Information is a critical Oklahoma House of Representatives asset. Information is comparable with other assets in that there is a cost in obtaining it and a value in using it. However, unlike many other assets, the value of reliable and accurate information appreciates over time as opposed to depreciating. Shared information is a powerful tool and loss or misuse can be costly, if not illegal. The intent of this Security Policy is to protect the information assets of the Oklahoma House of Representatives.

This Security Policy governs all aspects of hardware, software, communications and information. It covers the Oklahoma House of Representatives as well as contractors or other entities who may be given permission to log in, view or access Oklahoma House of Representatives information.

Definitions:

* Information includes any data or knowledge collected, processed, stored, managed, transferred or disseminated by any method.

* The Owner of the information is the Oklahoma House of Representatives responsible for producing, collecting and maintaining the authenticity, integrity and accuracy of information.

* The Hosting State Agency has physical and operational control of the hardware, software, communications and data bases (files) of the owning Agency. The Hosting Agency can also be an Owner.

The confidentiality of all information created or hosted by the Oklahoma House of Representatives is the responsibility of the Oklahoma House of Representatives. Disclosure is governed by legislation, regulatory protections and rules as well as policies and procedures of the owning State Agency. The highest of ethical standards are required to prevent the inappropriate transfer of sensitive or confidential information.

All information content is owned by the Oklahoma House of Representatives responsible for collecting and maintaining the authenticity, integrity and accuracy of the information. The objective of the owning State Agency is to protect the information from inadvertent or intentional damage, unauthorized disclosure or use according to the owning Agency's defined classification standards and procedural guidelines.

Information access is subject to legal restrictions and to the appropriate approval processes of the Oklahoma House of Representatives. The Oklahoma House of Representatives is responsible for maintaining current and accurate access authorities and communicating these in an agreed upon manner to the security function at the Oklahoma House of Representatives.

Information security - The Oklahoma House of Representatives collects and maintains (owns) the information is responsible for interpreting confidentiality restrictions imposed by laws and statutes, establishing information classification and approving information access. The Oklahoma House of Representatives will staff a security function whose responsibility will be operational control and timely implementation of access privileges. This will include access authorization, termination of access privileges, monitoring of usage and audit of incidents.

Information availability is the responsibility of the Oklahoma House of Representatives. Access to information will be granted as needed to all State Agencies to support their required processes, functions and timelines. Proven backup and recovery procedures for all data elements to cover the possible loss or corruption of system information are the responsibility of the Oklahoma House of Representatives.

The Oklahoma House of Representatives is responsible for securing strategic and operational control of its hardware, software and telecommunication facilities. Included in this mandate is the implementation of effective safeguards and firewalls to prevent unauthorized access to system processes and computing/telecommunication operational centers. Recovery plans are mandatory and will be periodically tested to ensure the continued availability of services in the event of loss to any of the facilities.