Voluntary Engagement Will Help Companies and Auditors Communicate Cyber Risk Readiness
May 4, 2017
Establish An Audit Trail for Access Management

Integrated Management Systems

Course Outline
For a detailed outline on what this course has to offer, click below to download a pdf.
Download Course Outline
Duration: Approx. 48 hours (equivalent to 6 days full-time study)
Certification: Accredit Global - QM EM OH
Standard: ISO 9001:2015, ISO 14001:2015 and AS/NZS 4801 (OHSAS 18001)
Prerequisites: Yes - See Entry Requirements Below
The Integrated Management Systems Auditing course (Accredit Global – QM OH EM) is internationally recognised and completed fully online comprising of the following subject units: Consultation and Communication Context of the organisation Documented Information Hazard assessment & control Hazard Identification Improvement Leadership & Planning Measurement & Evaluation Operation Performance Evaluation Planning Reporting

Enrol & Start Now

Course Fee: $1,795.00 (AUD)

Access to critical data is paramount criteria for organizational success. Doctors and nurses need access to patient’s records to insure proper delivery of care. Too many restrictions or complicated access methodologies to internal systems can have potentially catastrophic and life-altering consequences. But there’s another side to the story. Too little control or too few internal access restrictions can lead to HIPAA violations and data exposures.

There are far too many examples to cite and the list grows by the day, but one instance continues to stay in my mind: A hospital employee recently sold the names of patients who had been involved in auto accidents to a law firm. This obvious breach only is not only disturbing for many reasons, but underscores the need for proper governance of an organization’s data within an electronic system. This breach – caused by an internal agent, a rising trend – also proves the need for regular and ongoing audits. So, how can health system leaders insure that procedures and policies minimize the risk for both sides of this issue?

The following piece examines the two most important aspects of data access control: access rights and regular audits.

Determining who gets access to what and when

Determining the baseline of necessary access rights needed for your employees, and those currently allowed by type or role of employee, is the first step of the process. This information can be gathered through user profiles — department, location, titles, roles — to establish who is able to access what and when according to permissions granted currently in your system. Once you have collected this information, the data can be forwarded to each of the respective employee’s managers for review.