Unit 9 Assignment 1
The PKI must go through a formal certification and accreditation (C&A) process before it can be deployed in Quality Medical Company (QMC) operational environment. An independent Third Party must certify all (HIPPA) PKI systems. We will use system certification as a formal procedure for testing security safeguards in the computer system or major application to determine if they meet applicable requirements and specifications outlined.
System accreditation is the formal authorization by a management official for system operation and an explicit acceptance of the associated risk. The management official ensures that all equipment resides on the network under his authority is operated using approved security standards. All C&A evaluations or annual reviews must be conducted by a third party who must have not developed the present PKI solution or have any other business relationship with QMC.
QMC Associate Chief Information Technology Security Officer:
- Ensure compliance requirements of this policy concerning data at rest and role-holders access to managed networks, systems and servers
- Ensure public-companies regulations are implemented and in compliance
- Provide security standards for implementation of PKI in HIPPA information technology environments to ensure that they can handle sensitive data and require non-repudiation;
- Review company plans to implement this policy;
- Review requests for exceptions or exceptions to this policy; and
- Conduct reviews of U.S. Securities and Exchange (SEC) and HIPPA compliance to ensure compliance of this policy.
- Receive, review and coordinate a response with the QMC Chief Information Technology Officer for any exception requests for exceptions to this policy.
- Periodically review and update this notice as required;
QMC Chief Information Technology Officer will:
- Ensure the provisions of this policy are implemented and enforced;
- Ensure that the requirements of PKI policy are satisfied prior to deployment of
System accreditation is the formal authorization by a management official for system operation and an explicit acceptance of the associated risk. The management official ensures that all equipment resides on the network under his authority is operated using approved security standards. All C&A evaluations or annual reviews must be conducted by a third party who must have not developed the present PKI solution or have any other business relationship with QMC.
QMC Associate Chief Information Technology Security Officer:
- Ensure compliance requirements of this policy concerning data at rest and role-holders access to managed networks, systems and servers
- Ensure public-companies regulations are implemented and in compliance
- Provide security standards for implementation of PKI in HIPPA information technology environments to ensure that they can handle sensitive data and require non-repudiation;
- Review company plans to implement this policy;
- Review requests for exceptions or exceptions to this policy; and
- Conduct reviews of U.S. Securities and Exchange (SEC) and HIPPA compliance to ensure compliance of this policy.
- Receive, review and coordinate a response with the QMC Chief Information Technology Officer for any exception requests for exceptions to this policy.
- Periodically review and update this notice as required;
QMC Chief Information Technology Officer will:
- Ensure the provisions of this policy are implemented and enforced;
- Ensure that the requirements of PKI policy are satisfied prior to deployment of