Responsible Office: Office of Cybersecurity	Last Review: 04/14/2021 Next Review: 04/14/2023
Contact: Chris Madeksho	Phone: 901.448.1579 Email: mmadeksh@uthsc.edu

Purpose

To establish the protection of using approved applications for official communications for UTHSC.

Scope

This practice applies to UTHSC information, communications, and the official recourses used to transmit, store, and process that information.

Definitions

Official Communications – UTHSC communications passed through channels throughout the organization and externally, following specific rules and regulations, to maintain a professional workplace environment.

UTHSC Workforce – employees, volunteers, trainees, student employees, paid contractors, or anyone acting in an official capacity for UTHSC, and other persons whose conduct, in the performance of work for a covered entity or business associate, is under the direct control of such covered entity or business associate, whether or not they are paid by the covered entity or business associate.

Responsibilities

Office of Communications and Marketing is responsible for approving applications to be used in official communications.

Information Technology Services (ITS) is responsible for aiding in the implementation and support of the approved applications.

Office of Cybersecurity is responsible to review any communications publicly posted to ensure it does not contain regulatory information, i.e. HIPAA or the communications presents a risk to UTHSC, i.e. posting a Zoom meeting with the passcode on social media.

UTHSC Workforce is responsible for adhering to the practice and the security controls set forth in it.

Practice

1. Only approved applications should be used for official UTHSC communications.
2. Approved applications are those that have been vetted by ITS and procurement processes and purchased by UTHSC such as:
   1. Microsoft 365 applications, such as Outlook and MS Teams
   2. UTHSC’s HIPAA Zoom Conferencing application
3. Use of non-approved applications, whether paid or free, is prohibited.
4. Requests for communication applications must be handled through the appropriate procedures directed by Procurement Services.
5. The Office of Communications and Marketing has final approval for all communications used in official UTHSC press releases, printed materials, digital/web materials, and social media posts.
6. Exceptions to this practice should be requested using the process outlined in GP-001.02 Security Exceptions and Exemptions to ITS Standards and Practices.

References

1. SC-002-System and Communications Protections
2. GP-001.02 Security Exceptions and Exemptions to ITS Standards and Practices