Responsible Office: Office of Cybersecurity	Last Review: 03/01/2025 Next Review: 03/01/2027
Contact: Chris Madeksho	Phone: 901.448.1579 Email: mmadeksh@uthsc.edu

Purpose

To establish the protection of using approved methods for official communications for the University of Tennessee Health Science Center (UTHSC).

Scope

This practice applies to UTHSC information, communications, and the official resources used to transmit, store, and process that information.

Definitions

Official Communications – UTHSC communications passed through channels throughout the organization and externally, following specific rules and regulations, to maintain a professional workplace environment.

UTHSC Workforce – employees, volunteers, trainees, student employees, paid contractors, or anyone acting in an official capacity for UTHSC, and other persons whose conduct, in the performance of work for a covered entity or business associate, is under the direct control of such covered entity or business associate, whether or not they are paid by the covered entity or business associate.

Responsibilities

Office of Communications and Marketing is responsible for approving applications to be used in official communications.

Information Technology Services (ITS) is responsible for aiding in the implementation and support of the approved applications. This includes having the applications reviewed as part of the Technology Review Team’s (TRT) processes.

UTHSC Workforce is responsible for adhering to the practice and the security controls set forth in it.

Practice

1. Only approved applications should be used for official UTHSC communications.
2. Approved applications are those that have been vetted by ITS and procurement processes, in conjunction with Communications and Marketing, and purchased by UTHSC such as, but not limited to:
   1. Microsoft 365 applications, such as Outlook and MS Teams
   2. UTHSC’s HIPAA Zoom Conferencing application
3. Use of non-approved applications, whether paid or free, is prohibited.
4. Requests for communication applications must be handled through the appropriate procedures directed by Procurement Services.
5. The Office of Communications and Marketing has final approval for all communications used in official UTHSC press releases, printed materials, digital/web materials, and social media posts, the guidance of which is provided in that office’s policies.
6. Exceptions to this practice should be requested using the process outlined in IT0003-HSC-A.02-Security Exceptions and Exemptions to ITS Standards Practices & Controls.

Policy History

Version #	Effective Date
1	04/13/2021
2	03/01/2025 – new naming convention

References

1. IT4913-Information Technology Secure Configuration Management
2. IT4912-HSC-C-System and Communications Protections
3. IT0003-HSC-A.02-Security Exceptions and Exemptions to ITS Standards Practices & Controls
4. UTHSC Communications and Marketing Policies