MUSC Policy: Information Security - Evaluation

 TITLE: Information Security  ID:
 ORIGINATOR: Information Security Office  DATE: Jan 5, 2005
 REVIEWED: President's Council  DATE: Feb 16, 2005
 APPROVED: Raymond S. Greenberg, MD, PhD  DATE: Feb 16, 2005
 IMPLEMENTATION: Enterprise-wide  DATE: Feb 16, 2005

1. RATIONALE

Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:

HIPAA Security: 164.308(a)(8) Evaluation
FTC Safeguards Rule: 314.4(e)

2. POLICY

Evaluation of all information security policies and procedures should occur at regular intervals, and also in response to environmental, operational, policy or regulatory changes.

3. PROCEDURES

3.1. Definitions

Refer to MUSC Policy: Information Security: Appendix A.

3.2. Assigned Responsibilities

MUSC's Entity IACOs are required to monitor and evaluate the effectiveness of all information security policies and procedures within their respective entities.

System Owners are required to monitor and evaluate the effectiveness of all System-specific policies and procedures.

3.3. Sanctions

Refer to MUSC Policy: Information Security: Sanctions.

3.4. See Also

MUSC Policy: Information Security

4. ACCESS

This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.