LOS ANGELES COUNTY
DEPARTMENT OF MENTAL HEALTH
  Policy 555.03 Security Compliance Evaluation
 
Policy Category:  Administrative
Distribution Level:  Directly Operated Programs and Contracted Agencies
Review and Approved by:  Chief Information Office
 
Approved by Edgar M. Soto, MBA, CSP, Administrative Deputy III, on  January 21, 2020
 
I.  POLICY STATEMENT
 
This policy establishes a process for monitoring compliance by the Los Angeles County Department of Mental Health (DMH/Department) with security aspects of DMH Policy 553.02.

Contracted agencies shall develop an internal policy and associated procedures that are consistent with their organizational practices and meet the requirements set forth in this policy.
 
II.  DEFINITIONS
 
III.  POLICY
 
DMH must evaluate security safeguards to determine whether safeguards comply with the requirements of the DMH Privacy and Security Compliance Program. This evaluation must first occur at the completion of the implementation of DMH's security safeguards.

Thereafter on an annual basis, DMH must evaluate one or more of its information systems. The sequence of evaluations must be prioritized as defined in the Application and Criticality Analysis in DMH Policy No. 550.03, Information Technology Contingency Plan. Each system selected for evaluation must have its security Safeguards evaluated in each of the following categories:
  1. Administrative
  2. Physical
  3. Technical
Evaluations are necessary to determine the effectiveness of existing security safeguards in light of technological, environmental, or operational changes. Any findings of noncompliance or security failures must be remedied in accordance with the DMH Master Security Management Report (DMH Policy No. 550.01).
 
IV.  PROCEDURES
 
V.  AUTHORITIES