Upload
sridevipr06
View
217
Download
0
Embed Size (px)
Citation preview
8/12/2019 CLIENT X Security Policy - IT - Info Classification C
1/4
Update Policy & Procedure(Information Classification Policy)
Information TechnologyPolicies and Procedures
Information Security
Policy Section: ITPolicy Number: IT emo !ttached: No
"esponsible #epartment: IT$ IT "egulatory Compliance
8/12/2019 CLIENT X Security Policy - IT - Info Classification C
2/4
Policy Title Information Classification Policy % Information Technology Purpose To protect CLIENT_X proprietary and member-specific information from unauthorized access, modification,
duplication, destruction or disclosure, this policy defines the categories of information and data used in CLIENT_X
based on its sensitiity! Policy Statement "ll proprietary and member-specific information that is created, receied, generated, used, or disclosed byCLIENT_X shall be classified according to its criticality and sensitiity in order to protect the information fromunauthorized access, modification, duplication, destruction or disclosure!
'# ast "eie* Ne+t "eie* "elated Policies
'ffectie #ate "# $!$
"eferences %ealth Insurance &ortability and "ccountability "ct '%I&""(
&riacy &olicies %andboo)
I , P"C'#U"'S
!, CLIENT_X information has arying degrees of confidentiality and sensitiity! *ome information re+uires a higher leel ofprotection and special handling! CLIENT_X business department 'e!g!, department managers andor application and systemoners( are responsible for classifying information based on its sensitiity leel during system or application deelopment!
-, The information classification leels adopted at CLIENT_X include %igh *ensitiity, .oderate *ensitiity, and Lo *ensitiity!&lease refer to "# $!$ Information Classification &olicy / 0eneral 1sers for definitions of classification leels!
C, 2ased on the information classification leel determined by the business department, CLIENT_X Information Technology 'IT(andor its suppliers shall ta)e appropriate actions to safeguard CLIENT_X3s electronic information assets! The folloing
Information *ecurity *tandards proide detailed guidance in protecting CLIENT_X3s electronic information4
5! "pplication *ecurity *tandard
6! #ata and &assord Encryption *tandard
7! #ata Integrity *tandard
8! Internal Netor) *ecurity *tandard
8/12/2019 CLIENT X Security Policy - IT - Info Classification C
3/4
9! Internet *ecurity *tandard
:! .obile Computing #eices *ecurity *tandard
;! emote "ccess *ecurity *tandard
?! Third &arty "ccess *ecurity *tandard
5@! Aor)station *ecurity *tandard
II, "'.I'/ !N# UP#!T'
This is a department specificoperational 'non-+uality( &B& hich re+uires the reie of the #irector of IT >egulatory Compliance,
the .anager, Care &rogram, the
8/12/2019 CLIENT X Security Policy - IT - Info Classification C
4/4
Title:
#ate: -y:
Title:
#ate: -y:Title:
&olicy and &rocedure "uthorTitle4#ate4
.I, P"I" "'.I'/S
eieed4