|TITLE: Information Security||ID:|
|ORIGINATOR: Information Security Office||DATE: Jan 5, 2005|
|REVIEWED: President's Council||DATE: Feb 16, 2005|
|APPROVED: Raymond S. Greenberg, MD, PhD||DATE: Feb 16, 2005|
|IMPLEMENTATION: Enterprise-wide||DATE: Feb 16, 2005|
Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:
If an MUSC System is used to create, store, process or transmit Protected Information, then the designated Owner of the System is responsible for ensuring that the System's mechanisms for encrypting data are sufficient to meet all legal, ethical and business requirements.
The process of determining whether encryption is necessary, and the type(s) of encryption to be used within the System, should be guided by the System Owner's Risk Assessment. It may be necessary to encrypt Protected Information during storage, during processing, and/or during transmission over electronic communication networks.
This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.