SlideShare uma empresa Scribd logo

Policy and procedure of hospitals

Transferir como PPTX, PDF
Mohammed Alabdali
Mohammed Alabdali

Some of policy that used in hospitals

Tecnologia
1 de 18
 Data stored in information systems represents an increasingly valuable asset to the Trust as systems proliferate and increased reliance is placed on them.  The Trust seeks to protect its information systems from misuse and to minimize the impact of service breaks by developing this Information Security Policy and procedures to manage and enforce it.
 Confidentiality: Data access is confined to those with specified authority to view the data.  Integrity: All system assets are operating correctly according to specification and in the way the current user believes them to be operating.  Availability: Information is delivered to the right person when it is needed.
The purpose of the policy is to ensure that: • The Trust’s information systems are properly assessed for security. • Confidentiality, integrity and availability are maintained. • Staff are aware of their responsibilities, roles and accountability. • Procedures to detect and resolve security breaches are in place.
 All central processors/networked file servers/central network equipment will always be located in secure areas with restricted access.  Local network equipment/file servers and N3 terminating equipment will always be located in secure areas and/or lockable cabinets.
 The Trust’s central computer rooms will be high security areas housing the Trusts Corporate and Departmental multi user systems. An entry restriction system will be incorporated to protect the suite. The Trusts swipe card entry restrictions will be applied. Access logs will be received by the ICT Department and reviewed weekly.
 Unrestricted access to the central computer facilities will be confined to designated staff, whose job function requires access to that particular area/equipment. Restricted access to other staff, where there is a specific job function need for such access, will be granted on a temporary basis.  Authenticated representatives of third party support agencies will only be given access through specific authorization from the SIRO or appropriate deputy.
 Logs will be maintained of pass card entry to the Computer rooms via the Trust’s Building Management System. A further visitors log is maintained in each of the Computer rooms detailing the name, date, company and reason for visit of all visitors to the rooms.
 All central systems will have daily backup regimes formalized. Such backups will have a minimum of a 5 day cycle before media is overwritten. Removable backup media will be kept in a secure location in a separate fire zone away from the Servers concerned.  The viability of central systems backups will be provided when used in contingency tests.
 To ensure data confidentiality all obsolete removable media will be disposed of via the ICT department who will arrange appropriate confidential disposal and destruction (refer to Trust’s Disposal of IT Equipment and Media Policy).  Disable USB and CD.
 Objective:  To comply with the law on licensed products and minimize risk of computer viruses.  Licensed Software:  All users should ensure that they only use licensed copies of commercial software. It is a criminal offence to make/use unauthorized copies of commercial software and offenders are liable to disciplinary action. The ICT Department will be responsible for holding copies of all licenses.
 Trust Software Standards:  The Trust will only permit approved software to be installed on its PCs. Approval will be via the ICT department. The Head of ICT (or designated deputy) will countersign all requisitions for new software.  The Trust will require the use of specific general purpose packages.  5 Users should not load any software onto Trust PCs without ICT approval.
 Virus Control:  The Trust seeks to minimize the risks of computer viruses through education, good practice/procedures and anti-virus software loaded on all Networked PCs and Servers.  Users should report any viruses detected/suspected on their machines immediately to the ICT Helpdesk.  4 The ICT Department will be responsible for installing and updating the Anti-Virus software. Virus databases will be updated on a regular basis and all networked systems and users will be protected. Virus software will also be loaded on standalone PC's. All devices connected to the Trust network will automatically have anti-virus software loaded. Definition files will also be updated at least daily.
Objective:  To be able to ensure the security of the Trust’s Data Network. To do this the Trust will:  Ensure availability.  Ensure that the network is for authorized users.  Preserve the integrity of all data and information on the network.  Protect the network from unauthorized or accidental modification ensuring the accuracy and completeness of the Trust’s assets.  Preserve confidentiality.  Protect against unauthorized disclosure
 Data Network Definition:  The Data Network is a collection of communication equipment such as LAN switches, routers, servers, computers, printers, which have been connected together. The network is created to share data.  Network Security Policy:  This policy applies to all networks with the Trust used for:  The storage, sharing and transmission of non-clinical data and images.  The storage, sharing and transmission of clinical data and images.  Printing or scanning non-clinical or clinical data or images.  The provision of Internet and email systems for receiving, sending and storing non-clinical and clinical data or images.
 Disaster recovery plans will always include:  Emergency procedures covering immediate actions to be taken in response to an incident (e.g. alerting disaster recovery personnel).  Resumption procedures describing the actions to be taken to return to full normal service.  Testing procedures describing how the disaster recovery plan will be tested.
 Objective:  To control and monitor the use of email and the Internet.  To protect the Trust and the users from misuse.  User Agreements:  Users of the Trusts Email system and connection to the N3 and the Internet will be given a copy of the Trust’s Internet and Email Acceptable Use Policy. New accounts will not be enabled until the user signs and returns the acknowledgement slip to the ICT department.  Limited attachment size.  Blocked media website ( Facebook, twitter, youtube…)  Disable download.
Eng. Mohammed M. AL-Abdali Eng. Haitham T. AL-Sherbi

