8/12/2019 CLIENT X Security Policy - IT - Info Classification C

1/4

Update Policy & Procedure(Information Classification Policy)

Information TechnologyPolicies and Procedures

Information Security

Policy Section: ITPolicy Number: IT emo !ttached: No

"esponsible #epartment: IT$ IT "egulatory Compliance

8/12/2019 CLIENT X Security Policy - IT - Info Classification C

2/4

Policy Title Information Classification Policy % Information Technology Purpose To protect CLIENT_X proprietary and member-specific information from unauthorized access, modification,

duplication, destruction or disclosure, this policy defines the categories of information and data used in CLIENT_X

based on its sensitiity! Policy Statement "ll proprietary and member-specific information that is created, receied, generated, used, or disclosed byCLIENT_X shall be classified according to its criticality and sensitiity in order to protect the information fromunauthorized access, modification, duplication, destruction or disclosure!

'# ast "eie* Ne+t "eie* "elated Policies

'ffectie #ate "# $!$

"eferences %ealth Insurance &ortability and "ccountability "ct '%I&""(

&riacy &olicies %andboo)

I , P"C'#U"'S

!, CLIENT_X information has arying degrees of confidentiality and sensitiity! *ome information re+uires a higher leel ofprotection and special handling! CLIENT_X business department 'e!g!, department managers andor application and systemoners( are responsible for classifying information based on its sensitiity leel during system or application deelopment!

-, The information classification leels adopted at CLIENT_X include %igh *ensitiity, .oderate *ensitiity, and Lo *ensitiity!&lease refer to "# $!$ Information Classification &olicy / 0eneral 1sers for definitions of classification leels!

C, 2ased on the information classification leel determined by the business department, CLIENT_X Information Technology 'IT(andor its suppliers shall ta)e appropriate actions to safeguard CLIENT_X3s electronic information assets! The folloing

Information *ecurity *tandards proide detailed guidance in protecting CLIENT_X3s electronic information4

5! "pplication *ecurity *tandard

6! #ata and &assord Encryption *tandard

7! #ata Integrity *tandard

8! Internal Netor) *ecurity *tandard

8/12/2019 CLIENT X Security Policy - IT - Info Classification C

3/4

9! Internet *ecurity *tandard

:! .obile Computing #eices *ecurity *tandard

;! emote "ccess *ecurity *tandard

?! Third &arty "ccess *ecurity *tandard

5@! Aor)station *ecurity *tandard

II, "'.I'/ !N# UP#!T'

This is a department specificoperational 'non-+uality( &B& hich re+uires the reie of the #irector of IT >egulatory Compliance,

the .anager, Care &rogram, the

8/12/2019 CLIENT X Security Policy - IT - Info Classification C

4/4

Title:

#ate: -y:

Title:

#ate: -y:Title:

&olicy and &rocedure "uthorTitle4#ate4

.I, P"I" "'.I'/S

eieed4