Chapter 4 – Information Technology

49120.6 Roles and Responsibilities

• The department Chief Information Officer (CIO) or Designee:

  • Owns this policy and is responsible for ensuring that all users of department information assets are aware of this policy and acknowledge their individual responsibilities.

  • Is responsible for ensuring that this policy is reviewed annually and updated accordingly.

  • Is required to audit and assess compliance with this policy at least once every two (2) years.

• Department Information Asset Users:

  • Shall use and protect department information assets in accordance with this policy and applicable information security and privacy policies.

  • Shall report any security concerns pertaining to department information asset security of which they become aware to the department Information Security Officer (ISOInformation Security Officer), designee, appropriate security staff or their immediate supervisor. Security concerns with information assets may include unexpected software or system behavior, which could result in unintentional disclosure of information or exposure to security threats.

  • Shall report any suspected or actual activities or events indicating misuse or violation of this policy to the department ISOInformation Security Officer, designee, appropriate security staff or their immediate supervisor.

  • Shall be aware of and adhere to all department information security and privacy policies.