TECHNICAL VULNERABILITY MANAGEMENT POLICY
Document Identification |
HSNZ/POL/26 |
|
Document Name |
Technical Vulnerability Policy |
|
Master Copy |
CISO |
|
Version Number |
1.3 |
|
Date Of Release |
15 Aug 2023 |
|
Prepared By |
Eparama Tuibenau |
CISO |
Approved by |
Kevin McAfee |
Managing Director |
VERSION HISTORY
Sl No |
Version No. |
Prepared by |
Approved by |
Description of Version |
Date |
Reason for Version Change |
|
From |
To |
||||||
1 |
1.0 |
- |
CISO |
MD |
First Release |
14 Apr 2020 |
No changes made |
1 |
1.0 |
1.1 |
CISO |
MD |
Updated |
2 Aug 2021 |
Modifications due to changes in HealthSafe |
1 |
1.1 |
1.2 |
CISO |
MD |
Reviewed |
28 Jul 2022 |
Annual review |
1 |
1.2 |
1.3 |
CISO |
MD |
Reviewed |
15 Aug 2023 |
Annual review |
DOCUMENT STATUS
Date |
Document Status |
14 Apr 2020 |
Modified |
2 Aug 2021 |
Reviewed |
28 Jul 2022 |
Current |
15 Aug 2023 |
Current |
Table of Contents
1 Purpose
2 Scope
3 Input
4 Output
5 Interacting Process
6 Abbreviations, Acronyms and Definitions
7 Procedure
8 Monitoring the Process
9 Records
- PURPOSE
The purpose of this document is to establish and maintain a policy for technical vulnerability management for HealthSafe NZ. - SCOPE
These procedures applies to all aspects of technical vulnerability management etc - ABBREVIATIONS, ACRONYMS AND DEFINITIONS
Abbreviation |
Description |
FH |
Functional Head |
IT |
Information Technology Department |
TL |
Team Lead |
CISO |
Chief Information Security Officer |
QA |
Quality Assurance |
4 INPUT
To ensure that all proposed system changes are reviewed to check that they do not compromise the security of either the system or the operating environment
5 OUTPUT
Technical Vulnerability Report
6 INTERACTING PROCESS
The operations team notify QA who then notify the developers
7 PROCEDURE
- CISO and Team Lead are responsible for application systems are also responsible for the security of the project or support environment.
- To ensure that all proposed system changes are reviewed to check that they do not compromise the security of either the system or the operating environment.
- Technical vulnerability tests/penetration tests are also carried out in case of any major changes as and when applicable.
- Information and data in motion between systems are managed by third-party encryption tools.
8 MONITORING PROCESS
- The IT Department Monitors these process
9 RECORDS
- JIRA bug reporting
- Penetration testing from third-party auditors