Chapter 4 – Information Technology

49110.5  Roles and Responsibilities

• The department Chief Information Officer (CIO) or Designee:

  • Owns this policy and is responsible for ensuring that all users of department Information Assets are aware of this policy and acknowledge their individual responsibilities.

  • Is responsible for ensuring that this policy is reviewed annually, and updated accordingly.

  • Is required to audit and assess compliance with this policy at least once every two (2) years.

• Department Owners of Information Assets and Program Management:

  • In collaboration with the Information Asset Custodians shall ensure that this policy is implemented and implementation is reviewed at minimum annually.

  • Shall audit and assess user access rights and privileges to ensure alignment with individual job roles and functions on an annual basis.

• Department Information Asset Custodians:

  • Shall implement user access and associated rights and privileges as requested and approved by Owners of Information Assets.

  • In collaboration with Owners of Information Assets, shall periodically review accounts with elevated privileges and verify that continued privilege account access is required.

  • In collaboration with Owners of Information Assets shall ensure access technology and process controls are commensurate with the sensitivity or criticality of information assets under their purview.

  • Shall revoke or modify individual user access rights and privileges upon notification from the Owners of Information Assets.

  • Shall maintain access records consistent with the retention schedule.