Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved
(A) Each agency shall prepare a security manual that lists the agency's
security policies and procedures. All agency personnel shall be
required to provide written acknowledgement that they have
received, read and understand the security policies and procedures.
The agency head, or the information resources manager acting on
delegated authority, shall determine how often this written
acknowledgement must be renewed.
(B) Each agency shall establish procedures for reviewing information
resource functions to determine which positions require special
trust or responsibilities.
(C) Agencies shall use non-disclosure agreements to document the
acceptance by employees and contractors of special information
security requirements as defined by agency standards and risk
management decisions.
(D) Agencies shall provide an ongoing awareness and training program in
information security and in the protection of state information
resources for all personnel whose duties bring them into contact
with confidential or sensitive state information resources.
Security training sessions for these personnel shall be held at
least annually. Further, awareness and training in security shall
not be limited to formal training sessions, but shall include
periodic briefings and continual reinforcement of the value of
security consciousness in all employees whose duties bring them
into contact with confidential or sensitive state information
resources.
(E) State agencies shall take advantage of new employee orientation to
establish security awareness and inform new employees and
contractors of information security policies and procedures. If an
employee leaves the employment of any agency of the state, for
whatever reason, all security privileges shall be immediately
revoked and the employee shall be prevented from having any
opportunity to access information.