activity independently to the IRS.




Page 223

3. Chapters with an annual income stream that is less than $50,000 may apply to be included in the RETA National tax return as a dependent entity.

a. Chapter financial information must be included with the group filing to the IRS.

b. The chapter must petition RETA annually to be be included in the group exemption tax return.

4. RETA Headquarters must receive the Chapter’s financial information by January 31st even if the chapter intends to file a tax return independently.

h. Sales of advertisements on Chapter publications, newsletters, websites

i. A 501(c)(6) not-for-profit organization is not immune from paying taxes to the Federal or State government. For example; RETA National sells advertisement in the RETA Breeze and in the Conference program guide. The income from advertising sales is considered “non-business related income” and is taxable income by the IRS and state boards of equalization. Chapters will be accountable in the same way for income derived from these non-business income streams. For example: One enterprising chapter has been publishing a Chapter directory that includes advertising spots throughout the directory. The income from the ad sales pays for the cost of printing this handy directory and the surplus is used in pursuit of other Chapter activities. The membership is given the option to be included or excluded from being listed in the Chapter’s directory. This is a good example of Chapter fund raising and increasing the value of being a Chapter member within their region.

ii. Receiving sponsorship support in dollars or as in-kind services or items is not taxable as it is business related revenue.

1. The difference is this: Advertising space is sold and the purchaser has control of what they wish to promote. Whereas sponsorship recognition is limited to RETA controlled recognition and collateral distribution that provides a benefit to the sponsor while not being deemed non-standard income to the Association.

2. Chapters cannot recognize gifts of money or material from donors as charitable contributions because RETA is not a 501(c)(3) Not-For-Profit organization and is not authorized to accept or acknowledge sponsorships as such.




Page 224

i. Should a Chapter choose to cease operation and close there will be no refunding of member dues to the Chapter members. These Chapter members may request to be transferred to another Chapter or to be classed as “at-large” members.

i. Chapters must petition the National Board of Directors to have their Charter discontinued.

ii. The fund balance of the Chapter checking and / or savings account is transferred to the National treasury General Fund.

j. Chapters that issue PO numbers for coursebook and other items ordered from RETA HQ must pay their bills within 60 days.

i. If aging goes beyond 60 days the Chapter treasurer will be notified by RETA HQ

ii. If aging goes beyond 90 days all the officers of the Chapter will be notified and RETA HQ will begin to hold back Chapter rebate monies until the transaction is cleared or the rebate withholdings meet the obligation.

iii. A $35.00 service charge will be applied to the outstanding debt of the Chapter.

3. Chapters must communicate with the national offices.

a. Chapters are required to have at least one formal meeting each year where elections are held and results of those elections are transmitted to the National office.

i. The names of the elected officers are part of the report.

ii. The financial activity of the Chapter, in summary form (beginning balance, income, expense, ending balance), is part of the report. This qualifies the Chapter to be included in the group exemption filing of the national tax return.

iii. This annual report is due from Chapters on or before January 31st.

1. Chapters that fail to provide their annual report on time will be notified that the report is late by the national office.

2. Chapter rebate checks will be held until the report requirement has been satisfied.

3. If the report requirement has not been satisfied by May 31st the monies being held are forfeited and returned to the national treasury. Forfeited rebate funds will not be available to the Chapter.




Page 225

iv. Chapters shall send a copy, fax or scanned image of their sign-in roster to HQ following each chapter meeting.

b. If two years pass without correct communication from a Chapter, that Chapter’s Charter will be revoked by action of the National Board of Directors.

i. RETA National Board members will be calling on the Chapter leaders in advance of such action to assist in the Chapter’s recovery.

4. Chapters may choose to develop and adopt a Chapter Constitution and By-laws, independent of the national constitution and by-laws, as long as these documents do not conflict with the national governing document.

a. Chapters must submit their Chapter constitution and by-laws to the National Board for recognition.

5. Chapters provide learning experiences and opportunities for their members through regular coursebook study and special topic speakers. This is the root activity to meet the RETA mission statement which is: “to enhance the professional development of industrial refrigeration operating and technical engineers”.

a. Chapters may invite professionals from the industrial / academic community to give instruction and presentation on equipment and services relevant to the Chapter membership (see attachment 2300-3B for guidance).

b. Chapters may reimburse or cover the expenses of the technical speaker if necessary.

c. Chapters should provide a certificate of attendance or participation at Chapter meetings where a technical speaker or study group activity is part of the program. RETA PDH for certified operators are accrued this way. The distribution of a chapter certificate is valuable to the training record of the member and adds value to the Chapter that does so.

d. Chapters are expected to organize coursebook learning sessions where small groups of people assemble to review one or more of the RETA coursebooks or other relative titles that apply.

i. Chapters may collect monies from the participants to cover costs and expenses of the books and study materials provided. A profit to the Chapter is acceptable practice.

ii. Chapters may choose to select from their own ranks a study leader or to hire a professional to lead instruction for the group.




Page 226

1. Chapters may cover expenses and fees of the hired professional instructor.

2. Chapters may negotiate the fees and terms for services from the professional instructor.

3. RETA has Authorized Instructors identified that can be contacted for teaching services. See the “Instructors” link on the RETA website home page.

6. Chapters provide opportunities for fellowship and the building of a sense of community and belonging.

a. Annual golf outings, sports fishing, skeet competition, family picnics, Holiday parties are examples of typical Chapter relation building activities.

7. Chapters have assets to be preserved and protected.

a. The primary asset other than the chapter bank accounts is the private information of the chapter’s members and associates.

b. Chapter officers sign a non-disclosure agreement where they agree that the information they have access to will not be used for personal or professional gain. These officers are trusted with this information for the benefit of the Chapter. Breach of the non-disclosure agreement may lead to the execution of the RETA Code of Conduct policy.

i. RETA does provide a listing of the attendees at the national Conference as a courtesy to the attendees of the Conference. This includes members that are exhibitors and attending sponsors. Registrants are informed of this through the application and registration forms for conference.

1. Chapters may also provide an attendance listing when a regional or special events such as a safety day or seminar has been conducted to the attendees and exhibitors / sponsors as long as participants are notified that this information will be disseminated.

8. Chapter Websites and other electronic communication vehicles

a. See Section 1000 – Electronic Communications

Page 227

Attachment 2A

Sample Chapter Board or General Meeting Minutes

Date: Time: Location:

Names and titles of persons in attendance:

(If this is a general membership meeting, attach chapter meeting sign in sheet)

Committee Reports:

Communications

Education

Public Relations

Finance

Attendance

Old Business:

New Business:

Motions Passed:

Time of adjournment:

Attachment2300 2 Sample Minutes

Revision 1

Page 2300 Attachment 2A - 1 Developed: 03-01-2009 Revised: 02-26-2011

Last Reviewed: 02-26-2011 Approved: 04-30-2011

Attachment2300 2B Chapter Inventory Revision 1


Page 2300 Attachment 2B- 1 Developed: 03-01-2009 Revised: 02-26-2011


Page 228

Attachment 2B

Sample RETA Chapter Inventory List

One – Chapter Charter

One - Compact Overhead Projector (3M).

One - LCD Projection Unit.

One - Projection Screen.

As Required - Laser Pointer

One - Easel.

One - 24" x 36" Mylar Board.

Two - 24" x 36" Easel Pads.

One - Package of blank transparencies (do not run through copier).

One - Package of transparency frames.

One - Package of erasable markers.

One - Eraser.

Transferred From:

Transferred To: Date of transfer:

Attachment2300 3C General Guidance to Chapters Revision 00


Page 2300 – 3A-1 Developed: 02-26-2011 Revised: no revisions


Page 229

Attachment 3A - General Guidance to Chapters

1. Chapters have assets to be preserved and protected.

a. The primary asset other than the chapter bank accounts is the private

information of the chapter’s members and associates.

b. Chapter officers sign a non-disclose agreement where they agree that

the information they have access to will not be used for personal or

professional gain. These officers are trusted with this information for

the benefit of the chapter. Breach of the non- disclose agreement may

lead to the execution of the RETA Code of Conduct policy. See

Section C – previous in this policy.

c. RETA does provide a listing of the attendees at the National

Conference to the attendees of the conference. This includes

members that are exhibitors and attending sponsors.

i. Chapters may also provide an attendance listing when a

regional or special event such as a safety day or seminar has

been conducted to the attendees and exhibitors / sponsors.

1. Regular chapter meetings is not included in this

policy statement so replying “sorry, we can’t give you

our full chapter roster” to a meeting speaker or any

other person is the appropriate response.

2. Many chapter members value their privacy. Being

contacted by a sales person who finds their name on

a roster is often met with irritation. Encourage the

members in attendance to be sure to provide their

contact information to the presenter for a follow up

contact outside of the activities of the chapter

meeting.

Attachment2300 3C Sample Speaker Confirmation Letter Revision 01


Page 2300 – 3C-1 Developed: 02-26-2011 Revised: no revisions


Page 230

Attachment 3C Speaker Confirmation Sample Letter

Chapter Name Address

City, State Zip Date <<name>> <<company name>> <<address>> << city, state, zip>> Dear <<name>>: Thank you for agreeing to speak at our <<Chapter Name>> RETA meeting. Dinner will start at <<time>>. We will have a brief business meeting before you begin your talk at xx:xx PM. The meeting is at <<Location>>, <<Location address>>. If you need any speaking aids (i.e. overhead projection, mylar board, etc), please call me at <<phone number>>. The primary goal of RETA is to educate our members to be better industrial refrigeration operators and technicians. We are confident that you will meet this goal while keeping the talk non-commercial with respect to specific manufactured products. Our aim for presenters is for them to teach, not to sell. We find that when effective learning takes place, other opportunities open for the teacher. When a person presents with intent to sell, the experience does not go so well for all. I look forward to seeing you on <<day>>, <<date>>. Sincerely, 1st Vice-President Chapter Name

Attachment 2300 3D Sample Speaker Thank You Letter Revision 1


Page 2300-3D - 1 Developed: 03-01-2009 Revised: 03-06-2011


Page 231

Attachment 3D

Sample Speaker Thank You Letter

Chapter Name Address

City, State Zip

Date

<<name>> <<company name>> <<address>> << city, state, zip>>

Dear <<name>>:

On behalf of the <<Chapter name>> RETA Chapter, I thank you for speaking to our group on the issue of <<presentation topic>>.

<<compliment on the high point(s) of the presentation – tell the presenter what was the “take home” item of the talk.>>

Again, we appreciate your time and effort. You are welcome to attend our future meetings.

Sincerely,

President <<Chapter name>> Chapter RETA

Attachment 2300 3E Chapter Meeting Schedule Revision 1


Page 2300-3E - 1 Developed: 03-01-2009 Revised: 03-06-2011


Page 232

Attachment 3E

Sample Meeting Schedule

Chapter Name:

January - Technical Topic Presenter

February - Technical Topic

Presenter

March - Technical Topic Presenter

April - Technical Topic

Presenter

May - Technical Topic Presenter

June - Technical Topic

Presenter

Golf Tournament / Fishing Outing / Family Picnic / Fellowship Event

July - Technical Topic Presenter

August - Technical Topic

Presenter

September - Technical Topic Presenter

October - Technical Topic Presenter

November - National Convention - No Local Meeting

December - Holiday Party

Attachment 2300 3F Sample Chapter Meeting Announcement Revision 1


Page 2300-3F - 1 Developed: 03-01-2009 Revised: 03-06-2011


Page 233

Attachment 3F

Sample Meeting Announcement

CHAPTER NAME:

PLACE: <<Location>> <<Location Address>>

DATE: <<day>>, <<date>>, <<time>>

OFFICERS MEETING: <<Time>>

DINNER AT: <<time>>

<<what we are having>>

COST: <<cost>>/PERSON

BUSINESS MEETING: <<Time>>

SPEAKER: <<Time>>

<<Technical Topic>> <<Presenter(s)>>

<<short description of the presentation purpose / importance>>

.

One (1) Professional Development Hour toward RETA Certification renewal is awarded for attendance at this meeting.

Attachment 2300 4A Sample Member Tracking Form Revision 0


Page 2300-4A - 1 Developed: 03-01-2009 Revised: 03-06-2011


Page 234

Attachment 4A

Sample New Member Tracking Form

Name:

Company:

Address:

City: State: Zip:

Phone:

Level:

Date Received Application:

Initiation Fees & Dues:

Follow-up: 1. Is the new member receiving the following mailings on time?

RETA Breeze and Technical Report

2. Is the member receiving Chapter newsletters?

Comments on follow-up:

Attachment 2300 5A Sample Chapter Education Plan Revision 1


Page 2300 5A - 1 Developed: 03-01-2009 Revised: 03-12-2011


Page 235

Attachment 5A

Sample Education Program Format

EDUCATION

We are offering Industrial Refrigeration Course II Systems to assist with your preparation for certification.

Tentative Course Schedule:

February 8 - Direct Expansion Systems

February 15 - Flooded Systems

February 22 - Recirculated Systems

March 8 - Brine and Cascade Systems

March 15 - Piping of Systems

March 22 - Review and Final Test

WHERE:

TIME:

FEE: NONE! (or whatever is deemed necessary for instructor fees and lab costs.) The course materials will be $ for RETA Members $ for Non-Members).

If you have any questions, contact

Hope to see you there!

Attachment 2300 8-1 Sample Invitation to Attend a Chartering Meeting Developed: 04-16-2010 Approved 04-30-2011


Page 236

Revision 3

Revised: 03-06-2011

Page 2300 – 8-1


Attachment 8-1

Sample letter of invitation to an information and organizational meeting Put on RETA letterhead or individual’s company letterhead

[DATE]

To Potential RETA Chapter Members:

A group of us here in the area, with the good interest of those of us in the industrial refrigeration industry, are going to undertake an effort to establish a RETA Chapter in our area. RETA is a very successful organization, with successful Chapters around the country.

RETA has always provided much needed help in its continuing efforts to train and educate those of us who deal with ammonia refrigeration. These efforts have been recognized by many of the largest companies in the U.S. food industry via their support of RETA.

As a current member of RETA, I am very excited about not only starting a Chapter, but also its continued success. My commitment to RETA is strong and will remain so.

To further explore whether a Chapter in the area is practical, we are planning a preliminary meeting and we are invite you and anyone else you may know who is interested in furthering their knowledge of refrigeration to attend.

This will be a very information meeting and will be held <Date, Time, Place>.

Hope to see you there.

Sincerely,

Attachment 2300 8-2 Secretary of State Example Revision 1


Page 2300 – 8-2 Developed: 03-01-2009 Revised: no revisions


Page 237

Attachment 8-2

Sample Web Search Screen For A Secretary of State’s Website

Notice the “New York Secretary of State Business Incorporation and LLC Filings” link. This is the type of link you’d chose to get to the information you need to obtain the necessary forms for your Articles of Incorporation filing.

Attachment 2300 8-3 Sample Charter Validation Letter Revision 0 Last Reviewed: 03-06-2011

Page 2300 – 8-3 Developed: 03-01-2009 Revised: no revisions Approved: xx-xx-xxxx

Page 238

Attachment 8-3

Example of the Corporate Resolution from the National Board of Directors

August 4, 2008

Mr. Chapter Organizer - President

2356 Cold Surface Drive

Hotspot, CA 92345

Dear <first name>:

This letter is to serve as a corporate resolution of the Board of Directors who by

official action at a Board of Director’s meeting on July 17, 2008 granted official notice

that the Petitioning Chapter is recognized and approved as an established Chapter by

the Refrigerating Engineers & Technicians Association (RETA), a 501 (c) (6) not-for-

profit corporation registered in the state of California.

The Chapter's Charter was granted listing the following officers:

President – <first name> <last name>

1st

Vice President – <first name> <last name>

Secretary – <first name> <last name>

Treasurer – <first name> <last name>

RETA Chapters with annual income less than $25,000 may request to be included in

the group exemption issued by the Internal Revenue Service to the organization. The

Chapter operations guideline document provides instruction for Chapter activity.

The remaining pages of this letter identify important steps and tasks you and the other

Chapter officers need to know. Please contact us at HQ should you have any questions

or concerns.

Sincerely,

Jim Barron

RETA Executive Director

Attachment 2300 8-5 Petition to Charter Revision 1 Last Reviewed: 03-06-2011

Page 2300 8-5 - 1 Developed: 03-01-2009 Revised: 03:06:2011


Page 239

PETITION FOR CHARTER OF A NEW RETA CHAPTER

Send to: RETA HQ 1035 2nd Ave SE Albany, OR 97321 Attn: Dan Denton

Date of this petition:

Chapter name:

Date Chapter officially organized:

Dear RETA Board of Directors:

On interested parties met at

[location] in [City, State]

to discuss and commit to petitioning the National Board of Directors to grant us a

Charter as [desired Chapter name], the newest

Chapter of the Refrigerating Engineers & Technicians Association. Those named

below were duly elected at the organizing meeting and bear our trust and confidence

as leaders of our Chapter.

Signed:

List of Officers:

President

Name:

Company:

Address:

City / State / Zip:

Phone / Fax:




Page 240

1st Vice President

Name:

Company:

Address:

City / State / Zip:

Phone / Fax:

2nd Vice President

Name:

Company:

Address:

City / State / Zip:

Phone / Fax:

Secretary

Name:

Company:

Address:

City / State / Zip:

Phone / Fax:

Treasurer

Name:

Company:

Address:

City / State / Zip:

Phone / Fax:




Page 241

Other Officer(s) [specify title/ position]

Name:

Company:

Address:

City / State / Zip:

Phone / Fax:

Name:

Company:

Address:

City / State / Zip:

Phone / Fax:

Name:

Company:

Address:

City / State / Zip:

Phone / Fax:

Please list below the names of chartering members of the chapter. Attach member application forms if these are new members. Members at Large or those who wish to transfer from another Chapter should be listed too, but they need to inform RETA HQ in writing of their desire for a membership affiliation change.

Name:

Name:

Name:

Name:

Name:

Name:

Name:

Attach additional pages as necessary to fill out the Chartering Roster.

Section 2400 – Whistleblower Policy Revision 0




Page 242


2400 - WHISTLEBLOWER POLICY

A. Scope and Purpose

The Refrigerating Engineers & Technicians Association Code of Conduct (hereinafter referred to as the Code) requires directors, other volunteers, and employees to observe high standards of business and personal ethics in the conduct of their duties and responsibilities. Employees and representatives of the organization must practice honesty and integrity in fulfilling their responsibilities and comply with all applicable laws and regulations.

The objectives of the Refrigerating Engineers & Technicians Association Whistleblower Policy are to establish policies and procedures for:

1. The submission of concerns regarding questionable accounting or auditing matters by employees, directors, officers, and other stakeholders of the organization, on a confidential and anonymous basis.

2. The receipt, retention, and treatment of complaints received by the organization regarding accounting, internal controls, or auditing matters.

3. The protection of directors, volunteers and employees reporting concerns from retaliatory actions.

B. Reporting Responsibility

Each director, volunteer, and employee of Refrigerating Engineers & Technicians Association has an obligation to report in accordance with this Whistleblower Policy (a) questionable or improper accounting or auditing matters, and (b) violations and suspected violations of RETA’s Code (hereinafter collectively referred to as Concerns).

