5320.2    RESPONSIBILITY OF OWNERS OF INFORMATION
(New 03/08)

The responsibilities of an agency unit that is the designated owner of an automated file or database consist of:

1. Classifying each file or database for which it has ownership responsibility in accordance with the need for precautions in controlling access to and preserving the security and integrity of the file or data base.
   
   
2. Defining precautions for controlling access to and preserving the security and integrity of files and data bases that have been classified as requiring such precautions.
   
   
3. Authorizing access to the information in accordance with the classification of the information and the need for access to the information.
   
   
4. Monitoring and ensuring compliance with agency and state security policies and procedures affecting the information.
   
   
5. Identifying for each file or data base the level of acceptable risk.
   
   
6. Filing Information Security Incident Reports with the Office. See SAM Section 5360.

The ownership responsibilities must be performed throughout the life cycle of the file or database, until its proper disposal. Program units that have been designated owners of automated files and data bases must coordinate these responsibilities with the agency Information Security Officer.

AUTHORITY          STANDARDS          GUIDANCE          FORMS          TOOLS