Vulnerability assessment and penetration testing

Standards indicator

C6.4A Our practice has a team member who has primary responsibility for the electronic systems and computer security.

You must have at least one team member who has primary responsibility for the electronic systems and computer security.

Create a policy: Network perimeter controls

Your network perimeter control policy should provide details of the hardware and software protecting your network, including remote and wireless access networks.

Your policy should cover:

• the configuration details of all network perimeter control hardware and software
• how network perimeter controls are managed
• version details of all hardware and software
• details of ongoing maintenance and support requirements
• configuration of your network perimeter controls and appropriate settings for your practice
• details of who can access your network through the perimeter controls and how this is done
• details on downloading or installing additional programs and utilities
• third-party and vendor access rights and confidentiality agreements
• the use of a VPN for all remote access
• information on avoiding the use of public or open and unsecured networks when accessing your practice systems remotely
• the importance of regularly scanning of your networks to identify security weaknesses
• how and when to audit logs for unauthorised access and unusual or inappropriate activity.