DHHS POLICIES AND PROCEDURES Section VIII: Privacy and Security Title: Security Manual Chapter: Information Security Management Policy Current Effective Date: 6/15/05 Revision History: Original Effective Date: Purpose To define an information security management infrastructure that will adequately protect the Department of Health and Human Services (DHHS) information, assets, and personnel and ensure compliance with federal and state regulations. Policy This policy defines the security management requirements for the DHHS Privacy and Security Office (PSO) and the DHHS Divisions/Offices. Information security management shall include but not be limited to the following areas: 1.Security budgeting and staffing; 2.Information security governance and organization of the security program, including roles and responsibilities; 3.Risk management programs; 4.Information security programs; 5.Security compliance; 6.Incident management; 7.Physical and environmental security; 8.Business continuity and disaster recovery; 9.Security training and awareness program; 10.Information Technology Services (ITS) Contract Administration and oversight; and 11.DHHS Security Work Group Support. Roles and Responsibilities DHHS PSO shall implement and maintain a comprehensive information security program that includes security management processes and procedures. The DHHS PSO will establish and maintain the framework to ensure that information security strategies within the DHHS Divisions/Offices are aligned with the DHHS mission and objectives and comply with the applicable federal and state laws.
This preview has intentionally blurred sections.
Sign up to view the full version.