{"id":8955,"date":"2020-03-31T16:06:01","date_gmt":"2020-03-31T23:06:01","guid":{"rendered":"http:\/\/cdcr.test\/dom\/chapter-4-information-technology\/article-10-project-review-and-basic-policy\/44010-5-project-compliance-review\/"},"modified":"2020-03-31T16:06:01","modified_gmt":"2020-03-31T23:06:01","slug":"44010-5-project-compliance-review","status":"publish","type":"dom","link":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-10-project-review-and-basic-policy\/44010-5-project-compliance-review\/","title":{"rendered":"44010.5 Project Compliance Review"},"content":{"rendered":"\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The Department is subject to compliance reviews conducted by OIT, or by specified units within CDC. The purpose of a compliance review is to verify CDC adherence to Department and State information technology policies and procedures.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Types of Compliance Reviews<\/p>\n\t\t\t\t\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>ITS within CDC are subject to four types of reviews:<\/p>\n\t\t\t\t\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Type 1. Policy compliance reviews (SAM Section 4942).<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Type 2. EDP audit reviews (see DOM 49050).<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Type 3. Information security, risk management, operational recovery compliance reviews (SAM Sections 4840 through 4845; DOM 49000).<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Type 4. Facility peer reviews.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<\/ul>\n\t\t<\/li>\n\t\t<\/ul>\n\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Policy Compliance Review<\/p>\n\t\t\t\t\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Type 1 &#8211; Policy compliance reviews are conducted by OIT. Responses to this type of review shall be coordinated by the central clearinghouse function of ISD.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<\/ul>\n\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>EDP Audit Reviews<\/p>\n\t\t\t\t\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Type 2 &#8211; EDP audit reviews are part of an audit required by SAM, and are usually conducted by the Internal Audits Unit of PFAB. Alternately, it is possible that Type 2 reviews shall be carried out by the Audits Group of DOF, but responsibility for the audit reviews remains with PFAB. The owner of an information system is responsible for providing responses to audit findings regarding that system.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<\/ul>\n\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Security, Risk, and Operational Compliance Reviews <\/p>\n\t\t\t\t\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Type 3 &#8211; Information security, risk management, and operational recovery compliance reviews are ongoing and conducted by the Information Security Unit within PFAB. These reviews are usually not oriented to a specific system or project, and are limited in scope to the policies contained in SAM Sections 4840 through 4845, and DOM Subchapter 49000.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<\/ul>\n\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Facility Peer Reviews<\/p>\n\t\t\t\t\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Type 4 &#8211; Facility peer reviews are reviews of business services operations conducted by the Department on a rotational basis at each of CDC&#8217;s facilities. The EDP portion of the peer review includes a functional review of Offender Based Information Services, the DDPS, and personal computer security practices and system utilization.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The review teams are composed of business services and administrative staff from headquarters and the facilities.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<\/ul>\n\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>NonDelegated Projects<\/p>\n\t\t\t\t\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>OIT reviews project reporting documentation in conjunction with its compliance review and oversight responsibilities.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<\/ul>\n\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Delegated Projects<\/p>\n\t\t\t\t\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>For delegated projects, the MIS Committee shall determine when a compliance review is to be conducted, the scope of the review, and who shall perform the review.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<\/ul>\n\t\t<\/li>\n\t\t<\/ul>\n\t","protected":false},"parent":8946,"template":"","class_list":["post-8955","dom","type-dom","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>44010.5 Project Compliance Review - Department Operations Manual (DOM)<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"44010.5 Project Compliance Review - Department Operations Manual (DOM)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-10-project-review-and-basic-policy\/44010-5-project-compliance-review\/\" \/>\n<meta property=\"og:site_name\" content=\"Department Operations Manual (DOM)\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-10-project-review-and-basic-policy\\\/44010-5-project-compliance-review\\\/\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-10-project-review-and-basic-policy\\\/44010-5-project-compliance-review\\\/\",\"name\":\"44010.5 Project Compliance Review - Department Operations Manual (DOM)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\"},\"datePublished\":\"2020-03-31T23:06:01+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-10-project-review-and-basic-policy\\\/44010-5-project-compliance-review\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-10-project-review-and-basic-policy\\\/44010-5-project-compliance-review\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-10-project-review-and-basic-policy\\\/44010-5-project-compliance-review\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DOM\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chapter 4 &#8211; Information Technology\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Article 10 &#8211; Project Review and Basic Policy\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-10-project-review-and-basic-policy\\\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"44010.5 Project Compliance Review\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\",\"name\":\"Operations Manual\",\"description\":\"CDCR\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"44010.5 Project Compliance Review - Department Operations Manual (DOM)","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"44010.5 Project Compliance Review - Department Operations Manual (DOM)","og_url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-10-project-review-and-basic-policy\/44010-5-project-compliance-review\/","og_site_name":"Department Operations Manual (DOM)","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-10-project-review-and-basic-policy\/44010-5-project-compliance-review\/","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-10-project-review-and-basic-policy\/44010-5-project-compliance-review\/","name":"44010.5 Project Compliance Review - Department Operations Manual (DOM)","isPartOf":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website"},"datePublished":"2020-03-31T23:06:01+00:00","breadcrumb":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-10-project-review-and-basic-policy\/44010-5-project-compliance-review\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-10-project-review-and-basic-policy\/44010-5-project-compliance-review\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-10-project-review-and-basic-policy\/44010-5-project-compliance-review\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/"},{"@type":"ListItem","position":2,"name":"DOM","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/"},{"@type":"ListItem","position":3,"name":"Chapter 4 &#8211; Information Technology","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/"},{"@type":"ListItem","position":4,"name":"Article 10 &#8211; Project Review and Basic Policy","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-10-project-review-and-basic-policy\/"},{"@type":"ListItem","position":5,"name":"44010.5 Project Compliance Review"}]},{"@type":"WebSite","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/","name":"Operations Manual","description":"CDCR","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cdcr.ca.gov\/operations-manual\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Department Operations Manual (DOM)","distributor_original_site_url":"https:\/\/www.cdcr.ca.gov\/operations-manual","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/8955","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom"}],"about":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/types\/dom"}],"version-history":[{"count":0,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/8955\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/8946"}],"wp:attachment":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/media?parent=8955"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}