Chapter 4 – Information Technology

The Department’s executive management is responsible for the establishment of departmental policy pertaining to the use of information technology, the prioritization of departmental resources, and strategic planning and leadership to seek out opportunities for employing information technology toward achievement of the Department’s mission, goals, and objectives. Department executive leadership is responsible for ensuring that information technology is used within the guidelines contained in this manual section and those established by other control agencies.

The purpose of this policy is to ensure that departmental resources and information technology are used optimally in achieving the Department’s mission, goals, and objectives. Additionally, this policy assures that uses of information technology follow the guidelines established internally by CDC management and externally by State control agencies.

The MISManagement Information Systems Committee shall:

• Provide executive leadership in the development of EDPElectronic Data Processing (see IT) projects and policy.

• Enforce compliance of the project approval process with the Department’s Strategic Plan.

• Prioritize EDPElectronic Data Processing (see IT) projects in terms of their importance to the Department’s Strategic Plan.

• Review and enforce policy and procedures in support of EDPElectronic Data Processing (see IT) projects.

• As individual committee members, serve as liaisons with their respective end user communities to promote, coordinate, and facilitate automation efforts, and to ensure effective communication regarding EDPElectronic Data Processing (see IT)-related issues throughout all levels of the Department.

• Educate management in the advantages of automation, new EDPrelated technical innovations, and methods to maximize the efficiency and benefits of automation, and to minimize EDPElectronic Data Processing (see IT) development and operating costs.

• Provide review and approval of all information technology procurements not covered under the approved Workgroup Computing Policy.

• Provide ongoing review of CDC-approved EDPElectronic Data Processing (see IT) projects, terminating those projects which are no longer consistent with the Department’s Strategic Plan.

Note that the MISManagement Information Systems Committee does not make any decisions on funding of ITS projects. The committee only recommends the prioritization of these projects.

See DOMDepartment Operations Manual 43020.4, Information Management Annual Plan, for additional information about the role and responsibilities of the MISManagement Information Systems Committee.

The MISManagement Information Systems Committee is comprised of the following voting staff:

• The Chief Deputy Director (Chairperson).

• Three representatives from ASDSee Division of Administrative Services (DAS) (see ASB).

• Three representatives from ECEvidence Code&ISDInformation Services Division (see EIS).

• Five representatives from Institutions Division.

• Three representatives from P&CSDParole & Community Services Division (see DAPO).

• One representative from P&CDPlanning and Construction Division (see FPCM).

• One representative from CalPIA.

These representatives shall be appointed for an indeterminate period.

In the absence of the Chief Deputy Director, the Deputy Director of ASDSee Division of Administrative Services (DAS) (see ASB) shall chair MISManagement Information Systems Committee meetings.

The committee shall meet on a quarterly basis and more often as needed. MISManagement Information Systems Committee meetings are generally open to all wishing to attend.

MISManagement Information Systems-SU provides functional support to the MISManagement Information Systems Committee. The MISManagement Information Systems-SU’s responsibilities include: (1) coordinating MISManagement Information Systems Committee meeting agendas; (2) coordinating the review of proposed ITS and to furnish recommendations for MISManagement Information Systems Committee review; (3) preparing annual updates for the Cabinet on all CDC automation efforts for the current year and on strategic planning for the coming year; (4) developing, coordinating, and participating in presentations for the committee that address current technical innovations; (5) coordinating the review of ITS concepts to ensure compliance and consonance with the budget cycle; (6) recording the actions and decisions of the MISManagement Information Systems Committee for distribution to appropriate departmental staff; and, (7) conducting special projects as assigned by the committee.

Departmental Workgroup Computing Coordinator

• The Workgroup Computing Coordinator’s responsibilities include: (1)ensuring that workgroup computing hardware and software requests comply with departmental and control agency policy requirements; (2)preparing the appropriate certification documents for workgroup computing procurements; (3) providing assistance in the completion of workgroup computing requests; (4) maintaining the departmental Workgroup Computing Policy and Modem Policy, as well as related equipment request forms for distribution to departmental staff; (5) overseeing the personal computer Post Implementation Evaluation Report (PIERPost Implementation Evaluation Report) process; (6) maintaining the departmental personal computer equipment inventory; and (7) maintaining a record of all personal computer procurements, including those justified through the use of an FSRFeasibility Study Reports, a CDC Internal Summary Fact Sheet, or the approved Workgroup Computing Policy.

Department Information Security Officer

• The CDC Information Security Officer (ISOInformation Security Officer) is assigned management responsibility for overseeing and administering the Centralized Information Security Program and is charged with the responsibility of assuring the Department’s compliance with the SAMState Administrative Manual 4840, Security and Risk Management; 4989.7, Security of Personal Computer Systems; and 20013, EDPElectronic Data Processing (see IT) Audit Requirements. This program encompasses all automated ITS for which CDC has administrative responsibility. It includes the procedures, guidelines, and safeguards that are required to protect data, confidentiality, and privacy rights and ensures the integrity, audibility, and controllability of these ITS. All new policies and revisions of existing policy relating to automated information security will emanate from this office.

