Laserfiche WebLink
Security Policies and Procedures <br />Patching of applications is done on a weekly basis, unless a zero -day exploit is found <br />in an application that is used within the domain. If such an exploit is found and a <br />patch is released for said exploit, an emergency planned downtime will be called for <br />at the conclusion of the business day to patch the application in question. <br />N. Network hardening <br />Upon adding new devices to the network, installation procedures and set-up must be <br />followed. Hardening will be done on network devices as well as systems (e.g. laptops, <br />workstations and servers) and handled by the ISO or AISO. <br />Hardening will be broken down into the following categories which include, but are not <br />limited to: <br />1. Preparation and installation <br />2. Updates to: software, firmware and hardware <br />3. Setting of appropriate account and auditing rules <br />4. Setting of appropriate security rules <br />5. Turning on the internal firewall <br />6. Turning on full disk encryption (If device will have access to PHI) <br />7. Other internal operations such as: <br />a. Installation of appropriate software for workstation, server or laptop <br />The ISO will notify all affected staff when making changes to the hardening policy and <br />will update the Security Policies and Procedures at that time. Written approval for <br />hardening procedures above and beyond what is currently mandated is not necessary. <br />XXV. Physical and Environmental Protections <br />A. Definitions <br />Secure sites: These are locations that require the highest level of protection. These sites <br />include: <br />1. Computing centers <br />2. Network connection points <br />3. Media storage locations <br />4. Locations containing platforms which carry high -value or critical <br />information or transactions <br />51 <br />Rev.2015.8.6 <br />