Purpose
Zeta Alpha Medical is committed to improving information security across the organization. To that end, Zeta Alpha Medical is developing a set of information security regulations and the architecture and governance for the Zeta Alpha Information Security Department.
The Zeta Alpha Medical Information Security Department exists for a variety of reasons, including:
- To safeguard the confidentiality, integrity, and accessibility of information given to the company by its customers, business partners, and stakeholders.
- Assure management that the organization is doing everything it should in terms of information security.
- Assure customers, business partners, and stakeholders that their information is secure with Zeta Alpha Medical.
- Assist in meeting current and anticipated regulatory requirements.
Scope
The Zeta Alpha Information Security Program will apply to all company systems, data, networks, and devices that contain information systems and information resources. All company-related people who have access to information or computers and systems operated or maintained on behalf of the organization must adhere to this policy.
Objectives
To limit risk, the Zeta Alpha Information Security Program will create information security privacy policies based on the International Standard for Information Security Code of Practice for Information Security Management (ISO/IEC 27002:2013). There will be several duties performed by the Zeta Alpha Information Security Program to carry out these responsibilities. The following activities will be included in the program but are not limited to:
Responsibilities, Duties, and Rights
All Zeta Alpha employees are responsible for adhering to this policy and, if applicable, supporting and participating in compliance activities. Information Owners are in charge of putting in place systems and procedures that ensure compliance and assigning responsibility for information asset controls. The Information Security Department will be responsible for the education, enforcement, and protection of policy within the organization. The department will understand security management and law enforcement and know the law and the rules within the local jurisdiction.
Guidelines, Standards, and Procedures
The Information Security Department will draft guidelines, standards, and procedures related to information system security. The guidelines are to provide guidance and not consider mandatory but may apply to all persons, specific people within departments, or individuals across departments. The standards include technical details as well as obligatory guidelines or constraints for policy compliance. Procedures detail how to carry out specified tasks in a step-by-step fashion. Systems must be followed at all times. Procedures may apply to everyone, specific persons within a department or people from different departments. Anyone can build techniques for executing a task in a repeatable and efficient manner.