LOS ANGELES COUNTY
DEPARTMENT OF MENTAL HEALTH
  Policy 550.03 Information Technology Contingency Plan
 
  Procedures - Applications and Data Criticality Analysis
  1. The Application and Data Criticality Analysis must identify Information Technology Contingency Plan priorities based on the criticality and sensitivity of Los Angeles County Department of Mental Health (DMH/Department) applications and data. The analysis incorporates information from the DMH Master System Security Management Report and prioritizes the sequence in which DMH will recover systems and data in the event of a disaster and/or emergency. The Applications and Data Criticality Analysis must include:
     
    1. Identification of the assets (e.g., hardware, software, and applications) utilized by the facility that receive, manipulate, store, and/or transmit confidential and/or sensitive information, as well as information necessary to ongoing business operations.
       
    2. Prioritization of applications and data based on the criticality score and sensitivity score found in the DMH Master Security Management Report (DMH Policy 550.01).
       
  2. In creating this analysis, include all of the following:
     
    1. Incorporate results of the work done during the risk analysis/management process (DMH Policy 550.01).
       
    2. Identify the assets (e.g., hardware, software, and applications) utilized by the Department that receive, manipulate, store, and/or transmit confidential and/or sensitive information, as well as information necessary to ongoing business operations.
       
    3. Prioritize applications and data based on the criticality score and sensitivity score found in the DMH Master Security Management Report (DMH Policy 550.01).
       
  3. Create the Application and Data Criticality Analysis spreadsheet:
     
    1. Open the DMH Master Security Management Report (from the Risk Management process).
       
    2. Highlight the following columns: Official System Name, System Acronym, System Owner, Information Security Level, Criticality Score, Sensitivity Score, and Director's Priority Level.
       
    3. Copy these columns and paste them into a spreadsheet titled Application and Data Criticality Analysis, and add an additional column for System Function Description as shown below:
APPLICATION AND DATA CRITICALITY ANALYSIS
Date:
Official System Name
System Function Description
System Acronym
System Owner
Information Security Level
Criticality Score
Sensitivity Score
Director’s Priority Level
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  1. Obtain from designated executive staff and the DMH Director a prioritization of the Department's systems based on their functions and enter those priorities in the Director's Priority Level column. The DMH Chief Information Officer must determine the priority of systems for the purpose of this Contingency Plan based on the Director and designated executive staff prioritization and the criticality and sensitivity scores of systems and applications.
     
  2. Complete the spreadsheet by filling in all of the remaining data.