IT governance-related resources can be viewed by selecting the corresponding link below.

• IT Shared Services Overview
• IT Shared Services Governance Overview
• IT Governance
• Enterprise Architecture Framework and Principles
• Enterprise Technology Architecture

Statewide IT strategies developed for agency consumption can be viewed by selecting the corresponding link below.

• State Cloud Computing Strategy
• Statewide Strategic Information Technology Plan (Current)
• Statewide Strategic Information Technology Plan (2018-2020)
• Statewide Strategic Information Technology Plan (2016-2018)

Information technology, security and privacy-related policies can be viewed by selecting the corresponding link below.

Information Security

The Division of Information Security (DIS) policy published below establishes the Statewide Information Security Program for South Carolina government agencies and describes DIS and agency roles and responsibilities within the program.

• South Carolina Statewide Information Security Program Policy

As required by the Statewide Information Security Program Policy and the SCDIS-200 Information Security and Privacy Standards, agencies must establish their own information security and privacy policies.

Policy language templates aligned with the SCDIS-200 Information Security and Privacy Standards are available to authorized state agency personnel upon request. Requests may be submitted by email to DIS (informationsecurity@admin.sc.gov).

Information Technology

In accordance with the FY 2018-19 Appropriations Act, Proviso 117.148. (GP: Mobile Device Protection Plan), the Mobile Device Protection Policy describes the assignment, use and management of state-issued mobile communication devices.

• Mobile Device Protection Policy

Information security-related procedures can be viewed by selecting the corresponding link below.

Information Security

The following procedures establish minimum baseline processes to be followed by state agencies to comply with the policies above.

• SCDIS-501 Information Media Disposal Procedure
  By law (S.C. Code Ann. § 30—2—310), all state agencies are to follow SCDIS-501 to securely transfer or dispose of information technology hardware or storage media.

Information technology and security-related standards can be viewed by selecting the corresponding link below.

Information Security

The following security standards are required by the South Carolina Statewide Information Security Program:

• SCDIS-200 Information Security and Privacy Standards (V2.0)
• SCDIS-210 Information Security Technology Standards (V2.0) *

* The SCDIS-210 Information Security Technology Standards are undergoing realignment to define technical security standards. SCDIS-210 will be a series of documents that focus on secure configuration, implementation and management of technologies. The initial publication of standards is targeted for release July 1, 2026.  

Information Technology

The state of South Carolina has established a series of statewide information technology (IT) standards as part of the development and implementation of the IT shared services model. These standards help redefine how agencies approach the design, procurement, implementation and use of technology.

Statewide IT standards approved for agency consumption include:

• End-User Computing Device Standard
• Hyper Converged Infrastructure System Standard
• Email Standard​

Each of the standards developed for this initiative originate, progress and are ultimately recommended through the defined governance structure. This structure – comprised of members representing a wide variety of agencies diverse in both size and scope – helps to provide a solid collaborative approach while ensuring agencies have a constant voice and input in such key decisions.

• IT Exception Process – An exception process has been established for instances when an agency feels that circumstances necessitate the need to depart from a given standard. Please note, exception requests are not guaranteed to be approved and are considered and processed through the governance process.
• Questions or Concerns – If you have any questions regarding the development of IT standards or the IT shared services governance process, please contact Admin’s Program Management Office (pmo@admin.sc.gov).

Information security and privacy-related guidance and guidelines can be viewed by selecting the corresponding link below.

Information Privacy

• Data Classification
  • Data Classification Schema and Guidelines
  • Template Data Inventory Tool
  • Data Classification Auditing and Monitoring Plan Template
• Privacy Impact Assessment (PIA)
  • Privacy Threshold Analysis/Privacy Impact Assessment Guidance and Template
  • Training Presentation for use with PTA/PIA Guidance and Template
• Information Security and Privacy Data Handling Guidelines

Information Security

• Cisco Secure Client Deployment Instructions

Additional Information security and privacy-related resources can be viewed by selecting the corresponding link below.

Information Privacy

• Sample Language and Clauses for Acceptable Use Acknowledgements

Information Security

• Interconnection Security Agreement (ISA) (Template)

DIS maintains SCDIS-200-aligned policy and procedure templates, which are available to authorized state agency personnel upon request. Requests may be submitted by email to DIS (informationsecurity@admin.sc.gov).