C. Authority of Finance Committee

All reported Concerns will be forwarded to the Finance Committee in accordance with the procedures set forth herein. The Finance Committee shall be responsible for investigating, and making appropriate recommendations to the Board of Directors, with respect to all reported Concerns.

D. No Retaliation

This Whistleblower Policy is intended to encourage and enable directors, volunteers, and employees to raise Concerns within the Organization for investigation and appropriate action. With this goal in mind, no director, volunteer, or employee who, in good faith, reports a Concern shall be subject to retaliation or, in the case of an employee, adverse employment consequences. Moreover, a volunteer or employee who retaliates against someone who has reported a Concern in good faith is subject to discipline up to and including revocation of



Page 2400. - 2 Developed: 12-21-2008 Approved: 03-28-2009


Page 243

membership, revocation of certification, dismissal from the volunteer position or termination of employment.

E. Reporting Concerns

1. Employees

RETA has no employees at the time of this policy development -

2. Directors and Other Volunteers

Directors and other volunteers should submit Concerns in writing directly to the Chair of the Finance Committee. Contact information for the Chair of the Finance Committee may be obtained from the Executive Director.

F. Handling of Reported Violations

The Finance Committee shall address all reported Concerns. The Chair of the Finance Committee shall immediately notify the Finance Committee, the President, the Executive Director, and Chairman of the Board of any such report. The Chair of the Finance Committee will notify the sender and acknowledge receipt of the Concern within five business days, if possible. It will not be possible to acknowledge receipt of anonymously submitted Concerns.

All reports will be promptly investigated by the Finance Committee, and appropriate corrective action will be recommended to the Board of Directors, if warranted by the investigation. In addition, action taken must include a conclusion and/or follow-up with the complainant for complete closure of the Concern.

The Finance Committee has the authority to retain outside legal counsel, accountants, private investigators, or any other resource deemed necessary to conduct a full and complete investigation of the allegations.

G. Acting in Good Faith

Anyone reporting a Concern must act in good faith and have reasonable grounds for believing the information disclosed indicates an improper accounting or auditing practice, or a violation of the Codes. The act of making allegations that prove to be unsubstantiated, and that prove to have been made maliciously, recklessly, or with the foreknowledge that the allegations are false, will be viewed as a serious disciplinary offense and may result in discipline, up to and including dismissal from the volunteer position or termination of employment. Such conduct may also give rise to other actions, including civil lawsuits.





Page 244

H. Confidentiality

Reports of Concerns, and investigations pertaining thereto, shall be kept confidential to the extent possible, consistent with the need to conduct an adequate investigation.

Disclosure of reports of Concerns to individuals not involved in the investigation will be viewed as a serious disciplinary offense and may result in discipline, up to and including termination of employment. Such conduct may also give rise to other actions, including civil lawsuits.

Page 245



Revision 0



Section 2500 –Corporate Security Policies Policy Revision 0


Developed: 12-08-2015 Revised:


Page 246


2500 – CORPORATE SECURITY POLICY

1. Acceptable Use Policy 2. Backup Policy 3. Confidential Data Policy 4. Data Classifications Policy 5. Email Policy 6. Encryption Policy 7. Guest Access Policy 8. Incident Response Policy 9. Mobile Devices Policy 10. Network Access and Authentication Policy 11. Network Security Policy 12. Outsourcing Policy 13. Passwords Policy 14. Physical Security Policy 15. Remote Access Policy 16. Retention Policy 17. Test Development and Security Policy 18. Third Party Connections Policy 19. Virtual Private Networks (VPN) Policy 20. Wireless Access Policy 21. Forms Supporting These Policies

Date Last Reviewed: 12-08-2015 Section 2500 – Corporate Security Policy

Revised:

Page 2500.1 – 1 Developed: 12-08-2015 Approved: 12-29-2015


Page 247 © 2015 Refrigerating Engineers & Technicians Association

Acceptable Use Policy Created: 12/08/2015

Section of: RETA Security Policies Target Audience: Users, Technical

CONFIDENTIAL Page 1 of 8

1.0 Overview

Though there are a number of reasons to provide a user network access, by far the most common

is granting access to employees for performance of their job functions. This access carries certain

responsibilities and obligations as to what constitutes acceptable use of the corporate network. This

policy explains how corporate information technology resources are to be used and specifies what

actions are prohibited. While this policy is as complete as possible, no policy can cover every

situation, and thus the user is asked additionally to use common sense when using company

resources. Questions on what constitutes acceptable use should be directed to the user's supervisor.

2.0 Purpose

Since inappropriate use of corporate systems exposes RETA to risk, it is important to specify

exactly what is permitted and what is prohibited. The purpose of this policy is to detail the

acceptable use of RETA information technology resources for the protection of all parties

involved.

3.0 Scope

The scope of this policy includes any and all use of RETA IT resources, including but not limited

to, computer systems, email, the network, and the corporate Internet connection.

4.1 Policy

4.2 E-mail Use Personal usage of RETA email systems is permitted as long as A) such usage does not negatively

impact the RETA computer network, and B) such usage does not negatively impact the user's job

performance.

• The following is never permitted: spamming, harassment, communicating threats,

solicitations, chain letters, or pyramid schemes. This list is not exhaustive, but is included to

provide a frame of reference for types of activities that are prohibited.


Revised:







• The user is prohibited from forging email header information or attempting to impersonate

another person.

• Email is an insecure method of communication, and thus information that is considered

confidential or proprietary to RETA may not be sent via email, regardless of the recipient, without

proper encryption.

• It is RETA policy not to open email attachments from unknown senders, or when such

attachments are unexpected.

• Email systems were not designed to transfer large files and as such emails should not

contain attachments of excessive file size.

Please note that detailed information about the use of email may be covered in RETA's Email

Policy.

4.3 Confidentiality Confidential data must not be A) shared or disclosed in any manner to non-employees of the

company, B) should not be posted on the Internet or any publicly accessible systems, and C) should

not be transferred in any insecure manner. Please note that this is only a brief overview of how to

handle confidential information, and that other policies may refer to the proper use of this

information in more detail.

4.4 Network Access The user should take reasonable efforts to avoid accessing network data, files, and information that

are not directly related to his or her job function. Existence of access capabilities does not imply

permission to use this access.

4.5 Unacceptable Use The following actions shall constitute unacceptable use of the RETA network. This list is not

exhaustive, but is included to provide a frame of reference for types of activities that are deemed

unacceptable. The user may not use the RETA network and/or systems to:

• Engage in activity that is illegal under local, state, federal, or international law.

• Engage in any activities that may cause embarrassment, loss of reputation, or other harm

to the company.


Revised:




• Disseminate defamatory, discriminatory, vilifying, sexist, racist, abusive, rude, annoying,

insulting, threatening, obscene or otherwise inappropriate messages or media.

• Engage in activities that cause an invasion of privacy.

• Engage in activities that cause disruption to the workplace environment or create a hostile

workplace.

• Make fraudulent offers for products or services.

• Perform any of the following: port scanning, security scanning, network sniffing, keystroke

logging, or other IT information gathering techniques when not part of employee's job function.

• Install or distribute unlicensed or "pirated" software.

• Reveal personal or network passwords to others, including family, friends, or other

members of the household when working from home or remote locations.

4.6 Blogging and Social Networking Blogging and social networking by RETA's employees are subject to the terms of this policy,

whether performed from the RETA network or from personal systems. Personal blogging and

social networking is never allowed from the RETA computer network. In no blog or website,

including blogs or sites published from personal or public systems, shall RETA be identified,

RETA business matters discussed, or material detrimental to RETA published. The user must not

identify himself or herself as an employee of RETA in a personal blog or on a personal social

networking site. The user assumes all risks associated with blogging and/or social networking.

RETA staff may be required to monitor and respond to social network comments and questions

about RETA and its programs. All communication representing RETA in these sites and matters

must be handled professionally and in a manner that is consistent with RETA objectives and

policies regarding interaction with RETA members, board members, committees, applicants,

candidates, certified persons and other interested parties.

4.7 Instant Messaging Instant messaging is allowed such that it follows guidelines on disclosure of confidential data and

does not negatively impact the user's job function.





Revised:

Page 2500.1 - 4 Developed: 12-08-2015 Approved: 12-29-2015






4.1 Overuse Actions detrimental to the computer network or other RETA resources, or that negatively affect

job performance are not permitted.

4.2 Web Browsing The Internet is a network of interconnected computers of which the company has very little control.

The user should recognize this when using the Internet, and understand that it is a public domain

and he or she can come into contact with information, even inadvertently, that he or she may find

offensive, sexually explicit, or inappropriate. The user must use the Internet at his or her own risk.

RETA is specifically not responsible for any information that the user views, reads, or downloads

from the Internet.

Personal Use. RETA recognizes that the Internet can be a tool that is useful for both personal and

professional purposes. Personal usage of RETA computer systems to access the Internet is

permitted as long as such usage follows pertinent guidelines elsewhere in this document and does

not have a detrimental effect on RETA or on the user's job performance.

4.3 Copyright Infringement RETA's computer systems and networks must not be used to download, upload, or otherwise

handle illegal and/or unauthorized copyrighted content. Any of the following activities constitute

violations of acceptable use policy, if done without permission of the copyright owner:

A) copying and sharing images, music, movies, or other copyrighted material using P2P file

sharing or unlicensed CD's and DVD's; B) posting or plagiarizing copyrighted material; and C)

downloading copyrighted files which employee has not already legally procured. This list is not

meant to be exhaustive, copyright law applies to a wide variety of works and applies to much more

than is listed above.

4.4 Peer-to-Peer File Sharing Peer-to-Peer (P2P) networking is not allowed on the RETA network under any circumstance.

4.5 Streaming Media Streaming media can use a great deal of network resources and thus must be used carefully.

Streaming media is allowed for job-related functions only.

4.6 Monitoring and Privacy Users should expect no privacy when using the RETA network or RETA resources. Such use may

include but is not limited to: transmission and storage of files, data, and messages. RETA

reserves the right to monitor any and all use of the computer network. To ensure compliance with


Revised:







RETA policies this may include the interception and review of any emails, or other messages sent

or received, inspection of data stored on personal file directories, hard disks, and removable media.

4.8 Bandwidth Usage Excessive use of RETA bandwidth or other RETA resources is not permitted. Large file downloads

or other bandwidth-intensive tasks that may degrade network capacity or performance must be

performed during times of low RETA usage.

4.9 Personal Usage Personal usage of RETA computer systems is permitted as long as such usage follows pertinent

guidelines elsewhere in this document and does not have a detrimental effect on RETA or on the

user's job performance.

4.10 Remote Desktop Access Use of non-RETA-supplied remote desktop software and/or services (such as Citrix, VNC,

GoToMyPC, etc.) is prohibited.

4.11 Circumvention of Security Using RETA-owned or RETA-provided computer systems to circumvent any security systems,

authentication systems, user-based systems, or escalating privileges is expressly prohibited.

Knowingly taking any actions to bypass or circumvent security is expressly prohibited.

4.12 Use for Illegal Activities No RETA-owned or RETA-provided computer systems may be knowingly used for activities that

are considered illegal under local, state, federal, or international law. Such actions may include,

but are not limited to, the following:

• Unauthorized Port Scanning

• Unauthorized Network Hacking

• Unauthorized Packet Sniffing

• Unauthorized Packet Spoofing


Revised:



Page 252





• Unauthorized Denial of Service

• Unauthorized Wireless Hacking

• Any act that may be considered an attempt to gain unauthorized access to or escalate

privileges on a computer or other electronic system

• Acts of Terrorism

• Identity Theft

• Spying

• Downloading, storing, or distributing violent, perverse, obscene, lewd, or offensive

material as deemed by applicable statutes

• Downloading, storing, or distributing copyrighted material

RETA will take all necessary steps to report and prosecute any violations of this policy.

4.13 Non-RETA-Owned Equipment RETA allows the use of outside or non-RETA-provided computer systems on the RETA network

as long as the network systems and/or resources are not negatively affected. The user must take

reasonable precautions to ensure viruses, Trojans, worms, malware, spyware, and other

undesirable security risks are not introduced onto the RETA network.

4.14 Personal Storage Media RETA does not restrict the use personal storage media, which includes but is not limited to: USB

or flash drives, external hard drives, personal music/media players, and CD/DVD writers, on the

RETA network provided that guidelines for data confidentiality are followed. The user must take

reasonable precautions to ensure viruses, Trojans, worms, malware, spyware, and other

undesirable security risks are not introduced onto the company network. Use of personal storage

media must conform to RETA's Mobile Device Policy.

4.15 Software Installation Numerous security threats can masquerade as innocuous software - malware, spyware, and Trojans

can all be installed inadvertently through games or other programs. Alternatively, software can

cause conflicts or have a negative impact on system performance. RETA expects users to use


Revised:



Page 253





discretion when installing software on RETA-owned computers. When in doubt, the best

course of action is not to install the software in question.

4.16 Reporting of Security Incident If a security incident or breach of any security policies is discovered or suspected, the user must

immediately notify his or her supervisor and/or follow any applicable guidelines as detailed in the

RETA Incident Response Policy. Examples of incidents that require notification include:

• Suspected compromise of login credentials (username, password, etc.).

• Suspected virus/malware/Trojan infection.

• Loss or theft of any device that contains company information.

• Loss or theft of ID badge or keycard.

• Any attempt by any person to obtain a user's password over the telephone or by email.

• Any other suspicious event that may impact RETA's information security.

Users must treat a suspected security incident as confidential information, and report the incident

only to his or her supervisor. Users must not withhold information relating to a security incident

or interfere with an investigation.

4.17 Applicability of Other Policies This document is part of the company's cohesive set of security policies. Other policies may apply

to the topics covered in this document and as such the applicable policies should be reviewed as

needed.

5.0 Enforcement

This policy will be enforced by the IT Manager and/or Executive Team. Violations may result in

disciplinary action, which may include suspension, restriction of access, or more severe penalties

up to and including termination of employment. Where illegal activities or theft of RETA property

(physical or intellectual) are suspected, RETA may report such activities to the applicable

authorities.


Revised:



Page 254





6.0 Definitions

Blogging The process of writing or updating a "blog," which is an online, user-created journal

(short for "web log").

Instant Messaging A text-based computer application that allows two or more Internet-connected

users to "chat" in real time.

Peer-to-Peer (P2P) File Sharing A distributed network of users who share files by directly

connecting to the users' computers over the Internet rather than through a central server.

Remote Desktop Access Remote control software that allows users to connect to, interact with,

and control a computer over the Internet just as if they were sitting in front of that computer.

Streaming Media Information, typically audio and/or video, that can be heard or viewed as it is

being delivered, which allows the user to start playing a clip before the entire download has

completed.

7.0 Revision History

Revision 1.0, 5/12/2015


Revised:



Page 255


Backup Policy Created: 12/08/2015

Section of: RETA Security Policies Target Audience: Technical


1.0 Overview

A backup policy is similar to an insurance policy - it provides the last line of defense against data

loss and is sometimes the only way to recover from a hardware failure, data corruption, or a

security incident. A backup policy is related closely to a disaster recovery policy, but since it

protects against events that are relatively likely to occur, in practice it will be used more frequently

than a contingency planning document. RETA's backup policy is among its most important

policies.

2.0 Purpose

The purpose of this policy is to provide a consistent framework to apply to the backup process.

The policy will provide specific information to ensure backups are available and useful when

needed - whether to simply recover a specific file or when a larger-scale recovery effort is needed.

3.0 Scope

This policy applies to all data stored on RETA systems. The policy covers such specifics as the

type of data to be backed up, frequency of backups, storage of backups, retention of backups, and

restoration procedures.

4.1 Policy

4.2 Identification of Critical Data RETA must identify what data is most critical to its organization. This can be done through

a formal data classification process or through an informal review of information assets.

Regardless of the method, critical data should be identified so that it can be given the

highest priority during the backup process.

4.3 Data to be Backed Up A backup policy must balance the importance of the data to be backed up with the burden

such backups place on the users, network resources, and the backup administrator. Data to

be backed up will include:

Page 2500.2 - 2 Date Last Reviewed: 12-08-2015 Section 2500 – Corporate Security Policy

Revised:







• All data determined to be critical to RETA operation and/or employee job function.

• All information stored on the RETA file server(s) and email server(s), as well as these servers

operating systems and logs. It is the user's responsibility to ensure any data of importance is moved

to the file server.

• All information stored on network servers, which may include web servers, database servers,

domain controllers, firewalls, and remote access servers, etc.

• Logs and configuration of network devices such as switches, routers, etc.

• Information stored on employee desktops if the backup administrator deems such information

necessary and backup facilities exist for such an endeavor. The backup administrator may instead

choose to backup a standard desktop configuration and restore data from the file server at his or her

discretion.

• Off-site backup should be encrypted with 256 bit or higher to protect the security and privacy

of all RETA records.

4.4 Backup Frequency Backup frequency is critical to successful data recovery. RETA has determined that the following

backup schedule will allow for sufficient data recovery in the event of an incident, while avoiding an

undue burden on the users, network, and backup administrator.

Incremental: Daily backup to onsite servers is recommended with minimum protection of backup

every 3 days to an onsite external drive at RETA. Backup to offsite servers should occur at least once

every two weeks.

Full: Full backup to onsite servers is recommended at least once per week. Full backup to

offsite services should occur at least once each month.

4.5 Off-Site Rotation Geographic separation from the backups must be maintained, to some degree, in order to protect from

fire, flood, or other regional or large-scale catastrophes. Offsite storage must be balanced with the

time required to recover the data, which must meet RETA's uptime requirements. RETA has

determined that backup media must be rotated off-site at least once per week.

4.6 Backup Storage

Page 2500.2 - 3 Date Last Reviewed: 12-08-2015 Section 2500 – Corporate Security Policy

Revised:







Storage of backups is a serious issue and one that requires careful consideration. Since backups

contain critical, and often confidential, RETA data, precautions must be taken that are commensurate

to the type of data being stored. RETA has set the following guidelines for backup storage.

There are no restrictions to how and where backups can be stored when on-site. When shipped off-

site, backups should be reasonably secured from theft or fire. A hardened facility (i.e., commercial

backup service or safe deposit box) can be used but is not required. Online backups are allowable if

the service meets the criteria specified herein.

4.7 Backup Retention When determining the time required for backup retention, RETA must determine what number of

stored copies of backup-up data is sufficient to effectively mitigate risk while preserving required

data. RETA has determined that the following will meet all requirements (note that the backup

retention policy must confirm to the company's data retention policy and any industry regulations, if

applicable):

Incremental Backups must be saved for two weeks.

Full Backups must be saved for three months.

4.8 Restoration Procedures & Documentation The data restoration procedures must be tested and documented. Documentation should include

exactly who is responsible for the restore, how it is performed, under what circumstances it is to be

performed, and how long it should take from request to restoration. It is extremely important that the

procedures are clear and concise such that they are not A) misinterpreted by readers other than the

backup administrator, and B) confusing during a time of crisis.

4.9 Restoration Testing Since a backup policy does no good if the restoration process fails it is important to periodically test

the restore procedures to eliminate potential problems.

