OAR 943-014-0320
User Responsibility

The organization or user shall not make any root level changes to any Authority or State of Oregon network and information system. The Authority recognizes that some application users have root level access to certain functions to allow the user to diagnose problems (such as startup or shutdown operations, disk layouts, user additions, deletions or modifications, or other operation) that require root privileges. This access does not give the user the right to make any changes normally restricted to root without explicit written permission from the Authority.

(1)

Use and disclosure of any Authority information asset is strictly limited to the minimum information necessary to perform the requested and authorized service.

(2)

The organization shall have established privacy and security measures that meet or exceed the standards set forth in the Authority privacy and information security policies, available from the Authority, regarding the disclosure of an information asset.

(3)

The organization or user shall comply with all security and privacy federal and state laws, rules, and regulations applicable to the access granted.

(4)

The organization shall make the security risk plan available to the Authority for review upon request.

(5)

The organization or user shall report to the Authority all privacy or security incidents by the user that compromise, damage, or cause a loss of protection to the Authority information assets or the network and information systems. The incident report shall be made no later than five business days from the date on which the user becomes aware of such incident. The user shall provide the Authority a written report which must include the results of the incident assessment findings and resolution strategies.

(6)

Wrongful use of a network and information system, or wrongful use or disclosure of an Authority information asset by the organization or user may cause the immediate suspension or revocation of any access granted, at the sole discretion of the Authority without advance notice.

(7)

The organization or user shall comply with the Authority’s request for corrective action concerning a privacy or security incident and with laws requiring mitigation of harm caused by the unauthorized use or disclosure of confidential information, if any.

Source: Rule 943-014-0320 — User Responsibility, https://secure.sos.state.or.us/oard/view.action?ruleNumber=943-014-0320.

943‑014‑0000
Definitions 943‑014‑0010
Purpose 943‑014‑0015
Covered Entity Status for Purposes of the HIPAA Privacy Rules 943‑014‑0020
Uses and Disclosures of Client or Participant Protected Information 943‑014‑0030
Client Privacy Rights 943‑014‑0040
Minimum Necessary Standards 943‑014‑0060
Uses and Disclosures of Protected Information for Research Purposes 943‑014‑0070
De-identification of Client Information and Use of Limited Data Sets under Data Use Agreements 943‑014‑0200
Confidentiality and Inadmissibility of Mediation Communications 943‑014‑0205
Confidentiality and Inadmissibility of Workplace Interpersonal Dispute Mediation Communications 943‑014‑0300
Scope 943‑014‑0305
Definitions 943‑014‑0310
Information Access 943‑014‑0315
Security Information Assets 943‑014‑0320
User Responsibility 943‑014‑0400
Purpose 943‑014‑0410
Definitions 943‑014‑0415
General Business Associate Requirements 943‑014‑0420
Uses and Disclosures of Protected Health Information by Business Associate 943‑014‑0430
Authority Obligations 943‑014‑0435
Contractor Security Requirements 943‑014‑0440
Breach 943‑014‑0445
Violations 943‑014‑0450
Termination of Contract 943‑014‑0455
Order of Precedence 943‑014‑0460
Authority Compliance Methods 943‑014‑0465
Standards in Individual Contracts

California:	Codes
Colorado:	C.R.S.
Nevada:	NRS
New York:	Laws
Oregon:	OAR, ORS
Texas:	Statutes
World:	Rome Statute, International Dictionary

OAR 943-014-0320 User Responsibility

(1)

(2)

(3)

(4)

(5)

(6)

(7)

OAR 943-014-0320
User Responsibility