Policies and Procedures
The policy was updated on 2/20/2015 by the UETN Governing Board at the recommendation of the Advisory Council and Technical Subcommittee, who worked with Utah Telehealth Network staff to address vulnerability remediation. The policy is intended to encourage member sites to remediate vulnerabilities within a defined timeframe. If not, sanctions may be implemented and the Utah Telehealth Network Vulnerability Compliance Procedure must be followed.
Utah Telehealth Network Vulnerability Management Procedure (pdf), details of the procedure, also approved, include a communication plan, sanctions, and a timeline. Vulnerabilities are defined by levels 1 through 5, with level 5 being the most severe. A level 5 vulnerability can lead to the compromise of a site’s entire network security.
The communication plan includes notification of the vulnerability and guidance for remediation, written and verbal communication, multiple warnings regarding pending sanctions, and a generous timeline.