§164.308(a)(6)(i): Implement policies and procedures to address security incidents.

Audit Inquiry

Does the entity have policies and procedures in place to address security incidents?

Obtain and review the policies and procedures related to security incidents

Elements to review may include but are not limited to:
• Identification of what specific event would be considered a security incident
• Identification of workforce members’ role and responsibilities regarding security incidents
• Management involvement regarding security incidents
• Workforce members or roles to which the incident response policies and procedures are to be disseminated
• Coordination of security incidents among business associates
• Identifies what steps should be taken in response to a security incident
• The frequency to review and update current security incident policies and procedures

Obtain and review documentation demonstrating that security incident policies and procedures are implemented. Evaluate and determine whether policies and procedures are appropriate for addressing security incidents and are in accordance with related policies and procedures.