Backup restores must be tested when any change is made that may affect the backup system, as well

as twice per year.

4.10 Expiration of Backup Media Certain types of backup media, such as magnetic tapes, have a limited functional lifespan. After a

certain time in service the media can no longer be considered dependable. When backup media is

put into service the date must be recorded on the media. The media must then be retired from

service after its time in use exceeds manufacturer specifications.


Page 2500.3 - 4



Page 258


Revised:




4.11 Applicability of Other Policies This document is part of RETA's cohesive set of security policies. Other policies may apply to the

topics covered in this document and as such the applicable policies should be reviewed as needed.

5.0 Enforcement


disciplinary action, which may include suspension, restriction of access, or more severe penalties up

to and including termination of employment. Where illegal activities or theft of RETA property

(physical or intellectual) are suspected, RETA may report such activities to the applicable authorities.

6.0 Definitions

Backup To copy data to a second location, solely for the purpose of safe keeping of that data.

Backup Media Any storage devices that are used to maintain data for backup purposes. These are

often magnetic tapes, CDs, DVDs, or hard drives.

Full Backup A backup that makes a complete copy of the target data.

Incremental Backup A backup that only backs up files that have changed in a designated time

period, typically since the last backup was run.

Restoration Also called "recovery." The process of restoring the data from its backup-up state to

its normal state so that it can be used and accessed in a regular manner.


Revision 1.1, 12/08/2015


Page 2500.3 - 1



Page 259


Revised:

Confidential Data Policy Created: 12/08/2015



1.0 Overview

Confidential data is typically the data that holds the most value to RETA. Often, confidential data is

valuable to others as well, and thus can carry greater risk than general RETA data. For these reasons,

it is good practice to dictate security standards that relate specifically to confidential data.

2.0 Purpose

The purpose of this policy is to detail how confidential data, as identified by the Data Classification

Policy, should be handled. This policy lays out standards for the use of confidential data, and outlines

specific security controls to protect this data.

3.0 Scope

The scope of this policy covers all RETA-confidential data, regardless of location. Also

covered by the policy are hardcopies of RETA data, such as printouts, faxes, notes, etc.

4.1 Policy

4.2 Treatment of Confidential Data For clarity, the following sections on storage, transmission, and destruction of confidential data are

restated from the Data Classification Policy.

4.2.1 Storage Confidential information must be removed from desks, computer screens, and common areas

unless it is currently in use. Confidential information should be stored under lock and key (or

keycard/keypad), with the key, keycard, or code secured.

4.2.2 Transmission

Confidential data must not be 1) transmitted outside the RETA network without the use of

strong encryption, or 2) left on voicemail systems, either inside or outside RETA's network.


Page 2500.3 - 2



Page 260


Revised:




4.2.3 Destruction Confidential data must be destroyed in a manner that makes recovery of the information

impossible. The following guidelines apply:

• Paper/documents: cross cut shredding is required.

• Storage media (CD's, DVD's): physical destruction is required.

• Hard Drives/Systems/Mobile Storage Media: at a minimum, data wiping must be

used. Simply reformatting a drive does not make the data unrecoverable. If wiping is used,

RETA must use the most secure commercially-available methods for data wiping.

Alternatively, RETA has the option of physically destroying the storage media.

4.3 Use of Confidential Data A successful confidential data policy is dependent on the users knowing and adhering to RETA's

standards involving the treatment of confidential data. The following applies to how users must

interact with confidential data:

• Users must be advised of any confidential data they have been granted access. Such data must

be marked or otherwise designated "confidential."

• Users must only access confidential data to perform his/her job function.

• Users must not seek personal benefit, or assist others in seeking personal benefit, from the use

of confidential information.

• Users must protect any confidential information to which they have been granted access and

not reveal, release, share, email unencrypted, exhibit, display, distribute, or discuss the information

unless necessary to do his or her job or the action is approved by his or her supervisor.

• Users must report any suspected misuse or unauthorized disclosure of confidential

information immediately to his or her supervisor.

• If confidential information is shared with third parties, such as contractors or vendors, a

confidential information or non-disclosure agreement must govern the third parties' use of

confidential information. Refer to RETA's outsourcing policy for additional guidance.


Page 2500.3 - 3



Page 261


Revised:




4.4 Security Controls for Confidential Data Confidential data requires additional security controls in order to ensure its integrity. The company

requires that the following guidelines are followed:

• Strong Encryption. Strong encryption must be used for confidential data transmitted external

to RETA. If confidential data is stored on laptops or other mobile devices, it must be stored in

encrypted form.

• Network Segmentation. Separating confidential data by network segmentation is strongly

encouraged.

• Authentication. Strong passwords must be used for access to confidential data.

• Physical Security. Systems that contain confidential data should be reasonably secured.

• Printing. When printing confidential data the user should use best efforts to ensure that the

information is not viewed by others. Printers that are used for confidential data must be located in

secured areas.

• Faxing. When faxing confidential data, users must use cover sheets that inform the recipient

that the information is confidential. Faxes should be set to print a confirmation page after a fax is

sent; and the user should attach this page to the confidential data if it is to be stored. Fax machines

that are regularly used for sending and/or receiving confidential data must be located in secured areas.

• Emailing. Confidential data must not be emailed outside RETA without the use of strong

encryption.

• Mailing. If confidential information is sent outside RETA, the user must use a service that

requires a signature for receipt of that information.

• Discussion. When confidential information is discussed it should be done in non-public

places, and where the discussion cannot be overheard.

• Confidential data must be removed from documents unless its inclusion is absolutely

necessary.

• Confidential data must never be stored on non-RETA-provided machines (i.e., home

computers).


Page 2500.3 - 4



Page 262


Revised:




• If confidential data is written on a whiteboard or other physical presentation tool, the data

must be erased after the meeting is concluded.

4.5 Examples of Confidential Data The following list is not intended to be exhaustive, but should provide RETA with guidelines on

what type of information is typically considered confidential. Confidential data can include:

• Employee, member or candidate social security numbers or personal information

• Medical and healthcare information

• Electronic Protected Health Information (EPHI)

• Member or candidate data

• Sales forecasts

• Product and/or service plans, details, and schematics,

• Network diagrams and security configurations

• Communications about corporate legal matters

• Passwords

• Bank account information and routing numbers

• Payroll information

• Credit card information

• Any confidential data held for a third party (be sure to adhere to any confidential data

agreement covering such information)


Page 2500.3 - 5



Page 263


Revised:






5.0 Enforcement





6.0 Definitions

Authentication A security method used to verify the identity of a user and authorize access to a

system or network.

Critical Personal Information Confidential information required to manage RETA business and

operations such as employee salaries, medical records and similar personal data.

Encryption The process of encoding data with an algorithm so that it is unintelligible without the

key. Used to protect data during transmission or while stored.

Mobile Data Device A data storage device that utilizes flash memory to store data. Often called a

USB drive, flash drive, or thumb drive.

Operational Data Confidential information required to manage RETA business and operations such

as member credit card numbers, personal information, billing records and other data related to

delivering and/or managing RETA services.

Two-Factor Authentication A means of authenticating a user that utilizes two methods: something

the user has, and something the user knows. Examples are smart cards, tokens, or biometrics, in

combination with a password.


Page 2500.3 - 6



Page 264


Revised:





Revision 1.0, 5/12/2015


Page 2500.4 - 1



Page 265


Revised:

Email Policy Created: 12/08/2015



1.0 Overview

Email is an essential component of business communication; however it presents a particular set of

challenges due to its potential to introduce a security threat to the network. Email can also have an

effect on RETA's liability by providing a written record of communications, so having a well thought

out policy is essential. This policy outlines expectations for appropriate, safe, and effective email use.

2.0 Purpose

The purpose of this policy is to detail RETA's usage guidelines for the email system. This policy will

help RETA reduce risk of an email-related security incident, foster good business communications

both internal and external to RETA, and provide for consistent and professional application of

RETA's email principles.

3.0 Scope

The scope of this policy includes RETA's email system in its entirety, including desktop and/or web-

based email applications, server-side applications, email relays, and associated hardware. It covers

all electronic mail sent from the system, as well as any external email accounts accessed from the

RETA network.

4.1 Policy

4.2 Proper Use of Company Email Systems Users are asked to exercise common sense when sending or receiving email from RETA accounts.

Additionally, the following applies to the proper use of the RETA email system.

4.2.1 Sending Email When using a RETA email account, email must be addressed and sent carefully. Users should

keep in mind that RETA loses any control of email once it is sent external to the RETA

network. Users must take extreme care when typing in addresses, particularly when email

address auto-complete features are enabled; using the "reply all" function; or using

distribution lists in order to avoid inadvertent information disclosure to an unintended

recipient. Careful use of email will help RETA avoid the unintentional disclosure of

sensitive or non-public information.


Page 2500.4 - 2



Page 266


Revised:




4.2.2 Personal Use and General Guidelines Personal usage of RETA email systems is permitted as long as A) such usage does not

negatively impact the RETA computer network, and B) such usage does not negatively impact

the user's job performance.

• The following is never permitted: spamming, harassment, communicating threats,

solicitations, chain letters, or pyramid schemes. This list is not exhaustive, but is included to

provide a frame of reference for types of activities that are prohibited.

• The user is prohibited from forging email header information or attempting to

impersonate another person.

• Email is an insecure method of communication, and thus information that is

considered confidential or proprietary to RETA may not be sent via email, regardless of the

recipient, without proper encryption.

• It is RETA policy not to open email attachments from unknown senders, or when such

attachments are unexpected.

• Email systems were not designed to transfer large files and as such emails should not

contain attachments of excessive file size.

Please note that the topics above may be covered in more detail in other sections of this policy.

4.2.3 Business Communications and Email RETA uses email as an important communication medium for business operations. Users of

the RETA email system are expected to check and respond to email in a consistent and timely

manner during business hours.

Additionally, users are asked to recognize that email sent from a RETA account reflects on

RETA, and, as such, email must be used with professionalism and courtesy.

4.2.4 Email Signature

Email signatures (contact information appended to the bottom of each outgoing email) may

or may not be used, at the discretion of the individual user. Users are asked to keep any email

signatures professional in nature; however RETA does not place any restrictions on email

signature content.


Page 2500.4 - 3



Page 267


Revised:




4.2.5 Auto-Responders An auto-responder can be a useful tool when a user will be out of the office for an extended

period of time. RETA neither requires nor forbids the use of email auto-responders.

4.2.6 Mass Emailing RETA makes the distinction between the sending of mass emails and the sending of

unsolicited email (spam). Mass emails may be useful for both sales and non-sales purposes

(such as when communicating with RETA's employees, members, boards, committees or

other interested parties), and is allowed as the situation dictates. The sending of spam, on the

other hand, is strictly prohibited.

It is RETA's intention to comply with applicable laws governing the sending of mass emails.

For this reason, as well as in order to be consistent with good business practices, RETA

requires that email sent to more than twenty (20) recipients external to RETA have the

following characteristics:

1. The email must contain instructions on how to unsubscribe from receiving future emails

(a simple "reply to this message with UNSUBSCRIBE in the subject line" will do).

Unsubscribe requests must be honored immediately.

2. The email must contain a subject line relevant to the content.

3. The email must contain contact information, including the full physical address, of the

sender.

4. The email must contain no intentionally misleading information (including the email

header), blind redirects, or deceptive links.

Note that emails sent to RETA employees, members, board members, committees, existing

members, or persons who have already inquired about RETA's services are exempt from the

above requirements.

4.2.7 Opening Attachments

Users must use care when opening email attachments. Viruses, Trojans, and other malware

can be easily delivered as an email attachment. Users should:


Page 2500.4 - 4



Page 268


Revised:




• Never open unexpected email attachments.

• Never open email attachments from unknown sources.

• Never click links within email messages unless he or she is certain of the link's safety.

It is often best to copy and paste the link into your web browser, or retype the URL, as

specially-formatted emails can hide a malicious URL.

RETA may use methods to block what it considers to be dangerous or emails or strip

potentially harmful email attachments as it deems necessary.

4.2.8 Monitoring and Privacy Users should expect no privacy when using the RETA network or RETA resources. Such use

may include but is not limited to: transmission and storage of files, data, and messages. RETA

reserves the right to monitor any and all use of the computer network. To ensure compliance

with RETA policies this may include the interception and review of any emails, or other

messages sent or received, inspection of data stored on personal file directories, hard disks,

and removable media.

4.2.9 Company Ownership of Email Users should be advised that RETA owns and maintains all legal rights to its email systems

and network, and thus any email passing through these systems is owned by RETA and it may

be subject to use for purposes not be anticipated by the user. Keep in mind that email may be

backed up, otherwise copied, retained, or used for legal, disciplinary, or other reasons.

Additionally, the user should be advised that email sent to or from certain public or

governmental entities may be considered public record.

4.2.10 Contents of Received Emails Users must understand that RETA has little control over the contents of inbound email, and

that this email may contain material that the user finds offensive. If unsolicited email becomes

a problem, RETA may attempt to reduce the amount of this email that the users receive,

however no solution will be 100 percent effective. The best course of action is to not open

emails that, in the user's opinion, seem suspicious. If the user is particularly concerned about

an email, or believes that it contains illegal content, he or she should notify his or her

supervisor.

4.2.11 Access to Email from Mobile Phones Many mobile phones or other devices, often called smartphones, provide the capability to

send and receive email. RETA permits users to access the company email system from a

mobile phone. Refer to the Mobile Device Policy for more information.


Page 2500.4 - 5



Page 269


Revised:




4.2.12 Email Regulations Any specific regulations (industry, governmental, legal, etc.) relating to RETA's use or

retention of email communications must be listed here or appended to this policy.

4.3 External and/or Personal Email Accounts RETA recognizes that users may have personal email accounts in addition to their RETA-provided

account. The following sections apply to non-RETA provided email accounts:

4.3.1 Use for Company Business Users of RETA's email systems are given the flexibility to use either the RETA email system,

or personal email accounts, whichever is more convenient to the user. Users should ensure

that, when using non-RETA-provided email accounts for RETA business, the applicable

email policies are followed.

4.3.2 Access from the Company Network Users are permitted to access external or personal email accounts from the RETA network, as

long as such access uses no more than a trivial amount of the users' time and company

resources.

4.3.3 Use for Personal Reasons Users are strongly encouraged to use a non-RETA-provided (personal) email account for any

non-business communications. Users must follow applicable policies regarding the access of

non-RETA-provided accounts from the RETA network.

4.4 Confidential Data and Email The following sections relate to confidential data and email:

4.4.1 Passwords As with any RETA passwords, passwords used to access email accounts must be kept

confidential and used in adherence with the Password Policy. At the discretion of the IT

Manager, RETA may further secure email with certificates, two factor authentication, or

another security mechanism.

4.4.2 Emailing Confidential Data

Email is an insecure means of communication. Users should think of email as they would a

postcard, which, like email, can be intercepted and read on the way to its intended

recipient.


Page 2500.4 - 6



Page 270


Revised:




RETA requires that any email containing confidential information, regardless of whether the

recipient is internal or external to the RETA network, be encrypted using commercial-grade,

strong encryption.

Further guidance on the treatment of confidential information exists in RETA's Confidential

Data Policy. If information contained in the Confidential Data Policy conflicts with this

policy, the Confidential Data Policy will apply.

4.5 Company Administration of Email RETA will use its best effort to administer RETA's email system in a manner that allows the user to

both be productive while working as well as reduce the risk of an email-related security incident.

4.5.1 Filtering of Email A good way to mitigate risk from email is to filter it before it reaches the user so that the user

receives only safe, business-related messages. For this reason, RETA will filter email at the

Internet gateway and/or the mail server, in an attempt to filter out spam, viruses, or other

messages that may be deemed A) contrary to this policy, or B) a potential risk to RETA's IT

security. No method of email filtering is 100 percent effective, so the user is asked additionally

to be cognizant of this policy and use common sense when opening emails.

Additionally, many email and/or anti-malware programs will identify and quarantine emails

that it deems suspicious. This functionality may or may not be used at the discretion of the IT

Manager.

4.5.2 Email Disclaimers The use of an email disclaimer, usually text appended to the end of every outgoing email

message, is an important component in RETA's risk reduction efforts. RETA requires the use

of email disclaimers on all outgoing email sent during regular communications from RETA

HQ. Such disclaimers must contain the following notices:

• The email is for the intended recipient only

• The email may contain private information

• If the email is received in error, the sender should be notified and any copies of the

email destroyed.

• Any unauthorized review, use, or disclosure of the contents is prohibited


Page 2500.4 - 7



Page 271


Revised:




RETA acknowledges that staff often may respond to email inquiries from a cell phone or

other remotely connected device in which a disclaimer statement may not be available. Under

such circumstances, staff should include the appropriate disclaimer at the next opportunity to

do so in their communications with the involved person.

An example of such a disclaimer is:

NOTE: This email message and any attachments are for the sole use of the intended

recipient(s) and may contain confidential and/or privileged information. Any unauthorized

review, use, disclosure or distribution is prohibited. If you are not the intended recipient,

please contact the sender by replying to this email, and destroy all copies of the original

message.

RETA should review any applicable regulations relating to its electronic communication to

ensure that its email disclaimer includes all required information.

4.5.3 Email Deletion Users are encouraged to delete email periodically when the email is no longer needed for

business purposes. The goal of this policy is to keep the size of the user's email account

manageable, and reduce the burden on the company to store and backup unnecessary email

messages.

However, users are strictly forbidden from deleting email in an attempt to hide a violation of

this or another RETA policy. Further, email must not be deleted when there is an active

investigation or litigation where that email may be relevant.

RETA must note and document here any applicable regulations or statutes that apply to email

deletion.

4.5.4 Retention and Backup Email should be retained and backed up in accordance with the applicable policies, which

may include but are not limited to the: Data Classification Policy, Confidential Data Policy,

Backup Policy, and Retention Policy.

Unless otherwise indicated, for the purposes of backup and retention, email should be

considered operational data.


Page 2500.4 - 8



Page 272


Revised:




4.5.5 Address Format Email addresses must be constructed in a standard format in order to maintain consistency

across RETA. Some recommended formats are:

• [email protected]




RETA can choose virtually any format, as long as it can be applied consistently throughout

the organization. The intent of this policy is to simplify email communication as well as

provide a professional appearance.

4.5.6 Email Aliases Often the use of an email alias, which is a generic address that forwards email to a user

account, is a good idea when the email address needs to be in the public domain, such as on

the Internet. Aliases reduce the exposure of unnecessary information, such as the address

format for RETA email, as well as (often) the names of RETA employees who handle certain

functions. Keeping this information private can decrease risk by reducing the chances of a

social engineering attack.

A few examples of commonly used email aliases are:





RETA may or may not use email aliases, as deemed appropriate by the IT Manager and/or

executive team. Aliases may be used inconsistently, meaning: RETA may decide that aliases

are appropriate in some situations but not others depending on the perceived level of risk.

mailto:[email protected]









Page 2500.4 - 9



Page 273


Revised:




4.5.7 Account Activation Email accounts will be set up for each user determined to have a business need to send and

receive RETA email. Accounts will be set up at the time a new hire starts with RETA, or

when a promotion or change in work responsibilities for an existing employee creates the

need to send and receive email.

