SlideShare a Scribd company logo

Policy and procedure of hospitals

Download as PPTX, PDF
Mohammed Alabdali
Mohammed Alabdali

Some of policy that used in hospitals

Technology
1 of 18
 Data stored in information systems represents an increasingly valuable asset to the Trust as systems proliferate and increased reliance is placed on them.  The Trust seeks to protect its information systems from misuse and to minimize the impact of service breaks by developing this Information Security Policy and procedures to manage and enforce it.
 Confidentiality: Data access is confined to those with specified authority to view the data.  Integrity: All system assets are operating correctly according to specification and in the way the current user believes them to be operating.  Availability: Information is delivered to the right person when it is needed.
The purpose of the policy is to ensure that: • The Trust’s information systems are properly assessed for security. • Confidentiality, integrity and availability are maintained. • Staff are aware of their responsibilities, roles and accountability. • Procedures to detect and resolve security breaches are in place.
 All central processors/networked file servers/central network equipment will always be located in secure areas with restricted access.  Local network equipment/file servers and N3 terminating equipment will always be located in secure areas and/or lockable cabinets.
 The Trust’s central computer rooms will be high security areas housing the Trusts Corporate and Departmental multi user systems. An entry restriction system will be incorporated to protect the suite. The Trusts swipe card entry restrictions will be applied. Access logs will be received by the ICT Department and reviewed weekly.
 Unrestricted access to the central computer facilities will be confined to designated staff, whose job function requires access to that particular area/equipment. Restricted access to other staff, where there is a specific job function need for such access, will be granted on a temporary basis.  Authenticated representatives of third party support agencies will only be given access through specific authorization from the SIRO or appropriate deputy.
 Logs will be maintained of pass card entry to the Computer rooms via the Trust’s Building Management System. A further visitors log is maintained in each of the Computer rooms detailing the name, date, company and reason for visit of all visitors to the rooms.
 All central systems will have daily backup regimes formalized. Such backups will have a minimum of a 5 day cycle before media is overwritten. Removable backup media will be kept in a secure location in a separate fire zone away from the Servers concerned.  The viability of central systems backups will be provided when used in contingency tests.
 To ensure data confidentiality all obsolete removable media will be disposed of via the ICT department who will arrange appropriate confidential disposal and destruction (refer to Trust’s Disposal of IT Equipment and Media Policy).  Disable USB and CD.
 Objective:  To comply with the law on licensed products and minimize risk of computer viruses.  Licensed Software:  All users should ensure that they only use licensed copies of commercial software. It is a criminal offence to make/use unauthorized copies of commercial software and offenders are liable to disciplinary action. The ICT Department will be responsible for holding copies of all licenses.
 Trust Software Standards:  The Trust will only permit approved software to be installed on its PCs. Approval will be via the ICT department. The Head of ICT (or designated deputy) will countersign all requisitions for new software.  The Trust will require the use of specific general purpose packages.  5 Users should not load any software onto Trust PCs without ICT approval.
 Virus Control:  The Trust seeks to minimize the risks of computer viruses through education, good practice/procedures and anti-virus software loaded on all Networked PCs and Servers.  Users should report any viruses detected/suspected on their machines immediately to the ICT Helpdesk.  4 The ICT Department will be responsible for installing and updating the Anti-Virus software. Virus databases will be updated on a regular basis and all networked systems and users will be protected. Virus software will also be loaded on standalone PC's. All devices connected to the Trust network will automatically have anti-virus software loaded. Definition files will also be updated at least daily.
Objective:  To be able to ensure the security of the Trust’s Data Network. To do this the Trust will:  Ensure availability.  Ensure that the network is for authorized users.  Preserve the integrity of all data and information on the network.  Protect the network from unauthorized or accidental modification ensuring the accuracy and completeness of the Trust’s assets.  Preserve confidentiality.  Protect against unauthorized disclosure
 Data Network Definition:  The Data Network is a collection of communication equipment such as LAN switches, routers, servers, computers, printers, which have been connected together. The network is created to share data.  Network Security Policy:  This policy applies to all networks with the Trust used for:  The storage, sharing and transmission of non-clinical data and images.  The storage, sharing and transmission of clinical data and images.  Printing or scanning non-clinical or clinical data or images.  The provision of Internet and email systems for receiving, sending and storing non-clinical and clinical data or images.
 Disaster recovery plans will always include:  Emergency procedures covering immediate actions to be taken in response to an incident (e.g. alerting disaster recovery personnel).  Resumption procedures describing the actions to be taken to return to full normal service.  Testing procedures describing how the disaster recovery plan will be tested.
 Objective:  To control and monitor the use of email and the Internet.  To protect the Trust and the users from misuse.  User Agreements:  Users of the Trusts Email system and connection to the N3 and the Internet will be given a copy of the Trust’s Internet and Email Acceptable Use Policy. New accounts will not be enabled until the user signs and returns the acknowledgement slip to the ICT department.  Limited attachment size.  Blocked media website ( Facebook, twitter, youtube…)  Disable download.
Eng. Mohammed M. AL-Abdali Eng. Haitham T. AL-Sherbi

