Chapter 4 – Information Technology

49170.4 Policy Directives

• Pursuant to California Government Code Sections 12270-12279, the department shall set records retention schedules to address legal, statutory, and compliance requirements as well as litigation needs, business processes, and data privacy concerns. Storage requirements shall be coordinated with the department RMC to ensure compliance with the State Records Management Act.

• The department shall:

  • Ensure that roles and responsibilities for the identification, classification, and life cycle management of all department data and information assets are defined, documented, and implemented.

  • Ensure that all department information assets, including information and information systems, are categorized according to their criticality to department in accordance with SAMState Administrative Manual 5305.5, as well as to their sensitivity and susceptibility to inadvertent damage, loss or exposure and corresponding impacts to department.

  • Ensure that methods to protect the confidentiality, integrity, and availability of department data and information assets according to their classification are defined, documented, and implemented.

  • Ensure that conditions for access to and use of department information assets for all personnel are defined and documented.

  • Ensure that all personnel with access to department data and information assets are trained regarding data access and handling according to their roles and responsibilities.

  • Ensure that department data and information assets are used solely for their intended purpose.

  • Ensure that department data and information assets are securely destroyed and disposed of once they are no longer required by the department.

  • Ensure regular backups shall be completed based on department back-up and retention policy.