Department of Corrections and Rehabilitation - Operations Manual

Cancel

Chapter 4 – Information Technology

Article 39 – Social Media Policy

View All Sections >

47120.4 Roles and Responsibilities

  • Agency Chief Information Officer (CIO), OPECOffice of Public and Employee Communications and CALPIACalifornia Prison Industry Authority (formerly PIA) designee:

    • Is responsible for ensuring that all users of CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) information assets are aware of this policy and acknowledge their individual responsibilities.

    • Is responsible for ensuring that this policy will be reviewed annually in order to make recommendations for policy changes or the introduction of new policy to the Information Security Officer (ISOInformation Security Officer) for the bi-annual review and update cycle.

    • Shall ensure that authorized users with access to social media are trained regarding their roles and responsibilities.

  • OPECOffice of Public and Employee Communications and CALPIACalifornia Prison Industry Authority (formerly PIA) designee:

    • Are responsible for identifying the CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) authorized users of social media.

    • Are responsible for reviewing and approving all CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) social media content posted or shared on behalf of the Department or its representatives.

  • The Information Security Officer (ISOInformation Security Officer):

    • Is responsible for the periodic auditing and assessment of compliance with this policy.

    • Is responsible for the review and update of this policy every two years.

  • CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Managers and Supervisors:

    • Are responsible for obtaining approval from OPECOffice of Public and Employee Communications, CALPIACalifornia Prison Industry Authority (formerly PIA) or designee, for any content posted or shared to official CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) social media.

    • Are responsible for ensuring that personnel comply with this policy.

  • All CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Personnel Speaking On Behalf Of CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA):

    • Shall provide content developed for social media to OPECOffice of Public and Employee Communications designated reviewers for approval and publication.

    • Shall connect to, and exchange information with, only authorized social media web sites in accordance with the requirements of this policy and other CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) and State information security policies.

    • Are required to abide by this policy and applicable CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) information security and privacy policies.

    • Who are authorized to speak on behalf of CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA)  or the State shall identify themselves by: a) Full Name; b) Title; c) Department; and d) Department Contact Information, when posting or exchanging information on social media forums, and shall address issues only within the scope of their specific authorization.

  • CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Information Technology Administrators shall:

    • Limit Internet access to social media websites according to the Department’s acceptable use policy, while allowing authorized users to access content necessary to conduct CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) business. Limitations may include, but are not limited to:

      • Only allowing social media access to users who are specifically authorized (see CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Authorized Users) through the use of the CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Workgroup Computing Policy regarding internet access.

      • Disabling unnecessary functionality within social media web sites, such as Instant Messaging (IMInstructional Memorandum) or file exchange.

      • Minimize or eliminate the addition of web links within posts to other web sites, to minimize the risk of exposing a user to a link that leads to inappropriate, unauthorized, or potentially malicious content.

    • Enable security controls to mitigate risk to the extent possible. These controls may include, but are not limited to:

      • Monitoring and auditing of all social media web site content posted, viewed or both.

      • Inspecting all files transmitted to or from social media web sites.

      • Securing social media platform and website account credentials (user names and passwords) from unauthorized access.

      • Utilize Multi-Factor Authentication (MFA) as required where supported by the social media account.