Admin provides a variety of information technology, security and privacy-related guidance for agencies throughout the state. Such guidance — which includes governance, strategies, policies, procedures, standards, guidelines and other resources — is designed to allow agencies to provide secure, efficient and responsive services to the citizens of South Carolina.
IT governance-related resources can be viewed by selecting the corresponding link below.
Statewide IT strategies developed for agency consumption can be viewed by selecting the corresponding link below.
Information technology, security and privacy-related policies can be viewed by selecting the corresponding link below.
Information Privacy
Information Security
These policies, designed to improve the state's security and privacy posture, will align information management with the missions, goals and objectives of state agencies.
- Master Policy
- Access Control Policy
- Asset Management Policy
- Business Continuity Management Policy
- Human Resources and Security Awareness Policy
- Information Systems Acquisitions, Development and Maintenance Policy
- Information Technology Compliance Policy
- Information Technology Risk Strategy Policy
- Mobile Security Policy
- Physical and Environmental Security Policy
- Risk Management Policy
- Threat Vulnerability Management Policy
Learn more about the adoption and implementation of Information Security Policies in the South Carolina Information Security Policy Handbook:
The development of enterprise policies, procedures and standards is a critical step in setting the direction and framework for information security and privacy programs. These policies, designed to improve the state's security and privacy posture, will align information management with the missions, goals and objectives of state agencies.
Information Technology
In accordance with the FY 2018-19 Appropriations Act, Proviso 117.148. (GP: Mobile Device Protection Plan), the Mobile Device Protection Policy describes the assignment, use and management of state-issued mobile communication devices.
Information security-related procedures can be viewed by selecting the corresponding link below.
Information Security
The following procedures establish minimum baseline processes to be followed by state agencies to comply with the policies above.
- SCDIS-501 Information Media Disposal Procedure
By law (S.C. Code Ann. § 30—2—310), all state agencies are to follow SCDIS-501 to securely transfer or dispose of information technology hardware or storage media.
Information technology and security-related standards can be viewed by selecting the corresponding link below.
Information Security
The following standards establish requirements for compliance with the above policies:
- SCDIS-200 Information Security and Privacy Standards
- SCDIS-201 Information Security and Privacy Incident Response Standards
- SCDIS-210 Information Security Technology Coverage Standards
- SCDIS-301 Information Security and Privacy Incident Response Plan Development Guidelines
Information Technology
The state of South Carolina has established a series of statewide information technology (IT) standards as part of the development and implementation of the IT shared services model. These standards help redefine how agencies approach the design, procurement, implementation and use of technology.
Statewide IT standards approved for agency consumption include:
Each of the standards developed for this initiative originate, progress and are ultimately recommended through the defined governance structure. This structure – comprised of members representing a wide variety of agencies diverse in both size and scope – helps to provide a solid collaborative approach while ensuring agencies have a constant voice and input in such key decisions.
- Exception Process – An exception process has been established for instances when an agency feels that circumstances necessitate the need to depart from a given standard. Please note, exception requests are not guaranteed to be approved, and are considered and processed through the governance process.
- Questions or Concerns – If you have any questions regarding the development of IT standards or the IT shared services governance process, please contact Admin’s Program Management Office (pmo@admin.sc.gov).
Information security and privacy-related guidance and guidelines can be viewed by selecting the corresponding link below.
Information Privacy
- Data Classification
- Privacy Impact Assessment (PIA)
- Information Security and Privacy Data Handling Guidelines
Information Security
Additional Information security and privacy-related resources can be viewed by selecting the corresponding link below.
Information Privacy
Information Security
- Security Self-Assessment Tool
- Gap Analysis — Asset Management Policy (Template)
- Gap Analysis — Access Control Policy (Template)
- Gap Analysis — Business Continuity Management Policy (Template)
- Gap Analysis — Data Protection and Privacy Policy (Template)
- Gap Analysis — HR and Security Awareness Policy (Template)
- Gap Analysis — IS Acquisition, Development and Maintenance Policy (Template)
- Gap Analysis — IT Compliance Policy (Template)
- Gap Analysis — IT Risk Strategy (Template)
- Gap Analysis — Master Policy (Template)
- Gap Analysis — Mobile Security Policy (Template)
- Gap Analysis — Physical Environmental Security Policy (Template)
- Gap Analysis — Risk Management Policy (Template)
- Gap Analysis — Threat and Vulnerability Management Policy (Template)
- Policy Implementation Plan of Action (Template)
- Roles and Responsibilities Chart (Template)
- Information Security Plan (ISP) (Template)
- Interconnection Security Agreement (ISA) (Template)