110 likes | 284 Views
Office Updates ORP-COOP/COG Alignment SAM/SIMM Restructure New/Revised SIMM Forms and Instructions Presented by Rosa Umbach. ORP-COOP/COG Alignment. Publication of Workgroup Products Revised SIMM 65A Instructions New SIMM 70D Definitions Internal Checklist (coming soon) Pending
E N D
Office Updates • ORP-COOP/COG Alignment • SAM/SIMM Restructure • New/Revised SIMM Forms and Instructions Presented by Rosa Umbach www.infosecurity.ca.gov/
ORP-COOP/COG Alignment • Publication of Workgroup Products • Revised SIMM 65A Instructions • New SIMM 70D • Definitions • Internal Checklist (coming soon) Pending • Working with OES • COOP/COG definitions • Updating of the COOP/COG Instructions www.infosecurity.ca.gov/
SAM/SIMM Restructure • Phase I – Restructure SAM 4840-4845 • Working with DGS to publish in SAM • Developing Management Memo for releasing new structure • Phase II – Perform Policy Gap Analysis • Phase III – Prioritize and begin establishing new policy www.infosecurity.ca.gov/
SAM Restructure NOTE: SAM restructure from 4840-4845 to Section 5300 is still in draft. We recommend making no changes until the Management Memo is released. www.infosecurity.ca.gov/
SAM Restructure (Continued) NOTE: SAM restructure from 4840-4845 to Section 5300 is still in draft. We recommend making no changes until the Management Memo is released. www.infosecurity.ca.gov/
Revised SIMM Forms • Agency Designation Letter (SIMM 70A) • Director can identify individual to sign as designee • Identification of other agencies that agency supports • Agency Operational Recovery Plan Certification (SIMM 70B) • New Office Name • Agency Risk Management and Privacy Program Compliance Certification (SIMM 70C) • Certifies full Risk Management Program is in place or the Agency provides remediation plan to become compliant. www.infosecurity.ca.gov/
SIMM 70A www.infosecurity.ca.gov/
SIMM 70C www.infosecurity.ca.gov/
Risk Management Certification • Remediation Plan should include: • List of activities which the agency is not yet compliant with • Timeline for completing each activity • Method for validation of completion • Method of verification of compliance • Contact for remediation plan www.infosecurity.ca.gov/
NEW SIMM Form • Agency Operational Recovery Plan Transmittal Letter (SIMM 70D) www.infosecurity.ca.gov/
Questions? www.infosecurity.ca.gov/