Policy & Procedure Editing & Next Steps Guide
Accountable's Policy and Procedure templates are general templates, some of which need updating to fit your company's unique context.
Policy & Procedure Editing Guide
Below are the minimum necessary updates required for our Policy & Procedure templates. Additional updates that are not explicitly defined below may be required, depending on your organization.
Please read all Policies & Procedures before publishing. Accountable's Policy & Procedure templates are general templates, and need updating to reflect your unique organization's setup and needs.
| Policy or Procedure Name | Category | Policy Type | Editing Required |
|---|---|---|---|
| Acceptable Use Policy | Personnel | Acceptable Use | n/a |
| Access Rights | Technical Safeguards | Access Rights | n/a |
| Audit Controls; System Alerts | Technical Safeguards | Audit Controls | n/a |
| Authentication Controls | Technical Safeguards | Authentication Controls |
|
| Business Associate Relationship | Risk Management | Business Associate Relationship | n/a |
| Comprehensive Information Security Plan | Personnel | Information Security Plan |
|
| Confidentiality Agreement | Personnel | Confidentiality Agreement | n/a |
| Data Backup and Storage | Physical Safeguards | Data Backup | n/a |
| Data Integrity | Data Management | Data Integrity |
|
| De-identification Policy | Technical Safeguards | De Identification | n/a |
| Device, Media, and Hardware Controls | Physical Safeguards | Device Medial Controls | n/a |
| Disaster Recovery | Security Incident | Disaster Recovery |
|
| Documentation, Records Retention, and Documentation Destruction | Data Management | Documentation | n/a |
| Encryption | Technical Safeguards | Encryption | If Encryption tool was implemented:
|
| Enforcement Sanctions | Security Incident | Enforcement Sanctions | n/a |
| Facility Access Controls | Physical Safeguards | Facility Access | Work from Office only...
|
| Incident Reporting Policy | Security Incident | Incident Reporting | n/a |
| Marketing and Fundraising | Personnel | Marketing Fundraising | n/a |
| Mitigation | Risk Management | Mitigation | n/a |
| Non-retaliation and Waiver | Personnel | Non Retaliation | n/a |
| Notification of Breach | Security Incident | Breach Notification |
|
| Ongoing Risk Assessment | Risk Management | Risk Assessment | n/a |
| Personnel Designations | Personnel | Personnel Designations |
|
| Privacy Policy | Personnel | Privacy |
|
| Restricted Internal Access to PHI | Personnel | Restricted PHI Access | n/a |
| Sanctions Non Compliance | Personnel | Non Compliance Sanctions | n/a |
| Security Incident Response | Security Incident | Security Incident Response | n/a |
| Termination Procedures | Personnel | Termination Procedures | n/a |
| The Minimum Necessary Requirement | Personnel | Minimum Necessary Requirement | n/a |
| Transmission Security | Technical Safeguards | Transmission Security | n/a |
| Viruses and Malware; Application Updates | Technical Safeguards | Malware Policy |
|
| Workstation Security | Physical Safeguards | Workstation Security | n/a |
Policy & Procedure Next Steps Guide
Below are the actions implied by or required to be in compliance with our out-of-the-box Policy & Procedure Templates. Additional action items that are not explicitly defined below may be required, depending on your Policy & Procedure updates and depending on your organization.
| Policy or Procedure Name | Category | Policy Type | Action Items |
|---|---|---|---|
| Acceptable Use Policy | Personnel | Acceptable Use | n/a |
| Access Rights | Technical Safeguards | Access Rights |
|
| Audit Controls; System Alerts | Technical Safeguards | Audit Controls |
|
| Authentication Controls | Technical Safeguards | Authentication Controls |
|
| Business Associate Relationship | Risk Management | Business Associate Relationship |
|
| Comprehensive Information Security Plan | Personnel | Information Security Plan | n/a |
| Confidentiality Agreement | Personnel | Confidentiality Agreement |
|
| Data Backup and Storage | Physical Safeguards | Data Backup |
|
| Data Integrity | Data Management | Data Integrity | n/a |
| De-identification Policy | Technical Safeguards | De Identification | n/a |
| Device, Media, and Hardware Controls | Physical Safeguards | Device Medial Controls |
|
| Disaster Recovery | Security Incident | Disaster Recovery |
|
| Documentation, Records Retention, and Documentation Destruction | Data Management | Documentation | n/a |
| Encryption | Technical Safeguards | Encryption |
|
| Enforcement Sanctions | Security Incident | Enforcement Sanctions | n/a |
| Facility Access Controls | Physical Safeguards | Facility Access | n/a |
| Incident Reporting Policy | Security Incident | Incident Reporting |
|
| Marketing and Fundraising | Personnel | Marketing Fundraising | n/a |
| Mitigation | Risk Management | Mitigation | n/a |
| Non-retaliation and Waiver | Personnel | Non Retaliation | n/a |
| Notification of Breach | Security Incident | Breach Notification |
Note: Accountable supports Incident Reporting and Training team members how to Report Incidents |
| Ongoing Risk Assessment | Risk Management | Risk Assessment |
|
| Personnel Designations | Personnel | Personnel Designations |
|
| Privacy Policy | Personnel | Privacy | n/a |
| Restricted Internal Access to PHI | Personnel | Restricted PHI Access | n/a |
| Sanctions Non Compliance | Personnel | Non Compliance Sanctions | n/a |
| Security Incident Response | Security Incident | Security Incident Response |
|
| Termination Procedures | Personnel | Termination Procedures |
|
| The Minimum Necessary Requirement | Personnel | Minimum Necessary Requirement | n/a |
| Transmission Security | Technical Safeguards | Transmission Security | n/a |
| Viruses and Malware; Application Updates | Technical Safeguards | Malware Policy |
|
| Workstation Security | Physical Safeguards | Workstation Security |
|
Updated 5 months ago
