Responsible Office: Vice Chancellor for Information Technology/CIO | Last Review: 04/17/2020 Next Review: 04/17/2022 |
Contact: Dan Harder | Phone: 901.448.2500 Email: dharder@uthsc.edu |
Purpose
To establish authority and process for drafting, maintaining, and approving Information Technology Standards and Practices at the University of Tennessee Health Science Center, and grant and control exceptions for unusual operational, technical, or administrative circumstances. University of Tennessee Health Science Center Information Technology Standards and Practices are developed, revised, and issued in response to new guidelines and changes in UT-wide Standards and Practices, internal Standard as well as state and federal laws, regulations, and statutory requirements.
Scope
This standard applies to the development of all UTHSC Information Technology (IT) Standards and Practices.
-
Development
- The UTHSC Office of the Vice Chancellor for Information Technology/CIO (CIO) has the responsibility for developing UTHSC Information Technology Standards, Practices, Procedures, and Guidance specific to UTHSC campuses, colleges, or institutes conformant with UT-wide IT Policies and Standards to accompany and supplement individual information technology Standards and Practices.
- The UTHSC Office of Cybersecurity and the Chief Information Security Officer (CISO) has the responsibility for developing Standards, Practices, Procedures and Guidance specific to security related topics conformant with UT-wide Security Policies and Standards.
- The Office of the CIO and/or CISO coordinates the IT Standard development function for UTHSC, with responsibility for development, and maintenance; The Office of the CIO and/or CISO maintains a complete repository of UTHSC IT Standards, Practices, Procedures, and Guidelines.
- The process for Standard and Practice development will be as outlined in ITS-GP-001.01 – Framework for developing UTHSC IT Standards and Practices.
- UTHSC Standards and Practices must align with UT-Wide IT policies and standards and can only be more restrictive than applicable UT-Wide policies and standards.
- Exceptions
- The Office of the CIO, CISO, or designee is authorized to grant exceptions to UT IT Policies and UTHSC IT Standards and Practices.
- Exceptions shall be granted in accordance with GP-001.02 – Security exceptions and Exemptions to ITS Standards Practices & Controls.
- No exceptions to Federal or State laws or regulations will be granted.
References
- ITS-GP-001.01-Framework for developing UTHSC IT Standards and Practices
- GP-001.02-Security Exceptions and Exemptions to ITS Standards Practices & Controls
- University of Tennessee Policies