Orange County NC Website
Browse       Search
DocuSign Envelope ID:24BBAFA9-CD81-4144-ACEF-E9036E703739 <br /> The new employee must sign a Statement of Understanding and the Systems Access Request Form <br /> acknowledging acceptance of responsibilities contained in the Jende Solutions security policies. These <br /> policies will be provided to the employee candidate during orientation. <br /> The IT Department will enable access to only those systems approved on the Access Request Form and <br /> will retain a copy of the completed form for auditing. Access may only be granted once a signed <br /> Statement of Understanding has been received by Human Resources. <br /> All new hires must execute a Confidentiality Agreement to protect Jende Solutions sensitive and <br /> confidential information, including any client sensitive information. <br /> Relevant contractors, relevant third party users, and temporary employees will be held to the same <br /> standard as full time employees. A written guarantee from the contractor's organization or the <br /> employment agency that a background check has been conducted with respect to relevant contractors <br /> and relevant third party users can be used to augment internal background checks. Any vendor that <br /> requires access to confidential data regulated by the HIPAA must contractually acknowledge their <br /> responsibilities in maintaining regulatory compliance requirements. This requirement is fully described in <br /> the Jende Solutions Vendor Management Policy. <br /> Training <br /> Department managers, at the direction of Human Resources, are responsible for providing security <br /> orientation and ongoing instruction to new and existing end-users regarding their department's utilization <br /> of Jende Solutions information systems. IT is responsible for informing end-users of pending operational <br /> changes affecting technology and to assist them once the changes are in place. <br /> New Hire Orientation <br /> Each new-hire will complete orientation training to include an overview of Jende Solutions security <br /> policies and procedures. The security policies will include end user acceptable use as well as data <br /> handling and disposal training in addition to other security safeguards. Moreover, these employees will <br /> receive network training as well as training for the use of the systems and applications required to perform <br /> their job functions. <br /> In-House Instruction <br /> All staff, relevant contractors and third party users will be trained on security, compliance, and operating <br /> procedures to effectively use Jende Solutions information systems and applications required while <br /> performing their duties. In addition, all staff will be given periodic security awareness training including but <br /> not limited to a review of relevant Jende Solutions policies and procedures, technology changes, business <br /> controls, legal requirements, appropriate use of information processing facilities, reporting information <br /> security incidents, the importance of protecting customer customer PII, PHI and other sensitive data types <br /> and their handling), and information regarding the disciplinary process for non-compliance with security <br /> policies and procedures. This training is performed as new systems or enhancements are introduced or <br /> may be annually performed in order to ensure that the staff is following the established policies, <br /> procedures and guidelines. <br /> The Chief Information Security Officer will periodically perform security and compliance presentations with <br /> Senior Management to ensure that they have an understanding of the IT processes and related security <br /> control concepts and regulatory requirements. <br /> Security Reminders <br /> The Chief Information Security Officer will continue security education using sign-in banners, posters, <br /> memos, promotions, letters or emails and periodic meetings to re-enforce security training concepts. The <br />