WF 08-B

COMMENT DUE DATE:

June 9, 2008

DATE:

May 29, 2008

Sherry Hillemeyer DSD (405) 522-1205

Dena Thayer PMU Manager (405) 521-4326

Nancy Kelly PMU Specialist (405) 522-6703

RE:

Non-APA WF 08-B

It is very important that you provide your comments regarding the DRAFT COPY of policy by the comment due date. Comments are directed to *STO.LegalServices.Policy@okdhs.org.

The proposed policy is Non-APA . This proposal is not subject to the Administrative Procedures Act

The proposed effective date is 06-15-08.

OKDHS CHAPTER 2. ADMINISTRATIVE COMPONENTS

OKDHS Subchapter 1. Data Services Division

OKDHS:2-41-1 [AMENDED]

OKDHS:2-41-2 through OKDHS:2-41-3 [REVOKED]

OKDHS:2-41-4 [AMENDED]

OKDHS:2-41-5 [REVOKED]

OKDHS:2-41-6 [AMENDED]

OKDHS:2-41-7 through OKDHS:2-41-11[REVOKED]

OKDHS:2-41-12 through OKDHS:2-41-16 [AMENDED]

SUMMARY: OKDHS:2-41-1, OKDHS:2-41-4, OKDHS:2-41-6, OKDHS:2-41-12, OKDHS:2-41-13, OKDHS:2-41-14, OKDHS:2-41-15, and OKDHS:2-41-16 are amended to clarify and update: (1) terminology; (2) current form names and numbers; (3) definitions; (4) mission statement; (5) goals; and (6) performance standards.

OKDHS CHAPTER 2. ADMINISTRTIVE COMPONENTS

OKDHS SUBCHAPTER 41. DATA SERVICES DIVISION

OKDHS:2-41-1. ~~General policy~~ Data services

~~Issued 12-17-96~~ Revised 6-15-08

(a) Purpose.~~The Department of Human Services (DHS) charges the~~ Data Services Division (DSD) ~~with the responsibility to~~:

(1) ~~support~~ supports the development and maintenance of all Oklahoma Department of Human Services (OKDHS) automated information systems;

(2) ~~provide~~ provides data security support;

(3) ~~operate~~ operates a host computer center to support OKDHS services;

(4) ~~provide~~ provides and manage a telecommunications network;

(5) ~~provide~~ provides assistance in OKDHS management planning for information systems;

(6) ~~approve~~ approves all OKDHS requisitions for electronic data processing hardware and software;

(7) ~~coordinate~~ coordinates and ~~plan~~ plans for overall OKDHS efficient, cost/ effective data processing systems;

(8) ~~provide~~ provides advice and coordination on the best design techniques and practices for OKDHS data systems.;

(9) ~~establish~~ establishes and ~~maintain~~ maintains departmental standards for:

(A) data processing performance;

(B) data security architecture; and

(b) Mission.The mission of DSD is to provide information technology solutions that enable OKDHS to excel in the delivery of public services, utilizing proven technologies, sound business practices, and creative professional staff.

(c) Goals.OKDHS establishes goals as part of its ten-year strategic planning process.All of the DSD goals and objectives are intended to assist OKDHS in achieving the strategic plan goal of continuously improving systems and processes to achieve agency goals.

(d) Desired performance standards.DSD publishes quarterly performance reports documenting actual performance compared to performance standards.DSD performance standards are:

(1) 99.7% availability of the Information Management System (IMS) network during prime shift, 7:00 a.m. - 6:00 p.m., Monday through Friday;

(2) 99.5% availability of the IMS network during non-prime shift, 6:00 p.m. - 7:00 a.m., Monday through Friday and all day Saturday and Sunday;

(3) 2.5 second average end user response time;

(4) 24 hour batch turnaround for all scheduled production processing; and

(5) 99.3% average availability of all IMS transactions.

DHS:2-41-2. Legal base and authority [REVOKED]

~~Issued 12-17-96~~ Revoked 6-15-08

The authority of the Department to operate DSD separate and apart from the State Central Data Processing Agency is based on decisions of the Oklahoma Department of Human Services Commission and state statutes.

DHS:2-41-3. Mission and goals [REVOKED]

~~Issued 12-17-96~~ Revoked 6-15-08

(a) Mission. The mission of the Data Services Division is to provide quality data processing services to the Department of Human Services utilizing proven technologies, sound business practices, and creative professional staff.

(b) Goals. DHS has established six goals as part of its' ten-year strategic planning process. All of the Data Service Division's goals and objectives are intended to assist DHS in achieving the goal of "continuously improve systems and processes to achieve agency goals."

OKDHS:2-41-4. Definitions

~~Issued 12-17-96~~ Revised 6-15-08

The following words and terms when used in the Part, shall have the following meaning, unless the context clearly indicates otherwise.

"Application" means a software program designed to enable end users to carry out a specific task or function.Word processors, spreadsheets, graphics programs, and data managers are ~~examples of applications~~ application examples.

"Automated information systems" means computerized processes which collect, store, calculate, and display or report information about business processes.

"Bus"means a subsystem that transfers data between computer components inside a computer or between computers. In a network, a bus is a transmission path on which signals are dropped off or picked up at every device attached to the line. Only devices addressed by the signals pay attention to them; the others discard the signals.

"Channel Service Unit / Digital Service Unit (CSU/DSU)"; means a system that converts electronic computer protocol to digital telephone protocol and vice versa.

"Confidential data" is any piece of data or set of data, the misuse of which violates existing laws or policy, violates client confidentiality or privacy, creates a liability exposure for OKDHS, or creates the opportunities for fraud or other illegal activity.

"Controller" means a device that acts as the electrical and logical interface between a data terminal equipment and a local area network bus.

"DB2 (Database-2)" means IBM's strategic product for general purpose information storage, including database management.It is a reasonably complete implementation of the relational technology.The most strategic component/ or aspect of DB2 is the interface ~~to it, namely,~~ SQL. ~~In fact,~~ DB2 is properly viewed as an SQL engine.

"Data base architecture" means overall plan and design for OKDHS data structure.

"Data Security" means processes and procedures to ensure data collected and maintained by OKDHS is protected from inadvertent or intentional damage or misuse.

~~"Dial-up"~~ ~~is a term used to refer to a technology that allows the capability to dial-in or dial-out of a computing capability or network.~~

"Hardware" means terminals, printers, personal computers, CSU/DSU's, controllers, routers, hubs, servers, and central site equipment.

"Information Management System (IMS)" is means an IBM software product providing an environment for data base and transaction processing and data base management.

"ITB" means Invitation to Bid.

"Local Area Network (LAN)" means a hardware and software environment consisting of a central computer, ~~usually~~ referred to as a server, that has multiple personal computer workstations, ~~usually~~ referred to as client(s), and allows/ or supports telecommunications among the clients.

"Network" means a configuration of data processing devices and software connected for information exchange.

"PC" means personal computer.

"Remote Access" means a technology that allows the capability to dial-in or dial-out of a computing capability or network.

"Router" means a device that performs a function similar to a local or remote bridge. Routing, however, occurs at Layer 3 of the OSI reference model.

"Server" means main controller for the PC's hooked to a ~~Local Area Network~~ LAN.

"Virus" means an unauthorized data processing application which may alter or destroy computerized data and/or equipment.

"Wide Area Network (WAN)" means telecommunications network composed of multiple LAN's connected via a WAN server, routers, hubs, and phone lines.

"Workstation" means the individual OKDHS employee's personal computer and printer.

