Generic Security Policy - Free Download | Page 8
4.1, 3597 votes
Please vote for this template if it helps you.
Generic Security Policy Page 8
Generic Security Policy
Version 1.1 08/03/2005 Page 8 of 24
3 Security Organisation
3.1 Policy statements
A management framework is required so that all those involved in the use or maintenance of
the Practice computer systems can initiate, co-ordinate and control the implementation of
information security effectively.
3.2 Practice Manager
The Practice Manager has a number of responsibilities with respect to the security of health
information, including:
establishing and approving information security policies and procedures,
agreeing on specific methodologies and processes for information security, e.g. risk
assessment, security classification, etc.,
determining acceptable levels of security risks,
monitoring major information security threats and incidents,
approving major initiatives to enhance information security,
ensuring that formal audits are performed as necessary,
reviewing audit reports where security problems exist,
appointing the Practice Security Officer,
acting as the Authorised Signatory in respect to the issuance of digital certificates.
3.3 Practice Security Officer
The Practice Security Officer is appointed by the Practice Manager and is responsible for the
co-ordination of security issues that affect the Practice. In particular, the Practice Security
Officer is responsible for:
advising Practice staff on security matters,
informing the Practice Manager of any major security incidents,
developing and reviewing security policies and plans to be approved by the Practice
maintaining a list of all persons authorised to have access to the Practice premises, and to
Practice computer systems,
reporting security incidents, and the status thereof, to the Practice Manager,
ensuring that Practice security policies and standards meet all New Zealand Health
Network requirements,
Generic Security Policy Previous Page Generic Security Policy Next Page
Generic Security Policy