[ISN] VA ramps up enforcement of contractor data security

From: InfoSec News <alerts_at_private>
Date: Thu, 20 May 2010 00:35:12 -0500 (CDT)

By Mary Mosquera
Government Health IT
May 19, 2010

The Veterans Affairs Department will step up enforcement of its 
contractors to make certain that they meet information security 
requirements in protecting veterans. personal health data.

VA includes a clause in its contracts requiring information security 
safeguards, including encryption and policies limiting who can access 
personal data. But that is no guarantee that vendors follow through, 
said VA senior IT and procurement officials at a hearing May 19 of the 
House Veterans Affair Committee subcommittee on oversight and 

The challenge lies in verifying that over 22,000 VA contractors with 
whom the department shares veteran information adhere to security 
requirements, said Roger Baker, VA's CIO. These vendors help VA provide 
healthcare and benefits.

"Our policy, which is stronger than any similarly sized private sector 
organization that I'm aware of, is that supply chain partners must 
follow VA's information protection policies, including encryption of 
mobile devices," he said.


Best Selling Security Books and More!
Shop InfoSec News
Received on Wed May 19 2010 - 22:35:12 PDT

This archive was generated by hypermail 2.2.0 : Wed May 19 2010 - 22:40:06 PDT