Introduction
This policy is part of the medDigital ISMS and must be fully complied with.
This policy establishes the management framework to initiate and control the implementation and operation
of information security within medDigital.
Roles & Responsibilities
Segregation of Duties
As a relatively small company with limited personnel, effective segregation of security-related duties
is not feasible. To mitigate this, all servers have an intrusion detection system which, in addition to
intrusion detection, monitor key system events. To mitigate against the wilful destruction of those logs,
a copy of the event is emailed to an internal list in real-time.
Contact with authorities
medDigital maintains contact with the following authorities:
Authority |
Contact |
National Fraud & Cyber Crime Reporting Centre |
+44 (0)300 123 2040 |
Information Commissioner's Office |
+44 (0)303 123 1113 |
National Crime Agency |
+44 (0)370 496 7622 |
Contact with special interest groups
medDigital maintains contact with the following special interest groups:
Information security in project management
Information security should be considered for every project, regardless of the type of project.
Responsibilities
Project Leads are responsible for ensuring that an information security representative is attached to
the project at an early stage.