Recomendados

security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatanceKudzi Chikwatu
 
Securing information system (Management Information System)
Securing information system (Management Information System)Securing information system (Management Information System)
Securing information system (Management Information System)Masudur Rahman
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information SystemDaryl Conson
 
Security
SecuritySecurity
SecurityDr. Vardhan choubey
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Securing information system
Securing information systemSecuring information system
Securing information systemTanjim Rasul
 
System security
System securitySystem security
System securitysommerville-videos
 

Recomendados

security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatanceKudzi Chikwatu
 
Securing information system (Management Information System)
Securing information system (Management Information System)Securing information system (Management Information System)
Securing information system (Management Information System)Masudur Rahman
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information SystemDaryl Conson
 
Security
SecuritySecurity
SecurityDr. Vardhan choubey
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Securing information system
Securing information systemSecuring information system
Securing information systemTanjim Rasul
 
System security
System securitySystem security
System securitysommerville-videos
 
System Security
System SecuritySystem Security
System SecurityReddhi Basu
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Information security policy
Information security policyInformation security policy
Information security policyBalachanderThilakar1
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
Personal Data Protection
Personal Data ProtectionPersonal Data Protection
Personal Data ProtectionCreatorsCircle
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3 Kabul Education University
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Security and Control Issues in information Systems
Security and Control Issues in information SystemsSecurity and Control Issues in information Systems
Security and Control Issues in information SystemsDr. Rosemarie Sibbaluca-Guirre
 
Network Security
Network SecurityNetwork Security
Network SecuritySayantan Sur
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxBilmyRikas
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1Ali Habeeb
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
System security
System securitySystem security
System securityinvertis university
 
The Role of the Patient's Voice in Improving the Quality of Health Care
The Role of the Patient's Voice in Improving the Quality of Health Care The Role of the Patient's Voice in Improving the Quality of Health Care
The Role of the Patient's Voice in Improving the Quality of Health Care Informed Medical Decisions Foundation
 
GRAFICAS PARA CLIENTES
GRAFICAS PARA CLIENTESGRAFICAS PARA CLIENTES
GRAFICAS PARA CLIENTESAccenture
 

Mais conteúdo relacionado

Mais procurados

06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
Personal Data Protection
Personal Data ProtectionPersonal Data Protection
Personal Data ProtectionCreatorsCircle
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxBilmyRikas
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 

Mais procurados (20)

System Security
System SecuritySystem Security
System Security
 
06. security concept
06. security concept06. security concept
06. security concept
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Information security policy
Information security policyInformation security policy
Information security policy
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
 
Personal Data Protection
Personal Data ProtectionPersonal Data Protection
Personal Data Protection
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Security and Control Issues in information Systems
Security and Control Issues in information SystemsSecurity and Control Issues in information Systems
Security and Control Issues in information Systems
 
Network Security
Network SecurityNetwork Security
Network Security
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
System security
System securitySystem security
System security
 

Destaque

The Role of the Patient's Voice in Improving the Quality of Health Care
The Role of the Patient's Voice in Improving the Quality of Health Care The Role of the Patient's Voice in Improving the Quality of Health Care
The Role of the Patient's Voice in Improving the Quality of Health Care Informed Medical Decisions Foundation
 
GRAFICAS PARA CLIENTES
GRAFICAS PARA CLIENTESGRAFICAS PARA CLIENTES
GRAFICAS PARA CLIENTESAccenture
 
Ata acompanhamento 18022016
Ata acompanhamento 18022016Ata acompanhamento 18022016
Ata acompanhamento 18022016Josete Sampaio
 
Sessio grau de medicina 20 02 2016
Sessio grau de medicina 20 02 2016Sessio grau de medicina 20 02 2016
Sessio grau de medicina 20 02 2016JAUME GRAU CANO
 
Certified Ethical Hacking Course & Training
Certified Ethical Hacking Course & Training Certified Ethical Hacking Course & Training
Certified Ethical Hacking Course & Training Ravina Pillai
 