4.5.8 Account Termination When a user leaves RETA, or his or her email access is officially terminated for another

reason, RETA will disable the user's access to the account by password change, disabling the

account, or another method. RETA is under no obligation to block the account from receiving

email, and may continue to forward inbound email sent to that account to another user, or set

up an auto-response to notify the sender that the user is no longer employed by RETA.

4.5.9 Storage Limits As part of the email service, email storage may be provided on RETA servers or other devices.

The email account storage size must be limited to what is reasonable for each employee, at

the determination of the IT Manager. Storage limits may vary by employee or position within

RETA.

4.6 Prohibited Actions The following actions shall constitute unacceptable use of the RETA email system. This list is not

exhaustive, but is included to provide a frame of reference for types of activities that are deemed

unacceptable. The user may not use the RETA email system to:

• Send any information that is illegal under applicable laws.

• Access another user's email account without A) the knowledge or permission of that user

- which should only occur in extreme circumstances, or B) the approval of RETA executives in the

case of an investigation, or C) when such access constitutes a function of the employee's normal job

responsibilities.

• Send any emails that may cause embarrassment, damage to reputation, or other harm to

RETA.

• Disseminate defamatory, discriminatory, vilifying, sexist, racist, abusive, rude, harassing,

annoying, insulting, threatening, obscene or otherwise inappropriate messages or media.


Page 2500.4 - 10



Page 274


Revised:




• Send emails that cause disruption to the workplace environment or create a hostile workplace.

This includes sending emails that are intentionally inflammatory, or that include information not

conducive to a professional working atmosphere.

• Make fraudulent offers for products or services.

• Attempt to impersonate another person or forge an email header.

• Send spam, solicitations, chain letters, or pyramid schemes.

• Knowingly misrepresent RETA's capabilities, business practices, warranties, pricing, or

policies.

• Conduct non-RETA-related business.

RETA may take steps to report and prosecute violations of this policy, in accordance with RETA

standards and applicable laws.

4.6.1 Data Leakage Data can leave the network in a number of ways. Often this occurs unintentionally by a user

with good intentions. For this reason, email poses a particular challenge to RETA's control of

its data.

Unauthorized emailing of RETA data, confidential or otherwise, to external email accounts

for the purpose of saving this data external to RETA systems is prohibited. If a user needs

access to information from external systems (such as from home or while traveling), that user

should notify his or her supervisor rather than emailing the data to a personal account or

otherwise removing it from RETA systems.

RETA may employ data loss prevention techniques to protect against leakage of confidential

data at the discretion of the IT Manager.

4.6.2 Sending Large Emails Email systems were not designed to transfer large files and as such emails should not contain

attachments of excessive file size. RETA does not wish to impose a hard limit on email

attachment size, but asks the user to exercise discretion so that the system isn't unnecessarily

strained. RETA employees should consult senior management regarding identification of a

preferred way of sending large email attachments.


Page 2500.4 - 11



Page 275


Revised:




The user is further asked to recognize the additive effect of large email attachments when sent

to multiple recipients, and use restraint when sending large files to more than one person.



5.0 Enforcement

This policy will be enforced by the IT Manager and/or executive team. Violations may result in


to and including termination of employment. Where illegal activities are suspected, RETA may report

such activities to the applicable authorities. If any provision of this policy is found to be

unenforceable or voided for any reason, such invalidation will not affect any remaining provisions,

which will remain in force.

6.0 Definitions

Auto Responder An email function that sends a predetermined response to anyone who sends an

email to a certain address. Often used by employees who will not have access to email for an extended

period of time, to notify senders of their absence.

Certificate Also called a "Digital Certificate." A file that confirms the identity of an entity, such as

a company or person. Often used in VPN and encryption management to establish trust of the remote

entity.

Data Leakage Also called Data Loss, data leakage refers to data or intellectual property that is

pilfered in small amounts or otherwise removed from the network or computer systems. Data leakage

is sometimes malicious and sometimes inadvertent by users with good intentions.

Email Short for electronic mail, email refers to electronic letters and other communication sent

between networked computer users, either within a company or between companies.

Encryption The process of encoding data with an algorithm so that it is unintelligible and secure

without the key. Used to protect data during transmission or while stored


Page 2500.4 - 12



Page 276


Revised:




Mobile Device A portable device that can be used for certain applications and data storage.

Examples are PDAs or Smartphones.

Password A sequence of characters that is used to authenticate a user to a file, computer, network,

or other device. Also known as a passphrase or passcode.

Spam Unsolicited bulk email. Spam often includes advertisements, but can include malware, links

to infected websites, or other malicious or objectionable content.

Smartphone A mobile telephone that offers additional applications, such as PDA functions and

email.

Two Factor Authentication A means of authenticating a user that utilizes two methods:

something the user has, and something the user knows. Examples are smart cards, tokens, or

biometrics, in combination with a password.


Revision 1.1, 12/08/2015


Page 2500.5 - 1



Page 277


Revised:

Encryption Policy Created: 12/08/2015



1.0 Overview

Encryption, also known as cryptography, can be used to secure data while it is stored or being

transmitted. It is a powerful tool when applied and managed correctly. As the amount of data

RETA must store digitally increases, the use of encryption must be defined and consistently

implemented in order ensure that the security potential of this technology is realized.

2.0 Purpose

The purpose of this policy is to outline RETA's standards for use of encryption technology so that

it is used securely and managed appropriately. Many policies touch on encryption of data so this

policy does not cover what data is to be encrypted, but rather how encryption is to be implemented

and controlled.

3.0 Scope

This policy covers all data stored on or transmitted across RETA systems.

4.1 Policy

4.2 Applicability of Encryption 1. Data while stored. This includes any data located on RETA-owned or RETA-provided

systems, devices, media, etc. Examples of encryption options for stored data include:

• Whole disk encryption

• Encryption of partitions/files

• Encryption of disk drives

• Encryption of personal storage media/USB drives

• Encryption of backups

• Encryption of data generated by applications


Page 2500.5 - 3



Page 279


Revised:




2. Data while transmitted. This includes any data sent across the company network, or any data

sent to or from a RETA-owned or RETA-provided system. Types of transmitted data that can be

encrypted include:

• VPN tunnels

• Remote access sessions

• Web applications

• Email and email attachments

• Remote desktop access

• Communications with applications/databases

4.3 Encryption Key Management Key management is critical to the success of an implementation of encryption technology. The

following guidelines apply to RETA's encryption keys and key management:

• Management of keys must ensure that data is available for decryption when needed

• Keys must be backed up

• Keys must be kept secure

• Keys must never be transmitted in clear text

• Keys are confidential data

• Keys must not be shared

• Physical key generation materials must be destroyed within 5 business days.

• Keys must be used and changed in accordance with the password policy.

• When user encryption is employed, minimum key length is 10 characters.


Page 2500.5 - 3



Page 279


Revised:




4.1 Acceptable Encryption Algorithms Only the strongest types of generally-accepted, non-proprietary encryption algorithms are allowed,

such as AES or 3DES. Acceptable algorithms should be reevaluated as encryption technology

changes.

Use of proprietary encryption is specifically forbidden since it has not been subjected to public

inspection and its security cannot be assured.

4.2 Legal Use Some governments have regulations applying to the use and import/export of encryption technology.

The company must conform with encryption regulations of the local or applicable government.

RETA specifically forbids the use of encryption to hide illegal, immoral, or unethical acts. Anyone

doing so is in violation of this policy and will face immediate consequences per the Enforcement

section of this document.



5.0 Enforcement

This policy will be enforced by the IT Manager and Executive Team. Violations may result in




6.0 Definitions




Page 2500.5 - 4



Page 280


Revised:




Encryption Key An alphanumeric series of characters that enables data to be encrypted and

decrypted.

Mobile Storage Media A data storage device that utilizes flash memory to store data. Often called a


Password A sequence of characters that is used to authenticate a user to a file, computer, or network.

Also known as a passphrase or passcode.

Remote Access The act of communicating with a computer or network from an off-site location.

Often performed by home-based or traveling users to access documents, email, or other resources at

a main site.

Remote Desktop Access Remote control software that allows users to connect to, interact with, and

control a computer over the Internet just as if they were sitting in front of that computer.

Virtual Private Network (VPN) A secure network implemented over an insecure medium, created

by using encrypted tunnels for communication between endpoints.

Whole Disk Encryption A method of encryption that encrypts all data on a particular drive or

volume, including swap space and temporary files.


Revision 1.1, 12/08/2015


Page 2500.6 - 1



Page 281


Revised:

Guest Access Policy Created: 12/08/2015



1.0 Overview

Guest access to RETA's network is often necessary for board members, committees, customers,

consultants, or vendors who are visiting RETA's offices. This can be simply in the form of outbound

Internet access, or the guest may require access to specific resources on RETA's network. Guest

access to RETA's network must be tightly controlled.

2.0 Purpose

RETA may wish to provide network access as a courtesy to guests wishing to access the Internet, or

by necessity to visitors with a business need to access RETA's resources. This policy outlines

RETA's procedures for securing guest access.

3.0 Scope

The scope of this policy includes any visitor to RETA wishing to access the network or Internet

through RETA's infrastructure, and covers both wired and wireless connections. This scope excludes

guests accessing wireless broadband accounts directly through a cellular carrier or third party where

the traffic does not traverse RETA's network.

4.1 Policy

4.2 Granting Guest Access Guest access will be provided on a case-by-case basis to any person who can demonstrate a

reasonable business need to access the network, or access the Internet from the RETA network.

4.2.1 AUP Acceptance Guests must agree to and sign RETA's Acceptable Use Policy (AUP) before being granted

access.

4.2.2 Approval

Guest need for access will be evaluated and provided on a case-by-case basis. This

should involve management approval if the request is non-standard.


Page 2500.6 - 2



Page 282


Revised:




4.1.1 Account Use RETA may provide a generic guest account that can be re-used by different guests. If these

accounts are offered, they are only to be used by guests. Users with network accounts must

use their accounts for network access.

4.1.2 Security of Guest Machines Guests are expected to be responsible for maintaining the security of his or her machine, and

to ensure that it is free of viruses, Trojans, malware, etc. RETA reserves the right to inspect

the machine if a security problem is suspected, but will not inspect each guest's system prior

to accessing the network.

4.2 Guest Access Infrastructure Requirements Best practices dictate that guest access be kept separate, either logically or physically, from the

corporate network, since guests have typically not undergone the same amount of scrutiny as the

company's employees. Guest access will be a segregated network with access only to WiFi and the

Internet unless the guest has a specific need to access RETA’s corporate records. Guest access should

be provided prudently and monitored for appropriateness of use.

4.3 Restrictions on Guest Access Guest access will be restricted to the minimum amount necessary. Depending on the guest needing

access, this can often be limited to outbound Internet access only. RETA will evaluate the need of

each guest and provide further access if there is a business need to do so.

4.4 Monitoring of Guest Access RETA's policy is that if it is granting access to a guest, that guest is a trusted user. As such, RETA

does not wish to monitor guest access.



5.0 Enforcement






Page 2500.6 - 3



Page 283


Revised:




6.0 Definitions

Account A combination of username and password that allows access to computer or network

resources.

Guest A visitor to RETA premises who is not an employee.


Revision 1.1, 12/08/2015


Page 2500.7 - 1



Page 284


Revised:

Incident Response Policy Created: 12/08/2015



1.0 Overview

A security incident can come in many forms: a malicious attacker gaining access to the network, a

virus or other malware infecting computers, or even a stolen laptop containing confidential data. A

well-thought-out Incident Response Policy is critical to successful recovery from an incident. This

policy covers all incidents that may affect the security and integrity of RETA's information assets,

and outlines steps to take in the event of such an incident.

2.0 Purpose

This policy is intended to ensure that RETA is prepared if a security incident were to occur. It details

exactly what must occur if an incident is suspected, covering both electronic and physical security

incidents. Note that this policy is not intended to provide a substitute for legal advice, and approaches

the topic from a security practices perspective.

3.0 Scope

The scope of this policy covers all information assets owned or provided by RETA, whether they

reside on the RETA network or elsewhere.

4.1 Policy

4.2 Types of Incidents A security incident, as it relates to RETA's information assets, can take one of two forms. For the

purposes of this policy a security incident is defined as one of the following:

• Electronic: This type of incident can range from an attacker or user accessing the network for

unauthorized/malicious purposes, to a virus outbreak, to a suspected Trojan or malware infection.

• Physical: A physical IT security incident involves the loss or theft of a laptop, mobile device,

PDA/Smartphone, portable storage device, or other digital apparatus that may contain RETA

information.


Page 2500.7 - 2



Page 285


Revised:




4.3 Preparation Work done prior to a security incident is more important than work done after an incident is

discovered. The most important preparation work, obviously, is maintaining good security controls

that will prevent or limit damage in the event of an incident. This includes technical tools such as

firewalls, intrusion detection systems, authentication, and encryption; and non-technical tools such

as good physical security for laptops and mobile devices.

Additionally, prior to an incident, RETA must ensure that the following is clear to IT personnel:

• What actions to take when an incident is suspected.

• Who is responsible for responding to an incident.

RETA must have discussions with an IT Security company that offers incident response services

before such an incident occurs in order to prepare an emergency service contract. This will ensure

that high-end resources are quickly available during an incident.

Finally, RETA should review any industry or governmental regulations that dictate how it must

respond to a security incident (specifically, loss of member or certification candidate data), and ensure

that its incident response plans adhere to these regulations.

4.4 Confidentiality All information related to an electronic or physical security incident must be treated as confidential

information until the incident is fully contained. This will serve both to protect employees' reputations

(if an incident is due to an error, negligence, or carelessness), and to control the release of information

to the media and/or members and candidates.

4.5 Electronic Incidents When an electronic incident is suspected, RETA's goal is to recover as quickly as possible, limit the

damage done, and secure the network. The following steps should be taken in order:

1. Remove the compromised device from the network by unplugging or disabling network

connection. Do not power down the machine.

2. Disable the compromised account(s) as appropriate.

3. Report the incident to the IT Manager.


Page 2500.7 - 3



Page 286


Revised:




4. Backup all data and logs on the machine, or copy/image the machine to another system.

5. Determine exactly what happened and the scope of the incident. Was it an accident? An attack? A

Virus? Was confidential data involved? Was it limited to only the system in question or was it more

widespread?

6. Notify RETA management/executives as appropriate.

7. Contact an IT Security consultant as needed.

8. Determine how the attacker gained access and disable this access.

9. Rebuild the system, including a complete operating system reinstall.

10. Restore any needed data from the last known good backup and put the system back online.

11. Take actions, as possible, to ensure that the vulnerability (or similar vulnerabilities) will not

reappear.

12. Reflect on the incident. What can be learned? How did the Incident Response team

perform? Was the policy adequate? What could be done differently?

13. Consider a vulnerability assessment as a way to spot any other vulnerabilities before they can be

exploited.

4.6 Physical Incidents Physical security incidents are challenging, since often the only actions that can be taken to mitigate

the incident must be done in advance. This makes preparation critical. One of the best ways to prepare

is to mandate the use of strong encryption to secure data on mobile devices. Applicable policies, such

as those covering encryption and confidential data, should be reviewed.

Physical security incidents are most likely the result of a random theft or inadvertent loss by a user,

but they must be treated as if they were targeted at RETA.

RETA must assume that such a loss will occur at some point, and periodically survey a random

sampling of laptops and mobile devices to determine the risk if one were to be lost or stolen.

4.6.1 Response


Page 2500.7 - 4



Page 287


Revised:




Establish the severity of the incident by determining the data stored on the missing device.

This can often be done by referring to a recent backup of the device. Two important questions

must be answered:

1. Was confidential data involved?

a. If not, refer to "Loss Contained" below.

b. If confidential data was involved, refer to "Data Loss Suspected" below.

2. Was strong encryption used?

a. If strong encryption was used, refer to "Loss Contained" below.

b. If not, refer to "Data Loss Suspected" below.

4.6.2 Loss Contained First, change any usernames, passwords, account information, WEP/WPA keys, passphrases,

etc., that were stored on the system. Notify the IT Manager. Replace the lost hardware and

restore data from the last backup. Notify the applicable authorities if a theft has occurred.

4.6.3 Data Loss Suspected First, notify the executive team, legal counsel, and/or public relations group so that each team

can evaluate and prepare a response in their area.

Change any usernames, passwords, account information, WEP/WPA keys, passphrases, etc.,

that were stored on the system. Replace the lost hardware and restore data from the last

backup. Notify the applicable authorities as needed if a theft has occurred and follow

disclosure guidelines specified in the notification section.

Review procedures to ensure that risk of future incidents is reduced by implementing stronger

physical security controls.

4.7 Notification If an electronic or physical security incident is suspected to have resulted in the loss of third-

party/member/candidate data, notification of the public or affected entities should occur. First this

must be discussed with executive team and legal counsel to determine an appropriate course of action.

If notification is deemed an appropriate, it should occur in an organized and consistent manner.


Page 2500.7 - 5



Page 288


Revised:




4.8 Managing Risk Managing risk of a security incident or data loss is the primary reason to create and maintain a

comprehensive security policy. Risks can come in many forms: electronic risks like data corruption,

computer viruses, hackers, or malicious users; or physical risks such as loss/theft of a device,

hardware failure, fire, or a natural disaster. Protecting critical data and systems from these risks is of

paramount importance to RETA.

4.8.1 Risk Assessment As part of the risk management process, RETA must conduct an accurate and thorough

assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and

availability of the company's critical or confidential information. The process must include

the following steps:

a. Scope the assessment. Determine both the physical and logical boundaries of the

assessment.

b. Gather information. Determine what confidential or critical information is maintained

by RETA. Determine how this information is secured.

c. Identify threats. Determine what man-made and natural events could affect RETA's

electronic information. d. Identify Vulnerabilities. After threats have been identified, determine RETA's

exposure to each threat. External assessments may be useful here, as covered in the Network

Security Policy.

e. Assess Security Controls. After vulnerabilities have been cataloged, determine the

efficiency of RETA's security controls in mitigating that vulnerability.

f. Determine the potential impact of each vulnerability being exploited. Would the event

result in loss of confidentiality, loss of integrity, or loss of availability of the information?

g. Determine RETA's level of risk. Based on the information gathered in the previous

steps, make a determination to RETA's level of risk of each event.

h. Recommend security controls. Security controls that will mitigate the identified risks

are evaluated during this step. Consider cost, operational impact, and effectiveness of each

control.

i. Document the risk assessment results. The final step is to document the risk

assessment, including the results of each step.

4.8.2 Risk Management Program

A formal risk management program must be implemented to cover any risks known to RETA

(which should be identified through a risk assessment), and insure that reasonable security

measures are in place to mitigate any identified risks to a level that will ensure the continued

security of RETA's confidential and critical data.


Page 2500.7 - 6



Page 289


Revised:






5.0 Enforcement





6.0 Definitions



Malware Short for "malicious software." A software application designed with malicious intent.

Viruses and Trojans are common examples of malware.

Mobile Device A portable device that can be used for certain applications and data storage. Examples

are PDAs or Smartphones.

