{"id":35372,"date":"2026-05-22T23:41:45","date_gmt":"2026-05-22T23:41:45","guid":{"rendered":"https:\/\/www.cdcr.ca.gov\/operations-manual\/?post_type=dom&#038;p=35372"},"modified":"2026-05-26T15:29:34","modified_gmt":"2026-05-26T15:29:34","slug":"47130-5-roles-and-responsibilities-2","status":"publish","type":"dom","link":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-40-unassigned\/47130-5-roles-and-responsibilities-2\/","title":{"rendered":"47130.5 Roles and Responsibilities"},"content":{"rendered":"\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department Chief Information Officer (CIO) or designee.<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO shall determine risk response for all GenAI usage and procurements, whether intentional or whether the procurement or use of the GenAI was incidental to the primary procurement or use. This includes the authority to approve or disapprove any and all potential use of GenAI by CDCR personnel. This responsibility cannot be designated.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee owns this policy and is responsible for ensuring that all users of department information assets are aware of this policy and acknowledge their individual responsibilities.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee is responsible for ensuring that this policy is reviewed annually and updated accordingly.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee is required to audit and assess compliance with this policy at least once every two years.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee shall ensure that GenAI risks are continuously monitored and managed.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CIO or Designee shall determine the appropriate security controls for GenAI and related technologies.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department ISO.<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The ISO shall:<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Participate in risk assessments associated with GenAI and related technologies. Risk assessments must adhere to State and Federal policy requirements.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensure the department inventories its use of \u201chigh risk automated decision systems\u201d as defined in GC Section 11546.45.5, subdivision (a)(5), or its subsequent iteration, and \u201chigh-risk\u201d GenAI systems as identified by the risk assessment required by SIMM 5305-F. This includes ensuring such inventories are made available to the California Department of Technology, as specified in GC Section 11546.45.5 and applicable State policy.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The ISO shall ensure that all use of GenAI and related technologies is approved prior to implementation.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department owners of information assets and program management.<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Owners of information assets shall ensure that personnel under their purview undergo GenAI training according to their roles and responsibilities, prior to their involvement in any potential use or use of GenAI that may utilize department data and information assets.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Owners of information assets shall ensure all GenAI applications under their purview that are deemed \u201chigh risk automated decision systems\u201d as defined in GC Section 11546.45.5, subdivision (a)(5), or its subsequent iteration, and \u201chigh-risk\u201d GenAI systems as identified by the risk assessment by SIMM 5305-F are documented.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Owners of information assets, in collaboration with Information Asset Custodians, shall ensure that all GenAI output under their purview used for decision making are reviewed regularly to prevent biases and misuse. The review shall include verification of accuracy and factuality of the input and output data to prevent misinformation.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department Information Asset Custodians<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Information Asset Custodians in collaboration with Owners of Information Assets shall implement, maintain, and monitor GenAI access and security controls for any GenAI usage under their purview.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department Information Asset Users<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Users of department information assets shall be aware of and adhere to all department information security and privacy policies.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t","protected":false},"parent":34406,"template":"","class_list":["post-35372","dom","type-dom","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>47130.5 Roles and Responsibilities - Department Operations Manual (DOM)<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"47130.5 Roles and Responsibilities - Department Operations Manual (DOM)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-40-unassigned\/47130-5-roles-and-responsibilities-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Department Operations Manual (DOM)\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-26T15:29:34+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-40-unassigned\\\/47130-5-roles-and-responsibilities-2\\\/\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-40-unassigned\\\/47130-5-roles-and-responsibilities-2\\\/\",\"name\":\"47130.5 Roles and Responsibilities - Department Operations Manual (DOM)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\"},\"datePublished\":\"2026-05-22T23:41:45+00:00\",\"dateModified\":\"2026-05-26T15:29:34+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-40-unassigned\\\/47130-5-roles-and-responsibilities-2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-40-unassigned\\\/47130-5-roles-and-responsibilities-2\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-40-unassigned\\\/47130-5-roles-and-responsibilities-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DOM\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chapter 4 &#8211; Information Technology\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Article 40 &#8211; Generative Artificial Intelligence Policy\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-40-unassigned\\\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"47130.5 Roles and Responsibilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\",\"name\":\"Operations Manual\",\"description\":\"CDCR\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"47130.5 Roles and Responsibilities - Department Operations Manual (DOM)","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"47130.5 Roles and Responsibilities - Department Operations Manual (DOM)","og_url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-40-unassigned\/47130-5-roles-and-responsibilities-2\/","og_site_name":"Department Operations Manual (DOM)","article_modified_time":"2026-05-26T15:29:34+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-40-unassigned\/47130-5-roles-and-responsibilities-2\/","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-40-unassigned\/47130-5-roles-and-responsibilities-2\/","name":"47130.5 Roles and Responsibilities - Department Operations Manual (DOM)","isPartOf":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website"},"datePublished":"2026-05-22T23:41:45+00:00","dateModified":"2026-05-26T15:29:34+00:00","breadcrumb":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-40-unassigned\/47130-5-roles-and-responsibilities-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-40-unassigned\/47130-5-roles-and-responsibilities-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-40-unassigned\/47130-5-roles-and-responsibilities-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/"},{"@type":"ListItem","position":2,"name":"DOM","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/"},{"@type":"ListItem","position":3,"name":"Chapter 4 &#8211; Information Technology","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/"},{"@type":"ListItem","position":4,"name":"Article 40 &#8211; Generative Artificial Intelligence Policy","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-40-unassigned\/"},{"@type":"ListItem","position":5,"name":"47130.5 Roles and Responsibilities"}]},{"@type":"WebSite","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/","name":"Operations Manual","description":"CDCR","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cdcr.ca.gov\/operations-manual\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Department Operations Manual (DOM)","distributor_original_site_url":"https:\/\/www.cdcr.ca.gov\/operations-manual","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/35372","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom"}],"about":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/types\/dom"}],"version-history":[{"count":2,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/35372\/revisions"}],"predecessor-version":[{"id":35375,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/35372\/revisions\/35375"}],"up":[{"embeddable":true,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/34406"}],"wp:attachment":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/media?parent=35372"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}