| TITLE: Information Security | ID: |
| ORIGINATOR: Information Security Office | DATE: Jan 5, 2005 |
| REVIEWED: President's Council | DATE: Feb 16, 2005 |
| APPROVED: Raymond S. Greenberg, MD, PhD | DATE: Feb 16, 2005 |
| IMPLEMENTATION: Enterprise-wide | DATE: Feb 16, 2005 |
Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:
Information security management processes at MUSC must be documented. The types of processes that must be documented include: risk assessments, risk management actions, and changes to security policies and procedures.
In each case, the person responsible for the documentation must ensure that the documentation is (a) made available as needed to all authorized personnel, (b) periodically reviewed, (c) updated as needed in response to environmental or operational changes, and (d) retained for a minimum of six years.
This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.