Security Policy

1. Introduction

Orapuh is committed to ensuring the confidentiality, integrity, and availability of its digital assets and information. This policy outlines the guidelines and procedures for safeguarding Orapuh’s digital infrastructure, data, and public health information.

2. Scope

This policy applies to all Orapuh employees, volunteers, contractors, and third-party vendors who access, manage, or handle Orapuh’s digital assets and information.

3. Information Classification

Public: Information intended for public release.
Internal: Information restricted to Orapuh employees, volunteers, and approved partners.
Confidential: Sensitive information, including patient health records and personal data.

4. Access Control

Role-based access: Access to information systems and data will be based on job roles and responsibilities.
Multi-factor authentication (MFA) for remote access.
Regular review and update of user access permissions.

5. Data Protection

Encryption of sensitive data both in transit and at rest.
Regular data backups with off-site storage.
Data retention and disposal policies in compliance with regulatory requirements.

6. Network Security

Firewalls and intrusion detection/prevention systems.
Regular network vulnerability assessments and penetration testing.
Secure Wi-Fi with strong encryption and guest network isolation.

7. Endpoint Security

Antivirus and anti-malware software on all devices.
Patch management to ensure all software and systems are up-to-date.
Mobile device management (MDM) for company-owned and BYOD devices.

8. Incident Response

Incident reporting and escalation procedures.
Regular security awareness training for employees.
Forensic analysis and investigation in case of security breaches.

9. Physical Security

Secure data centers with controlled access.
CCTV surveillance and alarm systems.
Secure disposal of physical media and devices.

10. Third-Party Management

Vendor risk assessments before engagement.
Security requirements in contracts and service level agreements (SLAs).
Regular audits and reviews of third-party security practices.

11. Compliance

Adherence to relevant laws, regulations, and standards.
Regular compliance audits and assessments.
Training and awareness programmes on compliance requirements.

12. Training and Awareness

Regular security awareness training for all employees.
Phishing and social engineering awareness programmes.
Updates on emerging threats and best practices.

13. Policy Review and Updates

Regular review and update of the security policy.
Stakeholder input and feedback in policy development and updates.
Communication of policy changes to all relevant parties.

14. Enforcement

Violations of this security policy may result in disciplinary action, up to and including termination.
Reporting mechanisms for policy violations and concerns.
Whistleblower protection for employees reporting security incidents in good faith.

15. Conclusion

Orapuh’s security policy aims to create a secure and trusted environment for its digital operations, protecting both its assets and the sensitive public health information it manages. All employees and stakeholders are expected to comply with this policy to maintain the highest standards of security and confidentiality.

By adhering to this comprehensive security policy, Orapuh demonstrates its commitment to maintaining the trust of its patients, partners, and the public.

Security Policy

Nearly Half of US Adult Cancer Deaths Can Be Prevented by Lifestyle Changes

Chimpanzees Use Medicinal Plants to Heal Themselves, Study Finds

Hair Relaxers Hold Health Risks for Black Women

Study Finds Wild Elephants May Use Names

Choose Orapuh School

Personalized Cancer Vaccine Trial Begins in the UK

Study Suggests Tattoos May Be Linked to Cancer, But More Research Needed

Spit Test Better Than Blood Test for Men at Risk of Prostate Cancer

Study Finds Mental Disorders May Spread Among Teenagers Through Friendships

Bill Gates Advocates for Work-Life Balance in Northern Arizona University Commencement Address