Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
consolidated_workshop_outputs [2016/05/17 22:14] jillian_nadette_de_leon [Human Resources] |
consolidated_workshop_outputs [2017/07/29 22:02] (current) wikiadmin |
||
|---|---|---|---|
| Line 52: | Line 52: | ||
| ####Use of Social Media | ####Use of Social Media | ||
| This subsection is deemed necessary for purposes of emphasis. | This subsection is deemed necessary for purposes of emphasis. | ||
| - | See [[use_of_social_media|Use of Social Media]] | + | * See [[use_of_social_media|Use of Social Media]] |
| ####Cloud Computing | ####Cloud Computing | ||
| + | * See [[Cloud Computing]] | ||
| \\ | \\ | ||
| Line 68: | Line 69: | ||
| ###Human Resources | ###Human Resources | ||
| - | + | * See [[Human Resources]] | |
| - | ##Prior to Employment | + | |
| - | * All candidates for employment, contractors and third party users shall be adequately screened,especially for sensitive jobs.\\ | + | |
| - | * Employees, contractors and third party users of information processing facilities shall sign an agreement on security roles and responsibilities.\\ | + | |
| - | * Security roles and responsibilities of employees, contractors and third party users should be defined and documented in accordance with the organization's information security policy.\\ | + | |
| - | * Security roles and responsibilities should include the requirement to:\\ | + | |
| - | (a) implement and act in accordance with the organization's information security policies;\\ | + | |
| - | (b) protect assets from unauthorized access, disclosure, modification, destruction or interference;\\ | + | |
| - | (c) execute particular security processes of activities;\\ | + | |
| - | (d) ensure responsibility is assigned to the individual for actions taken; | + | |
| - | (e) report security events or potential events or other security risks to the organization; | + | |
| - | * Security roles and responsibilities shall be defined and clearly communicated to job candidates during the pre-employment process. \\ | + | |
| - | * Job descriptions can be used to document security roles and responsibilities. Security roles and responsibilities for individuals not engaged via the organization's employment process, e.g. engaged via a third party organization, should also be clearly defined and communicated.\\ | + | |
| - | * Background verification checks on all candidates for employment, contractors, and third party users shall be carried out in accordance with relevant laws, regulations and ethics, and proportional to the business requirements, the classification of the information to be accessed, and the perceived risks.\\ | + | |
| - | * Procedures should define criteria and limitations for verification checks (who is eligible to screen people, and how, when and why verification checks are carried out).\\ | + | |
| - | * A screening process should also be carried out for contractors, and third party users. Where contractors are provided through an agency, the contract with the agency should clearly specify the agency's responsibilities for screening and the notification procedures they need to follow if screening has not been completed or if the results give cause for doubt or concern. In the same way, the agreement with the third party should clearly specify all responsibilities and notification procedures for screening.\\ | + | |
| ###Health Research | ###Health Research | ||
| - | * See [[:privacy_interests_in_research|this discussion]] | + | * See [[Health Research]] |
| + | |||
| + | ###Patient Registries | ||
| + | * See [[Patient Registries]] | ||
| + | |||
| + | ###Publication and Public Communication | ||
| + | * See [[Publication and Public Communication]] | ||
| + | \\ | ||
| ---- | ---- | ||
| Line 126: | Line 120: | ||
| ##See Also | ##See Also | ||
| * {{:joint_ao_2016-0002_privacy_guidelines_for_the_implementation_of_phie.pdf|Privacy Guidelines}} | * {{:joint_ao_2016-0002_privacy_guidelines_for_the_implementation_of_phie.pdf|Privacy Guidelines}} | ||
| - | * [[http://www.gov.ph/2012/08/15/republic-act-no-10173/|Privacy Act of 2012]] | + | * [[http://www.gov.ph/2012/08/15/republic-act-no-10173/|Privacy Act of 2012]], {{::20120815-ra-10173-bsa.pdf|pdf}} |
| * [[privacy_workshops|Privacy Workshops]] | * [[privacy_workshops|Privacy Workshops]] | ||
| * [[PEG To Dos and Suggestions]] | * [[PEG To Dos and Suggestions]] | ||
| Line 134: | Line 128: | ||
| ---- | ---- | ||
| + | |||
| + | ~~DISCUSSION:closed~~ | ||