Cybersecurity Policy: how leaders set the expectation for cyber hygiene

HICP on Cybersecurity Policies

The Health Industry Cybersecurity Practices (HICP) document captured cybersecurity policy as the last practice.

Functions required for a policy management system

Four main functions are required to create and track policies: policy creation, version control, policy distribution, and attestation tracking.

Tools for implementing cybersecurity policies

We could use the tools we identified in this series to make cybersecurity policies widely circulated and track acceptance.

Looking at the cost

Small and medium organizations would not need additional tools to implement the system described in the previous section. We can use the tools we have already acquired for previous HICP practices.


Having cybersecurity policies established is essential for organizations of all sizes. It sets the expectation and behavior of all staff to maintain a strong cybersecurity posture for the company and patient safety.





Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aldo Febro

Aldo Febro

I help healthcare leaders designing digital health & cybersecurity solutions