MUSC Policy: Information Security - Workstation Use

TITLE: Information Security	ID:
ORIGINATOR: Information Security Office	DATE: Jan 5, 2005
REVIEWED: President's Council	DATE: Feb 16, 2005
APPROVED: Raymond S. Greenberg, MD, PhD	DATE: Feb 16, 2005
IMPLEMENTATION: Enterprise-wide	DATE: Feb 16, 2005

1. RATIONALE

Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:

MUSC workstations, and any other devices used to access MUSC's network, may be used only for authorized purposes. Workforce members are prohibited from using any MUSC workstation, or any other device used to access MUSC's network, in excess of their authority.

A specific workforce member's use of a specific workstation for a specific purpose must be authorized by all of the following: (a) the designated Owner of the workstation, (b) the workforce member's supervisor or manager, and (c) MUSC policies that establish boundaries for acceptable use.

Workforce members are prohibited from installing unauthorized software on MUSC workstations.

If access to protected information from a workstation is possible, then the designated Owner of the workstation must ensure that: the authorized use(s) of the workstation are evident to prospective users authorized users follow appropriate procedures for initiating, terminating, and suspending their sessions on the workstation physical access to the workstation is restricted to its authorized users visual access to the workstation's display is restricted to authorized users.

This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.