Article 70 – Security Variance Policy
49270.6 Compliance
-
Non-compliance with this policy may result in disciplinary or adverse action as set forth in Department Operations Manual (DOMDepartment Operations Manual), Chapter 3, Article 22.
-
The department shall comply with the information security and privacy policies, standards and procedures issued by the California Department of Technology (CDT), Office of Information Security (OIS). In addition to compliance with the information security and privacy policies, standards, procedures, and filing requirements issued by the OIS, the department shall ensure compliance with all security and privacy laws, regulations, rules, and standards specific to and governing the administration of their programs. Program administrators shall work with their legal counsel, ISOInformation Security Officer, and Privacy Program Officer or Coordinator to identify all security and privacy requirements applicable to their programs and ensure implementation of the requisite controls.
-
The consequences of negligence and non-compliance with State laws and policies may include department and personal:
-
Loss of delegated authorities.
-
Negative audit findings.
-
Monetary penalties.
-
Legal actions.
-