DHS:2-41-5. Desired performance standards [REVOKED]

~~Issued 12-17-96~~ Revoked 6-15-08

~~(a) DSD strives to meet the following performance standards:~~

~~(1) 99.7% availability of the IMS network during prime shift (7:00 a.m. - 6:00 p.m., Monday through Friday);~~

~~(2) 99.5% availability of the IMS network during non-prime shift (6:00 p.m. 7:00 a.m., Monday through Friday and all day Saturday, and Sunday);~~

~~(3) 2.5 second average end user response time;~~

~~(4) 24 hour batch turnaround for all scheduled production processing; and~~

~~(5) 99.3% average availability of all IMS transactions.~~

~~(b) DSD publishes quarterly performance reports documenting actual performance compared to performance standards.~~

OKDHS:2-41-6. ~~Comptroller’s Office/Business Services Unit~~ Data Services Division Units

~~Issued 12-17-96~~ Revised 6-15-08

This unit provides administrative and fiscal support services to the division, including coordination of staff development and training activities; switchboard and reception duties; and traditional business services, such as general accounting, accounts payable, claims processing, budgeting, purchase authorization system maintenance, requisition/purchase of goods and services, contract administration, inventory, and asset management. In addition to those duties listed above that are specific to the support of the division, this unit completes the Agency's annual Long Range Data Processing Plan (as required by SB401) and processes any required updates during the fiscal year. The unit submits this three year plan to the Office of State Finance (OSF) each year as a part of the Agency's overall budget process (see (DHS:2-41-12). This unit also maintains an inventory of all Agency data processing hardware and software that is submitted to Office of State Finance each year as required by law. The inventory includes information regarding manufacturer, model, serial number, and warranty end date, so that this unit has the information necessary to secure appropriate maintenance contracts each fiscal year for all Agency data processing hardware and software state-wide.

(a) Enterprise Application Services.Enterprise Application Services (EAS) is responsible for consultation, design, development, and maintenance for most OKDHS data processing applications and systems.EAS and the appropriate divisions are responsible for approving all OKDHS applications that process on the host and client server environment supported by DSD.When contracting these services, EAS provides management and staff.The services performed are:

(1) research;

(2) consultation;

(3) maintenance;

(4) enhancement; and

(5) new programming.

(b) Enterprise Support Services.Enterprise Support Services (ESS) is comprised of five sections:

(1) Production Services provides technical support for the set up and validation of all production batch and file transfer jobs;

(2) Operations:

(A) oversees all central site equipment such as network, servers, and mainframe;

(B) oversees daily production schedules; and

(3) Remote Site Services installs all equipment and software in local offices; and

(4) Problem Determination and Resolution:

(A) works to resolve any highly complex problems that arise needing cross unit analysis; and

(B) is operational 24 hours a day, seven days a week, excluding holidays.

(5) Facilities:

(A) maintains an inventory of all OKDHS data processing hardware and software including:

(i) manufacturer;

(ii) model;

(iii) serial number; and

(iv)warranty end date;

(B) submits the inventory to Office of State Finance annually per Section 41.5e of Title 62 of the Oklahoma Statutes; and

(c) Enterprise Technical Services.Enterprise Technical Services (ETS) is responsible for technical support of information technology (IT) services provided throughout the OKDHS computer network environment.Sections within ETS include: Database Services, Infrastructure Platform and Software Services, Security Services and Telecommunications Services.The specialists in ETS work in conjunction with other DSD units in their efforts to support the OKDHS environment, and teams with other DSD units and OKDHS divisions to collaborate on OKDHS projects and processes.Services provided by ETS include:

(1) generation, security, availability, and recoverability of OKDHS host-based Information Management System (IMS), Oracle, Database 2 (DB2), and Structured Query Language (SQL), server data base and data stored and maintained in the data bases.Host in this context refers to the data base servers residing in the OKDHS Data Center at 1110 N.E. 12^thOklahoma City, OK;

(2) support, security, availability, and recoverability of the OKDHS network environment that includes servers residing at the OKDHS Data Center, in remote field locations, third party software, and the telecommunications equipment and circuits used for connectivity across the network;

(3) support for decentralized data security activities including the decentralized data security representatives;

(4) design, development, maintenance, and security of the Intranet or Internet applications as related to the access of information or data stored and maintained in any of the host based servers; and

(5) support for OKDHS data sharing committees whose activities relate to data sharing at the intra-agency, interagency, interstate, and non-OKDHS levels.

(d) Customer Relations Services.Customer Relations Services (CRS):

(1) facilitates the delivery of quality solutions and services provided by DSD through information sharing and feedback ensuring the technology direction supports the business of OKDHS and customers;

(2) measures customer service success;

(3) continuously improves communications within OKDHS; and

(4) promotes and markets technology solutions;

(5) supports all OKDHS Information Technology (IT) budgeting and fiscal operations;

(6) supports traditional business services, such as:

(A) general accounting;

(B) accounts payable;

(D) budgeting,;

(E) purchase authorization system maintenance;

(F) requisition/purchase of goods and services;

(G) contract administration;

(H) inventory, asset management;

(I) human resource services;and

(J) training

(7) completes OKDHS annual Long-Range Electronic Data Processing Plan (Plan) per Section 41.5e of Title 62 of the Oklahoma Statutes;

(8) processes any required updates of the Plan during the fiscal year;

(9) submits the Plan to the Office of State Finance (OSF) each year as a part of the OKDHS overall budget process per OKDHS:2-41-12; and

(10) maintains an inventory of all OKDHS data processing hardware and software including:

(A) manufacturer;

(B) model;

(D) warranty end date.

(e) Architecture and Design.Architecture and Design (A & D) is composed of four sections:Security, Data, Delivery, and Applications and is responsible for:

(1) developing technology implementation plans;

(2) collaborating with other DSD units and sections to develop and document DSD processes and standards;

(3) reviewing each technology solution supported by DSD to ensure compliance with OKDHS DSD enterprise strategies;

(4) ensuring designs support the OKDHS enterprise architecture;

(5) approving all OKDHS requisitions for all non-standard electronic data processing hardware and software to ensure that the acquisition is compatible with the current data processing environment and consistent with future planning and standards;

(6) reviewing and evaluating new data processing technology; and

(7) establishing technology hardware and software standards for OKDHS.

(f) Research and Strategy.In collaboration with other units within DSD, Research and Strategy is responsible for:

(1) performing research in support of the OKDHS DSD Enterprise Architecture;

(2) developing strategies for the implementation of needed products and services to support OKDHS business requirements, such as strategies for:

(A) privacy;

(B) security;

(D) technological solutions;

(3) long-term strategic planning and support;

(4) risk assessment of recommended technology solutions; and

(5) collaborating with CRM Business Development to establish new marketing and promotional material for DSD.

(g) Business Quality.Business Quality staff is integrally involved with all areas of DSD to coach and ensure that quality practices are followed as a fundamental part of daily practice.Business Quality:

(1) enforces quality in the products and services offered by OKDHS DSD; and

(2) provides business continuity initiatives for OKDHS by:

(A) implementing and monitoring the primary components of quality:

(i) Process Definition;

(ii) Requirements Management;

(iii) Project Tracking;

(iv) Change Management;

(v) Risk Management; and

(vi) Performance Measurements; and

(B) instituting business continuity practices into the OKDHS systems; and

(3) establishes new practices that are well planned, thoroughly defined, and measured to ensure not only compliance, but to continually optimize processes to improve customer service.

(h) Project Management Office.The Project Management Office (PMO) is responsible for:

(1) delivering professional project management services to OKDHS divisions through the delivery of new and existing information technology projects; and

(2) managing the OKDHS portfolio management process including the communication, facilitation, and management of OKDHS Information Technology Governance Board projects.

DHS:2-41-7. Systems Design and Development Unit [REVOKED]

~~Issued 12-17-96~~ Revoked 6-15-08

The Systems Design and Development (SDAD)unit is responsible for the consulting, design, development and maintenance for most DHS data processing applications and systems. When contracting for these efforts, SDADprovides management and staff during the contracted activities. The types of activities performed by SDAD are: research and consulting, maintenance, enhancement, and new programming. The Administration for the Systems Design and Developmentand the appropriate division are responsible for approving all DHS applications which will process on the host and/or client/server environment supported by DSD.

