U.S. flag

Un sitio oficial del Gobierno de Estados Unidos

Dot gov

Los sitios web oficiales usan .gov
Un sitio web .gov pertenece a una organización oficial del Gobierno de Estados Unidos.

Https

Los sitios web seguros .gov usan HTTPS
Un candado () o https:// ignifica que usted se conectó de forma segura a un sitio web .gov. Comparta información sensible sólo en sitios web oficiales y seguros.

branding: 'Branding' navigation_second: 'Navigation Second' footer_first: 'Footer First' footer: 'Primary Footer' footer_second: 'Footer Second'

Esta página no está traducida al español porque no hay traducción disponible en el idioma que ha elegido.

1.1 Information Security Requirements

Employers and employer agents who use E-Verify through a Web service must ensure that information they share through the Web service software  with DHS is appropriately protected through means that are comparable to security provided within the DHS environment. The following are best practices to achieve information security:

  • Conduct periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the DHS, SSA, and the Web service E-Verify Employer, E-Verify employer agent and its clients.
  • Develop policies and procedures that are based on risk assessments, reduce information security risks to an acceptable level, and ensure that information security is addressed
  • Implement subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate.
  • Conduct security awareness training for Web services users, contractors and others who use the information systems to support operations and manage assets. This training informs the users of the information security risks and responsibilities associated with their activities in complying with organizational policies and procedures designed to reduce these risks.
  • Develop periodic testing to evaluate the effectiveness of information security policies, procedures, practices, and security controls. The frequency of this testing and evaluation depends on the level of risk, but must be conducted at least once per year.
  • Develop a corrective process sometimes referred to  as a “Corrective Action Plan.” This plan implements, evaluates and documents remedial actions addressing any deficiencies in information security policies, procedures, and practices.
  • Implement security incident procedures for detecting, reporting, and responding to incident, sometimes referred to in security circles as a “Significant Incident Report (SIR)” or “Security Incident Report.”
  • Create continuity of operations (COOP) plans and procedures to ensure ongoing operations for information systems that support the operations and assets of the organization.
  • Establish the appropriate rules for the use and protection of information, as the ultimate  responsibility for sharing or providing information rests with the information owner.
Última Revisión/Actualización: