Information Security Policy Executive Summary
The Information Security Policy exists in order to provide the organizations staff with a current set of clear and concise principles for protecting Information in all of its forms. These policies provide direction for the appropriate protection of the organization’s information and assets. The Information Security Policy has been created as a component of an overall Information Security Program (“ISP”) for the organization. The ISP outlines the organization’s mission and objectives as they relate to information security, outlines details that are responsible for information security, documents policies relating to information security, indicates how the program is to be communicated and how people in the organization must be trained on their responsibilities, and includes a roadmap of how the program is to be carried out. In addition, the program includes strategies for its ongoing evaluation and adjustment, addressing of compliance issues, and management reporting.
Purpose and Guiding Principles
The purpose of this policy is to provide general guidance and specific recommendations for the protection of United Nation Builders information technology resources and the protected health information stored on those resources. Additionally Personally Identifiable Information (PII) that exists in hard form is also protected by this policy. These information security measures are intended to protect the organization’s information and assets and to preserve the privacy of United Nation Builders ’s customer data. The broad goal of information security at United Nation Builders is to maintain Confidentiality, Integrity, and Availability of data. To achieve this goal, United Nation Builders has identified a set of core security principles. The policy will, in turn, be supported by detailed operational procedures. These simple principles make up the foundations of a strong security posture.
Scope
This policy applies to all departments within the organization. It covers all United Nation Builders information technology resources, that store or process PII. All creation, processing, communication, storage, distribution and disposal of United Nation Builders PII is covered by this policy. Each employee of United Nation Builders , contractor and other related third parties are bound by the guiding principles, statement of policy and related procedures outlined in this policy. Statement of Policy
The Information Security Policy exists in order to provide the organizations staff with a current set of clear and concise information security policies. These policies provide direction for the appropriate protection of the organization’s information and assets. The Information Security Policy has been created as a component of an overall Information Security Program (“ISP”) for the organization. The ISP outlines the organization’s mission and objectives as they relate to information security, outlines details that are responsible for information security, documents policies relating to information security, indicates how the program is to be communicated and how people in the organization must be trained on their responsibilities, and includes a roadmap of how the program is to be carried out. In addition, the program includes strategies for its ongoing evaluation and adjustment, addressing of compliance issues, and management reporting. The Information Security Policy has been reviewed, approved, and is endorsed by United Nation Builders management. The Information Security Policy applies to all United Nation Builders employees, contractors, and any third-party providers that support any of the United Nation Builders ’s services. The Information Security Policy document contains rules and requirements that must be met in the delivery and operation of the United Nation Builders ’s services. More detailed standards and specific procedures must be developed as adjuncts to this Information Security Policy to provide implementation level details for carrying out specific operational tasks. The procedures must be the instrument by which these «Organiztion Name» Security Policies are converted into action. The Information Security Policy must be located in a central repository that is accessible to all United Nation Builders employees and related third parties. The Information Security Policy must be distributed to all new and existing United Nation Builders employees for review. All United Nation Builders employees, contractors and third party providers are required to sign an agreement representing the fact that they have reviewed, and agree to adhere to, all policies within the Information Security Policy document. Exceptions to the Information Security Policy must be authorized by United Nation Builders management. Please refer to for exception process details.
Procedures
Within this Section, the phrases “must” and “recommended” have specific meanings where highlighted in boldface. If a Covered Entity correctly adheres to the guidelines given as “must”, then it can be considered as meeting the requirements for this policy. If they also adhere to the guidelines given as “recommended”, then they can be considered to be meeting the minimum requirements to be in accordance with generally accepted information security practices.
Roles and Responsibilities
Senior ManagementUnited Nation Builders senior management is responsible for:
Security OfficerThe Security Officer is responsible for:
United Nation Builders has appointed as the organization’s Security Officer. EmployeesEach United Nation Builders employee is responsible for understanding and complying with the policies and procedures relating to information technology security and for fully cooperating with the information security staff at all levels to protect United Nation Builders ’s PII. Each employee must become familiar with United Nation Builders ’s Acceptable Use Policy. United Nation Builders computer and communications systems must be used for business purposes only. Incidental personal use is permissible if the use (a) does not consume more that a trivial amount of resources that could otherwise be used for business purposes, (b) does not interfere with worker productivity, and (c) does not preempt any business activity. Examples of permissible incidental use include – the occasional use of electronic mail (email) or web access for other than official purposes. Using United Nation Builders systems to download, use, or re-distribute unlicensed or inappropriate software, copyrighted movies, copyrighted music, or pornographic materials, place the Institute at risk and will not be tolerated. Conduct in violation of this policy may result in sanctions as provided in the Computer and Network Usage Policy. Report all actual or suspected instances of security or policy violations in accordance with the Incident Reporting section of this policy.
Compliance
Any person who uses United Nation Builders ’s information or assets to store or process PII consents to all provisions of this policy and agrees to comply with all of its terms and conditions, as well as with relevant state and federal laws and regulations. Users have a responsibility to use these resources in an effective, ethical and lawful manner. Any violation of this policy may result in disciplinary or administrative sanctions including loss of privileges, monitoring of use and up to and including termination depending on the severity and intent of offense. Additionally, non-compliance with this policy resulting in loss or disclosure of data may result in personal civil and/or criminal liability. Policy Modifications
This policy may be changed by United Nation Builders Senior Management at any time, but typically will be modified in response to newly identified threats or risks. Changes to this policy will be communicated and distributed to all affected parties. Most major changes to the policy will be made during official policy review sessions on an annual basis, but if required a policy review session may be convened on a special basis. Communication
Upon approval, this policy is to be distributed to all United Nation Builders employees, contractors, vendors and related third parties. Upon subsequent revisions, updates or amendments to this policy affected individuals will be notified of the change along with an office or individual to whom they can direct additional questions.
|