Generic Security Policy - Free Download | Page 3
4.1,
3597
votes
Please vote for this template if it helps you.
Table of Contents
1 INTRODUCTION .......................................................................................................................... 5
1.1 Purpose ....................................................................................................................... 5
1.2 Contents ...................................................................................................................... 5
1.3 Document control ....................................................................................................... 6
2 GENERAL SECURITY POLICY AND STANDARDS ............................................................. 7
2.1 Objectives ................................................................................................................... 7
2.2 Legal requirements ..................................................................................................... 7
2.3 Security policy reviews .............................................................................................. 7
2.4 Sensitivity of information ........................................................................................... 7
3 SECURITY ORGANISATION .................................................................................................... 8
3.1 Policy statements ........................................................................................................ 8
3.2 Practice Manager ........................................................................................................ 8
3.3 Practice Security Officer ............................................................................................ 8
3.4 Staff Responsibilities .................................................................................................. 9
3.5 Risk Assessment ......................................................................................................... 9
4 ASSET CLASSIFICATION AND CONTROL ......................................................................... 10
4.1 Accountability for assets .......................................................................................... 10
4.2 Information classification ......................................................................................... 10
5 PERSONNEL SECURITY .......................................................................................................... 11
5.1 Objectives ................................................................................................................. 11
5.2 Job responsibilities ................................................................................................... 11
5.3 Non-disclosure information and security agreement ................................................ 11
5.4 Training .................................................................................................................... 11
5.5 Disciplinary process ................................................................................................. 11
6 PHYSICAL SECURITY ............................................................................................................. 12
6.1 Policy statements ...................................................................................................... 12
6.2 General requirements ................................................................................................ 12
6.3 Clear desk and computer screen policy .................................................................... 12
6.4 Equipment protection ............................................................................................... 12
6.5 Work performed outside secure sites ........................................................................ 12
6.6 Storage of Information .............................................................................................. 13
6.7 Destruction of information ....................................................................................... 13
6.8 Disposal of storage media ......................................................................................... 13
7 COMPUTER SYSTEMS ACCESS CONTROL ....................................................................... 14
7.1 Policy statement ........................................................................................................ 14
source: health.govt.nz
