Page 26 - Information_Security_Program
P. 26

SECURE DATA TRANSMISSION [DP272]
        Back to Table of Contents

        Scope: Enterprise
        Distribution: All employees with access to privacy‐restricted documents
        Purpose: To ensure information is securely sent within and outside of the organization.
        External Regulation or Standard: 45 CFR 164.312(e)(1), PCI DSS 4.1 and 4.2

         Who is Responsible    Statement     Policy, Standard, or Procedure Statement
                                Number
         Employees               DP272.1     Employees must not transmit payment card or social security account information,
                                             Protected Health Information or other Personally‐Identifiable, Privacy Restricted data
                                             over open, public networks without using organization‐ approved connections.
         Employees               DP272.2     Employees must not send an unprotected payment card Primary Account Number
                                             via end‐user messaging technologies such as e‐mail, instant messaging, chat, etc.)
         Employees               DP272.3     Employees must not send Protected Health Information or other Personally‐
                                             Identifiable, Privacy Restricted data outside of the organization’s e‐mail system
                                             without using organization‐approved encryption such as ZixMail.
























































                                                                                                         25 | P a g e
        GES CONFIDENTIAL
   21   22   23   24   25   26   27   28   29   30   31