Information Security Doctrine
The main strategic objective of ensuring information security in the Clinic is maintaining the trust of patients.
Protection of data concerning the state of health of the Clinic’s patients or another law-protected secret is
the key task behind ensuring information security
in the Clinic.
The aforementioned objective is achieved in the Clinic with the help of the information security management system, part of the integrated enterprise operations management system.
The information security management system is based on the risk-oriented approach enabling identification of information security assurance risks and appropriate measures for their mitigation.
Control mechanisms of the information security management system are annually revised to guarantee their effectiveness.
Responsibility for the support of the information security management system is vested into the IT service of the Clinic. Departments of the Clinic provide necessary assistance to the IT service.
JSC «Medicine» (clinic of academician Roytberg) President oversees the performance of the information security management system of the Clinic and monitors availability of resources required for its effective operation.
The information security management system of the Clinic must conform to the requirements of ISO/IEC 27001:2013 international standard. Conformity to these requirements is subject to annual approval as part of a third party audit.