DHS:2-41-8. Data Center Services Unit [REVOKED]

~~Issued 12-17-96~~ Revoked 6-15-08

~~The Data Center Services (DCS) unit operates the Computer Center.The unit is operational 24 hours a day each day of the year excluding holidays.Organization sections of the Data Center are:~~

~~(1)Technical Support is responsible for obtaining, installing, and maintaining the current operating system(s) software and configuration;~~

~~(2) Production Services is responsible for the scheduled production processing, job set up , job check out, and output distribution; and~~

~~(3) Operations is responsible for the operation of the computer equipment and tape library in the Data Center~~

DHS:2-41-9. Data Base Administration [REVOKED]

~~Revised 2-1-00~~ Revoked 6-15-08

~~The Data Base Administration (DBA) unit is responsible for:~~

(1) generation, security, availability, and recoverability of the Department's host-based Information Management System (IMS), Oracle, Database 2 (DB2), and Structured Query Language (SQL) Server data bases and the data stored and maintained in these data bases."Host" in this context refers to the data base servers residing in DHS' Data Center at 1110 N.E. 12th, Oklahoma City, OK;

(2) design, development, and maintenance of a Data Security Architecture and the associated guidelines for DHS' complete data processing environment including not only computers, but also DHS' networks, both Local Area Networks (LANs) and Wide Area Networks (WANs), the associated interagency and Internet connections, and DHS' host-based dial-up capability;

~~(3) support for decentralized data security activities including the decentralized data security representatives;~~

(4) design, development, and maintenance of a data base architecture sufficient to support the unique identification of each client and the non-redundant storage of client data including program participation data for each client.This data base component also supports the linkages of this client data to, and from, the programmatic area subsystems;

(5) design, development, maintenance, and security of the Intranet or Internet applications as related to the access of information or data stored and maintained in any of the host data base servers; and

~~(6) support for DHS’ data sharing committees whose activities relate to data sharing at the intraagency, interagency, interstate, and non-DHS levels.~~

DHS:2-41-10. Customer Support Services Unit (CSSU) [REVOKED]

~~Revised 2-1-00~~ Revoked 6-15-08

Customer Relationship Management (CRM) Unit facilitates the delivery of quality solutions and services provided by DSD, through information sharing and feedback to ensure that the technology direction supports the business of the Department and the business of customers. CRM also measures customer service success, continuously improves communications to the agency, and promotes and markets technology solutions

~~INSTRUCTIONS TO STAFF~~

1.Customer Support Services Unit (CSSU) coordinates the acquisition of all DHS workstation hardware and software.CSSU assists DHS divisions and offices in the development of long range data processing plans for inclusion in Data Services Division’s (DSD’s) long range plans and in the Senate Bill 401 Long Range Data Processing Planning document.

DHS: 2-41-11.Network and Local Area Network (LAN) Management (NLM) Unit [REVOKED]

~~Revised 2-1-00~~ Revoked 6-15-08

~~The NLM Unit provides both long and short range technology planning for data processing related equipment, networks, and software.~~ ~~g 1~~

~~INSTRUCTIONS TO STAFF~~

The administration of this unit is responsible for approving all DHS requisitions for electronic data processing hardware and software to ensure that the acquisition is compatible with the current data processing environment and consistent with future planning, standards, and the like.

The Network and Local AreaNetwork (LAN) Management (NLM) Unit is responsible for reviewing and evaluating new data processing technology and for establishing technology hardware and software standards for the Department.

~~The unit also provides software and hardware systems support for the LANs and Wide Area Networks.This systems support includes the operation of a Call Center and System Problem Resolution Unit.~~

~~Network hardware and software moves, adds, and changes are coordinated by this unit.~~

~~The unit provides E-Mail service support.~~

~~The NLM Unit manages software distribution to the DHS standard LANs.~~

OKDHS:2-41-12. Data processing planning

Revised ~~2-1-00~~ 6-15-08

(a) The ~~Department's~~ Oklahoma Department of Human Services (OKDHS) data processing planning is carried out at the division level and projected, tracked, approved, and controlled through the OKDHS Strategic Plan and the Long Range Data Processing Systems Plan (plan) ~~made law by the Second Session of the 39th Legislature Senate Bill 401 in 1984~~ per Section 41.5e of Title 62 of the Oklahoma Statute.The plan is a requirement of all state agencies that utilize or plan to utilize data processing equipment or software.As part of the budget request process each year and in accordance with referenced statutes, ~~the Department~~ OKDHS is required to develop a data processing planning document that covers three fiscal years beginning with the first fiscal year of the budget request.The plan is submitted to the Office of State Finance (OSF) no later than October 1 each year.The ~~Data Services Division (DSD) Division Administrator~~ director of the Data Services Division (DSD) is responsible to ensure that each OKDHS division is provided technical assistance in planning and budgeting for data processing activities and that the plan is submitted timely. The cost estimates for all projects reported for the budget request year must balance to the OKDHS budget request.

(b) The plan includes:

(1) information regarding the ~~Department’s~~ OKDHS mission, governance, duties, and responsibilities.;

(2) ~~Each division provides an overview of their~~ an overview of each division's purpose~~, as well as~~ and status reports for each on-going data processing project.;~~The cost estimates for all projects reported for the budget request year must balance to the Department’s budget request.The plan also details~~

(3) detailed information regarding costs for:

(A) salaries and benefits,;

(B) contracted services,;

(D) hardware maintenance,;

(E) software,;

(F) software maintenance,; and

(G) miscellaneous expenses by year for the budget work program of the base year,;

(H) the on-going systems maintenance and development costs for the budget request year,; and

(I) future development plans for two additional years.The order of the budget information is:

~~(1)~~(i) an overall summary for ~~the Agency~~ OKDHS;

~~(2)~~(ii) a summary for each division; and

~~(3)~~(iii) each project within each division with priority of request noted.In addition to the cost information, each project includes a systems narrative that describes the need addressed by the project and the types of data processing expenditures requested to complete the project.

(c) During the ~~Department’s~~ OKDHS annual budget request cycle, the DSD Customer ~~Support Services Unit’s coordination~~ Relations staff:

(1) provides technical assistance to each division to:

(A) plan for future data processing needs;

(B) determine appropriate staffing, contract services, hardware, software, or both, and other items necessary to meet those needs;

(D) estimate project costs. ~~Each~~ Before a project that is not funded within the requesting division’s budget base is included in the data processing plan, ~~requires that a budget request,~~ Form ~~BR-1~~ OSF BR-40B. is submitted to the OKDHS ~~Office of~~ Finance Division ~~to be included~~ for inclusion in the ~~Department’s~~ OKDHS budget request ~~before it can be included in the data processing plan~~.

(d) The ~~DSD Comptroller~~ OKDHS Finance Division comptroller assigned to DSD:

(1) prepares the final plan for submission by:

(A) compiling each division’s information into the format required by OSF,;

(B) developing the division summaries,; and

(2) ensures the plan balances to the ~~Department’s~~ OKDHS budget request ~~that has been~~ approved by the OKDHS Commission for Human Services.

(e) OKDHS is prohibited by law from entering into any agreement for acquisition, development or enhancement of data processing hardware or software unless the need has been included in the OKDHS long range data processing plan.

(f) Revisions to the current fiscal year plan are made by the steps listed in (1) - (6) of this subsection.

(1) The division contacts the DSD Customer ~~Support~~ Relations Services ~~Unit coordination~~ staff assigned to that division for assistance in development of a project proposal.

(2) A project proposal is developed that includes all information listed in (b) of this Section.

(3) The project proposal is reviewed and approved by the ~~Director~~ director of DSD or designee.

(4) The funding for the project is reviewed and approved by the OKDHS Chief Financial Officer or designee.

(5) The ~~DSD Comptroller~~ assigned comptroller prepares and submits the revision to ~~OSF~~ the Finance Budget Unit.

(6) Upon notice of approval by OSF, the division proceeds with purchasing activities related to the project.

OKDHS:2-41-13. Data processing application systems maintenance and development process

Revised ~~2-1-00~~ 6-15-08

Oklahoma Department of Human Services (OKDHS) data processing application systems maintenance and development projects which utilize Data Services ~~Division's (DSD's)~~ Division (DSD) hardware and software are coordinated and approved by DSD.All DSD data processing support are coordinated through ~~DSD's~~ the DSD Customer ~~Support~~ Relations Services (CRS) coordinator assigned to the requesting office or division. ~~g1 - 3~~

(1) Project initiation.The office or division requiring data processing support and the CRS coordinator define the basic requirements of the project.The user division initiates Form 05PM024W, Data Processing Service Request.DSD assigns a number unique to the Form 05PM024W and establishes the appropriate cost center code for cost allocation of the resources utilized by the project.

