Article 50 – Change and Configuration Management Policy
49070.5 Roles and Responsibilities
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Chief Information Officer (CIO) or Designee
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) CIO or Designee owns this policy and is responsible for ensuring that all Owners of Information Assets, Information Asset Custodians, and users of CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) information assets are aware of this policy and acknowledge their individual responsibilities.
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) CIO or Designee is responsible for ensuring that this policy is reviewed annually and updated accordingly.
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) CIO or Designee is required to audit and assess compliance with this policy at least once every 2 years.
-
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Information Security Officer (ISOInformation Security Officer)
-
Information Asset Custodians shall implement configuration and change management technology, process, and workflow controls as approved by Owners of Information Assets.
-
Information Asset Custodians shall maintain change and configuration management records for a minimum period of 12 months. Secure deletion or destruction of these records shall be in accordance with the records retention schedule.
-