OAR 291-005-0005
Authority, Purpose, and Policy

(1)

Authority: The authority for this rule is granted to the Director of the Department of Corrections in accordance with ORS 179.040 (General powers and duties), 423.020 (Department of Corrections), 423.030 (Department not limited by ORS 423.020), and 423.075 (Director).

(2)

Purpose:

(a)

The purpose of this rule is to establish policies, procedures and guidelines for security of Department of Corrections (DOC) information systems. Any information system operated by the Department of Corrections or connected to the department’s network and information contained in DOC information networked computer systems shall be protected by the security guidelines established in this rule.

(b)

The Department of Corrections intends to operate all of its automation resources, including multi-user computer systems, terminal devices, personal computers (PCS), work stations, networks and communications devices, in such a manner as to ensure:

(A)

The accuracy and reliability of the department’s information, regardless of whether it is stored and processed on the department’s information systems or on other computer systems, including employee-owned personal computers or information systems operated by other agencies and organizations;

(B)

The protection of each individual’s rights of privacy concerning information about that person which may be stored on DOC information systems;

(C)

Accessibility to the information by authorized users of DOC information systems;

(D)

Denial of access to DOC information systems and information for all other unauthorized persons; and

(E)

Detection of and intervention in attempted or actual system break-ins, information tampering and destruction, and all other forms of misuse of DOC information systems, computer equipment, computer networks and information.

(3)

Policy: It is the policy of the Department of Corrections that computerized information shall be made secure from unauthorized access. Accepted supervision and management practices shall be required of employees to provide adequate security which restricts unauthorized access. Any external organization granted access to DOC information systems shall be required to follow and enforce the security guidelines of these rules.

Source: Rule 291-005-0005 — Authority, Purpose, and Policy, https://secure.sos.state.or.us/oard/view.action?ruleNumber=291-005-0005.

291‑005‑0005
Authority, Purpose, and Policy 291‑005‑0011
Definitions 291‑005‑0015
General 291‑005‑0025
Access Authorization 291‑005‑0035
Termination of Access 291‑005‑0045
Dial-Up Access 291‑005‑0055
User Password Management and Responsibilities 291‑005‑0065
Information Systems and Services Division (ISSD) Responsibilities for User Identification 291‑005‑0075
Physical Security Guidelines

Last Updated

Jun. 8, 2021

Rule 291-005-0005’s source at or.us

Stay Connected

Join thousands of people who receive monthly site updates.

Get Legal Help

The Oregon State Bar runs a service for finding an attorney in good standing. Initial consultations are usually free or discounted: Lawyer Referral Service

Committed to Public Service

We will always provide free access to the current law. In addition, we provide special support for non-profit, educational, and government users. Through social entrepreneurship, we’re lowering the cost of legal services and increasing citizen access.

Navigate

California:	Codes
Colorado:	C.R.S.
Nevada:	NRS
New York:	Laws
Oregon:	OAR, ORS
Texas:	Statutes
World:	Rome Statute, International Dictionary

Location: https://oregon.public.law/rules/oar_291-005-0005

Original Source: Rule 291-005-0005 — Authority, Purpose, and Policy, https://secure.sos.state.or.us/oard/view.action?ruleNumber=291-005-0005 (last accessed Jun. 8, 2021).

OAR 291-005-0005 Authority, Purpose, and Policy

(1)

(2)

(a)

(b)

(A)

(B)

(C)

(D)

(E)

(3)

OAR 291-005-0005
Authority, Purpose, and Policy