Known or suspected security or privacy breaches involving CMS information or information systems must be reported immediately to the CMS IT Service Desk. Call 1-800-562-1963 or email CMS_IT_Service_Desk@CMS.HHS.Go
The purpose of the Data Analytic Core Information System security policies and standards is to preserve the confidentiality, integrity, and availability of DAC information resources from the threat of unauthorized access or damage.
These policies apply to all DAC Information System Users, including those who:
- Access data stored in the DAC Information Systems;
- Oversee or give direction to a User with access to data stored in the DAC Information Systems;
- Are listed on a Data Use Agreement as a Principal Investigator, Co-Principal Investigator, and/or Researcher who indicates they have access to data in the DAC Information System;
- Use any unpublished derivative data, including suppressed and de-identified data, from the DAC Information System.
This policy encompasses all DAC Information Systems and any device used to access DAC Information systems.
DAC Information Resources are classified as Level 3 by the Dartmouth College Data Security Level Definition.
Information Security Principles
The DAC Information System ensures that DAC Information Resources are not disclosed to unauthorized subjects.
The DAC Information System ensures that DAC Information Resources retain their accuracy and are only intentionally modified by authorized Users.
The DAC Information System ensures that authorized Users may access the DAC Information Resources in a timely and uninterrupted manner.
Roles and Responsibilities
This individual is responsible for ensuring compliance with security and privacy of DAC Information Resources held in the DAC Information Systems.
System Administrators - These individuals are responsible for the implementation of the DAC Information System Security and Compliance policies, standards, and procedures to the DAC Information Systems (i.e. network, servers, storage, applications).
These individuals are responsible for applying DAC Information System Security and Compliance policies, standards, and procedures to DAC Information Resources and User interface.
Account Managers - These individuals are a designated member of a research project team who serves as the point of contact for research project specific communications (i.e. User changes) between the Research Team and DAC; ensures proper use of covered data; and knowledge hub for their Research Project Team for DAC Information Security and Compliance requirements.