| TITLE: Information Security | ID: |
| ORIGINATOR: Information Security Office | DATE: Jan 5, 2005 |
| REVIEWED: President's Council | DATE: Feb 16, 2005 |
| APPROVED: Raymond S. Greenberg, MD, PhD | DATE: Feb 16, 2005 |
| IMPLEMENTATION: Enterprise-wide | DATE: Feb 16, 2005 |
Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:
Each MUSC Entity's workforce member should meet information security training requirements that are appropriate for the workforce member's level of knowledge, experience, and responsibilities.
The managers and supervisors of each MUSC Entity's workforce members are responsible for ensuring that each workforce member has completed all current information security training requirements, and that the requirements met are appropriate for the workforce member's level of knowledge, experience, and responsibilities. Each workforce member's awareness and training program should consist of at least three types of activities:
Each Entity's IACO is responsible for informing the Entity's managers and supervisors of current training requirements, training programs, and available documentation. Each MUSC Entity's training program should cover all MUSC information security policies, and any Entity-specific policies and procedures.
System Owners are responsible for ensuring that each authorized User of the System has access to appropriate System-specific training resources and materials.
This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.