| TITLE: Information Security | ID: |
| ORIGINATOR: Information Security Office | DATE: Jan 5, 2005 |
| REVIEWED: President's Council | DATE: Feb 16, 2005 |
| APPROVED: Raymond S. Greenberg, MD, PhD | DATE: Feb 16, 2005 |
| IMPLEMENTATION: Enterprise-wide | DATE: Feb 16, 2005 |
Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:
The designated Owner of each MUSC Information System is required to conduct Risk Assessments at appropriate points in the system's lifecycle, beginning prior to the system's implementation, to ensure that all reasonably anticipated risks to information availability, integrity, and confidentiality are identified, analyzed, and appropriately managed.
The System Owner is required to ensure that security safeguards are implemented and maintained, to reduce risks to reasonable and appropriate levels, and to comply with applicable laws, regulations, and policies.
This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.