RSS News Feed Feed Description

Sensitive Information Policy- now with HIPAA Audit Program Guide

 

Sensitive Information PolicyThis policy is easily modified and defines how to treat Credit Card, Social Security, Employee, and Customer Data.  The template is 22 pages in length and complies with Sarbanes Oxley Section 404, ISO17799 and HIPAA.

This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals). 

The HIPAA Audit Program Guide provides you with a checklist of the must be implemented items which HIPAA mandates. 

You can download the Table of Contents and some sample pages by clicking on the link below.

 

 

 

 

Other Policies

 

Internet, E Mail and Electronic Communication Policy - This policy is twenty-three (23) page in length, is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:

  • Appropriate use of equipment

  • Internet access

  • Electronic Mail

  • Retention of e-mail on personal systems

  • E-mail and business records retention

  • Copyrighted materials

  • Banned activities

  • Ownership of information

  • Security

  • Sarbanes-Oxley

  • Abuse

Included are ready to these ready to use forms:

  • Internet & Electronic Communication Employee Acknowledgement (short form)

  • E-Mail - Employee Acknowledgement (short form)

  • Internet Use Approval Form

  • Internet Access Request Form

 

Travel and Off-Site Meeting Policy - Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other  employees, contractors, suppliers and customers data and software can be compromised.  This policy is four page in length and covers:

  • Data and application security

  • Minimize attention

  • Shared public resources

  • Off-site meeting special considerations

 

Outsourcing Policy - This policy is seven page in length and covers:

  • Outsourcing Management Standard

    • Service Level Agreement

    • Responsibility

  • Outsourcing Policy

    • Policy Statement

    • Goal

  • Approval Standard

    • Base Case

    • Responsibilities
     

    Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing

 

RU Protected
 A recent poll by vendor Credant Technologies Inc. found that 88% of employee laptops carry sensitive information*eek*; everything from patient, customer and employee records to intellectual property, financial data and passwords. ... more info

For the good of the planet
 Family planning as a means to reduce climate change has been little talked about in international climate forums, largely because it is so politically sensitive. China's leaders, however, regularly argue that their country should get ... more info

Nortel Introduces “Office-On-A-Stick”
 This helps ensure regulatory compliance by protecting sensitive information that could otherwise be exposed on a lost or stolen laptop. What separates Secure Portable Office from competitive offerings are the upfront services Nortel ... more info

The Ins and Outs of iPhone Analytics: What Every Developer Needs ...
 Putting the customer’s mind at ease when it comes to sensitive business information is likely at the top of a customer’s list. Anyone using analytics will want to invest the time explaining in detail the protections in place and the ... more info

Update on Local Library SSN Practices
 Either way, we need clarification as to what the library’s policy is regarding the collection and retention of sensitive patron information, along with a summary of how individual librarians are trained on that policy, and perhaps an ... more info

CISSP Study Sheet - Information Security and Risk Management
 Confidentiality – the security objective to protect from improper disclosure of sensitive information. Availability – the requirement of business to have access to systems and data. Integrity – the reliability of systems to properly ... more info

Financial information belonging to millions sold on eBay
 [Evan] These three companies should be responsible for ensuring that the sensitive information shared and/or used by their third-party contractors, consultants and partners remains "secure". Usually this includes policy, ... more info

Amendment to the Penal Code read: national staff overseas deposits ...
 The third case may be related to some foreign law which will have such a provision is the so-called sensitive information, such as involving a person’s religious beliefs and his political opinions or that some of his ideas and views, ... more info

Best Western downplays data breach - networkworld.com - 26 Aug 2008
 Best Western International Monday acknowledged it suffered a data breach that exposed sensitive customer information at a European hotel, but strongly disputes claims that an attacker gained access to 8 million customer records with ... more info

Israel Spies on the US, What a Special Relationship!
 The Jerusalem Post (8/30/96) quoted the report, "Classified military information and sensitive military technologies are high-priority targets for the intelligence agencies of this country." The report described "An espionage operation ... more info

 

  

  2001 - 2008 Janco Associates, Inc. - ALL RIGHTS RESERVED --  Revised: 06/10/08.