Vendor Hardware Request for Access to Network
Areas with the
are required to successfully process your request!
The Information Security Office can assist in the review of contract details upon request and based on priority and availability. Unauthorized or otherwise unintended exposures of KHN data shall result in the vendor notifying Information Security within twenty-four hours of discovery, and no notification shall be made to those affected by the unauthorized exposure of network's data until the vendor has consulted with Information Security management. The Vendor must be able to maintain the integrity and accuracy of the data it manages while attached to the KHN network. No data exchanges will occur until the network has agreed that the data meets any specified requirements for accuracy and integrity. The KHN network retains the right to approve or reject the data displayed on Web sites; the display of data not meeting network standards will not be allowed. All the Vendor's systems handling KHN data must comply with the KHN workstation standard requirements.
Kettering Health Network Contact:
Services or applications running on systems manipulating PHI data should implement secure (encrypted) communications as required by confidentiality and integrity needs. If medical record or medical insurance data is included, the data must be encrypted, and the vendor must supply documentation of compliance to HIPAA prior to the contract being accepted by the KH network, and annually thereafter. How will the vendor encrypt communications?
Routine event monitoring will be performed by the Vendor; the KHN network expects that the Vendor will routinely and immediately identify events related to unauthorized activity and unauthorized access. What procedures will the vendor follow to monitor their system?
How will the vendor access this system? What authentication methods are in place to control access to this device?
What operating system will be installed on this hardware?
All systems and applications shall regularly undergo vulnerability assessments, such as testing patch level, password security, and application security. How will systems be patched and updated and any resulting changes be implemented?
What antivirus software will be installed on the system?
How will antivirus software be configured to update signatures daily?
Systems must be physically secured in racks or areas with restricted access. Portable devices shall be physically secured if left unattended. How is the vendor's system physically secured?
What procedures will be followed to establish regular system backups and how will they be verified?
Does the vendor require access to the Internet or a specific resource?
If remote access to the system is required, how does the vendor propose this access?
Your request will be sent by pressing the 'submit' button -