General Security Policy Essay examples

4710 WordsJan 21, 201219 Pages
Sample Information Security Policy I. POLICY A. It is the policy of ORGANIZATION XYZ that information, as defined hereinafter, in all its forms--written, spoken, recorded electronically or printed--will be protected from accidental or intentional unauthorized modification, destruction or disclosure throughout its life cycle. This protection includes an appropriate level of security over the equipment and software used to process, store, and transmit that information. B. All policies and procedures must be documented and made available to individuals responsible for their implementation and compliance. All activities identified by the policies and procedures must also be documented. All the documentation, which…show more content…
Integrity: Data or information has not been altered or destroyed in an unauthorized manner. Involved Persons: Every worker at ORGANIZATION XYZ -- no matter what their status. This includes physicians, residents, students, employees, contractors, consultants, temporaries, volunteers, interns, etc. Involved Systems: All computer equipment and network systems that are operated within the ORGANIZATION XYZ environment. This includes all platforms (operating systems), all computer sizes (personal digital assistants, desktops, mainframes, etc.), and all applications and data (whether developed in-house or licensed from third parties) contained on those systems. Protected Health Information (PHI): PHI is health information, including demographic information, created or received by the ORGANIZATION XYZ entities which relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual and that identifies or can be used to identify the individual. Risk: The probability of a loss of confidentiality, integrity, or availability of information resources. V. INFORMATION SECURITY RESPONSIBILITIES A. Information Security Officer: The Information Security Officer (ISO) for each entity
Open Document