Information security policy
Humana sets guidelines for employees' use of IT and data. This is to protect all data linked to our customers and clients that we work with.
Objectives
It is necessary for all of us to protect Humana's information well so that no unauthorized person can access sensitive information, in order for us to achieve our business goals and for customers, clients, partners, the public and employees to feel confident in us.
That is why we work actively on data security so that all our information
- is protected from unauthorized access (confidentiality)
- can be trusted (accuracy)
- is available when needed (availability)
- can be traced back to the person who accessed or changed the information (traceability).
Metrics
These metrics are used by Humana to continuously monitor and ensure data security.
- Internal audits of data security and compliance linked to current legislation by Humana conducting random checks in the systems that contain this type of information.
- Deviations are handled according to current guidelines and the goal is that deviations should always be few and Humana should work actively to ensure that these are not recurring.
Roles and responsibilities
Everyone has a responsibility for ensuring that security works. Anyone who discovers shortcomings in data security must bring it to the attention of their manager or CIO. All employees must also report incidents that could put our information assets at risk.
Business managers/information owners must plan, implement and report back on information security work. Managers at all levels have a responsibility to inform their staff about the data security policy and its applications.
The following roles are central to the strategic and operational information security work at Humana:
Executive Management and Chief Executive Officer
Ultimately responsible for Humana's information and its security and accuracy. Tasked with following up on compliance in the business, and any incidents with the CIO.
CIO
Is strategically and operationally responsible for information security work, and develops and coordinates information security work. Each year, the CIO must review and possibly revise the information security policy.
Information users
Information users are all those who handle information, in whatever form, within Humana, including employees as well as non-employees. Responsible for knowing and following Humana's information security policies, guidelines and procedures. Also responsible for ensuring that information they create is protected in the manner determined by the information owner.
Information owner
All information must have a designated information owner. If the role has not been delegated, the budget and personnel manager of the unit responsible for the information is also the information owner. Responsible for evaluating the information and thereby setting requirements for its protection.
The IT unit
IT is responsible for the operation and development of Humana's IT systems and IT functions, and for ensuring that IT security meets Humana's needs. The IT unit is responsible for managing Humana's common infrastructural IT platform, and for supporting the managers of the operations with regard to IT security.