(2) Requirements.The CRS coordinator works with the requesting division to establish detailed requirements for the service requested.The coordinator assists the requesting division in preparing any necessary federal planning documents, funding requests, or both. If it is determined that part or all of the project is to be out-sourced, the coordinator assists the requesting division in preparing Invitations to Bid (ITB) and evaluating bid responses.

(3) Project plan.If the project is accomplished utilizing DSD resources, the CRMScoordinator:

(A) establishes a project plan;

(B) develops any additional sub-projects;

(C) routes the project plan, work request, and project requirements to the appropriate DSD unit for assignment of resources;

(D) negotiates the project priority; and

(E) monitors the project until completion.

INSTRUCTIONS TO STAFF DHS:2-41-13

1. Project initiation. The office or division requiring data processing support and the Customer Support Services coordinatordefine the basic requirements of the project. The user division initiates Form DP-S-24, Data Processing Work Request, to Data Services Division(DSD). DSD assigns a number unique to the Form DP-S-24 and establishes the appropriate cost center code for cost allocation of the resources utilized by the project.

2. Requirements. DSD's Customer Support Services coordinator works with the requesting division to establish Detailed requirements for the work requested. The coordinator assists the requesting division in preparing any necessary federal planning documents, funding requests, or both. If it is determined that part or all of the project is to be out-sourced, the coordinator assists the requestingdivision in preparing Invitations to Bid (ITB) and evaluating bid responses.

3. Project plan. If the project is to be accomplished utilizing DSD resources,the Customer Support Services coordinator establishes a project plan; develops any additional sub-projects; routes the project plan, work request, and project requirements to the appropriate DSD unit for assignment of resources; negotiates the project priority; and monitors the project until completion.

OKDHS:2-41-14. Acquisition of data processing equipment, software, and supplies

Revised ~~2-1-00~~ 6-15-08

(a) Division support.The Data Services Division (DSD) provides support to the other divisions of the Oklahoma Department of Human Services (OKDHS) by assisting in the acquisition, installation, and maintenance of data processing hardware, software, and supplies.~~All~~ Form ~~ADM-2s~~ 23CO102E, ~~Oklahoma~~ Department of Human Services Requisition, for data processing purchases ~~are~~ is coordinated and approved by DSD to ensure purchases are compatible with the current data processing environment and consistent with the long range data processing plan and OKDHS standards.

(b) Disagreements. In those instances where the user division disagrees with the DSD recommendation, the issue is referred to the ~~Associate Director of Office of Administration~~ Chief Information Officer (CIO).The ~~Associate Director~~ CIO tries to resolve the differences by mutual agreement.If the differences are not resolved by the ~~Associate Director~~ CIO then the issue is referred to the Director of OKDHS for resolution. ~~g 1 - 9~~

(c) Office automation.DSD coordinates development of office automation systems and ensures acquisitions and processes allow for interconnectivity of all equipment.OKDHS moves toward a total integrated system encompassing:

(1) word processing;

(2) electronic mail;

(3) host computer center communication;

(4) personal computing;

(5) communication;

(6) video teleconferencing;

(7) graphics;

(8) data update, storage and retrieval; and

(9) mobile technology.

(d) Supplies.DSD assists other appropriate divisions and units to ensure that state contracts are available to cover needs for technology supplies that cannot be purchased through the standard office supply ordering process.DSD provides input and assistance to the Department of Central Services for establishment of a statewide personal computer hardware contract.DSD secures non-encumbered contracts for other Local Area Networks (LANs) and Wide Area Networks (WANs) related hardware and software needs.

(e) Maintenance contracts.DSD establishes OKDHS maintenance contracts for data processing hardware and software including terminals, printers, personal computers, Channel Service Unit (CSU) and Data Service Unit (DSU) controllers, routers, hubs, servers, central site equipment, and all standard purchase software associated with the LAN/WAN and central site data processing.

(f) Hardware and software inventory.An inventory of all hardware and software installed statewide is maintained by DSD so that maintenance contracts for all OKDHS hardware and software are secured appropriately each year and to meet the annual state agency reporting requirement per OKDHS:2-41-12. All divisions are expected to forward a copy of receiving report documentation to DSD Enterprise Support Services for all hardware and software acquired. Any move, change, addition, or deletion of hardware or software is promptly reported.The inventory information maintained includes:

(1) purchase authorization number;

(2) manufacturer;

(3) model number;

(4) serial number;

(5) description;

(6) cost;

(7)warranty end date;

(8) location installed; and

(9) technical and network information.

(g) Hardware.DSD is responsible for:

(1) approving all purchase or lease of data processing hardware;

(2) having available the necessary contracts to expedite the ordering and to provide standardization;

(3) preparing and coordinating bid documents, and reviewing all such documents which are prepared by users;

(4) completing Form 23CO102E for data processing hardware and sending it to the requesting user division for purchase authorization number, approval, and processing in those instances where non-DSD funds are used.Form 23CO102E then goes through normal processing channels to Support Services Division Contracts and Purchasing; and

(5) coordinating delivery of hardware.

(h) Installation.Preparation for installation is described in (1) - (2) of this subsection.

(1) Planning.DSD assists in the installation planning and the acquisition of the resources for the installation of electronic data processing hardware and software and the installation of the hardware, software, and cabling necessary to provide LAN or WAN connectivity.

(2) Site preparation.DSD assists in an advisory capacity to identify necessary physical requirements for installation of electronic data processing equipment, such as electrical, air conditioning, and space.Users are responsible for all modifications, such as electrical modifications or changes necessary for the installation of their electronic data processing equipment.

(i) Maintenance service calls. All problems with supported LAN or WAN hardware and software are reported through the DSD Call Center.The Call Center logs the problem and places a trouble call with the appropriate DSD unit or contractor to resolve the problem.

(j) Data processing equipment moves.When it becomes necessary to relocate an office or data processing equipment within an office, planning and acquisition of the equipment and resources are initiated a minimum of eight weeks in advance of date of the required move, installation, or both.

(1) The OKDHS division or office requiring the move notifies the DSD Customer Relations Services (CRS) assigned coordinator of the proposed move.County offices route their move request to their area director and Field Operations Division (FOD) for approval.FOD coordinates the county office move with DSD and any other necessary division.This notification includes:

(A) the physical locations from and to which the equipment is being moved;

(B) the equipment identification such as type of equipment, serial numbers, bar codes, and finding location of the equipment;

(D) network connectivity such as KIDS, Model County, and Human Resources Information System (HRIS).

(2) Acquisition of additional equipment or connectivity resources may be required for the items listed in (A) - (F).

(A) Electrical capacity. Electrical capacity is reviewed to determine if additional capacity is required.

(B) Cabling. The relocating office must arrange the cabling with the wiring contractor, currently the OKDHS Support Services Division (SSD) Facilities Management Services Construction Unit.At least one month’s notification is normally required by the contractor prior to the installation date.The DSD CRRM assigned coordinator is available to assist with planning.

(C) Network devices such as routers, hubs, CSU and DSUs.The equipment is ordered at least eight weeks prior to the desired installation date by the relocating office with the assistance of DSD.

(D) Data lines.DSD arranges for the appropriate phone company to install the necessary lines at least four weeks prior to the desired installation date.

(E) Work stations.Work stations are ordered at least eight weeks prior to the desired installation date by the relocating office with the assistance of DSD.

(F) Printers.Printers are ordered at least eight weeks prior to the desired installation date by the relocating office with the assistance of DSD.

(3) The relocating office is responsible for arranging for the packing, unpacking, transportation, and installation of all new and existing equipment.

(4) The relocating office must notify SSD of the bar codes and serial numbers of all equipment which is acquired, moved, or both.

(k) Software. Responsibilities of DSD regarding software purchases include:

(1) reviewing and recommending software purchases, leases, or both;

(2) approving all computer software acquisitions prior to purchase;

(3) preparing Form 23CO102E to order the software and transmitting the paperwork to the respective division for purchase authorization number, approval, and processing in those instances where non-DSD funds are used;

(4) providing recommendations for training and consulting support on a standard set of software;

(5) providing recommendations for methods of obtaining installation support of all software;

(6) providing maintenance contracts for all supported software, when deemed necessary. DSD is not responsible for maintenance of programs developed and written by users, although it is available to provide technical support as feasible; and

(7) tracking all software licenses ensuring compliance with vendor copyright laws and licensing requirements.

