Security Compliance

[Robin Deatherage]

This is a two part question. 

1.  Do you have guidelines for your users on what types of information must be sent using email encryption?  I know the basics but don't really want to start from scratch with coming up with a list if I could help it.

2.  Do you have an Offsite Work Agreement that you would be willing to share?  This would be for employees who are allowed to work from home and or those who travel (while at hotels, conferences, etc), and be security related guidelines that they agree to follow.

Thanks

[Mark]

Hi Robin,

For #1) We use keywords to trigger encryption, so it doesn't matter if the user *wants* to encrypt the email or not (and believe me, many times they think they do NOT want it encrypted).  If the pattern of a SSN or credit card number is matched (via RegEx) the email is automatically encrypted.  I also have a list of keywords that will driver it, like "drivers license number", "DOB", etc that will trigger it.  Lastly, (and this is a dead giveaway as to what product we're using) if none of the above fit your email but you still want it encrypted, putting the text:

Code Select Expand

[encrypt]

anywhere in the email will trigger encryption.

So, we don't currently have a written guideline, but we are basically attempting to make the decision for the user instead of giving them the option.  We do have documentation showing what we are encrypting, which may count as a guideline in a legal case... or may not.  We are still working on that piece.  :-)

#2) I got nothing.  Sorry! :-)

[Adri]

Mark- don't call Robin a Ho!!!!

[Mark]

Mark- don't call Robin a Ho!!!!

What?  I know I can't type... but that NEVER happened!!

[Robin Deatherage]

   Thanks Adri.  I have to admit I've been called worse.  

[Mark]

Robin is my friend!!  :-)

[Robin Deatherage]

Robin is my friend!!  :-)

I was until you called me a Ho.  "unfriend"
Just kidding.  I still luv ya Mark.   

[Robin Deatherage]

Adri, I love your profile pic.  Is that your daughter?  She's adorable.

[Mark]

Robin is my friend!!  :-)

I was until you called me a Ho.  "unfriend"
Just kidding.  I still luv ya Mark.   

:-)

[Mark]

I was until you called me a Ho.  "unfriend"

There still is no evidence of this....   

[Adri]

Adri, I love your profile pic.  Is that your daughter?  She's adorable.

Yep, that is my youngest, Olivia.  Thanks!

[Adri]

Mark- don't call Robin a Ho!!!!

What?  I know I can't type... but that NEVER happened!!

LOL-  Look at what you started!

[Mark]

LOL-  Look at what you started!

I started nothing!    You are just a trouble-maker!

[brinkerdana]

2.  Do you have an Offsite Work Agreement that you would be willing to share?  This would be for employees who are allowed to work from home and or those who travel (while at hotels, conferences, etc), and be security related guidelines that they agree to follow.

I've worked from home for the last 3 jobs and never had an agreement.  I KNEW the data was sensitive and made sure my computer had the appropriate safety features. 

[Robin Deatherage]

2.  Do you have an Offsite Work Agreement that you would be willing to share?  This would be for employees who are allowed to work from home and or those who travel (while at hotels, conferences, etc), and be security related guidelines that they agree to follow.

I've worked from home for the last 3 jobs and never had an agreement.  I KNEW the data was sensitive and made sure my computer had the appropriate safety features. 

One of the classes I attended at TENCon was the HIPAA and HITECH Survival Guide by Laura Nelson.  During the class she recommended that agencies have an Offsite Work Agreement in place spelling out to the employees exactly what is expected of them security wise.  That's why I'm asking about this.  Just a CYA in case you are audited.