Laserfiche WebLink
Security Policies and Procedures <br />C. Policy <br />If an event is a security incident, the ISO (or designee) will proceed to contain and <br />repair damage from the incident by working with staff, vendors, and Business Associate <br />relations in order to further deter future incidents of the same type. <br />XXXIII. Security Plan Review Policy <br />A. Overview <br />We recognize that our underlying security risk will change and our ability to manage <br />this risk will improve over time. To ensure that we adjust our policies and procedures <br />to take these two factors into account, we will review our Security Policies and <br />Procedures annually. The ISO will lead this review and involve others as needed. <br />Documentation of the review will be contained in a document called Annual Security <br />Review and restored in the Security Documentation Library for Notebook}. <br />B. Procedures <br />At a minimum, the review process will consist of: <br />1. Evaluating changes in the last year that may affect our Security Policy. These <br />will include changes in: <br />a) Number, sizes or locations of our business sites <br />b) Our workforce size and composition <br />c) Hardware/software <br />d) State or federal laws that apply to us <br />e) Type of medical insurance that we provide <br />2. Reading each Policy to determine whether or not the changes may affect it <br />and/or the practices driven by the Policy. We will make a list of changes that <br />need to be made, then write a paragraph describing how. <br />3. Creating a list of changes in Policies and/or Procedures that our Company <br />will carry out. <br />4. Developing and implementing any changes in our Policies and Procedures on <br />a timely basis. <br />Rev.2015.8.6 <br />63 <br />