Information Security Procedures

Many of these information security procedures are technical in nature and are intended for information custodians, systems administrators and other IT professionals in the enterprise.

Executive Summaries

Information Security & Appropriate Use
Privacy and Patient Information

Policy Exceptions

Exceptions to any information security procedure should be submitted through the risk assessment process. Complete the risk assessment exception form and submit to the Information Security Officer.
Exception Request Form

Information Security Procedures	Effective Date	Last Updated
Access to Data Center, Switch Rooms and Network Closets	09/16/2003	07/05/2011
Access to Secured IT Work area in Business Service Center	01/02/2008	01/07/2013
Access Control of IT Resources	03/05/2007	07/27/2012
Access Control Form (09-2-10) Word Format
Access Control - SUN Access Control User Accounts	10/14/2012
Active Directory: Security Principles Across Domains	11/2006	01/16/2013
Active Directory: Computer Accounts		01/29/2013
Active Directory: User Accounts		01/29/2013
Audit of Electronic Protected Health Information (ePHI) in Information Systems	11/01/2006	07/27/2012
Blackberry / Good Mobile Messaging Access Control	02/05/2007
Blocking MAC Address on Wireless (See Inappropriate Network Traffic)
Business and Academic Partner Network Access Business Partner Agreement (.doc) Business Partner Addendum (.doc) Business Associate Agreement (.doc) Business Associate Addendum (.doc)	03/04/2003	07/27/2012
Change Control ~ Sample Change Control Document	02/2005	01/10/2013
DMZ Servers (Internet/Public Access)	01/21/2003	07/27/2012
Database Security	09/29/2003	12/27/2011
Disaster Recovery Plan	10/04/2004	07/26/2012
Disposal of Equipment (See Lifecycle Management of Laptops & PC Towers)	~	~
eDiscovery (Proper handling of eDiscovery and Legal Requests)	01/13/2009	03/15/2013
Emails Containing Protected Health Information (PHI)	07/24/2003	06/24/2011
Encryption (See End User Device)	~	~
End User Device (Mobile Devices, Encryption, software, backups, physical security... more)	01/21/2003	05/01/2011
Executive Summary - Information Security and Appropriate Use	~	~
Executive Summary - Privacy and Patient Information	~	~
Facility Security -- Computing Center Building (Replaced by Access to Data Center, Switch Rooms & Network Closets)	~	~
File Transfer of Confidential Information	07/28/2010	01/03/2013
Inappropriate Network Traffic (Handling of)	09/21/2010	10/06/2011
Information Security Incident Reporting and Response	01/21/2003	07/16/2012
Information Security Plan	02/09/2004	03/05/2013
International Travel - Protecting Mobile Devices	01/20/2011
International Travel FAQ	~	~
Legal Requests (see eDiscovery)
Lifecycle Management of Laptops/Computer Towers/Tablets (Purchase, Transfer and Destruction of)	05/01/2011	02/05/2013
Mobile Devices (See End User Device)	~	~
Network Equipment and Infrastructure Access Control	01/21/2003	07/27/2012
Network Vulnerability Assessment	03/21/2007	04/24/2009
Exception Form for Network Vulnerability Scans (word document)
Password Security	01/18/2003	10/07/2011
Posting Software on eServ	08/15/2007	01/16/2013
Port Deactivation -- See Inappropriate Network Traffic	~	~
Risk Assessment ~ Risk Assessment Exception Request Form	01/2011	01/03/2013
Remote Access	~	~
Remote Access for Backup File Server	03/05/2007	10/06/2011
Remote Access - GRaSP (Grants and Special Projects) Account Setup (ITS Procedure)	10/16/2012	~
Remote Access Grid - Outlines remote access privileges that are auto-populated and those that require manual entry for UNMC, UNMCP, TNMC and BMC.	02/19/2013
Security Review Template (word document)	~	~
Separations (UNMC Physicians)	07/2012
Spam Email Complaints (Handling of)	03/05/2007	10/06/2011
Special Circumstance Separation (Notification Procedure)	02/14/2007	11/6/2012
Special Circumstance Separation (UNMC Physicians)	~	~
Telehealth (See Privacy Policies & Procedures under HIPAA Page)	~	~
Transfer/Disposal of Equipment (See Lifecycle Management of Laptops & PC Towers)	~	~
Trusted File Server	01/21/2003	07/27/2012
Vendor Network Access (See Business & Academic Partner Network Access)	~	~
Wireless Use	01/21/2003	11/06/2012
Workforce Remote Access	02/06/2006	07/27/2012
Workstation Changes/Patch Management	03/05/2007	03/02/2009