Information is a critical Oklahoma House of Representatives asset. Information is
comparable with other assets in that there is a cost in obtaining it and a value
in using it. However, unlike many other assets, the value of reliable and accurate
information appreciates over time as opposed to depreciating. Shared information
is a powerful tool and loss or misuse can be costly, if not illegal. The intent
of this Security Policy is to protect the information assets of the Oklahoma House
This Security Policy governs all aspects of hardware, software, communications and
information. It covers the Oklahoma House of Representatives as well as contractors
or other entities who may be given permission to log in, view or access Oklahoma
House of Representatives information.
* Information includes any data or knowledge collected, processed, stored, managed,
transferred or disseminated by any method.
* The Owner of the information is the Oklahoma House of Representatives responsible
for producing, collecting and maintaining the authenticity, integrity and accuracy
* The Hosting State Agency has physical and operational control of the hardware,
software, communications and data bases (files) of the owning Agency. The Hosting
Agency can also be an Owner.
The confidentiality of all information created or hosted by the Oklahoma House of
Representatives is the responsibility of the Oklahoma House of Representatives.
Disclosure is governed by legislation, regulatory protections and rules as well
as policies and procedures of the owning State Agency. The highest of ethical standards
are required to prevent the inappropriate transfer of sensitive or confidential
All information content is owned by the Oklahoma House of Representatives responsible
for collecting and maintaining the authenticity, integrity and accuracy of the information.
The objective of the owning State Agency is to protect the information from inadvertent
or intentional damage, unauthorized disclosure or use according to the owning Agency's
defined classification standards and procedural guidelines.
Information access is subject to legal restrictions and to the appropriate approval
processes of the Oklahoma House of Representatives. The Oklahoma House of Representatives
is responsible for maintaining current and accurate access authorities and communicating
these in an agreed upon manner to the security function at the Oklahoma House of
Information security - The Oklahoma House of Representatives collects and maintains
(owns) the information is responsible for interpreting confidentiality restrictions
imposed by laws and statutes, establishing information classification and approving
information access. The Oklahoma House of Representatives will staff a security
function whose responsibility will be operational control and timely implementation
of access privileges. This will include access authorization, termination of access
privileges, monitoring of usage and audit of incidents.
Information availability is the responsibility of the Oklahoma House of Representatives.
Access to information will be granted as needed to all State Agencies to support
their required processes, functions and timelines. Proven backup and recovery procedures
for all data elements to cover the possible loss or corruption of system information
are the responsibility of the Oklahoma House of Representatives.
The Oklahoma House of Representatives is responsible for securing strategic and
operational control of its hardware, software and telecommunication facilities.
Included in this mandate is the implementation of effective safeguards and firewalls
to prevent unauthorized access to system processes and computing/telecommunication
operational centers. Recovery plans are mandatory and will be periodically tested
to ensure the continued availability of services in the event of loss to any of