Article 53 – Server Configuration Policy
49100.5 Roles and Responsibilities
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Chief Information Officer (CIO) or Designee
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) CIO or Designee owns this policy and is responsible for ensuring that all Owners of Information Assets, Information Asset Custodians, and users of CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) information assets are aware of this policy and acknowledge their individual responsibilities.
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) CIO or Designee is responsible for ensuring that this policy is reviewed annually, and updated accordingly.
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) CIO or Designee is required to audit and assess compliance with this policy at least once every 2 years.
-
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) ISOInformation Security Officer
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) ISOInformation Security Officer shall assist Owners of Information Assets and information asset custodians in the identification of data security controls and processes.
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) ISOInformation Security Officer shall ensure data security controls, methods, and processes meet CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) and applicable regulatory requirements for security.
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) ISOInformation Security Officer shall participate in all incidents involving information security.
-
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Owners of Information Assets and Program Management
-
Owners of Information Assets, in collaboration with the Information Asset Custodians, shall ensure that this policy is implemented and implementation is reviewed annually and as appropriate.
-
Owners of Information Assets shall audit user access rights and privileges to ensure alignment with individual job roles and functions on an annual or more frequent basis as appropriate.
-
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Information Asset Custodians
-
Information Asset Custodians shall review accounts with privileged access no less than semi-annually and verify that continued privileged access is required.
-
Information Asset Custodians, in collaboration with Owners of Information Assets, shall ensure the information security control measures are commensurate with the sensitivity or criticality of information assets under their purview.
-
Information Asset Custodians shall assist Owners of Information Assets in identifying data security controls commensurate with the classification of the data.
-
Information Asset Custodians shall document, implement, monitor, and maintain data security protection controls based upon the sensitivity or criticality of the assets.
-
Information Asset Custodians shall develop and implement tools, technologies, processes, and procedures to support, monitor, and maintain data security controls.
-
Information Asset Custodians shall maintain data security records.
-