Article 64 – Incident Response Policy
49210.1 Introduction and Overview
-
California Department of Corrections and Rehabilitation (CDCRCalifornia Department of Corrections and Rehabilitation), California Correctional Healthcare Services (CCHCS), and California Prison Industry Authority (CALPIACalifornia Prison Industry Authority (formerly PIA)), hereinafter referred to as department, management shall promptly investigate incidents involving loss, damage, misuse of information assets, or improper dissemination of information. Incidents could also include unauthorized access of information asset and incidents negatively affecting the operation, confidentiality, integrity, or availability of information assets. All entities are required to report information security incidents in accordance with the State information security notification and reporting requirements.
-
Effective incident management includes the formulation, adoption, and maintenance of a written incident management plan that provides for the timely assembly of appropriate staff that are capable of developing a response to, appropriate reporting about, and successful recovery from a variety of incidents. A defined and documented security incident response plan shall enable the department to detect, respond, and recover from security incidents in a timely and organized manner so as to minimize the impacts of the security incident.