Risk Management

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a comprehensive law affecting institutions and departments that deal with protected health information.

Requirements
HIPAA includes requirements to protect the security, integrity, and confidentiality of this health-related information. These requirements apply to departments at Purdue that have been officially designated by the HIPAA Privacy Compliance Office as covered by HIPAA. To be HIPAA compliant, departments must develop, implement, and enforce a comprehensive security program including administrative, technical, and physical safeguards as determined appropriate for the institution and data. In addition to developing their own safeguards, departments are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care.

The Gramm-Leach-Bliley Act of 1999 is also known as the Financial Services Modernization Act. It is intended to protect consumers and customers who obtain "financial products or services to be used primarily for personal or other household purposes". The Risk assessment is an important element of GLBA and the Federal Trade Commission has identified four areas that must be addressed:

(1) Information Systems,
(2) Employee Management and Training,
(3) Managing System Failures and
(4) Service Providers.

Download Free Project and Software Testing Strategy Template

1. Introduction

Objectives
This document defines the Clinical Dashboard Project Test Strategy and approach of incremental testing stages required to ensure the acceptability of the delivered solution. It covers all phases and releases. The foundation of the test and acceptance processes will be based on Clinical Dashboard existing Guidance. These processes will need to be enhanced to embrace the acceptance statements and criteria within the document.

Scope
This Test Strategy will cover the following:
- Identifying the successive types of testing to be undertaken throughout the lifecycle of development to live operations
- Details of the ongoing testing of service enhancement and change
- The scope of each type of testing
- Identifying how common expectations and testing standards are to be achieved for all types of testing
- The high level technical, resource and environmental requirements required
- The key testing and quality assurance procedures that will be required.

Download Free Financial Risk and Control Self Assessment Templates

- Does the school have any finance guidance manuals?
- Who is familiar with the contents?
- Is there a School Improvement Plan containing costed proposals, which are linked to the budget plan?
- Did the last budget preparation process incorporate consideration of future influences on income and expenditure, such as demographic change, and any balance rolled forward from the previous year?
- Was the budget formally ratified by the Governing Body, and appropriately minuted?
- Was the budget input form submitted to the Education & Leisure Finance Section by the due date and appropriately signed?
- Have working papers been retained which show how the budget estimates were arrived at?
- Is the day to day budgetary position checked before orders are approved?
- Does the school record committed expenditure, e.g. purchase orders, supply teaching costs and staff training courses etc?

Download Free Information Risk Management Protective Marking

1. What data do organisations need to secure?
The Data Protection Act 1998 came into force on 1 March 2000, bringing the UK in line with a European Directive on Personal Data (95/46/EC). The Act is there to protect the individual rights and freedoms of individuals, especially their right to privacy with respect to the processing of personal data.

The Data Protection Act 1998 requires all organisations, including educational organisations, to hold personal data securely.

Personal data