INSTRUCTIONS TO STAFF OKDHS:2-41-14

1. Office automation. Data Services Division (DSD) coordinates development of office automation systems and ensures acquisitions and processes allow for interconnectivity of all equipment in the future. OKDHS moves toward a total integrated system encompassing:

~~(1) word processing;~~

~~(2) electronic mail;~~

~~(3) host computer center communication;~~

~~(4) personal computing;~~

~~(5) communication;~~

~~(6) video teleconferencing;~~

~~(7) graphics, and~~

~~(8) data update, storage and retrieval~~

2. Supplies. DSD assists other appropriate divisions and units to ensure that state contracts are available to cover departmental needs for standard supplies such as printer paper and ribbons. DSD provides input and assistance to the Department of Central Services for establishment of a personal computer hardware statewide contract. DSD secures non-encumbered contracts for other Local Area Networks (LANs) and Wide Area Networks (WANs), related hardware and software.

3.Maintenance contracts. DSD establishes DHS maintenance contracts for data processing hardware and software which includes terminals, printers, personal computers, Channel Service Unit (CSU) and Data Service Unit's (DSU) controllers, routers, hubs, servers, central site equipment, and all standard purchased software associated with the LAN/WAN and central site data processing.

4. Hardware and software inventory. An inventory of all hardware and software installed statewide is maintained by DSD so that maintenance contracts for all agency hardware and software as described in Instructions to Staff #3 are secured appropriately each year, as well as to meet the annual state agency reporting requirement that an annual hardware and software inventory is submitted to the Office of State Finance. The inventory information maintained includes purchase authorization number, manufacturer, model number, serial number, description, cost, warranty end date, location installed, and technical and network information. All divisions are expected to forward a copy of receiving report documentation to the DSD Business Services Unit for all hardware and software acquired. Any move, change, add, or delete of hardware or software is promptly reported.

~~5. Hardware. DSD is responsible for:~~

~~(1) approving all purchase or lease of data processing hardware;~~

~~(2) having available the necessary contracts to expedite the ordering and to provide standardization;~~

~~(3) preparing and coordinating bid documents, and reviewing all such documents which are prepared by users;~~

(4) completing the Form Adm-2, Department of Human Services Requisition, for data processing hardware and sending it to the requesting user division for purchase authorization number, approval, and processing in those instances where non-DSD funds are being used. The Form Adm-2 then goes through normal processing channels to Contracts and Purchasing; and

~~(5) coordinating delivery of hardware.~~

~~6. Installation. Preparation for installation is described in (1) - (2) of this instruction.~~

(1) Planning. DSD assists in the installation planning and the acquisition of the resources for the installation of electronic data processing hardware and software and the installation of the hardware, software, and cabling necessary to provide LAN or WAN connectivity.

(2) Site preparation. DSD assists in an advisory capacity to identify necessary physical requirements for installation of electronic data processing equipment, such as electrical, air conditioning, and space. Users are responsible for all modifications, such as electrical modifications or changes necessary for the installation of their electronic data processing equipment.

7.Maintenance service calls. All problems with supported LAN or WAN hardware and software are reported through the DSD Call Center. The Call Center logs the problem and places a "trouble call" with the appropriate DSD unit or contractor to resolve the problem.

8. Data processing equipment moves. When it becomes necessary to relocate an office or data processing equipment within an office, planning and acquisition of the equipment and resources must be initiated a minimum of eight weeks in advance of date of the required move, installation, or both.

(1) The DHS division or office requiring the move notifies the DSD Customer Support Services Unit (CSSU) assigned coordinator of the proposed move. County offices route their move request to their Area Director for approval and Office of Field Operations (OFO). OFO coordinates the county office move with DSD and any other necessary Division. This notification includes:

~~(A) the physical locations from and to which the equipment is being moved;~~

~~(B) the equipment identification such as type of equipment, serial numbers, Oklahoma Public Welfare Commission (OPWC) numbers, and finding location of the equipment;~~

~~(C) contact person name and phone number; and~~

~~(D) network connectivity such as KIDS, Model County, and Human Resources Information System (HRIS).~~

~~(2) Acquisition of additional equipment or connectivity resources may be required for the items listed in (A) - (F).~~

~~(A) Electrical capacity. Electrical capacity is reviewed to determine if additional capacity is required.~~

(B) Cabling. The relocating office must arrange the cabling with the wiring contractor, currently the DHS Facilities Management Services Construction Unit. At least one month’s notification is normally required by the contractor prior to the installation date. The DSD Customer Support Services assigned coordinator is available to assist with planning.

(C) Network devices such as routers, hubs, CSU and DSUs. This equipment is ordered by the relocating office with the assistance of DSD. The equipment is ordered at least eight weeks prior to the desired installation date.

~~(D) Data lines. DSD arranges for the appropriate phone company to install the necessary lines. The notification to the phone company must be at least four weeks prior to the desired installation date.~~

~~(E) Work stations. This equipment is ordered by the relocating office with the assistance of DSD. This equipment is ordered at least eight weeks prior to the desired installation date.~~

~~(F) Printers. This equipment is ordered by the relocating office with the assistance of DSD. This equipment is ordered at least eight weeks prior to the desired installation date.~~

~~(3) The relocating office is responsible for arranging for the packing, unpacking, transportation, and installation of all new and existing equipment.~~

~~(4) The relocating office must notify the Office Support Services Division of the OPWC and serial numbers of all equipment which is acquired, moved, or both.~~

~~9.Software. Responsibilities of DSD regarding software purchases include:~~

~~(1) reviewing and recommending software purchases, leases, or both;~~

~~(2) approving all computer software acquisitions prior to purchase;~~

(3) preparing Form Adm-2, Department of Human Services Requisition, to order the software and transmitting the paperwork to the respective division for purchase authorization number, approval, and processing in those instances where non-DSD funds are being used;

~~(4) providing recommendations for training and consulting support on a standard set of software;~~

~~(5) providing recommendations for methods of obtaining installation support of all software;~~

~~(7) tracking all software licenses ensuring compliance with vendor copyright laws and licensing requirements.~~

OKDHS:2-41-15. Data security

Revised ~~8-1-00~~ 6-15-08

(a) General policy. All data collected and maintained by OKDHS is owned by and becomes the responsibility of OKDHS.The objective of data security is to ensure the data collected and maintained by OKDHS is protected from inadvertent or intentional damage or misuse.Data is accessible, subject to legal restrictions and the appropriate approval processes as outlined in this ~~policy~~ regulation, to all entities, both governmental and non-governmental, as needed to accomplish OKDHS objectives.There is no expressed or implied expectation of privacy for users of any OKDHS computer network, computer equipment, or other computer resources.All actions or keystrokes of such users may be monitored at any time.

(1) Data security is the responsibility of all individuals who interact in any way with OKDHS' computer systems, computer resources, networks, or data. These individuals have the basic responsibility to protect data and conserve resources ~~which~~ they use, or come in contact with, in the course of performing their assigned duties, and they are responsible for utilizing and implementing practices ~~which~~ that support and comply with OKDHS' data security guidelines.

(2) Data Services ~~Division's~~ Division (DSD) ~~Data Security Unit,~~ Enterprise Technical Services (ETS) Security Services Section, in conjunction with the OKDHS Information Security Officer (ISO), is responsible for drafting, obtaining OKDHS management's approval, disseminating, and updating OKDHS' data security guidelines.

(3) DSD, in conjunction with the OKDHS ISO, has lead responsibility for data security as it relates to data in machine readable form.~~DSU has lead responsibility for~~ The ETS Security Services Section assists with monitoring data security practices and interfacing with Electronic Data Processing (EDP) auditors.

(b) Delegation of data ownership. For the purposes of interpreting confidentiality restrictions imposed by law, establishing data classification, and approving access to data, ownership of data is delegated by OKDHS to the OKDHS ~~Division Directors~~ division directors, whose divisions collect and maintain the data.

