DATA
Reliable and timely access to data and resources is provided to authorized individuals
What is Availability?
This plan is maintained by the IT staff and includes detailed instructions on how to manage and restore IT systems in the case of an emergency
What is the Information Systems Contingency Plan / ISCP? (also acceptable: Disaster Recovery Plan / DRP) This is different from the CEMP, which is a facility-maintained plan for managing healthcare services in a disaster
These include descriptions, test plans, back-out plans, and approvals and cannot be modified once closed.
What is a change request? These are required for all enterprise-level software modifications.
These must be changed at least every 90 days
What are passwords?
This is the practice of maintaining separate networks and security policies for FDA-regulated medical computers and non-medical computers
What is Medical Device Isolation Architecture (MDIA)?
Accuracy and reliability of the information and systems are provided and any unauthorized modification is prevented
What is Integrity?
SADLC conducts these monthly in order to identify vulnerabilities, such as unauthorized software installed, missing patches, and configuration errors
What are scans?
These agreements must be in place between the facility and all external parties with direct connections to the official network.
What are Memoranda of Understanding (MOUs)?
Necessary level of secrecy is enforced, and unauthorized disclosure is prevented
What is Confidentiality?
A piece of software that is installed to fix problems in another piece of software
What is a patch?
By blocking unknown or untrusted websites, implementing firewalls, "whitelisting" known friendly connections, reviewing authorized computer-to-computer connections, scanning outgoing email, and encrypting all network traffic, IT is mitigating this common security issue
What is data leakage or exfiltration?
These are the elements of multi-factor authentication
What are "something you are, something you have, and something you know?"
These must be encrypted before they are taken off site for storage.
What are backups?