Recommended

security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatanceKudzi Chikwatu
 
Securing information system (Management Information System)
Securing information system (Management Information System)Securing information system (Management Information System)
Securing information system (Management Information System)Masudur Rahman
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information SystemDaryl Conson
 
Security
SecuritySecurity
SecurityDr. Vardhan choubey
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Securing information system
Securing information systemSecuring information system
Securing information systemTanjim Rasul
 
System security
System securitySystem security
System securitysommerville-videos
 

Recommended

security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatanceKudzi Chikwatu
 
Securing information system (Management Information System)
Securing information system (Management Information System)Securing information system (Management Information System)
Securing information system (Management Information System)Masudur Rahman
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information SystemDaryl Conson
 
Security
SecuritySecurity
SecurityDr. Vardhan choubey
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Securing information system
Securing information systemSecuring information system
Securing information systemTanjim Rasul
 
System security
System securitySystem security
System securitysommerville-videos
 
System Security
System SecuritySystem Security
System SecurityReddhi Basu
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Information security policy
Information security policyInformation security policy
Information security policyBalachanderThilakar1
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
Personal Data Protection
Personal Data ProtectionPersonal Data Protection
Personal Data ProtectionCreatorsCircle
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3 Kabul Education University
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Security and Control Issues in information Systems
Security and Control Issues in information SystemsSecurity and Control Issues in information Systems
Security and Control Issues in information SystemsDr. Rosemarie Sibbaluca-Guirre
 
Network Security
Network SecurityNetwork Security
Network SecuritySayantan Sur
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxBilmyRikas
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1Ali Habeeb
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
System security
System securitySystem security
System securityinvertis university
 
The Role of the Patient's Voice in Improving the Quality of Health Care
The Role of the Patient's Voice in Improving the Quality of Health Care The Role of the Patient's Voice in Improving the Quality of Health Care
The Role of the Patient's Voice in Improving the Quality of Health Care Informed Medical Decisions Foundation
 
GRAFICAS PARA CLIENTES
GRAFICAS PARA CLIENTESGRAFICAS PARA CLIENTES
GRAFICAS PARA CLIENTESAccenture
 

More Related Content

What's hot

06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
Personal Data Protection
Personal Data ProtectionPersonal Data Protection
Personal Data ProtectionCreatorsCircle
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxBilmyRikas
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 

What's hot (20)

System Security
System SecuritySystem Security
System Security
 
06. security concept
06. security concept06. security concept
06. security concept
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Information security policy
Information security policyInformation security policy
Information security policy
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
 
Personal Data Protection
Personal Data ProtectionPersonal Data Protection
Personal Data Protection
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Security and Control Issues in information Systems
Security and Control Issues in information SystemsSecurity and Control Issues in information Systems
Security and Control Issues in information Systems
 
Network Security
Network SecurityNetwork Security
Network Security
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
System security
System securitySystem security
System security
 

Viewers also liked

The Role of the Patient's Voice in Improving the Quality of Health Care
The Role of the Patient's Voice in Improving the Quality of Health Care The Role of the Patient's Voice in Improving the Quality of Health Care
The Role of the Patient's Voice in Improving the Quality of Health Care Informed Medical Decisions Foundation
 
GRAFICAS PARA CLIENTES
GRAFICAS PARA CLIENTESGRAFICAS PARA CLIENTES
GRAFICAS PARA CLIENTESAccenture
 
Ata acompanhamento 18022016
Ata acompanhamento 18022016Ata acompanhamento 18022016
Ata acompanhamento 18022016Josete Sampaio
 
Sessio grau de medicina 20 02 2016
Sessio grau de medicina 20 02 2016Sessio grau de medicina 20 02 2016
Sessio grau de medicina 20 02 2016JAUME GRAU CANO
 
Certified Ethical Hacking Course & Training
Certified Ethical Hacking Course & Training Certified Ethical Hacking Course & Training
Certified Ethical Hacking Course & Training Ravina Pillai
 
