Department of Corrections and Rehabilitation - Operations Manual

Cancel

Chapter 4 – Information Technology

Article 45 – Information Security

Revised May 20, 2013

View All Sections >

49020.15.2 Data File Transfers

  • Electronic transfer (file transfer) of information to or from any CDCRCalifornia Department of Corrections and Rehabilitation information system file or database is restricted to authorized persons who shall use an approved file transfer mechanism. The same level of protection afforded the information in its originating system shall be provided by the computer environment to which the information is transferred.

  • Transfer of information from one CDCRCalifornia Department of Corrections and Rehabilitation computer to another does not alter the sensitive nature of the information or eliminate the need to protect the confidentiality of the information. An appropriate procedure shall be developed by EISEnterprise Information Services (formerly Information Services Division) for use by each CDCRCalifornia Department of Corrections and Rehabilitation division that uses file transfer mechanisms. The procedure shall be constrained as follows:

    • The user is responsible for providing the necessary controls to secure all confidential information maintained in the workstation environment. A Security Plan must be approved by the ISOInformation Security Officer prior to High Risk Confidential Information or sensitive information being stored on a workstation.

    • Dial-up access to the Department’s databases is prohibited without explicit authorization from the data owner and Information Security Office.

    • All requests to transfer information shall be approved by the owners of the information and the custodians of the information. The owners shall provide the necessary authorization for access (if the request is approved) and the custodian shall provide the methodology.

    • Confidentiality and integrity of information shall be maintained.

    • Any workstation performing file transfers shall be subject to additional hardware and software controls (e.g., encryption and dynamic password user authentication) to enhance the security environment of the workstation.Interagency data file transfers are subject to requirements described above as well as those defined in DOMDepartment Operations Manual, Chapter 4, Article 45, Information Security, § 49020.5.