This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Certification

Data Classification Policy

Admin 21 Apr 2024

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

Data Classification Policy

Version Control

VersionDateAuthorRationale
0.1March 21, 2020First Draft

 

Introduction

Data classification policy is concerned with the personification of an institution’s tolerance for risks. It is concerned with the management of information to make sure the sensitive data is dealt with well as per the threat it has to an institution (Luna et al., 2016). It allows authorized personnel to access the permitted information at the authorized time, and ensure that only the allowed users are able to view or access the information. Information and data owner is responsible for classifying and information to different types to enable the institution to safeguard the CIA based on the contents. The classification shall be used to design and communicate fundamental security controls.

Don't use plagiarised sources.Get your custom essay just from $11/page

The purpose of the guideline is to map out a variety of components in the institution. It will establish a framework for grouping the institutional information according to its magnitude of the threat, value, regulatory requirements, and vitality to the hospital. The grouping of information aid in determining the fundamental security controls tools for protecting information in the hospital information systems.

 Hospital Data Classification Policy

This classification policy contains every information owned, created, collected, managed, stored, and disseminated by the hospital. No data item is small to be classified in this policy. The guideline is compulsory and applied to all the hospital staff, like contractors, the doctors in the hospital, students, volunteers, and agency personnel. The agency personnel includes all the third party personnel in the hospital.

Policy Goals and Objectives

  1. Establish a framework of classifying the hospital data
  2. Protection of sensitive hospital information from unauthorized personnel
  3. To safeguard the creditability of the hospital to the outside world.

Policy Statement

The hospital shall use a four-tiered classification schema. The criteria for each schema level shall be maintained from the office of information security. The hospital information and data are classified in the following levels: Public data, Confidential, Protected, and Internal or restricted data.

 

Public data/information

The hospital data that is classified as the public can be disclosed to anyone regardless of their relationship with the hospital. Any information which is not public is considered sensitive and should be protected (Body, 2018). This data/information is meant for the public. This data is not protected against disclosure to the public at large (Santos, 2018). There is no risk associated with this level of information.

Confidential information/data

This information is not to be publicly disclosed. If the information in this classification level is made available to unauthorized users, the individuals or businesses in the hospital may be highly affected. This classification level encompasses the data required by the hospital to keep confidential data. This information is to be protected against modification, disclosure, and deletion by unauthorized personnel (Santos, 2018). The risk associated with this level of information is very high/major.

Internal/Protected information

This information is protected by the contractual obligation, law, regulation, or management discretion. This data is always available to hospital staff. The data can also be made accessible to external parties with specific authorization. Unauthorized access to this information may inconvenience the running of the hospital and result in serious damage to the credibility of the hospital to the outside world. The risk associated with this information is low to moderate.

Restricted data

This data includes the information that the hospital has a licit, predetermined, or supervisory obligation to shield in a highly stringent manner. In this classification level, unauthorized disclosure or loss of this information will require the hospital to inform the affected state authorities. Occasionally, modification of the information may involve informing those affected.

Policy exceptions

Exceptions to this policy statement shall only be allowed where the court demands some information. Other exceptions shall include the authorization of auditors. These exceptions are not allowed to modify the hospital information. The exceptions are to be approved by an Information Security Officer.

Policy Enforcement Clause

The enforcement of the policy shall include procedural methods like periodic monitoring of employee user accounts and automated methods like configuring the settings which have been implemented on the hospital information systems.

 

 

References

Body, G. (2018). Data Protection, Records Management, and Freedom of Information Policies. Policy.

Luna, R., Rhine, E., Myhra, M., Sullivan, R., & Kruse, C. S. (2016). Cyber threats to health information systems: A systematic review. Technology and Health Care24(1), 1-9.

Santos, O. (2018). Developing Cybersecurity Programs and Policies. Pearson IT Certification.

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2016
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask