Statutes, codes, and regulations
Oregon Administrative Code
Chapter 291 - DEPARTMENT OF CORRECTIONS
Division 86 - AIC ACCESS TO AUTOMATION
Section 291-086-0036 - Management of Approved Information Technology

Or. Admin. Code § 291-086-0036

Download
PDF
Current through Register Vol. 64, No. 1, January 1, 2025
Section 291-086-0036 - Management of Approved Information Technology
(1) The Chief Information Officer (CIO) or designee is responsible for the overall management of information technology authorized for approved use by adults in custody, which shall include, but is not limited to:
(a) Installation and maintenance of information technology systems;
(b) Installation and maintenance of information technology software;
(c) Installation and configuration of internet connection(s);
(d) Implementation of security controls;
(e) Securing and maintaining appropriate licenses;
(f) Updating information technology systems, software, and security controls, as necessary;
(g) Setting up network folders and authorizing access to appropriate internet sites;
(h) Blocking access to certain internet sites;
(i) Ensuring that adults in custody cannot use information technology to access any confidential information, Departmental sites or programs, or unapproved external sites or entities;
(j) Maintaining a list of authorized internet sites and notifying applicable employees of any changes to the list;
(k) Managing adult in custody user accounts to include expiration dates, size limitations, etc.;
(l) Ensuring appropriate employees monitor information technology access by adults in custody to improve service levels and prevent unauthorized use or access by adults in custody;
(m) Ensuring that any security breaches related to adult in custody information technology access are reported and appropriately investigated;
(n) Overseeing audits of information technology access by adults in custody; and
(o) Providing any necessary technical assistance to employees that are responsible for supervising information technology access by adults in custody.
(2) Service or repair work to be performed on information technology must not be performed in the presence of an adult in custody unless authorized by the Information Technology Services Technical Services Manager or designee.
(3) Information technology systems and adult in custody accounts must be routinely audited no less than once every six months by employees who are familiar with the usage of the system and trained to look for security issues or violations.
(4) Audits will be logged and provided to work or program supervisors on a quarterly basis. Audits highlighting or identifying security issues will be provided to the Information Security Officer immediately. Work or program supervisors will submit an annual report containing the previous year's audit reports to the Information Security Officer and the Assistant Director of Operations.
(5) All information technology approved for adult in custody access will be identified as such with highly visible, conspicuous labeling.

Or. Admin. Code § 291-086-0036

DOC 23-2024, adopt filed 10/14/2024, effective 10/14/2024

Statutory/Other Authority: ORS 179.040, 423.020, 423.030 & 423.075

Statutes/Other Implemented: ORS 179.040, 423.020, 423.030 & 423.075