The security of the medical school's systems and data are of the utmost importance to Feinberg IT. Knowledge of and compliance with our security policies and procedures are the responsibility of each staff and faculty member. Please learn more below.
Feinberg Information Security & Access
Feinberg Information Security & Access offers tips on staying compliant with Feinberg IT policies.
Data Security Plans for Information Used in Clinical Research
Security Training Policy
The Security Training Policy establishes the required security privacy training and awareness as required by the HIPAA Privacy and Security Rule.
Device Security Policy
The Device Security Policy defines the appropriate use of personal devices and smart phones.
Physical Device Security Policy
The Physical Device Security Policy establishes the required physical attributes of a computing device and its surroundings.
Cloud Security Policy
The Cloud Security Policy defines the appropriate use of cloud services and the security controls to establish when adopting cloud computing.
Security Risk Management Policy
The Security Risk Management Policy establishes the information security risk management program and oversight for the Northwestern University (NU) Feinberg School of Medicine (FSM).
Vulnerability Management Policy
The Vulnerability Management Policy establishes the framework for the Northwestern University (NU) Feinberg School of Medicine (FSM) vulnerability management program.
Patch Management Policy
The Patch Management Policy establishes the patch management program and oversight for the Northwestern University (NU) Feinberg School of Medicine (FSM).
Administrative Computer Access Accounts Policy
The Administrative Computer Access Accounts Policy defines the control and management of the assignment and use of administrative computer access accounts.
Administrative Computer Access Request
If you would like to request administrator rights to your computer, please submit the Computer Administrator Rights form to begin the process.
Assessing the Probability of Public Disclosure of Protected Data
This Assessing the Probability of Public Disclosure of Protected Data policy and procedure defines the required method to assess a probability of unauthorized disclosure of protected University data resulting from all forms of device compromise and/or unauthorized data loss as a result of reported or discovered incident.