Information Security Policy Statement

Information Security Policy Statement

The goal of information security at Fred Hutch is to support the confidentiality, integrity, and availability of information while complying with information security requirements and best practices. Toward this end, Fred Hutch has an information security policy ("Policy") that applies to all information and associated processes used in the conduct of Fred Hutch operations.

This Policy provides the overarching guidelines and structure for organizational information security standards that are based on the NIST 800-53 framework. These standards are the instruments by which the policy effects information security controls, requirements, and processes. With these measures, the Fred Hutch Information Security Office protects patient, business, and other confidential information. Specific examples of such measures include, but are not limited to, the following:

  • Role-based access on a least-privilege, need to know basis
  • Network vulnerability assessments using industry standard tools
  • Regular security patching
  • Email spam filters that prevent or mitigate virus outbreaks and phishing attempts
  • Antivirus software that defends against virus outbreaks

Any time that 24/7 monitoring reveals a breach of such measures, an information security team deploys to contain the threat.

For more information, contact the Fred Hutch Information Security Office.