HIERGRATISBIER !!
HIERGRATISBIER !! HIERGRATISBIER !!
HIERGRATISBIER !! IvoTeijeB
 
Closing the Quality Gap: Improving Quality of Care for Patients With Serious...
Closing the Quality Gap: Improving Quality of Care for Patients With Serious...Closing the Quality Gap: Improving Quality of Care for Patients With Serious...
Closing the Quality Gap: Improving Quality of Care for Patients With Serious...Sonia Tyutyulkova
 
HEALTH INSURANCE PRESENTATION
HEALTH INSURANCE PRESENTATIONHEALTH INSURANCE PRESENTATION
HEALTH INSURANCE PRESENTATIONSandeep Mane
 

Destaque (16)

The Role of the Patient's Voice in Improving the Quality of Health Care
The Role of the Patient's Voice in Improving the Quality of Health Care The Role of the Patient's Voice in Improving the Quality of Health Care
The Role of the Patient's Voice in Improving the Quality of Health Care
 
GRAFICAS PARA CLIENTES
GRAFICAS PARA CLIENTESGRAFICAS PARA CLIENTES
GRAFICAS PARA CLIENTES
 
Azhar1mbc
Azhar1mbcAzhar1mbc
Azhar1mbc
 
Ata acompanhamento 18022016
Ata acompanhamento 18022016Ata acompanhamento 18022016
Ata acompanhamento 18022016
 
45jaargetrouwd 016
45jaargetrouwd 01645jaargetrouwd 016
45jaargetrouwd 016
 
Sessio grau de medicina 20 02 2016
Sessio grau de medicina 20 02 2016Sessio grau de medicina 20 02 2016
Sessio grau de medicina 20 02 2016
 
01709154.PPTX
01709154.PPTX01709154.PPTX
01709154.PPTX
 
Certified Ethical Hacking Course & Training
Certified Ethical Hacking Course & Training Certified Ethical Hacking Course & Training
Certified Ethical Hacking Course & Training
 
thesis
thesisthesis
thesis
 
HIERGRATISBIER !!
HIERGRATISBIER !! HIERGRATISBIER !!
HIERGRATISBIER !!
 
Statement
StatementStatement
Statement
 
Askep bblr
Askep bblrAskep bblr
Askep bblr
 
Demografía argentina
Demografía argentinaDemografía argentina
Demografía argentina
 
Closing the Quality Gap: Improving Quality of Care for Patients With Serious...
Closing the Quality Gap: Improving Quality of Care for Patients With Serious...Closing the Quality Gap: Improving Quality of Care for Patients With Serious...
Closing the Quality Gap: Improving Quality of Care for Patients With Serious...
 
HEALTH INSURANCE PRESENTATION
HEALTH INSURANCE PRESENTATIONHEALTH INSURANCE PRESENTATION
HEALTH INSURANCE PRESENTATION
 
Aspectos de la salvacion posters por de los tales
Aspectos de la salvacion posters por de los talesAspectos de la salvacion posters por de los tales
Aspectos de la salvacion posters por de los tales
 

Semelhante a Policy and procedure of hospitals

IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policyssuser06c4a6
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network designnephtalie
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxedgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxfathwaitewalter
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1misecho
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comphanleson
 
Secure Financial Intelligence System
Secure Financial Intelligence SystemSecure Financial Intelligence System
Secure Financial Intelligence SystemJoseph Yosi Margalit
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxmelbruce90096
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power pointbodo-con
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxtodd331
 
CYBERSECURITY.pptx
CYBERSECURITY.pptxCYBERSECURITY.pptx
CYBERSECURITY.pptxItzRoswell1
 

Semelhante a Policy and procedure of hospitals (20)

IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policy
 
Mis
MisMis
Mis
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network design
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
Mis
MisMis
Mis
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 
Unit v
Unit vUnit v
Unit v
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.com
 
Secure Financial Intelligence System
Secure Financial Intelligence SystemSecure Financial Intelligence System
Secure Financial Intelligence System
 
Computer security
Computer securityComputer security
Computer security
 
презентация1
презентация1презентация1
презентация1
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docx
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power point
 
security of information systems
security of information systems security of information systems
security of information systems
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
 
CYBERSECURITY.pptx
CYBERSECURITY.pptxCYBERSECURITY.pptx
CYBERSECURITY.pptx
 
IT Policy
IT PolicyIT Policy
IT Policy
 

Último

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Último (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Policy and procedure of hospitals

