Forms and Tools
These resources provide a centralized location for easy access to mandated forms. It also provides state agencies a collection of tools to assist in meeting requirements and in building effective information security programs.
The forms state agencies must complete to be in compliance with the State Administrative Manual (SAM).
- Security Incident Report
- Designation Letter
- Technology Recovery Documentation
- Risk Management and Privacy Program Certification
- Telework and Remote Security Standard
Recommended resources to assist state agencies in complying with requirements and in building effective information security programs.
The Report is due to the California Office of Information Security (Office) when an information security incident occurs. See SAM Section 5340.
The Letter provides our office with an agency contact for Information Security Officers and Technology Recovery Coordinators. It is due by January 31st of each year or within 10 business days if changes occur. See SAM Section 5330.2
|Designation Letter (doc)||5330-A|
Technology Recovery Documentation
Agencies must file this Certification every year. Use of the Cross Reference Worksheet is optional if the TRP submission follows the SIMM 5325B format. See SAM 5325.1.
|Technology Recovery Program Certification (doc)||5325-B|
|Technology Recovery Plan Instructions (pdf)||5325-A|
Risk Management and Privacy Program Compliance Certification
The signed Certification acknowledges that each state agency is in compliance with policy governing risk management and privacy requirements as defined in SAM Section 5330, Government Code Section 11019.9, and the Information Practices Act (Civil Code Section 1798 et seq.). The Certification is due by January 31st of each year.
|Risk Management and Privacy Program Compliance Certification (doc)||5330-B|
|Privacy Statement and Notices Standard (pdf)||5310-A|
Telework and Remote Security Standard
This standard applies to telework and remote access users who have access to California State IT infrastructure and information assets through public networks. In addition to telework users, this standard is applicable to security, system, and network engineers and administrators, as well as computer security program managers who are responsible for the technical aspects of preparing, operating, and securing remote access solutions and telework client devices, and state entity heads and program managers responsible for the overall security of information assets within their agencies.
|Telework and Remote Security Standard
|Remote Access Agreement||5360-B|
|Cal OES Training Division|
|Cal OES Exercise Program|
Guidelines and Tools
Information Technology Security Program Guideline
This Guideline can be a valuable tool in assisting state agencies to implement, or those who seek to improve, their information security programs. The Guideline's components provide a framework that enables secure communications and appropriate protection of information resources within the State of California government.
|Information Security Program Guide for State Agencies (pdf)||April 2008|
These are tools for agencies to use in identifying information security risks and to help mitigate the issues.
Training and Awareness
|Self Training Manual and Guidelines for Protecting Privacy in State Government||March 2007|
The California Information Security (Office) web site contains links to other sites that are not owned or controlled by us. The information provided at these sites does not reflect the views of this Office or indicate an endorsement of a particular company or product. Please be aware that our Office is not responsible for the security and privacy practices of such other sites.
Cyber Threat Level
- California Security Jumpstart
- California IT Directory
- Forms and Tools
- Policy (SAM /SIMM /MM /BL /TL /Compliance)
- Really Simple Syndication (RSS) Feeds
- Samples and Templates
- Status of Required Security Reporting Activities
- California Military Department
- California Government Operations Agency
- California Department of Technology
- California Highway Patrol
- California Governor's Office of Emergency Services
- State of California Office of Health Information Integrity
- Department of Justice´s Privacy Enforcement and Protection Unit