{"id":31249,"date":"2024-04-24T18:33:30","date_gmt":"2024-04-24T18:33:30","guid":{"rendered":"https:\/\/www.cdcr.ca.gov\/operations-manual\/?post_type=dom&#038;p=31249"},"modified":"2024-05-15T22:47:45","modified_gmt":"2024-05-15T22:47:45","slug":"49240-4-policy-directives","status":"publish","type":"dom","link":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-67-information-security-program-management-policy\/49240-4-policy-directives\/","title":{"rendered":"49240.4   Policy Directives"},"content":{"rendered":"\t<ul class=\"cdcr-dom-group-block is-style-default\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-default\">\n\t\t\t\t\t<p>The department shall:<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Define and document the department\u2019s strategy and prioritization approach to addressing information security, privacy and risk management.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensure that an approved department ISPM Plan, describing both in place and planned security program management, is defined, documented, implemented and maintained.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Define and document requirements for the management of the department\u2019s information security program, and for complying with applicable information security laws and regulations.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensure that statewide information security program management coordinates the activities and ensures the participation of a broad spectrum of stakeholders.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Assign and document information security roles, responsibilities, and management commitment.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensure that a plan of action and milestones (POAM) process to address program deficiencies and security risks, and to track the progress of risk treatment actions is developed and maintained.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensure that methods for integrating information security resource requirements into the department\u2019s capital planning and funding request process are formally defined and documented.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensure that information security incidents are reported to the proper authorities, as\u00a0required.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensure that the department ISPM Plan and policy are reviewed annually and updated as needed.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t","protected":false},"parent":31231,"template":"","class_list":["post-31249","dom","type-dom","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>49240.4  Policy Directives - Department Operations Manual (DOM)<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"49240.4  Policy Directives - Department Operations Manual (DOM)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-67-information-security-program-management-policy\/49240-4-policy-directives\/\" \/>\n<meta property=\"og:site_name\" content=\"Department Operations Manual (DOM)\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-15T22:47:45+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-67-information-security-program-management-policy\\\/49240-4-policy-directives\\\/\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-67-information-security-program-management-policy\\\/49240-4-policy-directives\\\/\",\"name\":\"49240.4 Policy Directives - Department Operations Manual (DOM)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\"},\"datePublished\":\"2024-04-24T18:33:30+00:00\",\"dateModified\":\"2024-05-15T22:47:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-67-information-security-program-management-policy\\\/49240-4-policy-directives\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-67-information-security-program-management-policy\\\/49240-4-policy-directives\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-67-information-security-program-management-policy\\\/49240-4-policy-directives\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DOM\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chapter 4 &#8211; Information Technology\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Article 67 &#8211; Information Security Program Management Policy\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-67-information-security-program-management-policy\\\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"49240.4 Policy Directives\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\",\"name\":\"Operations Manual\",\"description\":\"CDCR\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"49240.4  Policy Directives - Department Operations Manual (DOM)","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"49240.4  Policy Directives - Department Operations Manual (DOM)","og_url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-67-information-security-program-management-policy\/49240-4-policy-directives\/","og_site_name":"Department Operations Manual (DOM)","article_modified_time":"2024-05-15T22:47:45+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-67-information-security-program-management-policy\/49240-4-policy-directives\/","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-67-information-security-program-management-policy\/49240-4-policy-directives\/","name":"49240.4 Policy Directives - Department Operations Manual (DOM)","isPartOf":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website"},"datePublished":"2024-04-24T18:33:30+00:00","dateModified":"2024-05-15T22:47:45+00:00","breadcrumb":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-67-information-security-program-management-policy\/49240-4-policy-directives\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-67-information-security-program-management-policy\/49240-4-policy-directives\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-67-information-security-program-management-policy\/49240-4-policy-directives\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/"},{"@type":"ListItem","position":2,"name":"DOM","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/"},{"@type":"ListItem","position":3,"name":"Chapter 4 &#8211; Information Technology","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/"},{"@type":"ListItem","position":4,"name":"Article 67 &#8211; Information Security Program Management Policy","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-67-information-security-program-management-policy\/"},{"@type":"ListItem","position":5,"name":"49240.4 Policy Directives"}]},{"@type":"WebSite","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/","name":"Operations Manual","description":"CDCR","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cdcr.ca.gov\/operations-manual\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Department Operations Manual (DOM)","distributor_original_site_url":"https:\/\/www.cdcr.ca.gov\/operations-manual","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/31249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom"}],"about":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/types\/dom"}],"version-history":[{"count":2,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/31249\/revisions"}],"predecessor-version":[{"id":31253,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/31249\/revisions\/31253"}],"up":[{"embeddable":true,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/31231"}],"wp:attachment":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/media?parent=31249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}