MUSC Policy MUSC-xx: Information Security - Risk Management
Definitions:
- Refer to MUSC Policy MUSC-xx: Information Security: Appendix A.
Policy:
The designated Owner of each MUSC Information System is required to conduct Risk Assessments at appropriate points in the system's lifecycle, beginning prior to the system's implementation, to ensure that all reasonably anticipated risks to information availability, integrity, and confidentiality are identified, analyzed, and appropriately managed.
The System Owner is required to ensure that security safeguards are implemented and maintained, to reduce risks to reasonable and appropriate levels, and to comply with applicable laws, regulations, and policies. See [RISK ASSESSMENT GUIDELINES].
Sanctions:
- Refer to MUSC Policy MUSC-xx: Information Security: Sanctions.
See Also:
- MUSC Policy MUSC-xx: Information Security
- MUSC Policy MUSC-xx: Information Security Documentation
- MUSC Policy MUSC-xx: Information Security - Evaluation
References:
- HIPAA Security 164.308(a)(1)(i) Security management process
- HIPAA Security 164.308(a)(1)(ii)(A) Risk analysis
- HIPAA Security 164.308(a)(1)(ii)(B) Risk management
- GLBA Safeguards Rule: 314.4(b)
$Id: risk-management.html,v 1.7 2004/12/10 19:45:52 gadsden Exp $