On April 14, 2003, a proposal to initiate a project for developing a security program for the information and computing environment of the Health Science Center (HSC) was presented to Dr. Douglas Barrett, Vice President for Health Affairs. Subsequent presentations were made to the Health Science Center Deans and Dr. Chuck Frazier, University of Florida Vice Provost for Information Technology. The security program for the information and computing environment (SPICE) has been subsequently approved and efforts to assess and secure the HSC data infrastructure is already underway. (more)

Everyone is responsible for information security including UFHSC leadership, management, faculty, staff, students and volunteers. The UFHSC Security Program requires annual training of the workforce in information security concepts, securing protect information and security best practices. (required training)

The University of Florida is the owner of information generated or used by University employees while in the employ and conducting the business of the University, no matter where that information resides. As Owner, the University of Florida is responsible for prescribing certain levels of protection for information whose loss, corruption or unauthorized disclosure results in some level of adversity for the University or an individual. Levels of protection can be costly and not all types of information need to be protected at the same level. Going through a thoughtful effort to classify information types can help a College, Department or Unit decide on a rational information security implementation. 

Information must be classified into one of four classifications; Restricted, Sensitive, Operational or Unrestricted. When classifying information consider, how important (high, medium or low) it is to keep it confidential, how important (high, medium or low) its integrity is, and how important (high, medium or low) it is to be available. (more on how information should be classified)

Information Classification Table for CHFM

Each Unit shall maintain a written contingency plan. The format of standard CP0001 may be used. It is the intent that Standard CP0001 provides a format that facilitates meeting all requirements of contingency planning policy. It is the responsibility of the Unit Information Security Administrator to ensure that all requirements of the contingency planning policies are satisfied.

Contingency Plan for CHFM

Departmental Policies

Each Unit shall must adhere to the HSC Policies as outlined in the HSC SPICE program as stated in GP0002. In addition each Unit may create additional policies to comply with HSC SPICE Policies and Technical Standards.

Restricted or Sensitive Information on portable devices, removable media and local drives of network computers (GP0003a)

Use of Instant Messaging (IM) in the workplace (GP0003b)

Laptop Purchasing Procedure for Security Controls
(TS-0010P)