Security Of Information

As a language service provider we work closely with our clients on translation of sensitive documents including PHI and Financial information. Recently clients are asking us to improve our IT security, and I have several vendor questionnaires on my desk that we need to complete successfully in order to keep their business, which means that we have to upgrade our systems to something approaching ISO 27001. 1. Assist in the development of information security program to contain: a. Security Management and Assurance (technology requirements, documented security and privacy policies, security awareness, third party oversight, change control & separation of duties) b. Backup Recovery Files (copying, encryption, method of recovery) c. Network Security Controls (VPN, firewall, anti-virus, application security, Secure SDLC) 2. Assist in implementation and maintenance of an information security awareness program to contain the following: a. New employees receive training in protecting the security and confidentiality of personal information when hired. b. New employees and contractors sign confidentiality agreements within first 30 days of hire. c. Employees also receive security training and/or reminders at least annually. d. Annual Fraud Training 3. Develop procedure to grant logical access to personal and confidential information based on requirements to perform job responsibilities. Procedures to include revoking access when no longer required such as termination.