Article 58 – Security Assessment and Authorization Policy
49150.1 Introduction and Overview
-
California Department of Corrections and Rehabilitation (CDCRCalifornia Department of Corrections and Rehabilitation), California Correctional Health Care Services (CCHCS), and California Prison Industry Authority (CALPIACalifornia Prison Industry Authority (formerly PIA)) is responsible for the integration of information security and privacy within the organization. This includes, but is not limited to, the design and early identification of appropriate security controls in information asset acquisitions, in the design of new systems, or existing systems that are undergoing substantial redesign, including both in-house and outsourced solutions.
-
The CDCRCalifornia Department of Corrections and Rehabilitation, CCHCS, and CALPIACalifornia Prison Industry Authority (formerly PIA) (hereinafter referred to as department) shall ensure its Information Security Officer (ISOInformation Security Officer) and, where applicable, its Privacy Program Coordinator and Technology Recovery Coordinator, are actively engaged with both the owners of information assets, and any relevant project, procurement, and technical personnel, to identify and implement the appropriate security controls required to manage risk to acceptable levels. Where applicable, the department ISOInformation Security Officer shall also work with other stakeholders, as appropriate.