  • 1.
  • 2.  Data stored in information systems represents an increasingly valuable asset to the Trust as systems proliferate and increased reliance is placed on them.  The Trust seeks to protect its information systems from misuse and to minimize the impact of service breaks by developing this Information Security Policy and procedures to manage and enforce it.
  • 3.  Confidentiality: Data access is confined to those with specified authority to view the data.  Integrity: All system assets are operating correctly according to specification and in the way the current user believes them to be operating.  Availability: Information is delivered to the right person when it is needed.
  • 4. The purpose of the policy is to ensure that: • The Trust’s information systems are properly assessed for security. • Confidentiality, integrity and availability are maintained. • Staff are aware of their responsibilities, roles and accountability. • Procedures to detect and resolve security breaches are in place.
  • 5.  All central processors/networked file servers/central network equipment will always be located in secure areas with restricted access.  Local network equipment/file servers and N3 terminating equipment will always be located in secure areas and/or lockable cabinets.
  • 6.  The Trust’s central computer rooms will be high security areas housing the Trusts Corporate and Departmental multi user systems. An entry restriction system will be incorporated to protect the suite. The Trusts swipe card entry restrictions will be applied. Access logs will be received by the ICT Department and reviewed weekly.
  • 7.  Unrestricted access to the central computer facilities will be confined to designated staff, whose job function requires access to that particular area/equipment. Restricted access to other staff, where there is a specific job function need for such access, will be granted on a temporary basis.  Authenticated representatives of third party support agencies will only be given access through specific authorization from the SIRO or appropriate deputy.
  • 8.  Logs will be maintained of pass card entry to the Computer rooms via the Trust’s Building Management System. A further visitors log is maintained in each of the Computer rooms detailing the name, date, company and reason for visit of all visitors to the rooms.
  • 9.  All central systems will have daily backup regimes formalized. Such backups will have a minimum of a 5 day cycle before media is overwritten. Removable backup media will be kept in a secure location in a separate fire zone away from the Servers concerned.  The viability of central systems backups will be provided when used in contingency tests.
  • 10.  To ensure data confidentiality all obsolete removable media will be disposed of via the ICT department who will arrange appropriate confidential disposal and destruction (refer to Trust’s Disposal of IT Equipment and Media Policy).  Disable USB and CD.
  • 11.  Objective:  To comply with the law on licensed products and minimize risk of computer viruses.  Licensed Software:  All users should ensure that they only use licensed copies of commercial software. It is a criminal offence to make/use unauthorized copies of commercial software and offenders are liable to disciplinary action. The ICT Department will be responsible for holding copies of all licenses.
  • 12.  Trust Software Standards:  The Trust will only permit approved software to be installed on its PCs. Approval will be via the ICT department. The Head of ICT (or designated deputy) will countersign all requisitions for new software.  The Trust will require the use of specific general purpose packages.  5 Users should not load any software onto Trust PCs without ICT approval.
  • 13.  Virus Control:  The Trust seeks to minimize the risks of computer viruses through education, good practice/procedures and anti-virus software loaded on all Networked PCs and Servers.  Users should report any viruses detected/suspected on their machines immediately to the ICT Helpdesk.  4 The ICT Department will be responsible for installing and updating the Anti-Virus software. Virus databases will be updated on a regular basis and all networked systems and users will be protected. Virus software will also be loaded on standalone PC's. All devices connected to the Trust network will automatically have anti-virus software loaded. Definition files will also be updated at least daily.
  • 14. Objective:  To be able to ensure the security of the Trust’s Data Network. To do this the Trust will:  Ensure availability.  Ensure that the network is for authorized users.  Preserve the integrity of all data and information on the network.  Protect the network from unauthorized or accidental modification ensuring the accuracy and completeness of the Trust’s assets.  Preserve confidentiality.  Protect against unauthorized disclosure
  • 15.  Data Network Definition:  The Data Network is a collection of communication equipment such as LAN switches, routers, servers, computers, printers, which have been connected together. The network is created to share data.  Network Security Policy:  This policy applies to all networks with the Trust used for:  The storage, sharing and transmission of non-clinical data and images.  The storage, sharing and transmission of clinical data and images.  Printing or scanning non-clinical or clinical data or images.  The provision of Internet and email systems for receiving, sending and storing non-clinical and clinical data or images.
  • 16.  Disaster recovery plans will always include:  Emergency procedures covering immediate actions to be taken in response to an incident (e.g. alerting disaster recovery personnel).  Resumption procedures describing the actions to be taken to return to full normal service.  Testing procedures describing how the disaster recovery plan will be tested.
  • 17.  Objective:  To control and monitor the use of email and the Internet.  To protect the Trust and the users from misuse.  User Agreements:  Users of the Trusts Email system and connection to the N3 and the Internet will be given a copy of the Trust’s Internet and Email Acceptable Use Policy. New accounts will not be enabled until the user signs and returns the acknowledgement slip to the ICT department.  Limited attachment size.  Blocked media website ( Facebook, twitter, youtube…)  Disable download.
  • 18. Eng. Mohammed M. AL-Abdali Eng. Haitham T. AL-Sherbi