Policy


Topics on this page

This policy page provides access to State Policy and management directives as published and issued in the State Administrative Manual (SAM), Technology Letters, Budget Letters, and Management Memos related to information security, including risk management, technology recovery, and incident reporting. It also provides access to agency compliance schedules and status, and corresponding State Information Management Manual (SIMM) instructions and forms.

State Administrative Manual (SAM)

The SAM is a central point for statewide policies, procedures, regulations and information developed and issued by authoring agencies such as this Office, the Department of Finance (Finance), Department of General Services (DGS), and Governor's Office. A searchable copy of the document is available by clicking on "State Administrative Manual (SAM)."

 

Statewide Information Management Manual (SIMM)

A number of SIMM forms are available by clicking on "Statewide Information Management Manual (SIMM)." The specific SIMM sections applicable to information security and privacy policy are listed below.

Topic SIMM Section
Information Security Program Management Standard (pdf) 5305-A
Plan of Action and Milestones Instructions (doc) 5305-B
Plan of Action and Milestones Worksheet (xls) 5305-C
Frequently Asked Questions (pdf) 5305
Privacy Statement and Notices Standard (pdf) 5310-A
Privacy Individual Access Standard (pdf) 5310-B
Technology Recovery Plan Instructions (pdf) 5325-A
Technology Recovery Program Certification (doc) 5325-B
Designation Letter (doc) 5330-A
Risk Management and Privacy Program Compliance Certification (doc) 5330-B
Incident Reporting and Response Instructions (pdf) 5340-A
California Compliance and Security Incident Reporting System (CAL-CSIRS) 5340-B
Requirements to Respond to Incidents Involving a Breach of Personal Information (pdf) 5340-C
Telework and Remote Access Security Standard (pdf) 5360-A
Remote Access Agreement (doc) 5360-B

 

Management Memos (MM)

A number of Management Memos are related to information technology. The following Management Memos are most relevant to information security:

Topic Management Memo Number
Safeguarding Against and Responding to a Breach of Security Involving Personal Information (pdf) 08-11
Update to Industry Standard Terminology for Disaster Recovery (pdf)
08-10
Release of Personal Information for Research 08-09
Information Technology Capital Planning Process 08-07
Restructure of SAM Information Security & Privacy Policy Sections 08-02
Removal of Confidential, Sensitive or Personal Information From State-Owned Surplus Personal Property and State-Owned Surplus Vehicles 07-09
Protection of Information Assets 06-12

 

Budget Letters (BL)

A number of Budget Letters are related to information technology. The following Budget Letters are most relevant to information security:

Topic Budget Letter Number
Transition of IT Project Review, Approval and Oversight Responsibilities from the Department of Finance to the Office of the State Chief Information Officer, and Information Technology Budgeting Guidelines 08-06
IT Security Policy - Changes to Operational Recovery Planning 07-03
IT Security Policy - Information Security Notification and Reporting 06-34
IT Security Policy - Encryption on Portable Computing Devices 05-32
IT Security Policy - Classification of Information 05-08
IT Security Policy - Peer-to-Peer File Sharing 05-03
Safeguarding Access to State Data 04-35
Safeguards for Firewalls and Servers 03-11

 
 

TECHNOLOGY LETTERS (TL)

Technology Letters contain official communications regarding state IT, including new (or changes to existing) IT policies, procedures, services or standards.


Compliance


The California Office of Information Security (Office) web site contains links to other sites that are not owned or controlled by us. The information provided at these sites does not reflect the views of this Office or indicate an endorsement of a particular company or product. Please be aware that our Office is not responsible for the security and privacy practices of such other sites.


Last Updated: Monday, November 07, 2016