Skip to main content
Northwestern University Feinberg School of Medicine
Feinberg Information Technology

Information Security

The security of the medical school's systems and data are of the utmost importance to Feinberg IT. Knowledge of and compliance with our security policies and procedures are the responsibility of each staff and faculty member. Please learn more below.


Feinberg Information Security & Access

Feinberg Information Security & Access offers tips on staying compliant with Feinberg IT policies.

 

Administrative Computer Access Accounts Policy

The Administrative Computer Access Accounts policy defines the control and management of the assignment and use of administrative computer access accounts. If you would like to request administrator rights to your computer, please submit the Computer Administrator Rights form to begin the process.

 

Assessing the Probability of Public Disclosure of Protected Data

This Assessing the Probability of Public Disclosure of Protected Data Policy defines the required method to assess a probability of unauthorized disclosure of protected university data resulting from all forms of device compromise and/or unauthorized data loss as a result of reported or discovered incident.

 

Authorization & Access Control Policy

The Authorization & Access Control Policy establishes the requirements to ensure authentication and access to electronic Personal Health Information (ePHI) or personally identifiable information (PII) is approved and sufficient to perform duties while maintaining compliance with university policies.

 

Cloud Security Policy

The Cloud Security Policy defines the appropriate use of cloud services and the security controls to establish when adopting cloud computing.

 

Data Backup Policy

The Data Backup Policy and procedure establishes the required actions to ensure administrative data and research data is backed up, safely stored, and is accessible and available to restore ongoing operations.

 

Data Security Plan Requirements for FSM Research

Data Security policy and procedures, template checklist and examples.

 

Device Security Policy

The Device Security Policy defines the appropriate use of personal devices and smart phones.

 

Device Transfer & Disposal Policy

The Device Transfer & Disposal Policy and procedure establish the requirements for disposal, re-use, or transfer of Feinberg computing devices.   If you would like to submit a device transfer request for your computer, please submit the Computer Transfer of Ownership Form to begin the process.

 

Log Management Policy

The Log Management policy and procedure establishes the requirements to record activity in information systems that contain or use ePHI or PII.

 

Patch Management Policy

The Patch Management Policy establishes the patch management program and oversight for Feinberg.

 

Physical Device Security Policy

The Physical Device Security Policy establishes the required physical attributes of a computing device and its surroundings.

 

Security Risk Management Policy

The Security Risk Management Policy establishes the information security risk management program and oversight for Feinberg.

 

Security Training Policy

The Security Training Policy establishes the required security privacy training and awareness as required by the HIPAA Privacy and Security Rule.

 

Vulnerability Management Policy

The Vulnerability Management Policy establishes the framework for the Feinberg vulnerability management program.

 

Web Application Maintainability Policy

This policy ensures all FSM web applications, whether developed in-house, purchased, or vendor-built, are securely hosted, properly registered, and maintained throughout their lifecycle. More about the Web Application Maintainability Policy