(1) All data ~~must be~~ is classified as either confidential ~~data~~ or non-confidential data.

(A) Confidential data is any piece of data or set of data, the misuse of which violates existing laws or policy, violates client confidentiality or privacy, creates a liability exposure for ~~the Department~~ OKDHS, or creates the opportunities for fraud or other illegal activity.

(B) Non-confidential data is any piece of data or set of data which is not "confidential."

(2) Guidelines for classification are listed in (A) - (C) of this paragraph.

(A) A data set is classified according to the most sensitive detail it includes.

(B) Information recorded in several formats of media, for example source document, electronic record, or report has the same classification regardless of format or media.

(C) OKDHS is in compliance with Oklahoma's Open Records Act; therefore, certain designated persons who are authorized to release records may request the normal classification category be waived, subject to approval by the owner of the data.

(d) Assignment of responsibilities.Data security is the responsibility of all individuals who interact in any way with OKDHS computer systems, computer resources, network, or data.[OKDHS:2-41-15(a)]These individuals have the basic responsibility to protect data and conserve resources ~~which~~ they use or come in contact with in the course of performing their assigned duties, and they are responsible for utilizing and implementing practices which support and comply with OKDHS' data security guidelines.Data security administration consists of three primary entities which are in turn supported by several functional area entities.The three primary entities are the owner(s) of the various collections of data, ~~DHS’ Data Security Administrator~~ the OKDHS ETS Security Services manager, who is responsible for ~~DSD's Data Security Administration Unit,~~ DSD ETS Security Services Section, and a network of decentralized data security representatives. g1The specific responsibilities of each entity are listed in (1) - (3) of this subsection.

(1) Responsibilities of the owner are described in (A) - (B).

(A) The owner of a collection of data is the director of the OKDHS division responsible for the collection and maintenance of that data.Shared collection and maintenance of data implies shared ownership.

(B) Data processed by the computerized systems must have an identified owner, director of an OKDHS division, and the assignment must be documented.The director of the OKDHS division may delegate ownership responsibilities to another individual.The owner of data has the authority and responsibility to:

(i) keep data security administration advised of the delegation of ownership responsibilities;

(ii) classify data according to legal and policy restrictions; [OKDHS:2-41-15(c)]

(iii) determine and authorize access and utilization criteria based on the classification; and

(iv) specify and communicate access and utilization criteria to the ETS Security Services manager.

(2) Responsibilities of the ETS Security Services manager are described in (A) - (B).

(A) The ETS Security Services manager is responsible for processing and storage of the information used to provide data security for computerized data and resources.

(B) The ETS Security Services manager has the responsibility to administer controls as specified by the owner.These responsibilities include:

(i) administering access controls to data and resources;

(ii) providing procedural safeguards;

(iii) providing method of assigning unique logon numbers (IDs) and encrypted passwords to ensure user accountability;

(iv) furnishing reports of access violations as required;

(v) providing security awareness education to owners and users;

(vi) maintaining information concerning which users have access to what data and resources; and

(vii) alleviating disagreements between users and owners concerning access.

(3) The responsibilities of the decentralized security representative are described in (A) - (B).

(A) Decentralized security representatives are named by the owner and coordinate security activities with the ETS Security Services manager.Each division director appoints, as additional duty, a decentralized security representative. The DSD ETS Security Services manager is advised by memo of the appointment and each time a new representative is appointed.

(B) Decentralized security representatives are typically responsible for:

(i) assisting the ETS Security Services manager within the guidelines of OKDHS policy;

(ii) assisting in development of security designs for user requirements which fall within his or her scope;

(iii) testing and exercising the security controls which fall within his or her scope;

(iv) documenting security controls within his or her scope;

(v) administering access controls to data and resources "owned" by his or her division;

(vi) providing procedural safeguards;

(vii) providing a method of assigning unique logon IDs and encrypted passwords to ensure user accountability;

(viii) reporting violations, abuse of logon IDs, and potential breaches in security to appropriate authorities and providing follow-up activity if needed;

(ix) setting up new users and terminating users as appropriate, including notifying DSD Security Services of new, moved, or terminated employees in the division if those employees have or need IDs established in the DSD environment;

(x) re-setting user passwords, as needed;

(xi) complying with all security controls established by the owner of the data and DSD ETS Security Services Manager;

(xii) training the users of the LAN on security control established for the LAN; and

(xiii) interfacing with and providing information to auditors.

(e) Functional responsibilities.Functional responsibilities of each area are described in (1) - (8) of this subsection.

(1) ~~Data Base Administration~~ ETS Security Services Section is the organizational unit within DSD ~~which has lead responsibility~~ responsible for maintaining the security of OKDHS ~~host based~~ computerized data and ensuring a valid and secure ~~data base architecture~~ network environment.~~The Data Base Administration ETS Security Services Section Unit has lead responsibility for security administration~~ within the guidelines of OKDHS policy.The ~~Data~~ Security ~~Administrator~~ Services manager is a member of this organizational unit and is in charge of the Data Security ~~Unit~~ Services Section.~~g 2~~

(2) The ~~Technical Support~~ ETS Infrastructure Platform and Software ~~section of the Data Center Services Unit~~ Section maintains the current hardware, operating system(s) and third party software ~~and~~ configuration and administration.

(3) The Telecommunications Services Section maintains the LAN and WAN for OKDHS.

(4) The Database Services Section maintains the database repositories in use at OKDHS.

(35) The Production Services Section of ~~the Data Center Services Unit~~ ESS is responsible for the scheduled production processing, job set up, job check out, and output distribution.Production services activities performed by other units within OKDHS are also covered under this standard.Production processing is handled in a secure manner. ~~g 3~~Production Services is responsible for:

(A) accessing data and resources through the production facilities as developed by the Enterprise Technical Services Unit, and Enterprise Application Services area; and

(B) maintaining production libraries.

(46) The Operations section of ~~the Data Center Services Unit~~ ESS is responsible for operation of the computer equipment in the Data Center.~~g 4~~ Operations is responsible for accessing data and resources through the facilities as developed by the Enterprise Technical Services unit.

(57) ~~The Systems Design and Development Unit~~ Enterprise Application Services develops and maintains OKDHS applications, plans and designs efficient and cost effective data processing systems, and advises on design techniques and practices for ~~the Department~~ OKDHS.~~g 5~~Enterprise Application Services is responsible for:

(A) ensuring security requirements are addressed in the design and development process;

(B) designing the security requirements for the applications according to the established standards and working with the Data Security Administrator to implement these requirements; and

(C) determining if modifications to existing systems will have an impact on security, and if so, notifying the Data Security Administrator.

(68) ~~The~~ Customer ~~Support Services Unit~~ Relationship Management (C~~SSU~~CRM) is responsible for coordination and communication with user divisions and other agencies.~~CSSU~~ CRM serves as a liaison between the OKDHS user community and ~~DSD's Data Security Unit~~ DSD Enterprise Technical Services. ~~g 6~~The Enterprise Technical Services Unit, Telecommunications Services Section is responsible for the OKDHS networks and for maintaining network security, in conjunction with the ETS Security Services Section.

(7) The Network and Local Area Network (LAN) Management (NLM) Unit provides both long and short range technology planning for data processing related equipment, networks, and software.The unit also provides software and hardware systems support for the LANs and Wide Area Networks.

(89) Users include employees of OKDHS, approved vendors, and other approved individuals who operate, use or interface in any way with the OKDHS computer systems, computer resources, or computerized data.~~g 7g 8~~The users are responsible for:

(A) complying with all security controls established by the owner and data security;

(B) using the data only for the accomplishment of official duties in the manner approved by the owner;

(D) notifying the Data Security Administrator of abuse or sharing of logon IDs, passwords, or both.

(f) ~~Dial-up~~ Remote Access.

(1) ~~Dial-up is a term used to refer to a technology that affords the capability to dial-in or dial-out of a computing capability or network.~~In OKDHS computing environment, ~~this~~ the remote access capability is prohibited unless expressly approved in writing by the responsible authority.

(A) Responsible authority is the entity responsible for a computing capability or resource, such as mainframe, LAN server, router based network.This is a ~~Division Administrator or~~ division administrator, division director, or his or her designee.

