| The purpose of this policy is to develop, implement, and maintain appropriate Computer Security incident identification, response, mitigation, and related documentation processes.
Contracted agencies shall develop an internal policy and associated procedures that are consistent with their organizational practices and meet the requirements set forth in this policy.
|
| The Los Angeles County Department of Mental Health (DMH) workforce member must immediately report any and all suspected and actual breaches of information security to his/her supervisor and then to the DMH Helpdesk or Departmental Information Security Office (DISO). The DISO will activate the Departmental Computer Emergency Response Team (DCERT), and a DCERT representative must ensure notification of all other DMH sites and/or persons - (e.g., DMH Chief Information Officer (CIO), System Managers/Owners) - of computer security threat events. The DCERT representative must also notify the Privacy Officer if the computer security incident involves Protected Health Information.
The DISO or the DCERT representative is responsible for determining the appropriate level of response to a computer security incident and those outside of DMH who need to be notified.
The DMH computer security incident reporting response procedures, including the Incident Report form, must be consistent with the County Computer Security Incident Report and Response policies and procedures.
|