HIERGRATISBIER !!
HIERGRATISBIER !! HIERGRATISBIER !!
HIERGRATISBIER !! IvoTeijeB
 
Closing the Quality Gap: Improving Quality of Care for Patients With Serious...
Closing the Quality Gap: Improving Quality of Care for Patients With Serious...Closing the Quality Gap: Improving Quality of Care for Patients With Serious...
Closing the Quality Gap: Improving Quality of Care for Patients With Serious...Sonia Tyutyulkova
 
HEALTH INSURANCE PRESENTATION
HEALTH INSURANCE PRESENTATIONHEALTH INSURANCE PRESENTATION
HEALTH INSURANCE PRESENTATIONSandeep Mane
 

Viewers also liked (16)

The Role of the Patient's Voice in Improving the Quality of Health Care
The Role of the Patient's Voice in Improving the Quality of Health Care The Role of the Patient's Voice in Improving the Quality of Health Care
The Role of the Patient's Voice in Improving the Quality of Health Care
 
GRAFICAS PARA CLIENTES
GRAFICAS PARA CLIENTESGRAFICAS PARA CLIENTES
GRAFICAS PARA CLIENTES
 
Azhar1mbc
Azhar1mbcAzhar1mbc
Azhar1mbc
 
Ata acompanhamento 18022016
Ata acompanhamento 18022016Ata acompanhamento 18022016
Ata acompanhamento 18022016
 
45jaargetrouwd 016
45jaargetrouwd 01645jaargetrouwd 016
45jaargetrouwd 016
 
Sessio grau de medicina 20 02 2016
Sessio grau de medicina 20 02 2016Sessio grau de medicina 20 02 2016
Sessio grau de medicina 20 02 2016
 
01709154.PPTX
01709154.PPTX01709154.PPTX
01709154.PPTX
 
Certified Ethical Hacking Course & Training
Certified Ethical Hacking Course & Training Certified Ethical Hacking Course & Training
Certified Ethical Hacking Course & Training
 
thesis
thesisthesis
thesis
 
HIERGRATISBIER !!
HIERGRATISBIER !! HIERGRATISBIER !!
HIERGRATISBIER !!
 
Statement
StatementStatement
Statement
 
Askep bblr
Askep bblrAskep bblr
Askep bblr
 
Demografía argentina
Demografía argentinaDemografía argentina
Demografía argentina
 
Closing the Quality Gap: Improving Quality of Care for Patients With Serious...
Closing the Quality Gap: Improving Quality of Care for Patients With Serious...Closing the Quality Gap: Improving Quality of Care for Patients With Serious...
Closing the Quality Gap: Improving Quality of Care for Patients With Serious...
 
HEALTH INSURANCE PRESENTATION
HEALTH INSURANCE PRESENTATIONHEALTH INSURANCE PRESENTATION
HEALTH INSURANCE PRESENTATION
 
Aspectos de la salvacion posters por de los tales
Aspectos de la salvacion posters por de los talesAspectos de la salvacion posters por de los tales
Aspectos de la salvacion posters por de los tales
 

Similar to Policy and procedure of hospitals

IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policyssuser06c4a6
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network designnephtalie
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxedgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxfathwaitewalter
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1misecho
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comphanleson
 
Secure Financial Intelligence System
Secure Financial Intelligence SystemSecure Financial Intelligence System
Secure Financial Intelligence SystemJoseph Yosi Margalit
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxmelbruce90096
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power pointbodo-con
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxtodd331
 
CYBERSECURITY.pptx
CYBERSECURITY.pptxCYBERSECURITY.pptx
CYBERSECURITY.pptxItzRoswell1
 

Similar to Policy and procedure of hospitals (20)

IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policy
 
Mis
MisMis
Mis
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network design
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
Mis
MisMis
Mis
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 
Unit v
Unit vUnit v
Unit v
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.com
 
Secure Financial Intelligence System
Secure Financial Intelligence SystemSecure Financial Intelligence System
Secure Financial Intelligence System
 
Computer security
Computer securityComputer security
Computer security
 
презентация1
презентация1презентация1
презентация1
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docx
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power point
 
security of information systems
security of information systems security of information systems
security of information systems
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
 
CYBERSECURITY.pptx
CYBERSECURITY.pptxCYBERSECURITY.pptx
CYBERSECURITY.pptx
 
IT Policy
IT PolicyIT Policy
IT Policy
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 