(B) Reviewing authority is Data Services Division's ~~Data Security~~ Enterprise Technical Services Unit.This unit drafts proposed standards and policy, establishes data security guidelines, approves ~~dial-up~~ remote access implementation approaches, and performs compliance reviews.

(2) ~~Dial-up~~ remote access control seeks to ensure unauthorized access to OKDHS data or network via ~~dial-up~~ remote access capability is not achieved.Approved users of the ~~dial-up~~ remote access capability are able to perform approved functions from non-network locations.The ~~dial-up~~ remote access capability must have access to or from only one controlled entry point at a server level or higher, not at a user’s personal computer (PC) or workstation; thus, a modem or compatible device cannot be used in conjunction with a user’s workstation or PC which is connected to OKDHS network.

(3) Responsible authorities' approach to implementing ~~dial-up~~ remote access capability must be documented in writing and submitted for review and approval by the reviewing authority.Any changes to the approaches ~~must also be~~ are reviewed and approved.These implementation approaches must support the objectives outlined in (1) - (3) of this paragraph.

(4) Use of wireless ~~dial-up~~ remote access devices are only used in conjunction with encryption to and from the workstation dialing up.

(g) Virus protection.All workstations and servers connected to the OKDHS network have ~~Terminate and Stay Resident~~ terminate and stay resident (TSR) anti-virus software installed on them.In this environment, virus checking occurs when new media is introduced into the workstation environment.The software automatically eradicates known viruses. Stand alone work stations, work stations not connected to the OKDHS network, may or may not have this anti-virus software installed.~~g 98~~Recommendations for virus control are listed in (1) through (3) of this subsection.

(1) Employees do not introduce machine-readable media, such as diskettes, files, and bulletin board downloads into their computing environment at work unless these items are directly related to their work and are scanned for viruses prior to use.

(2) No work related media created by, or received from, sources outside the immediate computing environment are introduced into the workstation environment until it has first been scanned for computer viruses using DSD approved anti-virus software.In a terminate and stay resident (TSR) protected environment, this scanning is done automatically.Any media which is taken from the immediate work environment, for example to a class or home, must be scanned before it is reintroduced to the workstation environment.If you suspect that non-approved staff may be using your workstation, contact the DSD Security Unit or help desk for assistance on password protecting or locking the workstation when you leave the area for an extended period of time.

(3) If an employee thinks that a workstation is infected with a virus, the DSD Call Center is notified of the problem.

(h) LAN security.~~DSD’s data security administration~~ DSD Security Services Section assists divisions with security issues and requirements on LAN.The person administratively responsible for the LAN is required to authorize a decentralized data security representative.This person is responsible for interfacing with DSD and communicating the requirements for access to data that is owned by OKDHS or other agencies.Any LAN ~~that is~~ connected through the communications network to any other LAN or mainframe in OKDHS has stringent controls placed upon it.These controls are for the intent of deterring any unauthorized access to OKDHS information.g ~~10 & 119 & 10~~DSD data security administration provides advice and consultation to the division establishing a LAN environment regarding:

(1) risk analysis;

(2) security policy;

(3) disaster recovery;

(4) information security;

(5) training of users;

(6) physical security;

(7) emergency preparedness; and

(8) external audit and review.

(i) Network security.Except for Virtual Private Networking (VPN) connections as described in (k) of this Section, all networks that have accessibility to OKDHS data are subject to compliance with OKDHS data security guidelines documented in this policy.Compliance with this provision constitutes a “trusted relationship” among the respective networks.Under this "trusted relationship"," the repetitious checking of user identification (user-id) and passwords to re-authenticate a user’s authority and access capabilities are not required.The objective of network security is to ensure the data collected and maintained by OKDHS and OKDHS’ computing resources are protected from inadvertent or intentional damage or misuse.~~The~~ DSD has lead responsibility for network security for OKDHS.DSD utilizes various methods for ensuring ~~that~~ the OKDHS network is secure from unauthorized access.~~g 12 11~~Methods for ensuring the OKDHS network is secure from unauthorized access include, but are not limited to:

(1) encryption of all OKDHS data that travel on "One-Net" or the Internet unless approval to the contrary is granted by the owner of the data and DSD data security administration;

(2) password protection of any routers that have remote access capabilities into the OKDHS network;

(3) a front-end system that provides for definition of valid users for dial-up activity to the OKDHS host computer system; and

(4) a single Internet access point to and from the OKDHS network which is protected by an Application Layer Internet Gateway (ALIG) capability.

(jk) Outgoing Internet usage.Access to the Internet from the OKDHS’ network is through a single access point.This access point is an ~~Application Layer Internet Gateway (~~ALIG) firewall.This firewall is managed by the DSD’s ~~Data Security~~ Enterprise Technical Services Unit.~~g 1312~~ Restrictions that apply to the use of the Internet are listed in (1) - (7) of this subsection.

(1) Only authenticated users are allowed access out through the OKDHS firewall.

(2) User authentication requires a user ID and password.

(3) Internet usage activities which are not job related are:

(A) kept to a minimum;

(B) not done during an employee's work time; and

(C) limited to Internet activities that do not violate OKDHS:2-1-7(g)(I)(4) regarding conduct unbecoming a public employee.

(4) Certain Internet sites and capabilities are blocked, made unavailable, and usage may be monitored. There is no expectation of privacy when accessing the Internet.A record of all sites which a user accesses is logged and archived.

(5) Aside from scheduled maintenance activities and unscheduled problem resolution activities, access to the Internet is available 24 hours per day, every day.

(6) Any workstation on OKDHS network which is used to access the Internet must have OKDHS standard anti-virus software running on it.

(7) Encryption must be used when transmitting confidential OKDHS data over the Internet. Any plans to transmit confidential data must be discussed with, and approved by the OKDHS Information Security Officer, the data owner(s), and the ETS Security Services Section.

(k) Incoming Internet usage.Processes and controls pertaining to incoming Internet usage requests are established on a case by case basis depending on the specific security requirements with the exception of VPN connections.VPNs, which create encrypted tunnels, are allowed to link users at both trusted and untrusted sites and networks.

INSTRUCTIONS TO STAFF OKDHS:2-41-15

1.The three primary responsible entities are owner, Data Security Administrator, and Decentralized Security Representative. The specific responsibilities of each entity are listed in (1) - (3) of this instruction.

~~(1) Responsibilities of the owner are described in (A) - (B).~~

~~(A) The owner of a collection of data is the Division Administrator responsible for the collection and maintenance of that data. Shared collection and maintenance of data implies shared ownership.~~

(B) Data processed by the computerized systems must have an identified owner, Division Administrator, and the assignment must be documented. The Division Administrator may delegate ownership responsibilities to another individual. The owner of data has the authority and responsibility to:

~~(i) keep data security administration advised of the delegation of ownership responsibilities;~~

~~(ii) classify data according to legal and policy restrictions [DHS:2-41-15(c)];~~

~~(iii) determine and authorize access and utilization criteria based on the classification; and~~

~~(iv) specify and communicate access and utilization criteria to the Data ETS Security Administrator.~~

~~(2) Responsibilities of the Data Security Administrator are described in (A) - (B).~~

(A) A Data Security Administrator is appointed from the Data Base Administrator (DBA) Enterprise Technical Services Security Services Manager functional area. The Data Security Administrator is responsible for processing and storage of the information used to provide data security for computerized data and resources.

~~(B) The Data Security Administrator has the responsibility to administer controls as specified by the owner. These responsibilities include:~~

~~(i) administering access controls to data and resources;~~

~~(ii) providing procedural safeguards;~~

~~(iii) providing method of assigning unique logon n numbers (IDs) and encrypted passwords to ensure user accountability;~~

~~(iv) furnishing reports of access violations as required;~~

~~(v) providing security awareness education to owners and users;~~

~~(vi) maintaining information concerning which users have access to what data and resources; and~~

~~(vii) alleviating disagreements between users and owners concerning access.~~

~~(3) The responsibilities of the decentralized security representative are described in (A) - (B).~~

(A) Decentralized security representatives are named by the owner and coordinate security activities with the Data Security Administrator. Each Division Director appoints, as additional duty, a decentralized security representative. The DSD Data Security Administrator is advised by memo of the appointment and each time a new representative is appointed.

