{"id":31758,"date":"2024-05-09T18:43:19","date_gmt":"2024-05-09T18:43:19","guid":{"rendered":"https:\/\/www.cdcr.ca.gov\/operations-manual\/?post_type=dom&#038;p=31758"},"modified":"2024-05-15T21:10:52","modified_gmt":"2024-05-15T21:10:52","slug":"49210-4-policy-directives","status":"publish","type":"dom","link":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-4-policy-directives\/","title":{"rendered":"49210.4  Policy Directives"},"content":{"rendered":"\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The department shall:<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensure that a security incident response plan and related procedures, including specific responses to incidents involving Personally Identifiable Information (PII) are defined, documented and implemented.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensure that the security incident response plan and procedures clearly define and document roles and responsibilities to address the full incident life cycle,\u00a0including:<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Security incident detection and identification<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Security incident response management<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Incident handling team(s), with broad participation from other department stakeholders, under the coordination of a designated incident manager.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Preservation of evidence, including tracking and maintaining the evidence pertaining to chains of custody and evidence.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensure that mechanisms and procedures are implemented to enable personnel to report security incidents to the appropriate security staff and the department\u2019s Office of Information Security. Ensure all department personnel are aware of incident reporting mechanisms and procedures.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Immediately report incidents through the California Compliance and Security Incident Reporting System (Cal-CSIRS) providing the incidents meet the reporting requirements. Cal-CSIRS requires specific details about the incident and shall notify the California Department of Technology Office of Information Security (OIS), as well as the California Highway Patrol (CHP) Computer Crimes Investigation Unit.<br><\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t","protected":false},"parent":31747,"template":"","class_list":["post-31758","dom","type-dom","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>49210.4 Policy Directives - Department Operations Manual (DOM)<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"49210.4 Policy Directives - Department Operations Manual (DOM)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-4-policy-directives\/\" \/>\n<meta property=\"og:site_name\" content=\"Department Operations Manual (DOM)\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-15T21:10:52+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-64-incident-response-policy\\\/49210-4-policy-directives\\\/\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-64-incident-response-policy\\\/49210-4-policy-directives\\\/\",\"name\":\"49210.4 Policy Directives - Department Operations Manual (DOM)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\"},\"datePublished\":\"2024-05-09T18:43:19+00:00\",\"dateModified\":\"2024-05-15T21:10:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-64-incident-response-policy\\\/49210-4-policy-directives\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-64-incident-response-policy\\\/49210-4-policy-directives\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-64-incident-response-policy\\\/49210-4-policy-directives\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DOM\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chapter 4 &#8211; Information Technology\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Article 64 &#8211; Incident Response Policy\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-64-incident-response-policy\\\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"49210.4 Policy Directives\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\",\"name\":\"Operations Manual\",\"description\":\"CDCR\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"49210.4 Policy Directives - Department Operations Manual (DOM)","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"49210.4 Policy Directives - Department Operations Manual (DOM)","og_url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-4-policy-directives\/","og_site_name":"Department Operations Manual (DOM)","article_modified_time":"2024-05-15T21:10:52+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-4-policy-directives\/","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-4-policy-directives\/","name":"49210.4 Policy Directives - Department Operations Manual (DOM)","isPartOf":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website"},"datePublished":"2024-05-09T18:43:19+00:00","dateModified":"2024-05-15T21:10:52+00:00","breadcrumb":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-4-policy-directives\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-4-policy-directives\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-4-policy-directives\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/"},{"@type":"ListItem","position":2,"name":"DOM","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/"},{"@type":"ListItem","position":3,"name":"Chapter 4 &#8211; Information Technology","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/"},{"@type":"ListItem","position":4,"name":"Article 64 &#8211; Incident Response Policy","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/"},{"@type":"ListItem","position":5,"name":"49210.4 Policy Directives"}]},{"@type":"WebSite","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/","name":"Operations Manual","description":"CDCR","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cdcr.ca.gov\/operations-manual\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Department Operations Manual (DOM)","distributor_original_site_url":"https:\/\/www.cdcr.ca.gov\/operations-manual","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/31758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom"}],"about":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/types\/dom"}],"version-history":[{"count":1,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/31758\/revisions"}],"predecessor-version":[{"id":31759,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/31758\/revisions\/31759"}],"up":[{"embeddable":true,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/31747"}],"wp:attachment":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/media?parent=31758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}