PDA Stands for Personal Digital Assistant. A portable device that stores and organizes personal

information, such as contact information, calendar, and notes.


email.

Trojan Also called a "Trojan Horse." An application that is disguised as something innocuous or

legitimate, but harbors a malicious payload. Trojans can be used to covertly and remotely gain access

to a computer, log keystrokes, or perform other malicious or destructive acts.

Virus Also called a "Computer Virus." A replicating application that attaches itself to other data,

infecting files similar to how a virus infects cells. Viruses can be spread through email or via

network-connected computers and file systems.


Page 2500.7 - 7



Page 290


Revised:




WEP Stands for Wired Equivalency Privacy. A security protocol for wireless networks that encrypts

communications between the computer and the wireless access point. WEP can be cryptographically

broken with relative ease.

WPA Stands for WiFi Protected Access. A security protocol for wireless networks that encrypts

communications between the computer and the wireless access point. Newer and considered more

secure than WEP.


Revision 1.1, 12/08/2015


Page 2500.8 - 1



Page 291


Revised:

Mobile Device Policy Created: 12/08/2015



1.0 Overview

Generally speaking, a more mobile workforce is a more flexible and productive workforce. For this

reason, business use of mobile devices is growing. However, as these devices become vital tools to

the workforce, more and more sensitive data is stored on them, and thus the risk associated with their

use is growing. Special consideration must be given to the security of mobile devices.

2.0 Purpose

The purpose of this policy is to specify RETA standards for the use and security of mobile devices.

3.0 Scope

This policy applies to RETA data as it relates to mobile devices that are capable of storing such data,

including, but not limited to, laptops, notebooks, PDAs, smart phones, and USB drives. Since the

policy covers the data itself, ownership of the mobile device is irrelevant. This policy covers any

mobile device capable of coming into contact with RETA data.

4.1 Policy

4.2 Physical Security By nature, a mobile device is more susceptible to loss or theft than a non-mobile system. RETA

should carefully consider the physical security of its mobile devices and take appropriate protective

measures, including the following:

• Laptop locks and cables can be used to secure laptops when in the office or other fixed

locations.

• Mobile devices should be kept out of sight when not in use.

• Care should be given when using or transporting mobile devices in busy areas.


Page 2500.8 - 2



Page 292


Revised:




• As a general rule, mobile devices must not be stored in cars. If the situation leaves no other

viable alternatives, the device must be stored in the trunk, with the interior trunk release locked; or

in a lockable compartment such as a glove box.

• RETA should evaluate the data that will be stored on mobile devices and require remote

wipe/remote delete technology. This technology allows a user or administrator to make the data on

the mobile device unrecoverable.

• RETA should continue to monitor the market for physical security products for mobile

devices, as it is constantly evolving.

4.3 Data Security If a mobile device is lost or stolen, the data security controls that were implemented on the device are

the last line of defense for protecting RETA data. The following sections specify the company's

requirements for data security as it relates to mobile devices.

4.3.1 Laptops Use of encryption is not required but it is encouraged if data stored on the device is especially

sensitive. Laptops should require a username and password or biometrics for login.

4.3.2 PDAs/Smart Phones Use of a security passcode is required on all PDA/Smart phones if sensitive data will be

accessible on the phone. Encryption is not required on PDAs/smart phones but it is

encouraged if data stored on the device is especially sensitive.

4.3.3 Mobile Storage Media This section covers any USB drive, flash drive, memory stick or other personal data storage

media. Any such device that contains sensitive RETA information must be encrypted. Storage

of RETA data on such devices is such as meeting agendas and materials if permitted without

passcodes or encryption.

4.3.4 Portable Media Players

No RETA data can be stored on personal media players

4.3.5 Other Mobile Devices

Unless specifically addressed by this policy, storing RETA data on other mobile devices, or

connecting such devices to RETA systems, is expressly prohibited. Questions or requests

for clarification on what is and is not covered should be directed to the IT Manager.


Page 2500.8 - 3



Page 293


Revised:




4.4 Connecting to Unsecured Networks Users are permitted to connect RETA-provided computers to public or unsecured networks.

Examples of unsecured networks would typically, but not always, relate to Internet access, such as

access provided from a home network, access provided by a hotel, an open or for-pay wireless

hotspot, a convention network, or any other network not under direct control of RETA.

4.5 General Guidelines The following guidelines apply to the use of mobile devices:

• Loss, Theft, or other security incident related to a company-provided mobile device must be

reported promptly.

• Confidential data should not be stored on mobile devices unless it is absolutely necessary. If

confidential data is stored on a mobile device it must be appropriately secured and comply with the

Confidential Data policy.

• Data stored on mobile devices must be securely disposed of in accordance with the Data

Classification Policy.

• Users should take precautions when storing company data on non-company-provided mobile

devices. Storing confidential data on non-company-provided mobile devices is expressly prohibited.

4.6 Audits RETA must conduct periodic reviews to ensure policy compliance. A sampling of mobile devices

should be taken and audited against this policy on a periodic basis.




Page 2500.8 - 4



Page 294


Revised:




5.0 Enforcement





6.0 Definitions



Mobile Devices A portable device that can be used for certain applications and data storage.


Mobile Storage Media A data storage device that utilizes flash memory to store data. Often called a


Password A sequence of characters that is used to authenticate a user to a file, computer, or network.

Also known as a passphrase or passcode.

PDA Stands for Personal Digital Assistant. A portable device that stores and organizes personal

information, such as contact information, calendar, and notes.

Portable Media Player A mobile entertainment device used to play audio and video files. Examples

are mp3 players and video players.

Sensitive Information Any information that RETA staff recognize should be kept confidential is

defined for purposes of this policy as “sensitive information” and should be treated accordingly.

RETA staff are required to use good judgement in handling such information.


email.


Revision 1.1, 12/08/2015


Page 2500.9 - 1



Page 295


Revised:

Network Access and Authentication Policy Created: 12/08/2015



1.0 Overview

Consistent standards for network access and authentication are critical to RETA's information

security and are often required by regulations or third-party agreements. Any user accessing the

company's computer systems has the ability to affect the security of all users of the network. An

appropriate Network Access and Authentication Policy reduces risk of a security incident by

requiring consistent application of authentication and access standards across the network.

2.0 Purpose

The purpose of this policy is to describe what steps must be taken to ensure that users connecting to

the RETA network are authenticated in an appropriate manner, in compliance with RETA standards,

and are given the least amount of access required to perform their job function. This policy specifies

what constitutes appropriate use of network accounts and authentication standards.

3.0 Scope

The scope of this policy includes all users who have access to RETA-owned or RETA-provided

computers or require access to the RETA network and/or systems. This policy applies to employees,

guests, contractors, and anyone requiring access to the RETA network. Public access to RETA's

externally-reachable systems, such as its RETA website or public web applications, are specifically

excluded from this policy.

4.1 Policy

4.2 Account Setup During initial account setup, certain checks must be performed in order to ensure the integrity of the

process. The following policies apply to account setup:

• Positive ID and coordination with Human Resources is required.

• Users will be granted the least amount of network access required to perform his or her job

function.


Page 2500.9 - 2



Page 296


Revised:




• Users will be granted access only if he or she accepts the Acceptable Use Policy.

• Access to the network will be granted in accordance with the Acceptable Use Policy.

4.3 Account Use Network accounts must be implemented in a standard fashion and utilized consistently across the

organization. The following policies apply to account use:

• Accounts must be created using a standard format (i.e., firstname-lastname, or firstinitial-

lastname, etc.)

• Accounts must be password protected (refer to the Password Policy for more detailed

information).

• Accounts must be for individuals only. Account sharing and group accounts are not permitted.

• User accounts must not be given administrator or 'root' access unless this is necessary to

perform his or her job function.

• Occasionally guests will have a legitimate business need for access to the corporate network.

When a reasonable need is demonstrated, temporary guest access is allowed.

• Individuals requiring access to confidential data must have an individual, distinct account.

This account may be subject to additional monitoring or auditing at the discretion of the IT Manager

or executive team, or as required by applicable regulations or third-party agreements.

4.4 Account Termination Any person who leaves RETA as an employee, consultant or volunteer who had access to RETA

databases or networks must immediately surrender all sensitive and confidential information.

Network access and user accounts must end immediately by changing access codes or taking other

precautions to protect sensitive RETA information. When managing network and user accounts, it is

important to stay in communication with the Human Resources department so that when an employee

no longer works at the company, that employee's account can be disabled. Human Resources must

notify the IT Manager immediately in the event of a staffing change, which includes employment

termination, employment suspension, or a change of job function (promotion, demotion,

suspension, etc.).


Page 2500.9 - 3



Page 297


Revised:




4.5 Authentication User machines must be configured to request authentication against the domain at startup. If the

domain is not available or authentication for some reason cannot occur, then authentication should

occur on the local machine.

4.6 Use of Passwords When accessing the network locally, username and password is an acceptable means of

authentication. Usernames must be consistent with the requirements set forth in this document, and

passwords must conform to RETA's Password Policy.

4.7 Remote Network Access Remote access to the network can be provided for convenience to users but this comes at some risk

to security. For that reason, RETA encourages additional scrutiny of users remotely accessing the

network. RETA's standards dictate that username and password is an acceptable means of

authentication as long as appropriate policies are followed. Remote access must adhere to the Remote

Access Policy.

4.8 Screensaver Passwords Screensaver passwords offer an easy way to strengthen security by removing the opportunity for a

malicious user, curious employee, or intruder to access network resources through an idle computer.

For this reason screensaver passwords are required. Employees must disable access to their computer

screens whenever they are unattended.

4.9 Minimum Configuration for Access Any system connecting to the network can have a serious impact on the security of the entire network.

A vulnerability, virus, or other malware may be inadvertently introduced in this manner. For this

reason, users should update their antivirus software, as well as other critical software, to the latest

versions before accessing the network.

4.10 Encryption Industry best practices state that username and password combinations must never be sent as plain

text. If this information were intercepted, it could result in a serious security incident. Therefore,

authentication credentials must be encrypted during transmission across any network, whether the

transmission occurs internal to the RETA network or across a public network such as the Internet.


Page 2500.9 - 4



Page 298


Revised:




4.1 Failed Logons Repeated logon failures can indicate an attempt to 'crack' a password and surreptitiously access a

network account. In order to guard against password-guessing and brute-force attempts, RETA must

lock a user's account after five unsuccessful logins. This can be implemented as a time-based lockout

or require a manual reset, at the discretion of the IT Manager.

In order to protect against account guessing, when logon failures occur the error message transmitted

to the user must not indicate specifically whether the account name or password were incorrect. The

error can be as simple as "the username and/or password you supplied were incorrect."

4.2 Non-Business Hours While some security can be gained by removing account access capabilities during non-business

hours, RETA does not mandate time-of-day lockouts. This may be either to encourage working

remotely, or because RETA's business requires all-hours access.



5.0 Enforcement





6.0 Definitions

Antivirus Software An application used to protect a computer from viruses, typically through real

time defenses and periodic scanning. Antivirus software has evolved to cover other threats, including

Trojans, spyware, and other malware.


Page 2500.9 - 5



Page 299


Revised:





system or network.

Biometrics The process of using a person's unique physical characteristics to prove that

person's identity. Commonly used are fingerprints, retinal patterns, and hand geometry.



Password A sequence of characters that is used to authenticate a user to a file, computer, or

network. Also known as a passphrase or passcode.

Smart Card A plastic card containing a computer chip capable of storing information,

typically to prove the identity of the user. A card-reader is required to access the information.

Token A small hardware device used to access a computer or network. Tokens are typically in the

form of an electronic card or key fob with a regularly changing code on its display.


Revision 1.1, 12/08/2015


Page 2500.10 - 1



Page 300


Revised:

Network Security Policy Created: 12/08/2015



1.0 Overview

RETA wishes to provide a secure network infrastructure in order to protect the integrity of RETA

data and mitigate risk of a security incident. While security policies typically avoid providing overly

technical guidelines, this policy is necessarily a more technical document than most.

2.0 Purpose

The purpose of this policy is to establish the technical guidelines for IT security, and to communicate

the controls necessary for a secure network infrastructure. The network security policy will provide

the practical mechanisms to support RETA's comprehensive set of security policies. However, this

policy purposely avoids being overly-specific in order to provide some latitude in implementation

and management strategies.

3.0 Scope

This policy covers all IT systems and devices that comprise the corporate network or that are

otherwise controlled by RETA.

4.1 Policy

4.2 Network Device Passwords A compromised password on a network device could have devastating, network-wide consequences.

Passwords that are used to secure these devices, such as routers, switches, and servers, must be held

to higher standards than standard user-level or desktop system passwords. All devices and

applications must replace default passwords and access codes as soon as they are installed to protect

the security of RETA data sources and information.

4.1.1 Password Construction

The following statements apply to the construction of passwords for network devices:

• Passwords should be at least 8 characters


Page 2500.10 - 2



Page 301


Revised:




• Passwords should be comprised of a mix of letters, numbers and special characters

(punctuation marks and symbols)

• Passwords should be comprised of a mix of upper and lower case characters

• Passwords should not be comprised of, or otherwise utilize, words that can be found

in a dictionary

• Passwords should not be comprised of an obvious keyboard sequence (i.e., qwerty)

• Passwords should not include "guessable" data such as personal information like

birthdays, addresses, phone numbers, locations, etc.

4.1.2 Failed Logons Repeated logon failures can indicate an attempt to 'crack' a password and surreptitiously

access a network account. In order to guard against password-guessing and brute-force

attempts, the company must lock a user's account after 3 unsuccessful logins. This can be

implemented as a time-based lockout or require a manual reset, at the discretion of the IT

Manager.

In order to protect against account guessing, when logon failures occur the error message

transmitted to the user must not indicate specifically whether the account name or password

were incorrect. The error can be as simple as "the username and/or password you supplied

were incorrect."

4.1.3 Change Requirements Passwords must be changed according to RETA's Password Policy. Additionally, the

following requirements apply to changing network device passwords:

• If any network device password is suspected to have been compromised, all network

device passwords must be changed immediately.

• If a RETA network or system administrator leaves RETA, all passwords to which the

administrator could have had access must be changed immediately. This statement also

applies to any consultant or contractor who has access to administrative passwords.

• Vendor default passwords must be changed when new devices are put into service.


Page 2500.10 - 3



Page 302


Revised:




4.1.4 Password Policy Enforcement If possible, where passwords are used an application should be implemented that enforces

RETA's password policies on construction, changes, re-use, lockout, etc.

4.1.5 Administrative Password Guidelines As a general rule, administrative (also known as "root") access to systems should be limited

to only those who have a legitimate business need for this type of access. This is particularly

important for network devices, since administrative changes can have a major effect on the

network, and, as such, network security. Additionally, administrative access to network

devices should be logged.

4.2 Logging The logging of certain events is an important component of good network management practices.

Logging needs vary depending on the type of network system, and the type of data the system holds.

The following sections detail RETA's requirements for logging and log review.

4.2.1 Application Servers Logs from application servers are of interest since these servers often allow connections from

a large number of internal and/or external sources. These devices are often integral to smooth

business operations.

Examples: Web, email, database servers

Requirement: Logging of at least errors, faults, and login failures is encouraged but not

required. No passwords should be contained in logs.

4.2.2 Network Devices Logs from network devices are of interest since these devices control all network traffic, and

can have a huge impact on RETA's security.

Examples: Firewalls, network switches, routers

Requirement: Logging of at least errors, faults, and login failures is encouraged but not


4.2.3 Critical Devices

Critical devices are any systems that are critically important to business operations. These

systems may also fall under other categories above - in any cases where this occurs, this

section shall supersede.


Page 2500.10 - 4



Page 303


Revised:




Examples: File servers, lab or manufacturing machines, systems storing intellectual property

Requirements: Logging of at least errors, faults, and login failures is encouraged but not


4.2.4 Log Management While logging is important to RETA's network security, log management can become

burdensome if not implemented appropriately. As logs grow, so does the time required to

review the logs. For this reason, RETA recommends that a log management application be

considered.

4.2.5 Log Review Device logs do little good if they are not reviewed on a regular basis. Log management

applications can assist in highlighting important events, however, a member of RETA’s IT

team should still review the logs as frequently as is reasonable.

4.2.6 Log Retention Logs should be retained in accordance with RETA's Retention Policy. Unless otherwise

determined by the IT manager, logs should be considered operational data.

4.3 Firewalls Firewalls are arguably the most important component of a sound security strategy. Internet

connections and other unsecured networks must be separated from the RETA network through the

use of a firewall.

4.3.1 Configuration

The following statements apply to RETA's implementation of firewall technology:

• Firewalls must provide secure administrative access (through the use of encryption)

with management access limited, if possible, to only networks where management

connections would be expected to originate.

• No unnecessary services or applications should be enabled on firewalls. The company

should use 'hardened' systems for firewall platforms, or appliances.

• Clocks on firewalls should be synchronized with RETA’s other networking hardware

using NTP or another means. Among other benefits, this will aid in problem resolution and

security incident investigation.


Page 2500.10 - 5



Page 304


Revised:




• The firewall ruleset must be documented and audited annually. Audits must cover

each rule, what it is for, if it is still necessary, and if it can be improved.

• For its own protection, the firewall ruleset should include a "stealth rule," which

forbids connections to the firewall itself.

• The firewall should log dropped or rejected packets.

4.3.2 Outbound Traffic Filtering Firewalls are often configured to block only inbound connections from external sources;

however, by filtering outbound connections from the network, security can be greatly

improved. This practice is also referred to as "Egress Traffic Filtering."

Blocking outbound traffic prevents users from accessing unnecessary, and many times,

dangerous services. By specifying exactly what outbound traffic to allow, all other outbound

traffic is blocked. This type of filtering would block root kits, viruses, and other malicious

tools if a host were to become compromised. This will also prevent remote desktops from

accessing the internal network.

RETA encourages outbound filtering if possible, but it is not required. RETA’s IT consultant

should specify permitted “good” services if filtering is deemed possible.

4.4 Networking Hardware Networking hardware, such as routers, switches, hubs, bridges, and access points, should be

implemented in a consistent manner. The following statements apply to RETA’s implementation of

networking hardware:

• Networking hardware must provide secure administrative access (through the use of

encryption) with management access limited, if possible, to only networks where management

connections would be expected to originate.

• Clocks on all network hardware should be synchronized using NTP or another means. Among

other benefits, this will aid in problem resolution and security incident investigation.

• If possible for the application, switches are preferred over hubs. When using switches RETA

should use VLANs to separate networks if it is reasonable and possible to do so.


Page 2500.10 - 6



Page 305


Revised:




• Access control lists should be implemented on network devices that prohibit direct

connections to the devices. Exceptions to this are management connections that can be limited to

known sources.

• Unused services and ports should be disabled on networking hardware.

• Access to administrative ports on networking hardware should be restricted to known

management hosts and otherwise blocked with a firewall or access control list.

4.5 Network Servers Servers typically accept connections from a number of sources, both internal and external. As a

general rule, the more sources that connect to a system, the more risk that is associated with that

system, so it is particularly important to secure network servers. The following statements apply to

RETA's use of network servers:

• Unnecessary files, services, and ports should be removed or blocked. If possible, follow a

server-hardening guide, which is available from the leading operating system manufacturers.

