Organizational Data Privacy and Security Policy

1271 Words6 Pages
Organizational Data Privacy and Security Policy
Alyaa Ghanim

What are Organizational Data Privacy and Security Policy?

It is the policy of the Organization to protect against the unauthorized access, use, corruption, disclosure, and distribution of non-public personal information.
The Organization shall hold non-public personal information in strict confidence and shall not release or disclose such information to any person except as required or authorized by law and only to such authorized persons who are to receive it. The Organization shall not use any non-public personal information for any purpose other than the administration of a receivership or in the event that it assists a regulator in the supervision of an insurer. In
…show more content…
5. A succession plan is required from organization for key persons in the event of a disruption to normal business processes.
6. The Organization should ensure that the greatest extent possible based on the size of the organization that there is a clear separation of duties to prevent important management controls from being overlooked. Segregation of duties as defined in the Procedures will preserve the integrity, availability, and confidentiality of information assets by minimizing opportunities for security incidents, outages and personnel problems.
7. Training employees and other authorized users are important in an Organization and maintenance of security procedures.
8. Violations of the data privacy and security policy may result in disciplinary action up to and including termination of employment.

Information Systems

There are some procedures that Organization should follow to protect and maintain the security and integrity of its information systems which include infrastructure and software design, information processing, storage, transmission, retrieval and disposal.
So, Figure (1) illustrates the matters that the procedures should be handled:

Figure (1): Procedure’s matters

1. Limiting access to those individuals necessary to carry out the Organization’s role with respect to non-public personal information.
2. Physical and electronic protection of
Open Document