OAR 943-014-0305
Definitions
(1)
“Access” means the ability or the means necessary to read, communicate, or otherwise use any Authority information asset.(2)
“Access Control Process” means Authority forms and processes used to authorize a user, identify their job assignment, and determine the required access.(3)
“Authority” means the Oregon Health Authority.(4)
“Client Records” means any client, applicant, or participant information regardless of the media or source, provided by the Authority to the user, or exchanged between the Authority and the user.(5)
“Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of any network and information system or Authority information asset including, but not limited to unauthorized disclosure of information; failure to protect user’s identification (ID) provided by the Authority; or, theft of computer equipment that uses or stores any Authority information asset.(6)
“Information Asset” means any information, also known as data, provided through the Authority, regardless of the source or media, which requires measures for security and privacy of the information.(7)
“Network and Information System” means the State of Oregon’s computer infrastructure, which provides personal communications, client records and other sensitive information assets, regional, wide area and local area networks, and the internetworking of various types of networks on behalf of the Authority.(8)
“User” means any individual authorized by the Authority to access a network and information system or information asset.(9)
“Organization” means any entity authorized by the Authority to access a network and information system or information asset.
Source:
Rule 943-014-0305 — Definitions, https://secure.sos.state.or.us/oard/view.action?ruleNumber=943-014-0305.