OAR 291-005-0005
Authority, Purpose, and Policy


(1)

Authority: The authority for this rule is granted to the Director of the Department of Corrections in accordance with ORS 179.040 (General powers and duties), 423.020 (Department of Corrections), 423.030 (Department not limited by ORS 423.020), and 423.075 (Director).

(2)

Purpose:

(a)

The purpose of this rule is to establish policies, procedures and guidelines for security of Department of Corrections (DOC) information systems. Any information system operated by the Department of Corrections or connected to the department’s network and information contained in DOC information networked computer systems shall be protected by the security guidelines established in this rule.

(b)

The Department of Corrections intends to operate all of its automation resources, including multi-user computer systems, terminal devices, personal computers (PCS), work stations, networks and communications devices, in such a manner as to ensure:

(A)

The accuracy and reliability of the department’s information, regardless of whether it is stored and processed on the department’s information systems or on other computer systems, including employee-owned personal computers or information systems operated by other agencies and organizations;

(B)

The protection of each individual’s rights of privacy concerning information about that person which may be stored on DOC information systems;

(C)

Accessibility to the information by authorized users of DOC information systems;

(D)

Denial of access to DOC information systems and information for all other unauthorized persons; and

(E)

Detection of and intervention in attempted or actual system break-ins, information tampering and destruction, and all other forms of misuse of DOC information systems, computer equipment, computer networks and information.

(3)

Policy: It is the policy of the Department of Corrections that computerized information shall be made secure from unauthorized access. Accepted supervision and management practices shall be required of employees to provide adequate security which restricts unauthorized access. Any external organization granted access to DOC information systems shall be required to follow and enforce the security guidelines of these rules.

Source: Rule 291-005-0005 — Authority, Purpose, and Policy, https://secure.­sos.­state.­or.­us/oard/view.­action?ruleNumber=291-005-0005.

Last Updated

Jun. 8, 2021

Rule 291-005-0005’s source at or​.us