Chapter 4 – Information Technology

49210.4 Policy Directives

• The department shall:

  • Ensure that a security incident response plan and related procedures, including specific responses to incidents involving Personally Identifiable Information (PII) are defined, documented and implemented.

  • Ensure that the security incident response plan and procedures clearly define and document roles and responsibilities to address the full incident life cycle, including:

    • Security incident detection and identification

    • Security incident response management

    • Incident handling team(s), with broad participation from other department stakeholders, under the coordination of a designated incident manager.

    • Preservation of evidence, including tracking and maintaining the evidence pertaining to chains of custody and evidence.

  • Ensure that mechanisms and procedures are implemented to enable personnel to report security incidents to the appropriate security staff and the department’s Office of Information Security. Ensure all department personnel are aware of incident reporting mechanisms and procedures.

  • Immediately report incidents through the California Compliance and Security Incident Reporting System (Cal-CSIRS) providing the incidents meet the reporting requirements. Cal-CSIRS requires specific details about the incident and shall notify the California Department of Technology Office of Information Security (OIS), as well as the California Highway Patrol (CHPCalifornia Highway Patrol) Computer Crimes Investigation Unit.