IMITS policies refreshed: Acceptable use policy applies to all
IMITS has completed a refresh of its security policies on behalf of VCH, PHC, and PHSA.
These new best practice standards ensure that the health organizations can better safeguard patient and employee privacy and manage all the sensitive personal data for which we are collectively accountable. With last week’s announcement of our clinical and systems transformation initiative, once the new system is fully implemented we’ll have even more information on our patients—and an even greater responsibility to protect it.
The new policies also bring us one step closer to allowing the safe use of personal devices, such as smartphones and tablets, in the workplace.
There are now 16 IT security policies; the complete list is below (starred policies are already in place at PHC and VCH while the others are brand new).
- Wireless (WiFi) Network *
- Access Management *
- Network Security
- Security Threat and Risk Assessment
- Information Security Architecture
- Remote Access *
- Monitoring and Logging
- User Identification and Password Standards *
- Mobile Computing & Portable Storage Device Security
- Information Security Classification
- Information Security *
- IT Change Management
- IT Asset Security
- Role-Based Access Controls *
- Management of Standard Software Patches *
- Controls for Malicious Code *
These 16 IT security policies may or may not be relevant to all staff in their day-to-day work. However, all staff must be familiar with the Acceptable Use of Information Technology policy, which defines how staff can use information technology, and the Information Privacy and Confidentiality policy, which describes staff obligations in protecting personal information. Neither of these two policies have changed, but now is a great time to refresh your memory with a review.