Skip to main content

Library: Policy

OKDHS:2-45-6. Information Security Office functions

Issued 5-1-09

(a) Information Security Program administration.  The Information Security Office (ISO) develops, implements, manages, oversees, and audits the Information Security Program to protect and ensure the security of Oklahoma Department of Human Services (OKDHS) data and information systems.  The Information Security Program is designed to preserve:

  • (1) confidentiality, to ensure that information is accessible only to those authorized to have access;
  • (2) integrity, to safeguard the accuracy and completeness of information and processing methods; and
  • (3) availability, to ensure that authorized users have access to information and associated assets when required.

(b) Information Security Compliance Unit.  The ISO Compliance Unit:

  • (1) identifies federal, statutory, and OKDHS program security requirements;
  • (2) coordinates external audits; and
  • (3) tracks OKDHS compliance with security standards and regulations.

(c) Information Security Audit and Investigation Unit.  The ISO Audit and Investigation Unit performs:

  • (1) required information security regulatory audits internally and to OKDHS contractors, business partners, and third parties who do business with OKDHS; and
  • (2) investigations of security breaches, disclosures, and allegations of data or information system misuse.

(d) Emergency Preparedness and Business Continuity.  The ISO administers the programs that assist OKDHS to manage, recover, and respond to emergencies, incidents, and major business disruptions at offices and information centers, to ensure that OKDHS has the capability to fulfill the agency mission and meet obligations.  The components of Emergency Preparedness and Business Continuity include:

  • (1) Incident Command System.  The ISO Incident Command System (ICS) provides the:
    • (A) infrastructure to plan, prepare, respond, and manage OKDHS emergencies, disasters, incidents, and events; and
    • (B) tool for command, control, and coordination of response efforts in order to stabilize the incident, protect life and property, and enable continuation of delivery of OKDHS services.
  • (2) Continuity of Operations Plan.  The ISO provides oversight, management, and support for each OKDHS office or facility to develop the Continuity of Operations Plan (COOP), as required by OKDHS:2-45-11, that will assist in the restoration of core services during a localized emergency.
  • (3) Business Continuity Plan.  The ISO provides oversight, management, and support for OKDHS divisions to develop and maintain the Business Continuity Plan (BCP) that encompasses the entire divisional recovery process.  The recovery planning process provides a Business Impact Analysis for each division to determine the:
    • (A) critical business functions and services of the division;
    • (B) required resources to support critical business functions and services; and
    • (C) requirements for recovery.
  • (4) Disaster Recovery Plan.  The ISO provides oversight, management and support to develop and maintain the Disaster Recovery Plan (DRP).  The DRP provides the:
    • (A) technical recovery plan to support OKDHS Business Continuity requirements; and
    • (B) recovery capabilities and plans for data and information systems and information technology components.
  • (5) OKDHS Be Ready Initiative.  The ISO provides education and awareness initiatives through the federal Be Ready Initiative to promote individual and family security and emergency preparedness.
Back to Top
Back to top

Oklahoma Human Services 
2400 N Lincoln Boulevard
Oklahoma City, Ok  73105
(405) 522-5050