Chapter 4 – Information Technology

49230.5 Roles and Responsibilities

• Department Chief Information Officer (CIO) or Designee

  • The CIO or Designee owns this policy and is responsible for ensuring that all users of department information assets are aware of this policy and acknowledge their individual responsibilities.

  • The CIO or Designee is responsible for ensuring that this policy is reviewed annually and updated accordingly.

  • The CIO or Designee is required to audit and assess compliance with this policy at least once every two (2) years.

• Department Information Security Officer (ISOInformation Security Officer)

  • The ISOInformation Security Officer shall assist and provide advice in the evaluation and selection of department software.

  • The ISOInformation Security Officer shall assist and provide advice in the identification of security requirements that software shall comply with.

• Department Owners of Information Assets and Program Management

  • Owners of Information Assets shall ensure that this policy is implemented and shall review the policy’s implementation annually.

  • Owners of Information Assets shall ensure that software assets under their purview are controlled and managed

• Department Information Asset Custodians

  • Information Asset Custodians shall implement software management, licensing, and usage controls as approved by Owners of Information Assets.

  • Information Asset Custodians shall maintain all department software licenses associated with commercial products on behalf of Owners of Information Assets.