System Security Plan Development | Information Technology | University of Pittsburgh
!

You are here

System Security Plan Development

A system security plan is a formal document that provides an overview of a system's security requirements and describes the security controls in place (or planned) for meeting those requirements. System security plans are helpful because they are a documented guide for implementing adequate security controls based on compliance requirements, such as the HIPAA security rule or any risk associated with the data.

Contact Pitt IT Security to request a system security plan for any situation where a system processes, stores, or transmits public or private data that is classified as restricted (learn more about restricted data classifications).

System Security Plan Development Steps

Pitt IT Security will work with your team to develop a system security plan that is customized to your group's specific needs. This process includes:

  1. Developing a risk profile for the system based on data types processed, stored, and transmitted along with the criticality of the system
  2. Documenting the system infrastructure, including servers, storage solutions, and networking components
  3. Creating a system architecture and data flow diagram
  4. Implementing security controls based on risk and compliance requirements