Security audit assignment Example | Topics and Well Written Essays - 750 words

Security audit - Assignment Example safeguards protect the confidentiality of information through enacting various policy regulations that must be followed by the organizational employees. First, the disposal policy provides that the records consisting of confidential information related to patients or any other stakeholder to the health institution should be disposed off immediately and in accordance with the information security procedures outlined. The information disposal procedures provides that; once the confidential information that has been dispensed with, the user should dispose the information through shredding the papers if the record was in print, or formatting the hard disc for computerized information. Disaster recovery has also been taken care of in the health institution. All important information are backed up in the back-up disks and stored in a lock-and-key safe, accessible only to the It manager of the hospital. Risk Management process is adequately implemented by the health institution. The risk management measure that is offered by the organization is the restriction on the information that should be posted online both regarding the employees or the clients to the health institution. Thus, the information security regulations have prohibited posting online information related to the social security number, driving license number, credit or debit card number, medical status, religious or sexual orientation information related to anyone. Facility security is adequately catered for in the health institution. The staff gate has a technology system that identifies the staff through their badges, and only then will the door open to allow entry or exit. On the main gate used by the public, physical security measures include personal identification through the personal ID, which is registered at the entry. The organizational regulation provides that employees are liable for disciplinary action, if they are involved in any breach of the policies and procedure guiding the protection of