My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2025
>
01/21/2025 Regular & Special SA
>
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/27/2025 5:03:20 PM
Creation date
1/21/2025 2:16:24 PM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Agency
Information Technology
Item #
26
Date
1/21/2025
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
762
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Security Policies and Procedures <br />XXI. Assessments and Testing <br />A. Overview <br />The Security Rule of HIPAA mandates that covered entities implement appropriate <br />information security policies and procedures to protect PI from "reasonably <br />anticipated threats and hazards." <br />B. Penetration testing <br />Penetration testing of all servers containing PII will be conducted monthly by internal <br />personnel, and by an external 3rd party at least annually or whenever there is a major <br />system update. Testing shall validate the security of: <br />1. External connections <br />2. Operating systems <br />3. Applications <br />4. Databases <br />5. Network controls <br />6. Security procedures, including monitoring and incident response <br />C. Vulnerability assessment testing <br />Vulnerability assessments will be conducted periodically on all network -connected <br />systems devices. Any vulnerability found must be corrected in a timely manner. <br />Vulnerability assessments also shall be conducted when: <br />1. A new system, application or network is installed inside the Company <br />2. Changes are made to firewalls, VPNs or other security control tools <br />3. Changes are made to a web server's operating system <br />4. Changes are made to email servers <br />5. Configuration changes are made to databases <br />6. Configuration changes are made to critical applications <br />7. Changes are made to encryption scheme(s) <br />NOTE. Vulnerability and penetration tests will not be conducted except with the prior <br />approval of the ISO. No user will have vulnerability or penetration testing tools loaded <br />onto any Company system without prior permission from the ISO. <br />D. Wireless access testing <br />Testing of wireless access points (war -driving) shall occur regularly, to cover all <br />wireless access points under the control of Virtru. <br />Rev.2015.8.6 <br />43 <br />
The URL can be used to link to this page
Your browser does not support the video tag.