Information Security Policy
Information plays a crucial role in clinical governance, in the planning and quality of services offered, as well as in achieving the operational objectives of the Hospital.
The implementation of appropriate policies and procedures to ensure the proper management of information is of paramount importance to the Organization.
Ygia Polyclinic has adopted the requirements of the ISO/IEC 27001:2013 standard, Information Security Management Systems (ISMS) for the establishment, maintenance and continuous improvement of processes and measures taken to ensure the confidentiality, integrity, and availability of information and information processing facilities.
The ISMS falls under the Integrated Management System (IMS), which includes all the hospital's quality management systems (e.g., Accreditation, ISO Certifications, policies, procedures, manuals, etc.) to improve the processes and resources.
Additionally, the ISMS provides an excellent framework for compliance with the extensive requirements of the General Data Protection Regulation (GDPR) of the European Union.
The Hospital's Information Security Policy is binding for all personnel, as well as for organizations, suppliers and subcontractors providing services to the Organization.
Exceptions to this Policy are permitted provided they are approved by the relevant Management and are duly documented. All personnel, third parties and subcontractors of the Polyclinic have a duty to protect data and information systems from unauthorized access, use, alteration, disclosure, destruction, loss, or transmission.
Ygia Polyclinic actively promotes awareness among its staff, suppliers/subcontractors and visitors regarding information security, ensuring that all articles of this Policy are translated into real measures tailored to the duties and responsibilities of those involved.
Ygia Polyclinic is responsible to conduct a business impact analysis and risk assessment at least once a year to determine whether additional physical and electronic measures are required and that appropriate authorities and responsibilities are assigned.
The Organization's information systems are physically protected and operate in a manner that prevents unauthorized physical access. Existing applications are checked against the provisions of this Policy.
In case of exceptions, an official risk assessment is conducted. Any new applications and software comply with the requirements as defined by the ISMS. To ensure that information is available to users whenever required, Ygia Polyclinic has documented and tested a Business Continuity Plan.
This policy is reviewed on an annual basis and updated where necessary.