~~(B) Decentralized security representatives are typically responsible for:~~

~~(i) assisting the Data Security Administrator within the guidelines of DHS policy;~~

~~(ii) assisting in development of security designs for user requirements which fall within his or her scope;~~

~~(iii) testing and exercising the security controls which fall within his or her scope;~~

~~(iv) documenting security controls within his or her scope;~~

~~(v) administering access controls to data and resources "owned" by his or her division;~~

~~(vi) providing procedural safeguards;~~

~~(vii) providing a method of assigning unique logon IDs and encrypted passwords to ensure user accountability;~~

~~(viii) reporting violations to appropriate authorities and providing follow-up activity if needed;~~

~~(ix) setting up new users and terminating users as appropriate; and~~

~~(x) re-setting user passwords, as needed.~~

~~2.The Data Security Administrator's responsibilities include:~~

~~(1) developing, documenting, and communicating standard security procedures and controls to owners, decentralized security representatives, and users of computerized data and resources;~~

~~(2) processing the access rule definition request;~~

~~(3) notifying users of approval or disapproval of access to data based on the documented classification of such data and the authorized access specified and documented by the owner;~~

~~(4) providing support for, and monitoring of decentralized security administration;~~

~~(5) reporting violations to appropriate individuals;~~

~~(6) providing virus eradication consultation to other DSD areas;~~

~~(7) interfacing with vendors who provide data security related products to OKDHS; and~~

~~(8) providing guidelines and consultation to LAN administrators and decentralized data security representatives.~~

~~3.Technical Support is responsible for:~~

~~(1) installing the security system software;~~

~~(2) installing new releases and providing maintenance of the security systems software;~~

~~(3) working with the Data Security Enterprise Technical Services Unit to ensure systems resources are properly protected;~~

~~(4) notifying appropriate authorities if the security software is in any way disabled; and~~

~~(5) limiting development and availability of facilities capable of bypassing security to situations in which they are absolutely necessary.~~

~~4.Production Services is responsible for:~~

~~(1) accessing data and resources through the production facilities as developed by the Data Security Unit, Technical Support area, and Systems Design and Development area; and~~

~~(2) maintaining production libraries.~~

~~5.Operations is responsible for accessing data and resources through the facilities as developed by the Data Security Administrator and Technical Support area.~~

~~6.Systems Design and Development is responsible for:~~

~~(1) ensuring security requirements are addressed in the design and development process;~~

~~(2) designing the security requirements for the applications according to the established standards and working with the Data Security Administrator to implement these requirements; and~~

~~(3) determining if modifications to existing systems will have an impact on security, and if so, notifying the Data Security Administrator.~~

~~7.The Network and Lan Management Enterprise Technical Services Unit, Telecommunications Services Section is responsible for the OKDHS networks and for maintaining network security.~~

~~8.The users are responsible for:~~

~~(1) complying with all security controls established by the owner and data security;~~

~~(2) using the data only for the accomplishment of official duties in the manner approved by the owner;~~

~~(3) keeping logon IDs and passwords used to access data and resources confidential including not sharing passwords; and~~

~~(4) notifying the Data Security Administrator of abuse or sharing of logon IDs, passwords, or both.~~

~~9.Recommendations for virus control include:~~

(2) No work related media created by, or received from, sources outside the immediate computing environment are introduced into the workstation environment until it has first been scanned for computer viruses using DSD approved anti-virus software. In a terminate and stay resident (TSR) protected environment, this scanning is done automatically. Any media which is taken from the immediate work environment, for example to a class or home, must be scanned before it is reintroduced to workstation environment. If you suspect that non-approved staff may be using your workstation, contact the DSD Security Unit or help desk for assistance on password protecting or locking the workstation when you leave the area for an extended period of time.

~~(3) If an employee thinks that a workstation is infected with a virus, the DSD Call Center is notified of the problem.~~

~~10.DSD data security administration provides advice and consultation to the division establishing a LAN environment regarding:~~

~~(1) risk analysis;~~

~~(2) security policy;~~

~~(3) disaster recovery;~~

~~(4) information security;~~

~~(5) training of users;~~

~~(6) physical security;~~

~~(7) emergency preparedness; and~~

~~(8) external audit and review.~~

~~11.The appointed Decentralized Security Representative has responsibility for:~~

~~(1) complying with all security controls established by the owner of the data and DSD Data Security Administrator;~~

~~(2) training the users of the LAN on security control established for the LAN;~~

~~(3) notifying DSD data security administration of abuse of logon IDs and potential breaches in security;~~

~~(4) notifying DSD Security Administration of new or terminated employees in the division if those employees have or need IDs established in the DSD environment; and~~

~~(5) interfacing with and providing information to auditors.~~

~~12.Methods for ensuring that the DHS network is secure from unauthorized access include, but are not limited to:~~

~~(1) encryption of all DHS data that travel on "One-Net" or the Internet unless approval to the contrary is granted by the owner of the data and DSD’s data security administration;~~

~~(2) password protection of any routers that have dial-up capabilities into the DHS network;~~

~~(3) a front-end system that provides for definition of valid users for dial-up activity to the DHS host computer system; and~~

~~(4) a single Internet access point to and from the DHS network which is protected by an Application Layer Internet Gateway (ALIG) capability.~~

~~13.Restrictions that apply to the use of the Internet are listed in (1) - (7) of this Instruction.~~

~~(1) Only authenticated users are allowed access out through DHS’ firewall.~~

~~(2) User authentication requires a user ID and password.~~

~~(3) Internet usage activities which are not job related are:~~

~~(A) kept to a minimum;~~

~~(B) not done during an employee's work time; and~~

~~(C) limited to Internet activities that do not violate DHS:2-1-7(g)(I)(4) regarding conduct unbecoming a public employee.~~

(4) Certain Internet sites and capabilities are blocked, made unavailable, and usage may be monitored. There is no expectation of privacy when accessing the Internet. A record of all sites which a user accesses is logged and archived.

~~(5) Aside from scheduled maintenance activities and unscheduled problem resolution activities, access to the Internet is available 24 hours per day, every day.~~

~~(6) Any workstation on DHS’ network which is used to access the Internet must have DHS’ standard anti-virus software running on it.~~

~~(7) Encryption must be used when transmitting confidential OKDHS data over the Internet. Any plans to transmit confidential data must be discussed with, and approved by~~ ~~DSD’s Data Security Unit and Network and LAN Management Unit the OKDHS Information Security Officer, the data owner(s), and the ETS Security Services Section.~~

OKDHS:2-41-16. Software copyright policy

~~Issued 12-17-96~~ Revised 6-15-08

The Oklahoma Department of Human Services (OKDHS) licenses or purchases computer software from a variety of outside companies.~~The Department~~ OKDHS does not have the right to reproduce the software or its related documentation unless authorized by the software developer.The copyright statutes do not preclude the imposition of liability for copyright infringements on governmental agencies.According to the U.S. Copyright Law, illegal reproduction of software can be subject to civil damages of $50,000 or more, and criminal penalties, including fines and imprisonment.

(1) Policy statement.~~The Oklahoma Department of Human Services~~ OKDHS respects the copyrights of all vendors supplying software.The Data Services Division (DSD) will comply with the terms and conditions regarding copyrights of all vendors with whom OKDHS enters into software license agreements or from whom OKDHS purchases software.

(2) Copyright compliance.To ensure that the integrity of the vendors copyright is maintained by the users, all personal computer users sign ~~the Copyright Protection Pledge~~ Form AD05133E, Employee and Non-Employee Acknowledgment of Confidentiality.A user number will not be issued by DSD until a copy of the pledge is on file at DSD.Each supervisor, having personal computers in their work place, ensures all users review the manual material, sign the pledge, and route the form according to instructions.

(3) Reporting copyright misuse.Employees learning of alleged misuse of software or related documentation within ~~the Department~~ OKDHS, ~~shall notify~~ notifies the person to whom they are administratively responsible.A referral ~~will be~~ is made to the Office of Inspector General for investigation.A report of findings and recommendations ~~will be~~ is made to the ~~Division Administrator~~ division director responsible for the area being investigated.