Article 59 – Audit and Accountability Policy
49160.5 Roles and Responsibilities
-
Department Chief Information Officer (CIO) or Designee
-
The CIO or Designee owns this policy and is responsible for ensuring that all users of department information assets are aware of this policy and acknowledge their individual responsibilities.
-
The CIO or Designee is responsible for ensuring that this policy is reviewed annually and updated accordingly.
-
The CIO or Designee is required to audit and assess compliance with this policy at least once every two (2) years.
-
-
Department Information Security Officer (ISOInformation Security Officer)
-
The ISOInformation Security Officer shall guide the development and implementation of the department event logging and continuous monitoring strategy.
-
-
Department Owners of Information Assets and Program Management
-
Owners of Information Assets in collaboration with Information Asset Custodians are responsible for ensuring the protection of information assets under their purview.
-
Owners of Information Assets shall participate in the development and implementation of an event logging and continuous monitoring strategy.
-
Owners of Information Assets shall ensure assets are independently and continuously monitored based on the criticality of information assets.
-
-
Department Information Asset Custodians
-
Information Asset Custodians shall participate in the development and implementation of an event logging and continuous monitoring strategy.
-
Information Asset Custodians shall implement and maintain the department event logging and continuous monitoring strategy.
-