Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Access to IT Systems and Data for Individuals in WA State Department of Corrections, Study notes of Information Technology

The policy for granting access to IT systems and data for individuals under the jurisdiction of the Washington State Department of Corrections. The policy covers general requirements, restrictions for individuals in prisons and reentry centers, system security, reporting and compliance monitoring. It also includes references to other related policies and procedures.

Typology: Study notes

2021/2022

Uploaded on 09/27/2022

plastic-tree
plastic-tree 🇬🇧

4.4

(8)

213 documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
STATE OF WASHINGTON
DEPARTMENT OF CORRECTIONS
POLICY
APPLICABILITY
DEPARTMENT WIDE
FACILITY/SPANISH MANUAL
REVISION DATE
2/11/22
PAGE NUMBER
1 of 5
NUMBER
DOC 280.925
TITLE
ACCESS TO INFORMATION TECHNLOGY SYSTEMS
AND DATA FOR INDIVIDUALS
REVIEW/REVISION HISTORY:
Effective: 12/31/96
Revised: 11/4/04
Revised: 4/15/08
Reviewed: 3/17/09
Revised: 1/3/11
Revised: 4/15/11
Revised: 4/16/20
Revised: 2/11/22
SUMMARY OF REVISION/REVIEW:
Updated terminology throughout
III.C. - Adjusted language as person-centered
III.E.2. - Added clarifying language
APPROVED:
Signature on file
1/28/22
CHERYL STRANGE, Secretary
Department of Corrections
Date Signed
pf3
pf4
pf5

Partial preview of the text

Download Access to IT Systems and Data for Individuals in WA State Department of Corrections and more Study notes Information Technology in PDF only on Docsity!

STATE OF WASHINGTON DEPARTMENT OF CORRECTIONS

POLICY

DEPARTMENT WIDE

FACILITY/SPANISH MANUAL REVISION DATE 2/11/ PAGE NUMBER 1 of 5 NUMBER DOC 280. TITLE ACCESS TO INFORMATION TECHNLOGY SYSTEMS AND DATA FOR INDIVIDUALS REVIEW/REVISION HISTORY: Effective: 12/31/ Revised: 11/4/ Revised: 4/15/ Reviewed: 3/17/ Revised: 1/3/ Revised: 4/15/ Revised: 4/16/ Revised: 2/11/ SUMMARY OF REVISION/REVIEW: Updated terminology throughout III.C. - Adjusted language as person-centered III.E.2. - Added clarifying language APPROVED: Signature on file 1/28/ CHERYL STRANGE, Secretary Department of Corrections Date Signed

STATE OF WASHINGTON DEPARTMENT OF CORRECTIONS

POLICY

DEPARTMENT WIDE

FACILITY/SPANISH MANUAL REVISION DATE 2/11/ PAGE NUMBER 2 of 5 NUMBER DOC 280. TITLE ACCESS TO INFORMATION TECHNLOGY SYSTEMS AND DATA FOR INDIVIDUALS REFERENCES: DOC 100.100 is hereby incorporated into this policy; DOC 280.100 Acceptable Use of Technology; DOC 280.310 Information Technology Security; DOC 280.515 Data Classification and Sharing POLICY: I. The Department has established guidelines for individuals under the Department’s jurisdiction to access Information Technology (IT) systems or data. DIRECTIVE: I. General Requirements A. Individuals will only be granted access to IT systems or data designated for use by individuals under the Department’s jurisdiction and/or as required to participate in approved employment, education, and/or work programs.

  1. Individuals will not be given more privilege than is necessary.
  2. Access by individuals in Prison will be physically supervised by employees/contract staff assigned to the area where the IT system/data is located. B. Individuals are prohibited from:
  3. Direct or indirect access, either physically or electronically, to IT systems or data, including employee/contract staff workstations, unless approved.
  4. Using media players in Prisons other than the recreational yard or in the assigned living unit. Exceptions may be approved by the Superintendent for individuals that do not have access in the living unit.
  5. Accessing the internet, portable storage devices, or any system on the State Government Network (SGN) except kiosks. a. In Prisons, Law Librarians may use portable storage devices to transfer legal data for printing. b. In Reentry Centers, individuals may use the internet and portable storage devices not connected to the SGN for job-related purposes only (e.g., resumes, searches, applications).

STATE OF WASHINGTON DEPARTMENT OF CORRECTIONS

POLICY

DEPARTMENT WIDE

FACILITY/SPANISH MANUAL REVISION DATE 2/11/ PAGE NUMBER 4 of 5 NUMBER DOC 280. TITLE ACCESS TO INFORMATION TECHNLOGY SYSTEMS AND DATA FOR INDIVIDUALS D. IT systems connected to the Offender Services Network (OSN)/Local Area Network (LAN)/SGN will only be supported by Department IT employees/contract staff or authorized vendors (e.g., community college IT).

  1. IT systems supported by the Department will have an approved, hardened image to prevent compromise/modification.
  2. IT systems supported by authorized vendors will have a standard base image, including approved antivirus software and security patches.
  3. Employees/contract staff may request for an IT system, including leased systems, to be reimaged through the IT service request process.
  4. Vendors requiring physical access to IT systems will be controlled to prevent unauthorized use per DOC 280.310 Information Technology Security. E. In Prisons, the Chief Information Officer/designee may approve employees/ contract staff to use Department-owned portable storage devices to transfer data from the OSN to the SGN through the IT service request process.
  5. Category 3 and 4 data per DOC 280.515 Data Classification and Sharing and data containing macros/programming code (e.g., spreadsheets, databases) will not be transferred to the SGN.
  6. Employees/contract staff transferring data will follow Incarcerated Individual Electronic Data File Transfer to Department (DOC) Network Procedures located on the Department’s internal website. IV. Reporting and Compliance Monitoring A. If unauthorized/suspicious data is found on IT systems designated for use by individuals under the Department’s jurisdiction, employees/contract staff will notify the Cyber Security Unit through the IT service request process. B. Biannually, Cyber Security Unit employees/contract staff will conduct random searches of IT systems dedicated for use by individuals under the Department’s jurisdiction. C. Every 6 months, Cyber Security Unit employees/contract staff will audit selected facilities to ensure compliance with this policy.

STATE OF WASHINGTON DEPARTMENT OF CORRECTIONS

POLICY

DEPARTMENT WIDE

FACILITY/SPANISH MANUAL REVISION DATE 2/11/ PAGE NUMBER 5 of 5 NUMBER DOC 280. TITLE ACCESS TO INFORMATION TECHNLOGY SYSTEMS AND DATA FOR INDIVIDUALS D. Findings will be reported in writing to the Superintendent/CCS and Chief Information Security Officer, including any unauthorized/suspicious access or data, deficiencies, and action for noncompliance.

  1. The Intelligence and Investigations Unit will be notified for unauthorized/ suspicious data found on IT systems.
  2. Reports will be maintained per the Records Retention Schedule. DEFINITIONS: The following words/terms are important to this policy and are defined in the glossary section of the Policy Manual: Data, Direct Use, Indirect Use, Information Technology System, Local Area Network (LAN), Portable Storage Device, State Government Network (SGN). Other words/terms appearing in this policy may also be defined in the glossary. ATTACHMENTS: None DOC FORMS: None