Chapter 4 – Information Technology

49180.4 Policy Directives

• The department shall:

  • Ensure that roles and responsibilities for the identification, classification, and life cycle management of all department data and information assets are defined, documented, and implemented.

  • Ensure that all department information assets, including information and information systems, are categorized according to their criticality, as well as their sensitivity and susceptibility to inadvertent damage, loss, or exposure and corresponding impact to the department.

  • Ensure that methods to protect the confidentiality, integrity, and availability of department data and information assets according to their classification are defined, documented, and implemented.

  • Ensure that conditions for access to and use of department information assets for all personnel are defined and documented.

  • Ensure that all personnel with access to department data and information assets are trained regarding data access and handling according to their roles and responsibilities.

  • Ensure that department data and information assets are used solely for their intended purpose.

  • Ensure that department data and information assets are securely destroyed and disposed of once they are no longer required by the department.

  • Ensure that the proper authorities are notified of data security incidents as required.