Safeguards

These safeguards are intended to protect not only privacy but also the integrity and accessibility of the data.

Access Control

Facilities’ access control these are policies and procedures for limiting access to the facilities that house information systems.

Administrative Procedures

Security management process — includes policies and procedures for preventing, detecting, containing, and correcting violations. A critical part of this standard is conducting a risk analysis and implementing a risk management plan.

Assigned Responsability

Assigned security responsibility — requires a designated security official who is responsible for developing and implementing policies and procedures.

Training

Security awareness and training — requires the implementation of a security awareness training program for the entire workforce of the covered entity.

Security

Security incident procedures — includes procedures for identifying the incidents and reporting to the appropriate persons. A security incident is defined as “the attempted or successful unauthorized access, use, disclosure, modification or destruction of information or interference with system operations in an information system.”