BCP
Revision 1.0
PRE-INCIDENT CHANGES
The following will be implemented to be help ensure the well-being of the company in the event of incident:
1. Backups of all data, images, production systems, configurations, customer data, sales data, finance data, HR data, legal data, management data, IT and InfoSec data will be maintained via standard procedure, and stored not only at the main office but in another data center within another region of the US, such as a hot site, to be available for use at any time.
2. A BCP Committee will be formed to audit and review the current BCP plan for any changes that may need to be made, with input from the security team, IT, sales, operations, upper management, finance, HR and legal teams. BCP
…show more content…
Any data on customer environments retrieved from vulnerability scanning and PCI scanning is deemed sensitive. Documents of logs and other troubleshooting data received to support is deemed sensitive, as well as routinely stored logs within log manager.
Development Data
Data belonging to development departments such as proposed projects, trade secrets, projects in route to be deployed, historic operations information, QA data and implementation data are deemed sensitive.
Sales and Marketing Data
Data with regard to prospective customers, contracts, marketing strategies, marketing metrics and transactions are deemed sensitive.
Employee Data
Data in regard to an employee’s tax records, personal data, employment contracts and training data, transactions, entry/exit records and browsing/working records are deemed sensitive data.
DATA PROTECTION DURING NORMAL BUSINESS
1. Encryption of all hard drives on all devices, including employee machines, servers, and all devices where possible, is required.
2. All network traffic throughout the company will be encrypted where possible.
3. All external contact into the local LAN must be done through VPN connection.
4. Strict adherence to the Access Request procedure must be exercised when IT gives any type of access to systems or data, including direct manager approval, business justification, standard role, justification for extra system or data access beyond standard role, and
As well as any high level procedures are unavailable to employees, therefore a senior employee will only have the respected clearance in order to deter any customer information from being tampered
4.3 Describe situations where information normally considered to be confidential might need to be passed on.
The legal requirement in relation to security and confidentiality are described by in the Data Protection Act 1998 and says that anyone who records information about individuals is classed as a data processor under the Act and is required by law to process the data fairly and lawfully. The Act prevents the unauthorised use of data and so protects the privacy of individuals. The Act also says never to disclose information that my organisation holds about individuals.
The Licensee has the following controls are in place to secure sensitive customer information. Access controls are in place to limit user access to sensitive customer information. Access to physical data is under lock and key with limited access to IT administrators. Doors are closed and locked when IT room is not occupied. All workstations require LDAP access via Microsoft Active Directory and Data backups are located off site and locally.
iv. Users of remote workstations must comply with HIPAA Security Policy # 10 - Workstation Use)
For the task of creating a Business Continuity Plan (BCP), I will follow a logical and systematic formula for implementation, monitoring and reviewing the plan for United Health Group.
productivity, computers, systems, etc at all time, employees will ensure they are being proactive. In addition, employees will ensure they are not using any company assets for personal gain or knowledge because they are aware someone is monitoring them at all times.
There are several dimensions by which data can be valued, including financial or business, regulatory, legal and privacy. A useful exercise to help determine the value of data, and to which risks it is vulnerable, is to create a data flow diagram. The diagram shows how data flows through your organization and beyond so you can see how it is created, amended, stored, accessed and used. Don't, however, just classify data based on the application that creates it, such as CRM or Accounts. This type of distinction may avoid many of the complexities of data classification, but it is too blunt an approach to achieve suitable levels of security and access.
Confidentiality is very important when in the workplace, in order for to maintain confidentiality there needs to be some set rules and regulations that all service users must adhere to. This includes putting passwords on computers/laptops that have confidential information on, information kept in files or filling cabinets should be locked away and secure, never leaving offices unlocked for long periods of time
Confidentiality is a standard of professionalism that must be respected, unless the disclosure of information is permitted by law. The IBMS reinforces the importance of the ability to identify the personal limits of their professional knowledge and skills; tasks should not be performed by those who lack training, qualifications, or the relevant experience
According to Gartee (2011), Privately Held Information is meant to be safeguarded, but there are times when the information in them is needed for varied purposes.
They are to be treated as confidential and kept secure as per Privacy Act 1998
DLIS has decided to develop a business continuity plan (BCP) with the full support of management.
Confidentiality means that data is concealed and can only be seen by the intended recipient.
University employees will take every measure to ensure confidential data is protected and accessed exclusively for job related responsibilities. Confidential data includes personal, financial and educational records for employees, students, alumni and friends of the university. This covers both paper and electronic records. Users must: