{"id":31760,"date":"2024-05-09T18:51:10","date_gmt":"2024-05-09T18:51:10","guid":{"rendered":"https:\/\/www.cdcr.ca.gov\/operations-manual\/?post_type=dom&#038;p=31760"},"modified":"2024-05-15T21:10:40","modified_gmt":"2024-05-15T21:10:40","slug":"49210-5-roles-and-responsibilities","status":"publish","type":"dom","link":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-5-roles-and-responsibilities\/","title":{"rendered":"49210.5  Roles and Responsibilities"},"content":{"rendered":"\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department Chief Information Officer (CIO) or Designee<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee owns this policy and is responsible for ensuring that all users of department information assets are aware of this policy and acknowledge their individual responsibilities.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee shall ensure that the department has a formally documented and operational incident response plan to address incidents involving the loss, damage, misuse or unauthorized access of information assets, and breaches of security involving personal information in any form, in the most expedient and effective manner.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee shall ensure that the security incident response plan and procedures describe the necessary roles and responsibilities, and activities to enable security incident handlers to effectively prepare for, detect, analyze, contain, eradicate and recover from security incidents.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee shall ensure that security incident response management is integrated across the department, and with other State and department contingency and emergency management plans, teams and advisory resources.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee shall ensure that all department personnel receive incident response and awareness training and education in accordance with the individual\u2019s functional role within the department.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee shall ensure that department incident response capabilities are exercised at least annually to test incident response effectiveness, and that results from tests are documented and reviewed to continuously improve\u00a0capabilities.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee shall ensure that post-mortem \/ lessons-learned sessions following security incident response activities and tests are completed in order to continually improve incident response capabilities.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee shall ensure that all security incidents and department responses are monitored and documented, and all related activities and decisions are recorded.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee shall ensure that the department incident response plan, procedures and supporting documentation are updated at minimum on an annual\u00a0basis.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee is responsible for ensuring that this policy is reviewed annually and updated accordingly.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee is required to audit and assess compliance with this policy at least once every two (2) years.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department Information Security Officer (ISO)<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The ISO shall assist Owners of Information Assets and Information Asset Custodians in the development of department incident response plans.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The ISO shall participate in incident response and management activities.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department Owners of Information Assets and Program Management.<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Owners of Information Assets shall participate and provide assistance with and decisions related to responding to incidents involving information assets under their purview, as required, and as requested by incident managers, the Chief Information Officer (CIO) or Designee and the department ISO.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department Information Asset Custodians<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Information Asset Custodians shall participate and provide assistance with incident response activities as directed and guided by incident managers, ISOs, and Owners of Information Assets, as appropriate.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Information Asset Custodians shall maintain records related to and supporting individual incident responses.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department Users<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Users shall be aware of and adhere to all department information security and privacy policies.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Users shall report any incidents of possible misuse or violation of this policy to the department ISO, designee, or appropriate security staff or their immediate\u00a0supervisor.<br><\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t","protected":false},"parent":31747,"template":"","class_list":["post-31760","dom","type-dom","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>49210.5 Roles and Responsibilities - Department Operations Manual (DOM)<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"49210.5 Roles and Responsibilities - Department Operations Manual (DOM)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-5-roles-and-responsibilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Department Operations Manual (DOM)\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-15T21:10:40+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-64-incident-response-policy\\\/49210-5-roles-and-responsibilities\\\/\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-64-incident-response-policy\\\/49210-5-roles-and-responsibilities\\\/\",\"name\":\"49210.5 Roles and Responsibilities - Department Operations Manual (DOM)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\"},\"datePublished\":\"2024-05-09T18:51:10+00:00\",\"dateModified\":\"2024-05-15T21:10:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-64-incident-response-policy\\\/49210-5-roles-and-responsibilities\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-64-incident-response-policy\\\/49210-5-roles-and-responsibilities\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-64-incident-response-policy\\\/49210-5-roles-and-responsibilities\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DOM\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chapter 4 &#8211; Information Technology\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Article 64 &#8211; Incident Response Policy\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-64-incident-response-policy\\\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"49210.5 Roles and Responsibilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\",\"name\":\"Operations Manual\",\"description\":\"CDCR\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"49210.5 Roles and Responsibilities - Department Operations Manual (DOM)","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"49210.5 Roles and Responsibilities - Department Operations Manual (DOM)","og_url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-5-roles-and-responsibilities\/","og_site_name":"Department Operations Manual (DOM)","article_modified_time":"2024-05-15T21:10:40+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-5-roles-and-responsibilities\/","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-5-roles-and-responsibilities\/","name":"49210.5 Roles and Responsibilities - Department Operations Manual (DOM)","isPartOf":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website"},"datePublished":"2024-05-09T18:51:10+00:00","dateModified":"2024-05-15T21:10:40+00:00","breadcrumb":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-5-roles-and-responsibilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-5-roles-and-responsibilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/49210-5-roles-and-responsibilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/"},{"@type":"ListItem","position":2,"name":"DOM","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/"},{"@type":"ListItem","position":3,"name":"Chapter 4 &#8211; Information Technology","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/"},{"@type":"ListItem","position":4,"name":"Article 64 &#8211; Incident Response Policy","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-64-incident-response-policy\/"},{"@type":"ListItem","position":5,"name":"49210.5 Roles and Responsibilities"}]},{"@type":"WebSite","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/","name":"Operations Manual","description":"CDCR","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cdcr.ca.gov\/operations-manual\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Department Operations Manual (DOM)","distributor_original_site_url":"https:\/\/www.cdcr.ca.gov\/operations-manual","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/31760","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom"}],"about":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/types\/dom"}],"version-history":[{"count":1,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/31760\/revisions"}],"predecessor-version":[{"id":31761,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/31760\/revisions\/31761"}],"up":[{"embeddable":true,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/31747"}],"wp:attachment":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/media?parent=31760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}