What is Information Security Summary?
It is key to Westfield Health to protect the confidentiality, integrity and availability of all physical and electronic information assets of the organisation and its customers to ensure that regulatory, operational and contractual duties are fulfilled. All directors and employees are committed to an effective Information Security Management System (ISMS) in accordance with Westfield Health’s strategic business objectives.
The aims of information security management are to:
- Develop, implement and review policies and processes, ensuring compliance with current laws, regulations and guidelines
- Communicate all policies and working instructions to customers, employees and other interested parties
- Identify and review all information asset risks and develop objectives for risk reduction
- Ensure employees maintain the responsibility for, and ownership and knowledge of, information security, reducing the risk of security incidents
- Establish controls for safeguarding data and information systems against theft, abuse and other forms of harm and/or loss
- Comply with requirements for confidentiality, integrity and availability for Westfield Health stakeholders
- Provide a secure environment for customers, employees, partners and other stakeholders information, ensuring confidentiality
- Ensure the availability and reliability of the network infrastructure and the services supplied by Westfield Health
- Ensure that Westfield Health is capable of continuing their services even if an incident occurred
- Continue to review and improve the information security system
Westfield Health’s current business strategy and framework for risk management contains the guidelines by which it identifies, assesses, evaluates and controls information-related risks. Westfield Health’s information security is to be ensured by these guidelines, together with effective management systems and a set of clear working instructions.
In order to secure operations at Westfield Health, even after a serious incident, the organisation shall ensure the availability of continuity plans, back up procedures, defense against malicious activities, system and information access controls, physical security, staff vetting, incident management and reporting.
To work with all interested parties to ensure the assets within Westfield Health, both company and customer owned, remain secure at all times. To assess the risks that apply to Westfield Health and put controls in place that minimise the risks to an acceptable level. As the risk assessments change with time, the objectives will change accordingly.