11. Healthsafe Internet Connectivity



INTERNET CONNECTIVITY MANAGEMENT POLICY



Document Identification 

HSNZ/POL/11

Document Name

Internet Connectivity Management Policy

Master Copy

CISO

Version Number

1.2

Date Of Release 

15 Aug 2023

Prepared By

Eparama Tuibenau

CISO

Approved by

Kevin McAfee

Managing Director

 


VERSION HISTORY


Sl No

Version No.

Prepared by

Approved by

Description of Version

Date

Reason for Version Change

From

To

1

1.0

-

CISO

MD

First Release

14 Apr 2020 

No changes made

1

1.0

1.1

CISO

MD

Updated

24 Jun 2021 

Modifications due to changes in HealthSafe

1

1.1

1.2

CISO

MD

Reviewed

15 Aug 2023 

Reviewed


DOCUMENT STATUS


Date

Document Status

14 Apr 2020

Modified

24 Jun 2021

Reviewed

15 Aug 2023 Current


Table of Contents

1 Purpose


2 Scope


3 Input


4 Output


5 Interacting Process


6 Abbreviations, Acronyms and Definitions


7 Procedure


8 Monitoring the Process


9 Records






  1. PURPOSE
    The purpose of this document is to establish and maintain a policy for internet connectivity management for HealthSafe NZ.

  2. SCOPE
    These procedures applies to all aspects of Internet Connectivity Management  Policy

  3. ABBREVIATIONS, ACRONYMS AND DEFINITIONS

Abbreviation

Description

IT

Information Technology Department

TL/PM

Team Lead / Project Manager

CISO

Chief Information Security Officer

OPS

Operations


4 INPUT

  • Required Software

5 OUTPUT

  • Improved cyber safety for HealthSafe Employees and Contractors

6 INTERACTING PROCESS

  • Internet Service Provider(s), Employees, Contractors, CISO

7 PROCEDURE


  1. IT team will continuously monitor internet connectivity via BitNinja and AWS Security Hub cyber tools.
  2. IT team will maintain the Outage Log for internet connectivity downtime to our AWS server.
  3. When there is a server outage, the IT team will communicate to all staff through email or Slack.
  4. CISO makes contact with the AWS Account Manager to notify of the outage.
  5. Incident report is prepared, corrective and preventive measures are recorded and implemented.
  6. IT will email everyone as soon as the outage has been resolved.
  7. OPS notify the affected clients.

8 MONITORING THE PROCESS

  • Internet/system outage is not exceeding 48 hours in a year.  
  • Monitor the internet/system usage outage activity process by keeping a log outage being detected, log of email or Slack notification sent after outage detection, time to escalate and resolve outage, and log of outage resolution email or Slack notification.

9 RECORDS

  • Outage Log
  • Incident Report
  • Emails/Slack notifications
  • Escalation Reports