ISDInformation Services Division (see EIS)

• It is the responsibility of ISDInformation Services Division (see EIS) to establish and maintain the departmental EDPElectronic Data Processing (see IT) strategic planning process and to oversee the development of all departmental EDPElectronic Data Processing (see IT) policies, including assurance that such policies meet control agency guidelines. ISDInformation Services Division (see EIS) is also responsible for ensuring that such considerations as compatibility and connectivity of all proposed automated projects are taken into consideration in the project approval process.

• ISDInformation Services Division (see EIS) is responsible for the development, maintenance, operation, and support of all departmental PCPenal Code applications except Institutions Division projects, and for all automated systems requiring control agency oversight unless specifically delegated to another unit by the MISManagement Information Systems Committee.

• Under the User Project Management concept, the User Manager is responsible for all project reporting to control agencies, the user division, and the MISManagement Information Systems Committee. ISDInformation Services Division (see EIS) provides technical management and staff who work as team members accountable to the User Manager on the project and to ISDInformation Services Division (see EIS) on technical issues (e.g., project schedules).

• ISDInformation Services Division (see EIS) is also responsible for tracking all projects approved by the MISManagement Information Systems Committee, and ensuring that all projects comply with State reporting requirements. All project reporting to control agencies shall be coordinated through ISDInformation Services Division (see EIS), which shall maintain correspondence files on control agency reporting.

• ISDInformation Services Division (see EIS) shall report directly to the appropriate Division (User Manager Concept) associated with each EDPElectronic Data Processing (see IT) Project, and to the MISManagement Information Systems Committee on all approved projects.

• ISDInformation Services Division (see EIS) is responsible for the security of information technology facilities, and for software and equipment used in automated information processing at all sites under ISDInformation Services Division (see EIS) custodial responsibility. ISDInformation Services Division (see EIS) also maintains the CDC Operational Recovery Plan for these systems.

• ISDInformation Services Division (see EIS) provides functional support and assistance on all facility automated systems (except personal computers) to facility AISAs.

• ISDInformation Services Division (see EIS) is also responsible for ensuring compliance with State audit requirements relating to the integrity of information assets. This includes systems auditing under ISDInformation Services Division (see EIS)’s custodial realm of responsibility through participation in the departmental Peer, and PFABProgram and Fiscal Audits Branch (see OACC)’s auditing processes.

• ISDInformation Services Division (see EIS) is responsible for establishment of the Department’s overall automation infrastructure and the successful use of automation within the Department.

• ISDInformation Services Division (see EIS) consists of five major areas: Application Development and Maintenance Section, Technology Support Section, Project Initiation Unit, CMIS Section, and the Data Center Section.

Technology Support Section

• The Technology Support Section provides support services to ISDInformation Services Division (see EIS) in the following areas: personnel, recruitment, staff training, budgeting, procurement, interagency agreements and contract management, quality programs, space planning, and general office support. This section also provides support services to all branches of the ECEvidence Code&ISDInformation Services Division (see EIS) for personnel, recruitment, and training.

Project Initiation Unit

• The role of the Project Initiation Unit (PIUProject Initiation Unit) is to provide guidance and assistance to CDC staff in starting new information technology projects. This includes providing guidance in the development of project concept proposals, feasibility studies, and other documentation required to obtain approval of an information system project. The PIUProject Initiation Unit is responsible for tracking all approved projects and ensuring that all projects comply with State reporting requirements. Functional support, assistance and direction is provided to the ISAs on all system related issues by the Applications Systems Section.

Data Center Section

• The Data Center manages maintenance and support functions with the best available tools in order to increase the time that ITS are available to the users/owners. This section of ISDInformation Services Division (see EIS) is responsible for the continuous operation and reliability of computer hardware, database systems software, the systems’ databases, and communications networks, as well as the security of departmental ITS. As part of the Data Center, the Network Services Unit and the Hardware/Telecommunications Unit provide data communications services and support to ISDInformation Services Division (see EIS) and to other functional units as needed, ensure that standard approved practices are adhered to within the Department, and provide and promote the use of consulting resources to the Department when developing new systems or planning changes to existing data facilities.

CMIS Section

• The role of the CMIS Section is to develop a single automated offender information system which satisfies the needs of all users of CDC’s offender information and serves as the hardware/software platform for all future systems development for the Department. Using stateoftheart analysis techniques and project management tools, the CMIS Section is committed to providing the Department with an offender information system that meets the needs of the user community.

