Is a person who administers logical access controls required to report security incidents?
A. Yes, the application is required to run an internal audit for potential security incidents daily and generate a report of any such incidents. If the application generates a report and, upon investigation, the person(s) designated to administer logical access controls for the pharmacy determine that the issuance or records of controlled substance prescriptions has been compromised or could have been compromised, it must be reported to the application provider and DEA within one business day. In general, the security incidents that should be reported are those that represent successful attacks on the application or other incidents in which someone gains unauthorized access.
Related Questions
- What is a reportable security for purposes of a personal securities transaction or holding report of an access person of a SEC registered investment adviser?
- How does an entity report cyber security incidents to the ES-ISAC (Electricity Sector Information Sharing and Analysis Center)?
- Does the Supreme Court of Ohio still require the courts of Ohio to report all security incidents?
