Information Security Policy Template

Published on April 2017 | Categories: Documents | Downloads: 44 | Comments: 0 | Views: 281
of 2
Download PDF   Embed   Report

Comments

Content

 

Information Security Policy Template This Information Security Policy Template requires some areas to be filled in to ensure the policy is complete. Once completed, it is important that it is distributed to all staff members and enforced as stated. It may be necessary to make other adjustments as necessary based on the needs of your environment as well as other federal and state regulatory requirements.

Number  1 

Value  Company Name/Logo 

Description  Company name or logo of organization.  



Last Revision Date 

Last revision date of the Information Security Policy.  



Document Owner 



Approval Date 

Document owner of the policy. This is usually someone at an executive level.  Date that the policy has been officially approved  



Effective Date 



Company Name 



Outside Agencies 



Privacy Officer 



CST Team 

10 

Contractor Access 

11 

Screen Lock 

12 

Electronic Communication, E-Mail, Internet Usage 

13 

Audit of Login ID’s 

14 

User Lockout 

15 

Password Length 

16 

Password Change 

Specify how many days before the password must be changed.  

17 

Password Reuse 

Specify how many previous passwords cannot be used.  

18 

Antivirus Software 

19 

Antivirus Company 

20 

Antivirus Updates 

21 

Security System 

22 

Business Hours 

23 

Secure Doors 

Specify the name of the antivirus software being used at the Practice.  Specify the name of the antivirus company that makes the product being used.  Specify what time antivirus updates are scheduled to perform. If this is not an option, then ensure it updates at least daily.   Specify the security method being used to protect the facility during non-working hours.  Specify the business hours of when the reception area is staffed. This may or may not be the hours of operation for the Practice.   Specify how access to secure areas of the facility is controlled, i.e. swipe cards, standard locks, or cipher locks. 

24 

Motion Detectors 

25 

Glass Sensors 

Effective date of the policy. This can be a different than the approved date if needed.   Company/Practice name. No logo used for this particular part of the policy.  List any outside agencies or organizations, if applicable, whose laws, mandates, directives, or regulations were included in the policy, i.e. CMS, DHHS, VHA, etc.  List the name and phone number of the person designated as the Privacy Officer.  List the title and name of the individuals that will become part of Confidentiality   specify what identifying For contractorsand thatSecurity enter theTeam. building, badge is given to them during their visit into your facility.   When a user leaves a computer unlocked, specify how long until the screen automatically locks. This value will need to be enforced.   Specifies allowable and prohibited uses of electronic communications, e-mail and the Internet. Oftentimes, an organization will maintain computer, Internet and e-mail usage policies in other HR policies or the employee handbook. Please refer to these sources and modify this section accordingly.   Specify how often user IDs are audited. This includes network and EHR user accounts.  Specify how many unsuccessful login attempts a user has before the account becomes locked out.   Specify the minimum password length. This should be the same for network and EHR access but if different, be sure to specify this.  

Specify whether motion sensors/detectors are used. If not, then just remove this information.  Specify whether glass breakage sensors are used. If not, then just remove this information. 

 

Number  26 

Value  Security Cameras 

27 

Password Change 

28 

Provided Equipment 

29 

Screen Lock 

30 

Record Retention 

31 

Misc. Values 

32 

Contact Number 

Description  Specify whether security cameras are used. If not, then just remove this information.  Specify how many days before the password must be changed for those users who work remotely, if different than internal users.   List all the equipment that is provided to users that work from home whether full time or even occasionally.  When a user leaves a computer unlocked, specify how long until the screen automatically locks for users that work remotely. Specify how long documents are kept related to uses and disclosures, notice of privacy practices, complaints, etc.  Values that can be adjusted as necessary as appropriate for the

Practice.  Enter the contact number for the Privacy Officer for the purposes of reporting a breach. 

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close