Information Systems Security Plans
A Security Plan is required, per UT Systems IT Policy IT0121, for computer systems at the UTHSC. This new policy became effective January 1, 2010; the initial security plans are to be done by January 1, 2011. Security Plans are to be prepared by the information custodian and systems custodian and submitted to IT Security at UTHSC who will consolidate them.
UTHSC is preparing its initial set of Information Systems Security Plans to comply with the UT System IT Policy IT0121. To compile the security plans by the due date, custodians should submit their plans, in the form of two spreadsheet templates, to IT Security by December 17, 2010. These templates are confidential documents and should be treated as such.
Detailed instructions on preparing a Security Plan are found in the Steps to a Successful Security Plan . The two templates are
- Security Plan Systems which details your systems and
- Security Plan Vulnerabilities which details vulnerabilities.
Please download these templates and follow the steps in the instructions (netid required to download).
Planning premises include: UTHSC is subject to regulation, laws and policies including those of the United States government, specifically HIPAA, HITECH, FERPA and FISMA, of the State of Tennessee, various local governments and the University of Tennessee system.
Security Plan Open Q&As are scheduled for Thursday afternoons , from November 18, 2020 thru December 16, 2020, from 3pm to 4 pm in the ITS Conference Room, 7th Floor Alexander Building. These are open workshops and are designed to answer your questions and assist in preparation of the Security Plans. You can call the IT Security Officer, Frank Davison, at 901-448-1260 or email to email@example.com for assistance, too.