Table 8 Indicative gaps identified in the PAUSIL hospital
Gap analysis template clause | Gap analysis objective | Question/security control | Current status and gap mitigation |
|---|---|---|---|
Security Policy | Information security policy | Does the analysis subject facilitate or promote the idea of information security policy document? | A formal information security policy document does not yet exist; however, PAUSIL is planning to introduce operational procedures and policies regarding security. |
Physical and environmental security | Secure areas | Does the analysis subject facilitate or promote protecting against external and environmental threats? | Protection against external and environmental threats is not centrally documented/planned. |
Usability | Effectiveness | Does the analysis subject facilitate or promote the operability regarding the respective security aspects? | The process of changing user passwords could be improved in terms of usability. |
Communications and operations management | Media handling | Does the analysis subject facilitate or promote management of removable media? | No formal procedures are enforced for the management of removable media |