Strategies and Governance
- IT Shared Services Overview
- IT Shared Services Governance Overview
- IT Governance
- Enterprise Architecture Framework and Principles
- Enterprise Technology Architecture
Statewide IT strategies developed for agency consumption can be viewed by clicking on the corresponding link below.
- State Cloud Computing Strategy
- Statewide Strategic Information Technology Plan (Current)
- Statewide Strategic Information Technology Plan (2018-2020)
- Statewide Strategic Information Technology Plan (2016-2018)
These polices, designed to improve the state's security and privacy posture, will align information management with the missions, goals and objectives of state agencies.
- Master Policy
- Access Control Policy
- Asset Management Policy
- Business Continuity Management Policy
- Human Resources and Security Awareness Policy
- Information Systems Acquisitions Development and Maintenance Policy
- Information Technology Compliance Policy
- Information Technology Risk Strategy Policy
- Mobile Security Policy
- Physical and Environmental Security Policy
- Risk Management Policy
- Threat Vulnerability Management Policy
Learn more about the adoption and implementation of Information Security Policies in the SC Information Security Policy Handbook:
The development of enterprise policies, procedures and standards is a critical step in setting the direction and framework for information security and privacy programs. These polices, designed to improve the state's security and privacy posture, will align information management with the missions, goals and objectives of state agencies.
- In accordance with the FY 2018-19 Appropriations Act, Proviso 117.148. (GP: Mobile Device Protection Plan), the Mobile Device Protection Policy describes the assignment, use and management of state issued mobile communication devices.
The following procedures establish minimum baseline processes to be followed by state agencies to comply with the policies above.
- SCDIS—501 Information Media Disposal Procedure
- By law (S.C. Code Ann. § 30—2—310), all state agencies are to follow SCDIS—501 to securely transfer or dispose of information technology hardware or storage media.
The following standards establish requirements for compliance with the above policies:
- SCDIS—200 Information Security and Privacy Standards
- SCDIS—210 InfoSec Technology Coverage Standards
The state of South Carolina has established a series of statewide information technology (IT) standards as part of the development and implementation of the IT shared services model. These standards are helping redefine how agencies approach the design, procurement, implementation and use of technology.
Statewide IT standards approved for agency consumption include those listed below. To view the standard, click on the corresponding link.
Each of the standards developed for this initiative originate, progress and are ultimately recommended through the defined governance structure. This structure – comprised of members representing a wide variety of agencies diverse in both size and scope – helps to provide a solid collaborative approach while ensuring agencies have a constant voice and input in such key decisions.
- Exception Process – An exception process has been established for instances when an agency feels that circumstances necessitate the need to depart from a given standard. Please note, exception requests are not guaranteed to be approved, and are considered and processed through the governance process.
- Questions or Concerns – If you have any questions regarding the development of IT standards or the IT shared services governance process, please contact Admin’s Program Management Office (email@example.com).
Guidance and Guidelines
- Data Classification
- Privacy Impact Assessment (PIA)
- Information Security and Privacy Data Handling Guidelines
- State of South Carolina Security Self—Assessment Tool
- Gap Analysis — Asset Management Policy (Template)
- Gap Analysis — Access Control Policy (Template)
- Gap Analysis — Business Continuity Management Policy (Template)
- Gap Analysis — HR and Security Awareness Policy (Template)
- Gap Analysis — IS Acquisition, Development and Maintenance Policy (Template)
- Gap Analysis — IT Compliance Policy (Template)
- Gap Analysis — IT Risk Strategy (Template)
- Gap Analysis — Master Policy (Template)
- Gap Analysis — Mobile Security Policy (Template)
- Gap Analysis — Physical Environmental Security Policy (Template)
- Gap Analysis — Risk Management Policy (Template)
- Gap Analysis — Threat and Vulnerability Management Policy (Template)
- Policy Implementation Plan of Action (Template)
- Roles and Responsibilities Chart (Template)
- Information Security Plan (ISP) (Template)
- Interconnection Security Agreement (ISA) (Template)