Policy and procedure of hospitals

  • 1.
  • 2.  Data stored in information systems represents an increasingly valuable asset to the Trust as systems proliferate and increased reliance is placed on them.  The Trust seeks to protect its information systems from misuse and to minimize the impact of service breaks by developing this Information Security Policy and procedures to manage and enforce it.
  • 3.  Confidentiality: Data access is confined to those with specified authority to view the data.  Integrity: All system assets are operating correctly according to specification and in the way the current user believes them to be operating.  Availability: Information is delivered to the right person when it is needed.
  • 4. The purpose of the policy is to ensure that: • The Trust’s information systems are properly assessed for security. • Confidentiality, integrity and availability are maintained. • Staff are aware of their responsibilities, roles and accountability. • Procedures to detect and resolve security breaches are in place.
  • 5.  All central processors/networked file servers/central network equipment will always be located in secure areas with restricted access.  Local network equipment/file servers and N3 terminating equipment will always be located in secure areas and/or lockable cabinets.
  • 6.  The Trust’s central computer rooms will be high security areas housing the Trusts Corporate and Departmental multi user systems. An entry restriction system will be incorporated to protect the suite. The Trusts swipe card entry restrictions will be applied. Access logs will be received by the ICT Department and reviewed weekly.
  • 7.  Unrestricted access to the central computer facilities will be confined to designated staff, whose job function requires access to that particular area/equipment. Restricted access to other staff, where there is a specific job function need for such access, will be granted on a temporary basis.  Authenticated representatives of third party support agencies will only be given access through specific authorization from the SIRO or appropriate deputy.
  • 8.  Logs will be maintained of pass card entry to the Computer rooms via the Trust’s Building Management System. A further visitors log is maintained in each of the Computer rooms detailing the name, date, company and reason for visit of all visitors to the rooms.
  • 9.  All central systems will have daily backup regimes formalized. Such backups will have a minimum of a 5 day cycle before media is overwritten. Removable backup media will be kept in a secure location in a separate fire zone away from the Servers concerned.  The viability of central systems backups will be provided when used in contingency tests.
  • 10.  To ensure data confidentiality all obsolete removable media will be disposed of via the ICT department who will arrange appropriate confidential disposal and destruction (refer to Trust’s Disposal of IT Equipment and Media Policy).  Disable USB and CD.
  • 11.  Objective:  To comply with the law on licensed products and minimize risk of computer viruses.  Licensed Software:  All users should ensure that they only use licensed copies of commercial software. It is a criminal offence to make/use unauthorized copies of commercial software and offenders are liable to disciplinary action. The ICT Department will be responsible for holding copies of all licenses.
  • 12.  Trust Software Standards:  The Trust will only permit approved software to be installed on its PCs. Approval will be via the ICT department. The Head of ICT (or designated deputy) will countersign all requisitions for new software.  The Trust will require the use of specific general purpose packages.  5 Users should not load any software onto Trust PCs without ICT approval.
  • 13.  Virus Control:  The Trust seeks to minimize the risks of computer viruses through education, good practice/procedures and anti-virus software loaded on all Networked PCs and Servers.  Users should report any viruses detected/suspected on their machines immediately to the ICT Helpdesk.  4 The ICT Department will be responsible for installing and updating the Anti-Virus software. Virus databases will be updated on a regular basis and all networked systems and users will be protected. Virus software will also be loaded on standalone PC's. All devices connected to the Trust network will automatically have anti-virus software loaded. Definition files will also be updated at least daily.
  • 14. Objective:  To be able to ensure the security of the Trust’s Data Network. To do this the Trust will:  Ensure availability.  Ensure that the network is for authorized users.  Preserve the integrity of all data and information on the network.  Protect the network from unauthorized or accidental modification ensuring the accuracy and completeness of the Trust’s assets.  Preserve confidentiality.  Protect against unauthorized disclosure
  • 15.  Data Network Definition:  The Data Network is a collection of communication equipment such as LAN switches, routers, servers, computers, printers, which have been connected together. The network is created to share data.  Network Security Policy:  This policy applies to all networks with the Trust used for:  The storage, sharing and transmission of non-clinical data and images.  The storage, sharing and transmission of clinical data and images.  Printing or scanning non-clinical or clinical data or images.  The provision of Internet and email systems for receiving, sending and storing non-clinical and clinical data or images.
  • 16.  Disaster recovery plans will always include:  Emergency procedures covering immediate actions to be taken in response to an incident (e.g. alerting disaster recovery personnel).  Resumption procedures describing the actions to be taken to return to full normal service.  Testing procedures describing how the disaster recovery plan will be tested.
  • 17.  Objective:  To control and monitor the use of email and the Internet.  To protect the Trust and the users from misuse.  User Agreements:  Users of the Trusts Email system and connection to the N3 and the Internet will be given a copy of the Trust’s Internet and Email Acceptable Use Policy. New accounts will not be enabled until the user signs and returns the acknowledgement slip to the ICT department.  Limited attachment size.  Blocked media website ( Facebook, twitter, youtube…)  Disable download.
  • 18. Eng. Mohammed M. AL-Abdali Eng. Haitham T. AL-Sherbi