• Network servers, even those meant to accept public connections, must be protected by a

firewall or access control list.

• If possible, a standard installation process should be developed for RETA's network servers.

This will provide consistency across servers no matter what employee or contractor handles the

installation.

• Clocks on network servers should be synchronized with RETA's other networking hardware

using NTP or another means. Among other benefits, this will aid in problem resolution and security

incident investigation.

4.6 Intrusion Detection/Intrusion Prevention Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) technology can be useful in

network monitoring and security. The tools differ in that an IDS alerts to suspicious activity whereas

an IPS blocks the activity. When tuned correctly, IDSs are useful but can generate a large amount of

data that must be evaluated for the system to be of any use. IPSs automatically take action when they

see suspicious events, which can be both good and bad, since legitimate network traffic can be

blocked along with malicious traffic.


Page 2500.10 - 7



Page 306


Revised:




RETA neither requires nor prohibits the use of IDS or IPS systems. The decision to use IDS/IPS

systems is left to the discretion of the IT Manager.

4.7 Security Testing Security testing, also known as a vulnerability assessment, a security audit, or penetration testing, is

an important part of maintaining RETA's network security. Security testing can be provided by IT

Staff members, but is often more effective when performed by a third party with no connection to

RETA's day-to-day Information Technology activities. The following sections detail RETA's

requirements for security testing.

4.7.1 Internal Security Testing Internal security testing refers to testing of the internal network performed by members of

RETA's IT team. Internal testing should not replace external testing; however, when external

testing is not practical for any reason, or as a supplement to external testing, internal testing

can be helpful in assessing the security of the network.

Internal security testing is allowable, but only by employees whose job functions are to assess

security, and only with permission of the IT Manager. Internal testing should have no

measurable negative impact on RETA's systems or network performance.

4.7.2 External Security Testing External security testing, which is testing by a third party entity, is an excellent way to audit

RETA's security controls. The IT Manager must determine to what extent this testing should

be performed, and what systems/applications it should cover.

External testing must not negatively affect network performance during business hours or

network security at any time.

"Penetration testing" to protect RETA from the active exploitation of RETA vulnerabilities

by a trusted third party should be conducted periodically. If penetration testing is performed,

it must not negatively impact RETA systems or data.

RETA encourages external security testing, but does not provide rigid guidelines regarding at

what intervals the testing should occur. Testing should be performed as often as is necessary,

as determined by the IT Manager.


Page 2500.10 - 8



Page 307


Revised:




4.8 Disposal of Information Technology Assets IT assets, such as network servers and routers, often contain sensitive data about RETA’s network

communications. When such assets are decommissioned, the following guidelines must be followed:

• Any asset tags or stickers that identify RETA must be removed before disposal.

• Any configuration information must be removed by deletion or, if applicable, resetting the

device to factory defaults.

• At a minimum, data wiping must be used. Simply reformatting a drive or deleting data does

not make the data unrecoverable. If wiping is used, RETA must use the most secure commercially-

available methods for data wiping. Alternatively, RETA has the option of physically destroying the

data storage mechanism from the device (such as its hard drive or solid state memory).

4.9 Network Compartmentalization Good network design is integral to network security. By implementing network

compartmentalization, which is separating the network into different segments, RETA will reduce its

network-wide risk from an attack or virus outbreak. Further, security can be increased if traffic must

traverse additional enforcement/inspection points. RETA requires the following with regard to

network compartmentalization:

4.9.1 Higher Risk Networks

Examples: Guest network, wireless network

Requirements: Segmentation of higher risk networks from RETA's internal network is

required.

4.9.2 Externally-Accessible Systems

Examples: Email servers, web servers

Requirements: Segmentation of externally-accessible systems from RETA's internal

network required.


Page 2500.10 - 9



Page 308


Revised:




4.9.3 Internal Networks

Examples: Sales, Finance, Human Resources

Requirements: Segmentation of internal networks from one another can improve security as

well as reduce chances that a user will access data that he or she has no right to access. RETA

encourages, but does not require, such segmentation.

4.10 Network Documentation Network documentation, specifically as it relates to security, is important for efficient and successful

network management. Further, the process of regularly documenting the network ensures that

RETA's IT Staff has a firm understanding of the network architecture at any given time. The

intangible benefits of this are immeasurable.

Network documentation should include:

• Network diagram(s)

• System configurations

• Firewall ruleset

• IP Addresses

• Access Control Lists

RETA encourages network documentation, but does not require it.

4.11 Antivirus/Anti-Malware Computer viruses and malware are pressing concerns in today's threat landscape. If a machine or

network is not properly protected, a virus outbreak can have devastating effects on the machine, the

network, and RETA. The company provides the following guidelines on the use of antivirus/anti-

malware software:

• All RETA-provided user workstations must have antivirus/anti-malware software installed.

• Workstation software must maintain a current "subscription" to receive patches and virus

signature/definition file updates.


Page 2500.10 - 10



Page 309


Revised:




• Patches, updates, and antivirus signature file updates must be installed in a timely manner,

either automatically or manually.

4.12 Software Use Policy Software applications can create risk in a number of ways, and thus certain aspects of software use

must be covered by this policy. RETA provides the following requirements for the use of software

applications:

• Only legally licensed software may be used. Licenses for RETA's software must be stored in

a secure location.

• Open source and/or public domain software can only be used with the permission of the IT

Manager.

• Software should be kept reasonably up-to-date by installing new patches and releases from

the manufacturer.

• Vulnerability alerts should be monitored for all software products that RETA uses. Any

patches that fix vulnerabilities or security holes must be installed expediently.

4.13 Maintenance Windows and Scheduled Downtime Certain tasks require that network devices be taken offline, either for a simple re-boot, an upgrade,

or other maintenance. When this occurs, the IT Staff should make every effort to perform the tasks

at times when they will have the least impact on network users.

4.14 Change Management Documenting changes to network devices is a good management practice and can help speed

resolution in the event of an incident. The IT Staff must document hardware and/or configuration

changes to network devices in a "change log." Network devices must bear a sticker or tag indicating

essential information, such as the device name, IP address, MAC address, asset information, and any

additional data that may be helpful, such as information about cabling.

4.15 Suspected Security Incidents When a security incident is suspected that may impact a network device, the IT Staff should refer to

RETA's Incident Response policy for guidance.


Page 2500.10 - 11



Page 310


Revised:




4.16 Redundancy Redundancy can be implemented on many levels, from redundancy of individual components to full

site-redundancy. As a general rule, the more redundancy implemented, the higher the availability of

the device or network, and the higher the associated cost. RETA wishes to provide the IT Manager

with latitude to determine the appropriate level of redundancy for critical systems and network

devices. Redundancy should be implemented where it is needed, and should include some or all of

the following:

• Hard drive redundancy, such as mirroring or RAID

• Server level redundancy, such as clustering or high availability

• Component level redundancy, such as redundant power supplies or redundant NICs

• Keeping hot or cold spares onsite

4.17 Manufacturer Support Contracts Outdated products can result in a serious security breach. When purchasing critical hardware or

software, RETA should consider purchasing a maintenance plan, support agreement, or software

subscription that will allow RETA to receive updates to the software and/or firmware for a specified

period of time. If such a plan is purchased, it should meet the following standards:

Hardware: The arrangement should allow for repair/replacement of the device within an acceptable

time period, as determined by the IT Manager, as well as firmware or embedded software updates.

Software: The arrangement should allow for updates, upgrades, and hotfixes for a specified period of

time.

4.18 Security Policy Compliance It is RETA's intention to comply with this policy not just on paper but in its everyday processes as

well. With that goal in mind, RETA requires the following:

4.18.1 Security Program Manager

An employee must be designated as a manager for RETA's security program. He or she will

be responsible for RETA's compliance with this security policy and any applicable security

regulations. This employee must be responsible for A) the initial implementation of the

security policies, B) ensuring that the policies are disseminated to employees C) training and


Page 2500.10 - 12



Page 311


Revised:




retraining of employees on RETA's information security program (as detailed below), D) any

ongoing testing or analysis of RETA's security in compliance with this policy, E) updating

the policy as needed to adhere with applicable regulations and the changing information

security landscape.

4.18.2 Security Training A training program must be implemented that will detail RETA's information security

program to all users and/or employees covered by the policy, as well as the importance of

data security. Employees must sign off on the receipt of, and in agreement to, the user-oriented

policies. Re-training should be performed at least annually.

4.18.3 Security Policy Review RETA's security policies should be reviewed at least annually as part of the RETA Annual

Audit Plan. Additionally, the policies should be reviewed when there is an information

security incident or a material change to RETA's security policies. As part of this evaluation,

RETA should review:

• Any applicable regulations for changes that would affect RETA's compliance or the

effectiveness of any deployed security controls.

• If RETA's deployed security controls are still capable of performing their intended

functions.

• If technology or other changes may have an effect on RETA's security strategy.

• If any changes need to be made to accommodate future IT security needs.



5.0 Enforcement





authorities.


Page 2500.10 - 13



Page 312


Revised:




6.0 Definitions

ACL A list that defines the permissions for use of, and restricts access to, network resources. This is

typically done by port and IP address.

Antivirus Software An application used to protect a computer from viruses, typically through real

time defenses and periodic scanning. Antivirus software has evolved to cover other threats, including

Trojans, spyware, and other malware.

Firewall A security system that secures the network by enforcing boundaries between secure and

insecure areas. Firewalls are often implemented at the network perimeter as well as in high-security

or high-risk areas.

Hub A network device that is used to connect multiple devices together on a network.

IDS Stands for Intrusion Detection System. A network monitoring system that detects and alerts to

suspicious activities.

IPS Stands for Intrusion Prevention System. A networking monitoring system that detects and

automatically blocks suspicious activities.

NTP Stands for Network Time Protocol. A protocol used to synchronize the clocks on networked

devices.

Password A sequence of characters that is used to authenticate a user to a file, computer, network,

or other device. Also known as a passphrase or passcode.

RAID Stands for Redundant Array of Inexpensive Disks. A storage system that spreads data across

multiple hard drives, reducing or eliminating the impact of the failure of any one drive.

Switch A network device that is used to connect devices together on a network. Differs from a hub

by segmenting computers and sending data to only the device for which that data was intended.

VLAN Stands for Virtual LAN (Local Area Network). A logical grouping of devices within a

network that act as if they are on the same physical LAN segment.


Page 2500.10 - 14



Page 313


Revised:




Virus Also called a "Computer Virus." A replicating application that attaches itself to other data,

infecting files similar to how a virus infects cells. Viruses can be spread through email or via network-

connected computers and file systems.


Revision 1.1, 12/08/2015


Page 2500.11 - 1



Page 314


Revised:

Outsourcing Policy Created: 12/08/2015



1.0 Overview

Outsourcing is a logical practice when specialized expertise is required, which happens frequently in

the field of Information Technology (IT). Trust is necessary for a successful outsourcing relationship,

however, RETA must be protected by a policy that details and enforces the terms of the outsourcing

relationship.

2.0 Purpose

The purpose of this policy is to specify actions to take when selecting a provider of outsourced IT

services, standards for secure communications with the provider, and what contractual terms should

be in place to protect RETA.

3.0 Scope

This policy covers any IT services being considered for outsourcing.

4.1 Policy

4.2 Deciding to Outsource Outsourcing IT services is often necessary but should be carefully considered, since by nature a

certain amount of control will be lost by doing so. The following questions must be affirmatively

answered before outsourcing is considered:

• Can the service be performed better or less expensively by a third party provider?

• Would it be cost-prohibitive or otherwise unreasonable to perform this service in-house?

• Will outsourcing the service positively affect the quality of this service?

• Is the cost of this service worth the benefit?

• Are any risks associated with outsourcing the service worth the benefit?


Page 2500.11 - 2



Page 315


Revised:




4.1 Outsourcing Core Functions RETA permits the outsourcing of critical and/or core functions of RETA's Information Technology

infrastructure as long as this policy is followed. Examples of these types of functions are data

backups, remote access, security, and network management.

4.2 Evaluating a Provider Once the decision to outsource an Information Technology function has been made, selecting the

appropriate provider is critical to the success of the endeavor. Due diligence must be performed after

the potential providers have been pared to a short list of two to three companies. Due diligence must

always be performed prior to a provider being selected.

Due diligence should include an evaluation of the provider's ability to perform the requested services.

It should involve a review of the provider's reputation, technical ability, and experience providing the

same services to similar companies.

If the outsourced service will involve the provider having access to, or storing RETA's confidential

information, due diligence should cover the provider's security controls for access to the confidential

information.

4.3 Security Controls The outsourcing contract must provide a mechanism for secure information exchange with the service

provider. This will vary with the type of service being outsourced, but may include remote access,

VPN, or encrypted file exchange.

RETA and provider must also maintain a mechanism for verifying the identity of the other party and

confirming changes to the service. This will prevent an attacker from using social engineering tactics

to gain access to RETA data.

4.4 Outsourcing Contracts All outsourced Information Technology services must be governed by a legal contract, with an

original of the executed contract maintained by RETA.

Contracts must:

• Cover a specified time period

• Specify exact pricing for the services


Page 2500.11 - 3



Page 316


Revised:




• Specify how the provider will treat confidential information

• Include a non-disclosure agreement

• Specify services to be provided, including Service Level Agreements and penalties for

missing the levels

• Allow for cancellation if contractual terms are not met

• Specify standards for subcontracting of the services and reassignment of contract

• Cover liability issues

• Describe how and where to handle contractual disputes

4.3 Access to Information The provider must be given the least amount of network, system, and/or data access required to

perform the contracted services. This access must follow applicable policies and be periodically

audited.



5.0 Enforcement





6.0 Definitions



Page 2500.11 - 4



Page 317


Revised:






Network Management A far-reaching term that refers to the process of maintaining and

administering a network to ensure its availability, performance, and security.


Often performed by home-based or traveling users to access documents, email, or other resources at

a main site.

VPN A secure network implemented over an insecure medium, created by using encrypted tunnels

for communication between endpoints.


Revision 1.1, 12/08/2015


Page 2500.12 - 1



Page 318


Revised:

Password Policy Created: 12/08/2015



1.0 Overview

A solid password policy is perhaps the most important security control an organization can employ.

Since the responsibility for choosing good passwords falls on the users, a detailed and easy-to-

understand policy is essential.

2.0 Purpose

The purpose of this policy is to specify guidelines for use of passwords. Most importantly, this policy

will help users understand why strong passwords are a necessity, and help them create passwords that

are both secure and useable. Lastly, this policy will educate users on the secure use of passwords.

3.0 Scope

This policy applies to any person who is provided an account on the organization's network or

systems, including: employees, guests, contractors, partners, vendors, etc.

4.1 Policy

4.2 Construction The best security against a password incident is simple: following a sound password construction

strategy. The organization mandates that users adhere to the following guidelines on password

construction:

• Passwords should be at least 8 characters

• Passwords should be comprised of a mix of letters, numbers and special characters

(punctuation marks and symbols)

• Passwords should be comprised of a mix of upper and lower case characters

• Passwords should not be comprised of, or otherwise utilize, words that can be found in a

dictionary


Page 2500.12 - 2



Page 319


Revised:




• Passwords should not be comprised of an obvious keyboard sequence (i.e., qwerty)

• Passwords should not include "guessable" data such as personal information about yourself,

your spouse, your pet, your children, birthdays, addresses, phone numbers, locations, etc.

Creating and remembering strong passwords does not have to be difficult. Substituting numbers for

letters is a common way to introduce extra characters - a '3' can be used for an 'E,' a '4' can be used

for an 'A,' or a '0' for an 'O.' Symbols can be introduced this way as well, for example an 'i' can be

changed to a '!.'

Another way to create an easy-to-remember strong password is to think of a sentence, and then use

the first letter of each word as a password. The sentence: 'The quick brown fox jumps over the lazy

dog!' easily becomes the password 'Tqbfjotld!'. Of course, users may need to add additional characters

and symbols required by the Password Policy, but this technique will help make strong passwords

easier for users to remember.

4.3 Confidentiality Passwords should be considered confidential data and treated with the same discretion as any of the

organization's proprietary information. The following guidelines apply to the confidentiality of

organization passwords:

• Users must not disclose their passwords to anyone

• Users must not share their passwords with others (co-workers, supervisors, family, etc.)

• Users must not write down their passwords and leave them unsecured

• Users must not check the "save password" box when authenticating to applications that

contain secure RETA data or information

• Users must not use the same password for different systems and/or accounts that contain

secure RETA data or information

• Users must not send passwords via email

• Users must not re-use passwords


Page 2500.12 - 3



Page 320


Revised:




4.1 Change Frequency In order to maintain good security, passwords should be periodically changed. This limits the damage

an attacker can do as well as helps to frustrate brute force attempts. RETA does not wish to apply

any hard limits to when passwords must be changed, but asks that users exercise discretion and

change passwords sporadically.

4.2 Incident Reporting Since compromise of a single password can have a catastrophic impact on network security, it is the

user’s responsibility to immediately report any suspicious activity involving his or her passwords to

the IT Manager. Any request for passwords over the phone or email, whether the request came from

RETA personnel or not, should be expediently reported. When a password is suspected to have been

compromised the IT Manager will request that the user, or users, change all his or her passwords.

Any program or application that includes provisions or two-factor authentication should be enabled.

4.3 Applicability of Other Policies This document is part of the organization's cohesive set of security policies. Other policies may apply

to the topics covered in this document and as such the applicable policies should be reviewed as

needed.

5.0 Enforcement



to and including termination of employment. Where illegal activities or theft of company property


6.0 Definitions


system or network.

Password A sequence of characters that is used to authenticate a user to a file, computer,

network, or other device. Also known as a passphrase or passcode.


Page 2500.12 - 4



Page 321


Revised:




Two Factor Authentication A means of authenticating a user that utilizes two methods: something

the user has, and something the user knows. Examples are smart cards, tokens, or biometrics, in

combination with a password.


Revision 1.1, 12/08/2015


Page 2500.13 - 1



Page 322


Revised:

Physical Security Policy Created: 12/08/2015



1.0 Overview

Information assets are necessarily associated with the physical devices on which they reside.

Information is stored on workstations and servers and transmitted on RETA's physical network

infrastructure. In order to secure RETA data, thought must be given to the security of RETA's

physical Information Technology (IT) resources to ensure that they are protected from standard risks.

2.0 Purpose

The purpose of this policy is to protect RETA's physical information systems by setting standards

for secure operations.

3.0 Scope

This policy applies to the physical security of RETA's information systems, including, but not limited

to, all RETA-owned or RETA-provided network devices, servers, personal computers, mobile

devices, and storage media. Additionally, any person working in or visiting RETA's office is covered

by this policy.

Please note that this policy covers the physical security of RETA's Information Technology

infrastructure, and does not cover the security of non-IT items or the important topic of employee

security. While there will always be overlap, care must be taken to ensure that this policy is consistent

with any existing physical security policies.

4.1 Policy

4.2 Choosing a Site When possible, thought should be given to selecting a site for IT Operations that is secure and free

of unnecessary environmental challenges. This is especially true when selecting a datacenter or a site

for centralized IT operations. At a minimum, RETA's site should meet the following criteria:

• A site should not be particularly susceptible to fire, flood, earthquake, or other natural

disasters.


