Department of Corrections and Rehabilitation - Operations Manual

Cancel

Chapter 4 – Information Technology

Article 49 – Special Security Considerations

View All Sections >

49060.3 Department Responsibilities

  • CDCRCalifornia Department of Corrections and Rehabilitation shall appoint a departmental Authorizing Official, Assistant Authorizing Official, and Security Monitor or Assistant Security Monitor from within the department’s Personnel/Payroll Office with responsibilities sanctioned by the State Controller’s Office (SCOState Controller’s Office) Personnel and Payroll Services Division (PPSD) Decentralized Security Program Manual. A Security Monitor shall be appointed at each facility. The Authorizing Official and Security Monitors shall have access to the SCOState Controller’s Office system and database.

  • The responsibility of protecting confidential data residing on the SCOState Controller’s Office system is a shared effort amongst all CDCRCalifornia Department of Corrections and Rehabilitation personnel staff. Once data information is removed or viewable within the department’s Personnel/Payroll Office, the information is the responsibility of the staff and management of that office.

  • It is the responsibility of the department’s personnel office to ensure training on the SCOState Controller’s Office system as part of risk management. Training may be available in-house and through SCOState Controller’s Office.

    • Authorizing Official or Assistant Authorizing Official

      • The Authorizing Official shall perform the following duties:

        • Ensures compliance with the standards and procedures in this manual, which includes providing SCOState Controller’s Office PPSD with the documents referenced below.

        • Submits the PSD041 by January 31 of each year on behalf of the department.

        • Submits the PSD125A on behalf of the department.

        • Submits the PSD108 on behalf of the department.

        • Verifies access and level of access of existing staff listed on the PSD125A.

        • When an employee has a name change, a new PSD108 is required advising SCOState Controller’s Office PPSD of the change.

        • Designates a Security Monitor or Assistant Security Monitor on the PSD040.

    • Security Monitors

      • The Security Monitor shall perform the following duties:

        • Act as a liaison with the SCOState Controller’s Office Decentralized Security Administrator (DSA).

        • Act as the security resource for all departmental personnel/payroll office employees including facility personnel offices.

        • Maintain the Decentralized Security Program Manual and current Security Authorization forms.

        • Review all documents for accuracy prior to approval.

        • Verify access and level of access of existing staff listed on the PSD125A.

        • List new users on the current PSD125A with appropriate attachments.

        • Submit the PSD125A.

        • Retain the PSD125A and PSD108 for five years after the date of last access for any user that is no longer active at that department.

        • Apply deletions (must refer to the SCOState Controller’s Office Personnel and Payroll Services Division Decentralized Security Program Manual for the most updated processes and guidelines).

        • Apply changes to additional access, reduction in access, name changes, leave of absence, return to work.

        • Advise PPSD of an employee’s name change, by a using PSD108.