Transcript Document 7843195
Office Updates
• ORP-COOP/COG Alignment • SAM/SIMM Restructure • New/Revised SIMM Forms and Instructions January 10, 2008 Presented by Rosa Umbach www.infosecurity.ca.gov/ 1
ORP-COOP/COG Alignment
• Publication of Workgroup Products – Revised SIMM 65A Instructions – New SIMM 70D – Definitions – Internal Checklist (coming soon) Pending – Working with OES • COOP/COG definitions • Updating of the COOP/COG Instructions January 10, 2008 www.infosecurity.ca.gov/ 2
SAM/SIMM Restructure
• Phase I – Restructure SAM 4840-4845 – Working with DGS to publish in SAM – Developing Management Memo for releasing new structure • Phase II – Perform Policy Gap Analysis • Phase III – Prioritize and begin establishing new policy January 10, 2008 www.infosecurity.ca.gov/ 3
SAM Restructure
NOTE: SAM restructure from 4840-4845 to Section 5300 is still in draft. We recommend making no changes until the Management Memo is released.
January 10, 2008 www.infosecurity.ca.gov/ 4
SAM Restructure (Continued)
NOTE: SAM restructure from 4840-4845 to Section 5300 is still in draft. We recommend making no changes until the Management Memo is released.
January 10, 2008 www.infosecurity.ca.gov/ 5
Revised SIMM Forms
• Agency Designation Letter (SIMM 70A) – Director can identify individual to sign as designee – Identification of other agencies that agency supports • Agency Operational Recovery Plan Certification (SIMM 70B) – New Office Name • Agency Risk Management and Privacy Program Compliance Certification (SIMM 70C) – Certifies full Risk Management Program is in place or the Agency provides remediation plan to become compliant.
January 10, 2008 www.infosecurity.ca.gov/ 6
SIMM 70A
January 10, 2008 www.infosecurity.ca.gov/ 7
SIMM 70C
January 10, 2008 www.infosecurity.ca.gov/ 8
Risk Management Certification
• Remediation Plan should include: – List of activities which the agency is not yet compliant with – Timeline for completing each activity – Method for validation of completion – Method of verification of compliance – Contact for remediation plan January 10, 2008 www.infosecurity.ca.gov/ 9
NEW SIMM Form
• Agency Operational Recovery Plan Transmittal Letter (SIMM 70D) January 10, 2008 www.infosecurity.ca.gov/ 10
Questions?
January 10, 2008 www.infosecurity.ca.gov/ 11