Page 2500.13 - 2



Page 323


Revised:




• A site should not be located in an area where the crime rate and/or risk of theft is higher than

average.

• A site should have the fewest number of entry points possible.

If these criteria cannot be effectively met for any reason, RETA should consider outsourcing its data

in whole or in part to a third-party datacenter or hosting provider, provided that such a company can

cost effectively meet or exceed RETA's requirements.

4.3 Security Zones At a minimum, RETA will maintain standard security controls, such as locks on exterior doors and/or

an alarm system, to secure RETA's assets. In addition to this RETA must provide security in layers

by designating different security zones within the building. Security zones should include:

Public This includes areas of the building or office that are intended for public access.

• Access Restrictions: None

• Additional Security Controls: None

• Examples: Lobby, common areas of building

Company This includes areas of the building or office that are used only by employees and other

persons for official RETA business.

• Access Restrictions: Only RETA personnel and approved/escorted guests


• Examples: Hallways, private offices, work areas, conference rooms

Private This includes areas that are restricted to use by certain persons within RETA, such as

executives, scientists, engineers, and IT personnel, for security or safety reasons.

• Access Restrictions: Only specifically approved personnel


Page 2500.13 - 3



Page 324


Revised:





• Examples: Executive offices, lab space, network room, manufacturing area, financial offices,

and storage areas.

4.4 Access Controls Access controls are necessary to restrict entry to RETA premises and security zones to only approved

persons. There are a several standard ways to do this, which are outlined in this section, along with

RETA's guidelines for their use.

4.4.1 Keys & Keypads The use of keys and keypads is acceptable. These security mechanisms are the most

inexpensive and is the most familiar to users. The disadvantage is that RETA has no control,

aside from changing the locks or codes, over how and when the access is used. Keys can be

copied and keypad codes can be shared or seen during input. However, used in conjunction

with another security strategy, such as an alarm system, good security can be obtained with

keys and keypads.

4.4.2 Keycards & Biometrics While keycards and biometrics are allowable forms of access controls, RETA does not require

their use at this time.

Keycards and biometrics have an advantage over keys in that access policies can be tuned to

the individual user. Schedules can be set to forbid off-hours access, or forbid users from

accessing a security zone where they are not authorized. Perhaps best of all, these methods

allow for control over exactly who possesses the credentials. If a keycard is lost or stolen it

can be immediately disabled. If an employee is terminated or resigns, that user's access can

be disabled. The granular control offered by keycards and biometrics make them appealing

access control methods.

4.4.3 Alarm System A security alarm system is a good way to minimize risk of theft, or reduce loss in the event

of a theft. RETA mandates the use of professionally monitored alarm system. The system

must be monitored 24x7, with RETA personnel being notified if an alarm is tripped at any

time.


Page 2500.13 - 4



Page 325


Revised:




4.5 Physical Data Security Certain physical precautions must be taken to ensure the integrity of RETA's data. At a

minimum, the following guidelines must be followed:

• Computer screens should be positioned where information on the screens cannot be seen by

outsiders.

• Confidential and sensitive information should not be displayed on a computer screen where

the screen can be viewed by those not authorized to view the information.

• Users must log off or shut down their workstations when leaving for an extended time

period, or at the end of the workday.

• Network cabling should not run through unsecured areas unless the cabling is carrying only

public data (i.e., extended wiring for an Internet circuit).

• RETA recommends disabling network ports that are not in use.

4.6 Physical System Security In addition to protecting the data on RETA's information technology assets, this policy provides the

guidelines below on keeping the systems themselves secure from damage or theft.

4.6.1 Minimizing Risk of Loss and Theft In order to minimize the risk of data loss through loss or theft of RETA property, the

following guidelines must be followed:

• Unused systems: If a system is not in use for an extended period of time it should be

moved to a secure area or otherwise secured.

• Mobile devices: Special precautions must be taken to prevent loss or theft of mobile

devices. Refer to RETA's Mobile Device Policy for guidance.

• Systems that store confidential data: Special precautions must be taken to prevent

loss or theft of these systems. Refer to RETA's Confidential Data Policy for guidance.


Page 2500.13 - 5



Page 326


Revised:




4.6.2 Minimizing Risk of Damage Systems that store RETA data are often sensitive electronic devices that are susceptible to

being inadvertently damaged. In order to minimize the risk of damage, the following

guidelines must be followed:

• Environmental controls should keep the operating environment of RETA systems

within standards specified by the manufacturer. These standards often involve, but are not

limited to, temperature and humidity.

• Proper grounding procedures must be followed when opening system cases. This may

include use of a grounding wrist strap or other means to ensure that the danger from static

electricity is minimized.

• Strong magnets must not be used in proximity to RETA systems or media.

• Except in the case of a fire suppression system, open liquids must not be located above

RETA systems. Technicians working on or near RETA systems should never use the systems

as tables for beverages. Beverages must never be placed where they can be spilled onto RETA

systems.

• Uninterruptible Power Supplies (UPSs) and/or surge-protectors are required for

important systems and encouraged for all systems. These devices must carry a warranty that

covers the value of the systems if the systems were to be damaged by a power surge.

4.7 Fire Prevention It is RETA's policy to provide a safe workplace that minimizes the risk of fire. In addition to the

danger to employees, even a small fire can be catastrophic to computer systems. Further, due to the

electrical components of IT systems, the fire danger in these areas is typically higher than other areas

of RETA's office. The guidelines below are intended to be specific to RETA's information technology

assets and should conform to RETA's overall fire safety policy.

• Fire, smoke alarms, and/or suppression systems must be used, and must conform to local fire

codes and applicable ordinances.

• Electrical outlets must not be overloaded. Users must not chain multiple power strips,

extension cords, or surge protectors together.

• Extension cords, surge protectors, power strips, and uninterruptible power supplies must be

of the three-wire/three-prong variety.


Page 2500.13 - 6



Page 327


Revised:




• Only electrical equipment that has been approved by Underwriters Laboratories and bears the

UL seal of approval must be used.

• Unused electrical equipment should be turned off when not in use for extended periods of

time (i.e., during non-business hours) if possible.

• Periodic inspection of electrical equipment must be performed. Power cords, cabling, and

other electrical devices must be checked for excessive wear or cracks. If overly-worn equipment is

found, the equipment must be replaced or taken out of service immediately depending on the degree

of wear.

• A smoke alarm monitoring service must be used that will alert a designated RETA employee

if an alarm is tripped during non-business hours.

4.8 Entry Security It is RETA's policy to provide a safe workplace for employees. Monitoring those who enter and exit

the premises is a good security practice in general, but is particularly true for minimizing risk to

RETA systems and data. The guidelines below are intended to be specific to RETA's information

technology assets and should conform to RETA's overall security policy.

4.8.1 Use of Identification Badges Identification (ID) badges are useful to identify authorized persons on RETA premises.

RETA has established the following guidelines for the use of ID badges.

• Employees: ID badges are not required.

• Non-employees/Visitors: Visitor badges are not required for individual visitors,

though generic visitor badges are encouraged when they could help identify visitors to staff

and others while they are in RETA offices.

4.8.2 Sign-in Requirements RETA does not wish to establish any requirements for employee/visitor sign-in. Use of a

visitor sign-in register is encouraged.

4.8.3 Visitor Access

Visitors should be given only the level of access to RETA premises that is appropriate to the

reason for their visit. After checking in, visitors must be escorted unless they are considered


Page 2500.13 - 7



Page 328


Revised:




"trusted" by RETA. Examples of a trusted visitor may be RETA's legal counsel, financial

advisor, RETA Board and Committee members, RETA consultants and contractors, or a

courier that frequents the office. Specific requirements for each person will be decided by

RETA executive staff on a case-by-case basis.



5.0 Enforcement





6.0 Definitions

Biometrics The process of using a person's unique physical characteristics to prove that

person's identity. Commonly used are fingerprints, retinal patterns, and hand geometry.

Datacenter A location used to house a company's servers or other information technology

assets. Typically offers enhanced security, redundancy, and environmental controls.

Keycard A plastic card that is swiped, or that contains a proximity device, that is used for

identification purposes. Often used to grant and/or track physical access.

Keypad A small keyboard or number entry device that allows a user to input a code for

authentication purposes. Often used to grant and/or track physical access.

Mobile Device A portable device that can be used for certain applications and data storage.


PDA Stands for Personal Digital Assistant. A portable device that stores and organizes

personal information, such as contact information, calendar, and notes.


Page 2500.13 - 8



Page 329


Revised:





email.

Uninterruptible Power Supplies (UPSs) A battery system that automatically provides power to

electrical devices during a power outage for a certain period of time. Typically also contains power

surge protection.


Revision 1.1, 12/08/2015


Page 2500.14 - 1



Page 330


Revised:

Remote Access Policy Created: 12/08/2015



1.0 Overview

It is often necessary to provide access to RETA information resources to employees or others working

outside RETA's network. While this can lead to productivity improvements it can also create certain

vulnerabilities if not implemented properly. The goal of this policy is to provide the framework for

secure remote access implementation.

2.0 Purpose

This policy is provided to define standards for accessing RETA information technology resources

from outside the network. This includes access for any reason from the employee's home, remote

working locations, while traveling, etc. The purpose is to define how to protect information assets

when using an insecure transmission medium.

3.0 Scope

The scope of this policy covers all employees, contractors, and external parties that access company

resources over a third-party network, whether such access is performed with RETA-provided or non-

RETA-provided equipment.

4.1 Policy

4.2 Prohibited Actions Remote access to RETA systems is only to be offered through a RETA-provided means of remote

access in a secure fashion. The following are specifically prohibited:

• Installing a modem, router, or other remote access device on a RETA system without the

approval of the IT Manager.

• Remotely accessing corporate systems with a remote desktop tool, such as VNC, Citrix, or

GoToMyPC without the written approval from the IT Manager.

• Use of non-RETA-provided remote access software.


Page 2500.14 - 2



Page 331


Revised:




• Split Tunneling to connect to an insecure network in addition to the RETA network, or in

order to bypass security restrictions.

4.3 Use of non-RETA-provided Machines Accessing the RETA network through home or public machines can present a security risk, as RETA

cannot completely control the security of the system accessing the network. Use of non-RETA-

provided machines to access the RETA network is permitted as long as this policy is adhered to, and

as long as the machine meets the following criteria:

• It has up-to-date antivirus software installed

• Its software patch levels are current

• It is protected by a firewall

When accessing the network remotely, users must not store confidential information on home or

public machines.

4.4 Client Software RETA will supply users with remote access software that allows for secure access and enforces the

remote access policy. The software will provide traffic encryption in order to protect the data during

transmission. The user is responsible for maintaining a secure system, free of viruses and backdoors.

4.5 Network Access There are no restrictions on what information or network segments users can access when working

remotely, however the level of access should not exceed the access a user receives when working in

the office.

4.6 Idle Connections Due to the security risks associated with remote network access, it is a good practice to dictate that

idle connections be timed out periodically. Remote connections to RETA's network must be timed

out after 1 hour of inactivity.




Page 2500.14 - 3



Page 332


Revised:




5.0 Enforcement


disciplinary action, which may include suspension, restriction of access, or more severe penalties

up to and including termination of employment. Where illegal activities or theft of RETA property


authorities.

6.0 Definitions

Modem A hardware device that allows a computer to send and receive digital information over

a telephone line.


Often performed by home-based or traveling users to access documents, email, or other resources

at a main site.

Split Tunneling A method of accessing a local network and a public network, such as the Internet,

using the same connection.

Timeout A technique that drops or closes a connection after a certain period of inactivity.

Two Factor Authentication A means of authenticating a user that utilizes two methods:

something the user has, and something the user knows. Examples are smart cards, tokens, or

biometrics, in combination with a password.


Revision 1.1, 12/08/2015


Page 2500.15 - 1



Page 333


Revised:

Retention Policy Created: 12/08/2015



1.0 Overview

The need to retain data varies widely with the type of data. Some data can be immediately deleted

and some must be retained until reasonable potential for future need no longer exists. Since this can

be somewhat subjective, a retention policy is important to ensure that the company's guidelines on

retention are consistently applied throughout the organization.

2.0 Purpose

The purpose of this policy is to specify RETA's guidelines for retaining different types of data.

3.0 Scope

The scope of this policy covers all RETA data stored on RETA-owned, RETA-leased, and otherwise

RETA-provided systems and media, regardless of location.

Note that the need to retain certain information can be mandated by local, industry, or federal

regulations. Where this policy differs from applicable regulations, the policy specified in the

regulations will apply.

4.1 Policy

4.2 Reasons for Data Retention RETA does not wish to simply adopt a "save everything" mentality. That is not practical or cost-

effective, and would place an excessive burden on the IT Staff to manage the constantly-growing

amount of data.

Some data, however, must be retained in order to protect RETA's interests, preserve evidence, and

generally conform to good business practices. Some reasons for data retention include:

• Litigation

• Accident investigation


Page 2500.15 - 2



Page 334


Revised:




• Security incident investigation

• Regulatory requirements

• Intellectual property preservation

4.3 Data Duplication As data storage increases in size and decreases in cost, companies often err on the side of storing data

in several places on the network. A common example of this is where a single file may be stored on

a local user's machine, on a central file server, and again on a backup system. When identifying and

classifying RETA's data, it is important to also understand where that data may be stored, particularly

as duplicate copies, so that this policy may be applied to all duplicates of the information.

4.4 Retention Requirements This section sets guidelines for retaining the different types of RETA data.

Personal There are no retention requirements for personal data. In fact, RETA requires that it be

deleted or destroyed when it is no longer needed.

Public Public data must be retained for 3 years.

Operational Most RETA data will fall in this category. Operational data must be retained for 5 years.

Critical Critical data must be retained for 10 years beyond the expiration date of any certified

person’s RETA credential.

Confidential Confidential data must be retained for 10 years beyond the expiration date of any

certified person’s RETA credential.

4.5 Retention of Encrypted Data If any information retained under this policy is stored in an encrypted format, considerations must be

taken for secure storage of the encryption keys. Encryption keys must be retained as long as the data

that the keys decrypt is retained.


Page 2500.15 - 3



Page 335


Revised:




4.1 Data Destruction Data destruction is a critical component of a data retention policy. Data destruction ensures that

RETA will not get buried in data, making data management and data retrieval more complicated and

expensive than it needs to be. Exactly how certain data should be destroyed is covered in the Data

Classification Policy.

When the retention timeframe expires, RETA must actively destroy the data covered by this policy.

If a user feels that certain data should not be destroyed, he or she should identify the data to his or

her supervisor so that an exception to the policy can be considered. Since this decision has long-term

legal implications, exceptions will be approved only by a member or members of RETA's executive

team.

RETA specifically directs users not to destroy data in violation of this policy. Particularly forbidden

is destroying data that a user may feel is harmful to himself or herself, or destroying data in an attempt

to cover up a violation of law or RETA policy.



5.0 Enforcement





6.0 Definitions


Encryption The process of encoding data with an algorithm so that it is unintelligible and

secure without the key. Used to protect data during transmission or while stored.

Encryption Key An alphanumeric series of characters that enables data to be encrypted and

decrypted.


Page 2500.15 - 4



Page 336


Revised:





Revision 1.1, 12/08/2015


Page 2500.16 - 1



Page 337


Revised:

Test Development and Security Policy Created: 12/08/2015



1.0 Overview

RETA certification examinations are developed under the direction and supervision of RETA’s

Consulting Psychometrician. Test development and security for all RETA examinations is based on

guidelines for credentialing exams as specified in the 2014 Standards for Educational and

Psychological Testing developed by the American Educational Research Association, the American

Psychological Association, and the National Council on Educational Measurement.

2.0 Purpose

The purpose of this policy is to specify RETA's guidelines for protecting the fairness, validity and

security of all RETA certification examinations.

3.0 Scope

The scope of this policy covers all RETA examinations.

4.1 Policy

4.2 Test Development Procedures The RETA Certification Committee (CertComm) serves as the “scheme committee” as defined under

ANSI Standard 17024. CertComm procedures are documented separately in the RETA Policies and

Procedures Manual under Section 500, Certification, and in the CertComm Operations Manual.

4.3 Access to Confidential and Secure Test Content RETA’s Consulting Psychometrician controls all access to RETA item banks, test forms and other

secure test materials. All reviews of content for RETA exam questions occurs under his/her direct

supervision. CertComm members and other consultants who may participate in this process are

required to sign and adhere to Non-Disclosure and Confidentiality Agreements specifying that they

will not share any secure test content or materials at any time with anyone.


Page 2500.16 - 2



Page 338


Revised:




4.1 Test Delivery Vendor Security and Support

Kryterion, RETA’s test delivery vendor, keeps all RETA test content, test forms and documents

required for secure design, control and administration of RETA examinations confidential. Test

questions for RETA certification exams are delivered through encrypted cloud-based delivery

channels to each test center. Each question is removed from the test station computer terminal as

soon as a candidate records his or her answer to the question.

RETA’s Consulting Psychometrician places required questions and test forms into Kryterion’s

system and controls designations of all active test forms. Kryterion’s technical support may include

support in delivery of these services at the request of RETA’s Certification Manager when RETA’s

Consulting Psychometrician is not available.

4.2 Types of RETA Examinations

Book Tests RETA offers end-of-course examinations for unproctored online delivery through

Kryterion’s system. Candidates who earn a passing score on these Book Tests receive credit toward

recertification of a RETA credential. Candidates may take Book Tests at home, at work or on any

computer that has the necessary Internet connection.

Practice Tests RETA also provides practice certification examinations for unproctored online

delivery through Kryterion’s system. Candidates who complete Practice Tests receive diagnostic

reports informing them where questions they answer incorrectly are supported in RETA books and

study materials. Candidates may take Practice Tests at home, at work or on any computer that has the

necessary Internet connection.

Certification Examinations RETA currently provides four certification examinations through

secure, proctored online delivery in approved testing centers throughout the U.S.

Certified Assistant Refrigeration Operator (CARO)

Certified Industrial Refrigeration Operator (CIRO)

Certified Refrigeration Energy Specialist (CRES)

RETA-Authorized Instructor (RAI)

Each of these certification examinations is administered under strict security and controls under the

supervision of proctors who are screened and approved to maintain the security, validity and integrity

of each RETA exam.


Page 2500.17 - 1



Page 340


Revised:




4.1 Secure Test Centers

Kryterion Testing Network (KTN) Test Centers Kryterion maintains a network of over 400

U.S. test centers where secure examinations can be administered under the direct supervision of

trained and approved proctors. Kryterion also offers examinations in nearly 400 international test

centers. RETA examinations may become available in selected international test centers under mutual

agreements as these opportunities develop.

RETA Testing Network Centers RETA approves and manages test centers in both public and

private training facilities that may provide training in industrial refrigeration content. RETA delivers

these exams through Kryterion’s cloud-based secure system. All exams in RETA Testing Network

Centers are supervised by trained and approved proctors under rules specified in the RETA Testing

Network Operations Manual and the RETA Proctor Guide. These also document administrative rules

and procedures, including that no person who is involved in training candidates for RETA

certification is ever permitted in the test center while any RETA certification test is underway.

