340:25-5-75. Authority and responsibility
Oklahoma Child Support Services (OCSS) operates a single statewide automated data processing and information retrieval system that meets the requirements of:
2. Data processing procedures.
(1) Access to the data processing environment is restricted by level of authorized access.
(2) Within each district office and state office center, the office manager, managing attorney, or center supervisor is responsible for submitting host and Child Support Services (CSS) computer authorization and acknowledgment forms for each user to the CSS decentralized security administrator.
(3) The district office or state office center may email or fax a copy of Form 05SC003E, Logon Authorization Request for DHS Employees; Form 05SC004E, Logon Authorization Request for Non-DHS Employees; or Form 19SC001E, Logon Authorization Request Supplemental Information, as appropriate, to the CSS decentralized security administrator for submission to Oklahoma Management Enterprise Systems (OMES) for security access.
(A) These forms are available from the Forms page of the DHS InfoNet under General Use.
(B) OMES grants interim access to the data processing environment.
(4) The office manager, managing attorney, or center supervisor is responsible for notifying the CSS security administrator of all employee separations and monitoring and complying with system and data security, per DHS:2-41-15 and DHS Data Security Guidelines within his or her area of responsibility.
(5) Computer and laptop users are responsible for completing and signing statements related to security agreements, responsibilities, and penalties associated with misuse of data. No one is permitted to sign anyone on to the data processing system without a user identification number (ID).
(6) To protect access and prevent unauthorized disclosure or use of data processing information, CSS staff:
(A) does not share passwords with anyone;
(B) does not leave his or her data processing terminal open to unauthorized access;
(C) obscures active data processing terminals from external customers' views;
(D) follows Oklahoma Administrative Code (OAC) 340:25-5-67 and Instructions to Staff, pertaining to the use of confidential CSS data and reporting instances of inappropriate access or misuse of confidential information;
(E) does not share federal tax information in Microsoft Office 365 applications including, but not limited to, Outlook email, Yammer, Teams, SharePoint, OneDrive, and Planner; and
(F) are subject to disciplinary action, up to and including discharge, for failure to follow the procedures in (6)(A) through (E).