Chapter 4 – Information Technology

49020.9.7 Personal Computer Security

• Information maintained in a personal computer system, including laptop computers and mobile devices, must be subjected to the same degree of management control and verification of accuracy that is provided for information that is maintained in other automated files. Files containing High Risk Confidential Information or sensitive data shall not be stored in personal computer systems unless it can be demonstrated that doing so is in the best interest of CDCRCalifornia Department of Corrections and Rehabilitation and that security measures have been implemented to provide adequate protection. Proposals to use desktop or laptop computers to maintain or access files containing High Risk Confidential Information or sensitive data must be approved by the Agency Information Security Officer (SAMState Administrative Manual § 5315.1) before implementation. The Agency Information Security Officer will determine that the proposal complies with all applicable provisions of the SAMState Administrative Manual dealing with information security and risk management (SAMState Administrative Manual §§ 5300 through 5399).