55503 Page 1 of 2 LACDMH SECURITY COMPLIANCE EVALUATION PROCEDURE The Department al Information Security Officer DISO is responsible for evaluating the security safeguards of all Los Angeles ID: 849054
Download Pdf The PPT/PDF document "Attachment 1" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1 555.03 - Attachment 1 Page 1 of
555.03 - Attachment 1 Page 1 of 2 LACDMH SECURITY COMPLIANCE EVALUATION PROCEDURE The Department al Information Security Officer (DISO) is responsible for evaluating the security safeguards of all Los Angeles County Department of Mental Health ( LAC DMH) information systems to ensure compliance with the LAC DMH Policy No. 553.02, Privacy and Se curity Compliance Program . I. Periodic Evaluation by the DISO a. The DISO or designee must prepare a written LACDMH security s afeguards evaluation , including a review of the viability of LACDMH Privacy and Security Compliance Program Policy. b. The DISO's approval is required before any change developed and recommended is made to any security policy or security procedure. II. Evaluation Upon Occ urrence of Certain Events If one or more of the following events occur, the poli cy evaluation process described in Section I, must be immediately implemented: 1. Changes in any of the regulatory, compliance, and/or accreditation security regulations or privac y regulations. 2. New Federal, State, or local laws or regulations affecting the privacy or security of confidential and/or sensitive information. 3. Changes in technology, environmental processes, or business processes that may affect LACDMH Privacy and Securit y Compliance Program Policy. 4. The occurrence of a serious security violation, breach, or other security incident aft
2 er which the analysis condu cted under
er which the analysis condu cted under LAC DMH Policy No. 552.01 , Security Incident Report and Response , indicates that policies and/or procedures need to be added or modified. 5. Changes in any County or LAC DMH poli cies and/or procedures that may affect the LAC DMH Privacy and Security Compliance Program Policy. 555.03 - Attachment 1 Page 2 of 2 III. Evaluation of Facility Procedures by DMH Facilities Periodically, the LAC DMH C hief I nformation O fficer or his/her designee must e valuate the security aspects of the LAC DMH Privacy and Security Compliance Program Policy, as applicable to the Department, the Department's own security policies and procedures, and the implementation, operation, and maintenance of such policies and procedures. The purpose of such internal evaluation is to determine LAC DMH's compliance status and make any changes necessary in order to become compliant, and/or to demonstrate and d ocument compliance with the LAC DMH Privacy and Security Compliance Program Policy and LAC DMH ’ s own security policies and procedures. IV. Internal Audit of Security Policies and Procedures All security - based policies and procedures, including the implementation, operation, and maintenance of such policies and procedures, are subject to periodic audits by LAC DMH I nternal A udit Department and/or DISO or his/her designee.