5.0 Enforcement

This policy will be enforced by RETA’s Certification Manager, the Executive Team and the

Consulting Psychometrician. Violations may result in disciplinary action, which may include

suspension, restriction of access, or more severe penalties up to and including termination of testing

in a center or facility. Where illegal activities or theft of RETA property (physical or intellectual) are

suspected, RETA may report such activities to the applicable authorities.

6.0 Definitions

Proctor An individual who is trained and qualified to supervise secure administration of RETA

examinations in approved test centers.

Test Centers Locations that are required to meet test security and administrative procedures by

Kryterion and/or RETA.

7.0 Revision History Revision 1.1, 12/08/2015


Page 2500.17 - 1



Page 340


Revised:

Third Party Connection Policy Created: 12/08/2015



1.0 Overview

Direct connections to external entities are sometimes required for business operations. These

connections are typically to provide access to vendors or customers for service delivery. Since

RETA's security policies and controls do not extend to the users of the third parties' networks, these

connections can present a significant risk to the network and thus require careful consideration.

2.0 Purpose

The policy is intended to provide guidelines for deploying and securing direct connections to third

parties.

3.0 Scope

The scope of this policy covers all direct connections to RETA's network from non-RETA owned

networks. This policy excludes remote access and Virtual Private Network (VPN) access, which are

covered in separate policies.

4.1 Policy

4.2 Use of Third Party Connections Third party connections are to be discouraged and used only if no other reasonable option is available.

When it is necessary to grant access to a third party, the access must be restricted and carefully

controlled. A requester of a third party connection must demonstrate a compelling business need for

the connection. This request must be approved and implemented by the IT Manager.

4.3 Security of Third Party Access Third party connections require additional scrutiny. The following statements will govern these

connections:

• Connections to third parties must use a firewall or Access Control List (ACL) to separate

RETA's network from the third party's network.


Page 2500.17 - 2



Page 341


Revised:




• Third parties will be provided only the minimum access necessary to perform the function

requiring access. If possible this should include time-of-day restrictions to limit access to only the

hours when such access is required.

• Wherever possible, systems requiring third party access should be placed in a public network

segment or demilitarized zone (DMZ) in order to protect internal network resources.

• If a third party connection is deemed to be a serious security risk, the IT Manager will have

the authority to prohibit the connection. If the connection is absolutely required for business

functions, additional security measures should be taken at the discretion of the IT Manager.

• Third parties must sign and adhere to a Non-Disclosure and Confidentiality Statement for all

information about RETA members, candidates, staff and programs as specified by RETA’s Executive

Team. For example, the Northwest Energy Efficiency Alliance (NEEA) and all organizations

participating in developing RETA’s Certified Refrigeration Energy Specialist (CRES) certification

have been required to provide such agreements.

4.4 Restricting Third Party Access Best practices for a third party connection require that the link be held to higher security standards

than an intra-RETA connection. As such, the third party must agree to:

• Restrict access to RETA's network to only those users that have a legitimate business need

for access.

• Provide RETA with the names and any other requested information about individuals that

will have access to the connection. RETA reserves the right to approve or deny this access based

on its risk assessment of the connection.

• Supply RETA with on-hours and off-hours contact information for the person or persons

responsible for the connection.

• (If confidential data is involved) Provide RETA with the names and any other requested

information about individuals that will have access to RETA's confidential data. The steward or

owner of the confidential data will have the right to approve or deny this access for any reason.


Page 2500.17 - 3



Page 342


Revised:




4.1 Auditing of Connections In order to ensure that third-party connections are in compliance with this policy, they must be audited

quarterly.



5.0 Enforcement





6.0 Definitions

Access Control List (ACL) A list that defines the permissions for use of, and restricts access to,

network resources. This is typically done by port and IP address.

Demilitarized Zone (DMZ) A perimeter network, typically inside the firewall but external to the

private or protected network, where publicly-accessible machines are located. A DMZ allows higher-

risk machines to be segmented from the internal network while still providing security controls.

Firewall A security system that secures the network by enforcing boundaries between secure and

insecure areas. Firewalls are often implemented at the network perimeter as well as in high-security

or high-risk areas.

Third Party Connection A direct connection to a party external to the company. Examples of third

party connections include connections to customers, vendors, partners, or suppliers.


Revision 1.1, 12/08/2015


Page 2500.18 - 1



Page 343


Revised:

VPN Policy Created: 12/08/2015



1.0 Overview

A Virtual Private Network, or VPN, provides a method to communicate with remote sites securely

over a public medium, such as the Internet. A site-to-site VPN is a dependable and inexpensive

substitute for a point-to-point Wide Area Network (WAN). Site-to-site VPNs can be used to connect

the LAN to a number of different types of networks: branch or home offices, vendors, partners,

customers, etc. As with any external access, these connections need to be carefully controlled through

a policy.

2.0 Purpose

This policy details RETA's standards for site-to-site VPNs. The purpose of this policy is to specify

the security standards required for such access, ensuring the integrity of data transmitted and received,

and securing the VPN pathways into the network.

3.0 Scope

The scope of this policy covers all site-to-site VPNs that are a part of RETA's infrastructure, including

both sites requiring access to RETA's network (inbound) and sites where RETA connects to external

resources (outbound). Note that remote access VPNs are covered under a separate Remote Access

Policy.

4.1 Policy

4.2 Encryption Site-to-site VPNs must utilize strong encryption to protect data during transmission. Encryption

algorithms must meet or exceed current minimum industry standards, such as Triple DES or AES.

4.3 Authentication Site-to-site VPNs must utilize a strong password, pre-shared key, certificate, or other means of

authentication to verify the identity the remote entity. The strongest authentication method available

must be used, which can vary from product-to-product.


Page 2500.18 - 2



Page 344


Revised:




4.1 Implementation When site-to-site VPNs are implemented, they should adhere to the policy of least access, providing

access limited to only what is required for business purposes if possible. This should be done on a

best-effort basis and is not a requirement.

4.2 Management RETA should manage its own VPN gateways, meaning that a third party must not provide and

manage both sides of the site-to-site VPN, unless this arrangement is covered under an outsourcing

agreement. If an existing VPN is to be changed, the changes must only be performed with the

approval of the IT Manager.

4.3 Logging and Monitoring RETA does not require logging or monitoring traffic related to the site-to-site VPN.

4.4 Encryption Keys Site-to-site VPNs are created with pre-shared keys. The security of these keys is critical to the security

of the VPN, and by extension, the network. Encryption keys should be changed periodically.

If certificates are used instead of pre-shared keys, the certificates should expire and be re-generated

after three years.

4.5 Applicability of Other Policies This document is part of the company's cohesive set of security policies. Other policies may apply to

the topics covered in this document and as such the applicable policies should be reviewed as needed.

5.0 Enforcement






Page 2500.18 - 3



Page 345


Revised:




6.0 Definitions

Certificate Also called a "Digital Certificate." A file that confirms the identity of an entity, such as

a company or person. Often used in VPN and encryption management to establish trust of the remote

entity.

Demilitarized Zone (DMZ) A perimeter network, typically inside the firewall but external to the

private or protected network, where publicly-accessible machines are located. A DMZ allows higher-

risk machines to be segmented from the internal network while still providing security controls.



Remote Access VPN A VPN implementation at the individual user level. Used to provide remote

and traveling users secure network access.

Site-to-Site VPN A VPN implemented between two static sites, often different locations of a

business.

Virtual Private Network (VPN) A secure network implemented over an insecure medium, created

by using encrypted tunnels for communication between endpoints.


Revision 1.1, 12/08/2015


Page 2500.19 - 1



Page 346


Revised:

Wireless Access Policy Created: 12/08/2015



1.0 Overview

Wireless communication is playing an increasingly important role in the workplace. In the past,

wireless access was the exception; it has now become the norm in many companies. However, while

wireless access can increase mobility and productivity of users, it can also introduce security risks to

the network. These risks can be mitigated with a sound Wireless Access Policy.

2.0 Purpose

The purpose of this policy is to state the standards for wireless access to RETA's network. Wireless

access can be done securely if certain steps are taken to mitigate known risks. This policy outlines

the steps RETA wishes to take to secure its wireless infrastructure.

3.0 Scope

This policy covers anyone who accesses the network via a wireless connection. The policy further

covers the wireless infrastructure of the network, including access points, routers, wireless network

interface cards, and anything else capable of transmitting or receiving a wireless signal.

4.1 Policy

4.2 Physical Guidelines Unless a directional antenna is used, a wireless access point typically broadcasts its signal in all

directions. For this reason, access points should be located central to the office space rather than along

exterior walls. If it is possible with the technology in use, signal broadcast strength should be reduced

to only what is necessary to cover the office space. Directional antennas should be considered in order

to focus the signal to areas where it is needed.

Physical security of access points should be considered - access points should not be placed in public

or easily accessed areas if possible.


Page 2500.19 - 2



Page 347


Revised:




4.1 Configuration and Installation The following guidelines apply to the configuration and installation of wireless networks:

4.2.1 Security Configuration

• The Service Set Identifier (SSID) of the access point must be changed from the factory

default. The SSID should be changed to something completely nondescript. Specifically, the

SSID must not identify RETA, the location of the access point, or anything else that may

allow a third party to associate the access point's signal to RETA.

• Administrative access to wireless access points should utilize strong passwords.

• Encryption should be used to secure wireless communications. Stronger algorithms

are preferred to weaker ones (i.e., WPA should be implemented rather than WEP).

Encryption keys should be changed and redistributed periodically.

4.2.2 Installation

• Software and/or firmware on the wireless access points and wireless network

interface cards (NICs) should be updated prior to deployment.

• Wireless networking must not be deployed in a manner that will circumvent RETA's

security controls.

• Wireless devices should be installed only by RETA's IT department.

Channels used by wireless devices should be evaluated to ensure that they do not interfere with RETA

equipment.

4.3 Accessing Confidential Data Wireless access to confidential data is permitted as long as the access is consistent with this and

other policies that apply to confidential data.


Page 2500.19 - 3



Page 348


Revised:




4.3 Inactivity Users should disable their wireless capability when not using the wireless network. This will reduce

the chances that their machine could be compromised from the wireless NIC.

Inactive wireless access points should be disabled. If not regularly used and maintained, inactive

access points represent an unacceptable risk to RETA.

4.4 Audits The wireless network should be periodically audited to ensure that this policy is being followed.

Specific audit points should be: location of access points, signal strength, SSID, and use of strong

encryption.



5.0 Enforcement





6.0 Definitions

Mac Address Short for Media Access Control Address. The unique hardware address of a network

interface card (wireless or wired). Used for identification purposes when connecting to a computer

network.

SSID Stands for Service Set Identifier. The name that uniquely identifies a wireless network.

WEP Stands for Wired Equivalency Privacy. A security protocol for wireless networks that encrypts

communications between the computer and the wireless access point. WEP can be cryptographically

broken with relative ease.


Page 2500.19 - 4



Page 349


Revised:




WiFi Short for Wireless Fidelity. Refers to networking protocols that are broadcast wirelessly using

the 802.11 family of standards.

Wireless Access Point A central device that broadcasts a wireless signal and allows for user

connections. A wireless access point typically connects to a wired network.

Wireless NIC A Network Interface Card (NIC) that connects to wireless, rather than wired, networks.

WPA Stands for WiFi Protected Access. A security protocol for wireless networks that encrypts

communications between the computer and the wireless access point. Newer and considered more

secure than WEP.


Revision 1.1, 12/08/2015


Page 2500.20 - 1



Page 350


Revised:

Guest Network Access Request

Company:

User Name:

Department:

I understand that being granted access to computer systems and company information carries

a great deal of responsibility. I recognize that I am being granted this access with the

understanding that I will use the network resources and company information in a responsible

manner. I realize that specific guidelines and expectations of me are detailed in the appropriate

policies.

Initial below to indicate which policies you have received, read, understand, and to which you

agree:

Acceptable Use Data Classification

Password Confidential Data

Remote Access Mobile Device

Retention

Other (list: )

I UNDERSTAND THAT WHILE THE COMPANY INTENDS TO PROVIDE A SAFE AND POSITIVE

EXPERIENCE WHEN USING COMPANY SYSTEMS AND THE INTERNET, THE COMPANY MAKES NO

WARRANTIES AS TO THE CONTENT OF THE NETWORK AND THE INTERNET.

I AM RESPONSIBLE FOR MY OWN ACTIONS AND WILL RELEASE THE COMPANY FROM ANY

LIABILITY RELATING TO MY NETWORK USAGE. I AGREE TO USE THE NETWORK AND SYSTEMS

IN AN APPROPRIATE MANNER AS SPECIFIED IN THE APPLICABLE POLICIES. I UNDERSTAND

THAT MY USE OF THE NETWORK AND SYSTEMS MAY BE MONITORED AT ANY TIME AND I

SHOULD HAVE NO EXPECTATION OF PRIVACY IN CONNECTION WITH THIS USE.

I UNDERSTAND THAT FAILURE TO USE THE NETWORK IN A RESPONSIBLE MANNER MAY RESULT

IN LOSS OF NETWORK PRIVILEGES, SUSPENSION, OR TERMINATION. I UNDERSTAND THAT IF

ILLEGAL ACTIVITY IS SUSPECTED, THE COMPANY WILL REPORT THE ACTIVITY TO THE

APPLICABLE AUTHORITIES.

User Name (Print):

User Signature:

Date:


Page 2500.20 - 2



Page 351


Revised:

Policy Acknowledgement Form

Guest Name:

Guest Company:

Employee

Contact:

The company may wish to provide access to guests on a case-by-case basis in accordance with

its Guest Access Policy. Please complete the information below in order to be granted access.

Dates Needed: From: To:

Reason for Access:

Access Needed: Outbound to Internet

(check one) Specific Resources on the network (list: )

Specific Ports or Services (list: )

Access Requested: Wired Wireless

(check one)

The company reserves the right to require Guests to review and accept the corporate Acceptable

Use Policy (AUP) before being granted network access. Please initial the statement below that

is most accurate:

I have read, understand, and agree to the Acceptable Use Policy.

I have read and do not agree to the Acceptable Use Policy.

I have not been asked to review the Acceptable Use Policy.

Please provide any additional information related to your request for access below:

Guest Name (Print): Date:

Guest Signature:

Employee Contact:

Employee Signature:




Page 2500.20 - 3


Section 2500 – Corporate Security Policy

Revised:

Guest Network Access Request

Company:

User Name:

Department:

Date of Incident: Time/Date Incident Detected:

Incident Location:

Type of Incident: Physical: Loss or theft of device containing company information

(circle one) Complete Section 1

Electronic: Suspicious password request, hack attempt, virus infection

Complete Section 2

Section 1: Physical Security Incident

Media/Device Type:

Encryption Used?: Yes No Confidential Data Involved?: Yes No Unsure

Section 2: Electronic Security Incident

Type of Incident: Hack attempt Denial of Service

Malicious Code (Trojan/virus)

Unauthorized system access

Suspicious password request Misuse of systems

Password compromise

Other (explain below)

Confidential Data Involved?: Yes No Unsure

Impact of Incident: Data Loss/Corruption System Damage

System/Network Downtime

Web Page Defacement

Other (explain below)

Section 3: All Incidents

Describe Incident:

(attach additional pages if needed)




Page 2500.20 - 4


Section 2500 – Corporate Security Policy

Revised:

Security Incident Report

Actions Taken:


By signing below I certify that the information I have provided on this form is true to the best

of my knowledge:

User Name (Print):

User Signature:

Date:

*** Please give this form immediately to the IT Manager or your supervisor ***




Page 2500.20 - 5


Section 2500 – Corporate Security Policy Revised:

Company:

User Name:

Supervisor:

Department:

Policy:

Date of

Noncompliance:

Date of Form Completion:

Describe Incident:


Type of Action: Verbal Warning (Internal Use Only)

(circle one) Written Warning

Restriction or termination of network/system access (describe below)

Suspension: From: To:

Termination: Effective:

Additional Details

About Action:

Corrective Action

Plan (if applicable):

Next Step if

Problem Continues:




Page 2500.20 - 6

Notice of Policy Noncompliance



I acknowledge receipt of this notice of noncompliance with company policy and agree that its

contents have been discussed with me. I understand that my signature below does not

necessarily indicate agreement with this notice. I understand that I have a right to provide

mitigating information to my supervisor regarding the event.

User Name (Print):

User Signature:

Date:

Supervisor Name (Print):

Supervisor Signature:

Date:

Copies of this form must be provided to:

User

Supervisor/Department Head Human Resources




Page 2500.20 - 7



Company:

User Name:

Department:

I understand that being granted access to computer systems and company information carries

a great deal of responsibility. I recognize that I am being granted this access with the

understanding that I will use the network resources and company information in a responsible

and proper manner. I realize that specific guidelines and expectations of me are detailed in the

appropriate policies.

Initial below to indicate which policies you have received, read, understand, and to which you

agree:

Acceptable Use Data Classification

Password Confidential Data

Remote Access Mobile Device

Retention Email

Other (list: )

I UNDERSTAND THAT WHILE THE COMPANY INTENDS TO PROVIDE A SAFE AND POSITIVE

EXPERIENCE WHEN USING COMPANY SYSTEMS AND THE INTERNET, THE COMPANY MAKES NO

WARRANTIES AS TO THE CONTENT OF THE NETWORK AND THE INTERNET.

I AM RESPONSIBLE FOR MY OWN ACTIONS AND WILL RELEASE THE COMPANY FROM ANY

LIABILITY RELATING TO MY NETWORK USAGE. I AGREE TO USE THE NETWORK AND SYSTEMS

IN AN APPROPRIATE MANNER AS SPECIFIED IN THE APPLICABLE POLICIES. I UNDERSTAND

THAT MY USE OF THE NETWORK AND SYSTEMS MAY BE MONITORED AT ANY TIME AND I

SHOULD HAVE NO EXPECTATION OF PRIVACY IN CONNECTION WITH THIS USE.

I UNDERSTAND THAT FAILURE TO USE THE NETWORK IN A RESPONSIBLE MANNER MAY RESULT

IN LOSS OF NETWORK PRIVILEGES, SUSPENSION, OR TERMINATION. I UNDERSTAND THAT IF

ILLEGAL ACTIVITY IS SUSPECTED, THE COMPANY WILL REPORT THE ACTIVITY TO THE

APPLICABLE AUTHORITIES.

User Name (Print):

User Signature:

Date:




Page 2500.20 - 8



ABC Company, Inc. Policy

Amendment

Policy Amended: Policy Created:

Policy Amendment Number: Date of Amendment:

Section of: Corporate Security Policies Target Audience:

Company Name: Page: 1

ABC Company, Inc. is hereinafter referred to as “the company.”

1.0 Details of Amendment

This document hereby amends the Policy as

follows: Section (number and name of section) is changed

read:

(Cut and paste text from the policy PDF, making the changes required. It is sometimes good practice to

highlight the changes with italics).

Except as specifically stated above, all other provisions of the company’s security policies remain in

effect. The changes detailed herein are effective immediately on the authority of the undersigned.

Signature: Date:

Name: Title: