| TITLE: Information Security | ID: |
| ORIGINATOR: Information Security Office | DATE: Jan 5, 2005 |
| REVIEWED: President's Council | DATE: Feb 16, 2005 |
| APPROVED: Raymond S. Greenberg, MD, PhD | DATE: Feb 16, 2005 |
| IMPLEMENTATION: Enterprise-wide | DATE: Feb 16, 2005 |
Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:
If an MUSC System is used to house protected information, then the designated Owner of the System is responsible for ensuring that the System's integrity controls, for protecting data from improper alteration or destruction, are sufficient to meet all legal, ethical and business requirements.
The System's integrity controls must protect data against improper alteration or destruction during storage, during processing, and during transmission over electronic communication networks.
The types of integrity controls used in the System should be guided by the System Owner's Risk Assessment.
This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.