DHS Adminstrative Policy: Information Security Awareness

DHS home | Policies | Administrative policies | Admin policies index | policy

	Administrative Services

Policy Title:	DHS Information Security Awareness
Policy Number:	DHS-090-004	Version:	1.0	Effective Date:	05/17/2004

Approved By: DHS Chief Administrative Officer

Approved Date: 05/17/2004

Overview

Description: This policy establishes the requirement for security awareness and education for all workforce members of the Department of Human Services (DHS) that have access to information systems and information assets. Information assets include any valuable or sensitive information in any form (i.e., written, verbal, or electronic), created, gathered, or stored and used as a component of a DHS business process, regardless of the source.

Purpose/Rationale: To ensure that all workforce members who have been granted access to DHS information systems and assets are informed and aware of the importance of protecting confidential and sensitive information held by DHS.

This policy is in support of DHS Information Security Policy DHS-090-001, that establishes the Information Security Program to ensure the privacy, integrity, and availability of its information assets.

Applicability: All workforce members who have been granted access to DHS information systems and information assets, including but not limited to full and part-time employees, temporary workers, volunteers, contractors, those employed by others to perform DHS work, and others granted access, are covered by this policy and shall comply with this and associated policies, procedures and guidelines.

Failure to Comply: Failure to comply with information security policies or other associated policies, standards, guidelines, and procedures may result in disciplinary actions up to and including termination of employment for employees or termination of contracts for contractors, partners, consultants, and other entities. Legal actions also may be taken for violations of applicable regulations and laws.

Back to top

Policy

General

DHS shall provide ongoing information security awareness and education for all members of its workforce.
The information security awareness and education shall cover information security basics, associated policies and procedures, and workforce member responsibilities.
DHS managers shall ensure that workforce members under their supervision are aware of information security policies, procedures, and guidelines and have access to current versions.
DHS shall inform new full and part-time employees, temporary workers and volunteers of the importance of information security and their role in protecting valuable and sensitive DHS information systems and information assets, during their orientation.
DHS employees shall acknowledge they have been informed and are aware of DHS Information Security policies, and their role in protecting DHS information systems and information assets, by signing the Employee Acknowledgement Form included in the DHS Employee Handbook.
The DHS Office of Human Resources shall be responsible for the collection and management of signed Employee Acknowledgment Forms, verifying that workforce members have been informed and are aware of DHS Information Security policies and their role in protecting DHS information systems and information assets.
DHS managers shall hold an annual awareness and education session to review information security basics and current information security policies with workforce members under their supervision.
DHS shall inform all other authorized users of the importance of information security and their role in protecting DHS information systems and information assets through the terms of the associated contract and other associated documents.
DHS information security awareness and education materials shall be made available for use by contractors and partners for the education of their workforce members who have access to DHS information systems and information assets.

Contracting

All DHS contracts shall contain language concerning awareness of information security policies and requiring adherence to DHS security policies, procedures, and guidelines.