LAC Department of Mental Health Public Portal

	LOS ANGELES COUNTY DEPARTMENT OF MENTAL HEALTH
	Policy 554.02 System Access Control

Policy Category: Administrative

Distribution Level: Directly-Operated Programs and Contracted Agencies

Responsible Party: Chief Information Office

Approved by Edgar M. Soto, MBA, CSP, Administrative Deputy III, on January 21, 2020

I. POLICY STATEMENTS

This policy states the technical security requirements for electronic information systems to allow access only to persons or software programs that have appropriate access rights.

Contracted agencies shall develop an internal policy and associated procedures that are consistent with their organizational practices and meet the requirements set forth in this policy.

II. DEFINITIONS

Information Technology and Security Glossary

III. POLICY

The Los Angeles County Department of Mental Health (DMH) Chief Information Officer (CIO) must ensure that system managers/owners implement appropriate access control safeguards to allow DMH electronic information systems access only to those persons or software programs who have access clearance and have been granted access rights with a level of privilege that allows them to only access the minimum information for which they are authorized.

IV. PROCEDURES

Procedures - System Access Control

V. AUTHORITIES

Code of Federal Regulations Title 45 Section 164.312(a)(1), Standard: Access control
Code of Federal Regulations Title 45 Section 164.312(a)(2), Implementation specifications (i)-(iv)
Los Angeles County Board of Supervisors Policy No. 6.101, Use of County Information Assets