OISBOffender Information Services Branch

• OISBOffender Information Services Branch has been designated the Department’s primary provider of summary statistical information about inmates and parolees. The OISBOffender Information Services Branch responds to special information requests, compiles statistical reports, and prepares legislative estimates and population projections. The OISBOffender Information Services Branch is responsible also for coordinating the timely, accurate, and consistent coding and entry of data, and performs data integrity QCQuality Control functions for OBISOffender Based Information System and for classification, incident, and other major computerized inmate and parolee databases.

Estimates and Statistical Analysis Section

• The Estimates and Statistical Analysis Section is the primary source of summary statistical information on inmates and parolees under the jurisdiction of the Department. This section ensures that the Department has accurate data upon which to base program planning and direction. It also compiles and analyzes information for special projects, court cases, special task forces or programs, and prepares periodic statistical reports about inmates and parolees used in budget planning, legislative responses, and audits. The section prepares all departmental projections of future facility and parole populations, including inmate classification levels, and all population estimates of the impact of proposed legislation, ballot initiatives, and administrative policy changes. It also reviews such information to be disseminated by other branches and divisions outside of the Department.

TSS

• TSS coordinates the timely, accurate, and consistent coding and entry of data, and performs data integrity QCQuality Control functions for major computerized inmate and parolee ITS.

• This section provides support to the MISManagement Information Systems Committee to facilitate the development and automation of ITS, and conducts regular audits in the field and in Headquarters to maintain the accuracy and integrity of data. The section also provides necessary training for facility and parole region OBISOffender Based Information System operators.

Business and Contract Services

• BSS

  • BSS is responsible for the preparation of purchase documents for all EDPElectronic Data Processing (see IT) equipment and datarelated items that are obtained through Headquarters.

  • BSS shall ensure that all requests submitted for purchase are complete and that the necessary documentation, such as certifications or FSRs, is included.

  • BSS is the departmental contact with the DGSDepartment of General Services, Office of Procurement, for all EDPElectronic Data Processing (see IT) procurement.

Contract Services

• The Department’s Contract Services Section shall supervise contracts entered into by the Department in a manner which:

  • Conserves the financial interests of the State.

  • Prevents, so far as possible, any thriftless acts by employees of the Department.

  • Avoids thriftless expenditures.

• The Contract Services Section assists departmental staff in the development of EDPElectronic Data Processing (see IT) contract requests, bids, and contracts to achieve program objectives within the legal and regulatory constraints of the State, and to ensure compliance with all departmental policies and procedures.

Warden/Regional Administrators

• Each Warden and RPARegional Parole Administrator is ultimately responsible for the security and utilization of all automated systems and data bases in the respective facility or region. This includes the integrity and accuracy of data entered and the physical security of the data, hardware, and the system itself.

Facility/Parole AISAAssociate Information Systems Analyst/Regional AISAAssociate Information Systems Analyst

• Under the direction of the Warden or designee, or Regional Administrator or designee, the facility or region AISAAssociate Information Systems Analyst is responsible for the coordination of automated systems issues for the facility. This position acts as the primary contact for Headquarters on automation-related issues, including PCPenal Code, the DDPSDistributed Data Processing System, and all other automated system concerns.

• This position is responsible for coordination of staff training on PCPenal Code applications and systems, justification and acquisition of PCPenal Code equipment through use of PCPenal Code, policy, local automated system application support, inmate access to computers, on-site user assistance, information system security, and QCQuality Control oversight and audit coordination for all databases located in the area of assignment.

Facility/Regional Information Security Coordinators

• Facility/regional Information Security Coordinators (ISCInformation Security Coordinators), in accordance with State and departmental security policies, are responsible to the Warden/RPARegional Parole Administrator for overseeing policy and procedures on information security access at each facility.

• The ISCInformation Security Coordinators shall work in coordination with the ISAs and the Department’s Information Security Officer.

Departmental Managers/Supervisors

• All managers and supervisors assigned supervision of a function automated by DDPSDistributed Data Processing System are responsible for:

  • Preserving the security and integrity of the Department’s information assets and managing the associated risks.

  • Ongoing auditing to verify the accuracy and integrity of the data entered by subordinate staff.

  • Ensuring that program staff and other users of the DDPSDistributed Data Processing System information are aware of and comply with information security policy and procedures.

End Users of EDPElectronic Data Processing (see IT)

• Users are ultimately responsible for:

  • The accuracy and integrity of the data they enter into any departmental application.

  • Complying with all applicable laws, regulations, and administrative policies, as well as with any additional security policies and procedures established by the Department.

  • Notifying their manager/supervisor of any actual or attempted violations of security policies, practices, or procedures.

The Chief, ISDInformation Services Division (see EIS), or designee shall be responsible for ensuring that the contents of this article are kept current and accurate.

DOMDepartment Operations Manual §§ 43030 and 43020.4.