Level 2 Supporting Policies
      Back to home
      1. HealthSafe Help Center
      2. HS ISO27001 Documents
      3. Level 2 Supporting Policies

      26. HealthSafe Technical Vulnerability Management Policy


      TECHNICAL VULNERABILITY MANAGEMENT POLICY



      Document Identification 

      HSNZ/POL/26

      Document Name

      Technical Vulnerability Policy

      Master Copy

      CISO

      Version Number

      1.3

      Date Of Release 

      15 Aug 2023

      Prepared By

      Eparama Tuibenau

      CISO

      Approved by

      Kevin McAfee

      Managing Director

       


      VERSION HISTORY


      Sl No

      Version No.

      Prepared by

      Approved by

      Description of Version

      Date

      Reason for Version Change

      From

      To

      1

      1.0

      -

      CISO

      MD

      First Release

      14 Apr 2020 

      No changes made

      1

      1.0

      1.1

      CISO

      MD

      Updated

      2 Aug 2021 

      Modifications due to changes in HealthSafe

      1

      1.1

      1.2

      CISO

      MD

      Reviewed

      28 Jul 2022

      Annual review

      1

      1.2

      1.3

      CISO

      MD

      Reviewed

      15 Aug 2023

      Annual review

      DOCUMENT STATUS


      Date

      Document Status

      14 Apr 2020

      Modified

      2 Aug 2021

      Reviewed

      28 Jul 2022

      Current

      15 Aug 2023

      Current

      Table of Contents

      1 Purpose


      2 Scope


      3 Input


      4 Output


      5 Interacting Process


      6 Abbreviations, Acronyms and Definitions


      7 Procedure


      8 Monitoring the Process


      9 Records




      1. PURPOSE
        The purpose of this document is to establish and maintain a policy for technical vulnerability management for HealthSafe NZ.

      2. SCOPE
        These procedures applies to all aspects of technical vulnerability management etc

      3. ABBREVIATIONS, ACRONYMS AND DEFINITIONS

      Abbreviation

      Description

      FH

      Functional Head

      IT

      Information Technology Department

      TL

      Team Lead

      CISO

      Chief Information Security Officer

      QA

      Quality Assurance

      4 INPUT

      To ensure that all proposed system changes are reviewed to check that they do not compromise the security of either the system or the operating environment


      5 OUTPUT

      Technical Vulnerability Report 


      6 INTERACTING PROCESS

      The operations team notify QA who then notify the developers


      7 PROCEDURE

      • CISO and Team Lead are responsible for application systems are also responsible for the security of the project or support environment. 
      • To ensure that all proposed system changes are reviewed to check that they do not compromise the security of either the system or the operating environment.
      • Technical vulnerability tests/penetration tests are also carried out in case of any major changes as and when applicable.
      • Information and data in motion between systems are managed by third-party encryption tools.

      8 MONITORING PROCESS

      • The IT Department Monitors these process

      9 RECORDS

      • JIRA bug reporting
      • Penetration testing from third-party auditors