Or. Admin. Code § 291-086-0040 - Process for Authorizing Adult in Custody Access to Approved Information Technology

(1) All requests for adult in custody access to information technology must be submitted to the functional unit manager or designee for approval, depending on the area of responsibility, prior to granting access to the adult in custody.

(2) The functional unit manager or designee may only grant access to approved information technology. Any request for access to information technology that is not approved information technology must be denied.

(3) All requests for adult in custody access to information technology shall be submitted on an AIC access to information technology form (CD 1426A). The adult in custody supervisor shall submit the request to the functional unit manager or designee for approval. If approved, the adult in custody supervisor and the functional unit manager or designee shall sign the request form and forward it to the technical support unit responsible for implementation of the requested system (Information Technology Services or Oregon Corrections Enterprises). If a USB drive is required for the program or assignment, an accompanying AIC USB Drive Acknowledgement form (CD 1426C) must be submitted to the technical support unit responsible for the implementation.

(4) Information Technology Services or Oregon Corrections Enterprises technical support will configure access as specified in the submitted AIC access to information technology form (CD 1426A).

(a) A domain user account and network storage location will be created for any approved adult in custody specified on the form who does not already have such.

(b) The network storage location is the only authorized data storage location for adult in custody use.

(5) No adult in custody shall be granted access to information technology which contains data deemed inappropriate for adult in custody access by the Department of Corrections Information Technology Services Information Security Officer or is connected in any way to the Department of Corrections information system network.

(6) The adult in custody supervisor shall review the standards for information technology use listed in OAR 291-086-0050 with the adult in custody prior to allowing the adult in custody to use information technology.

(7) The functional unit manager or designee shall maintain a file of all approved requests for adult in custody access to information technology.

(8) Adult in custody supervisors shall abide by all department rules and standards governing adult in custody access to information technology. Adult in custody supervisors are responsible for all work done by adults in custody on information technology and shall:

(a) Perform periodic audits of software and data on the equipment to ensure appropriateness;

(b) Perform routine review of AIC access to information technology forms (CD 1426A) no less than annually to ensure ongoing necessity.

(9) As appropriate, Information Technology Services or Oregon Corrections Enterprises technical support will perform random reviews of Department of Corrections or Oregon Corrections Enterprises information technology systems respectively to ensure configurations conform to the approved configuration of the system. The functional unit manager may contact Information Technology Services or Oregon Corrections Enterprises technical support to request an audit of specific information technology systems.

(10) Suspension or Restriction of an Adult in Custody's Access to Information Technology:

(a) Any Department of Corrections or Oregon Corrections Enterprises manager may suspend the authorization for an adult in custody to access and use information technology if rule violations are suspected.

(b) The institution assignment office will be notified of the suspension and remove the adult in custody from any assignment related to information technology and place the adult in custody on "Review" status.

(c) Employees shall restrict access to the system in such a manner as to ensure the adult in custody cannot access it.

(d) As provided in this rule, the adult in custody supervisor(s) will audit the usage of the system and may request Information Technology Services or Oregon Corrections Enterprises to investigate the system by sending a formal request to Information Technology Services Security or Oregon Corrections Enterprises management. Department of Corrections requests will be submitted to the Information Technology Services Security Confidential email distribution list. Oregon Corrections Enterprises requests will be through Oregon Corrections Enterprises support services. Findings will be reported to the functional unit manager who signed the investigation request form.

(e) If rule violations are found to have occurred, appropriate actions will be taken including but not limited to disciplinary misconduct reports, program failures, and permanent restriction from access to and use of information technology.

(f) As part of this process, Information Technology Services or Oregon Corrections Enterprises technical support may recommend to the functional unit manager or designee a course of action to mitigate any problem which arises because of an adult in custody's use of information technology.

(g) A decision to suspend or otherwise restrict an adult in custody's access to information technology resulting from a misconduct report or disciplinary order issued in accordance with the department's rules on Prohibited Conduct and Processing Disciplinary Actions (OAR 291-105) is subject to review only as provided in OAR 291-105.

(11) Any changes from the original AIC access to information technology form (CD 1426A) must follow the same approval process as a new request.

(12) Adult in custody access to and use of information technology is not guaranteed and may be affected by technological limitations, system updates or failures, hardware malfunctions, facility security necessities, or acts of nature.

Notes

Or. Admin. Code § 291-086-0040

DOC 17-1999, f. 9-24-99, cert. ef. 10-1-99; DOC 27-1999(Temp), f. & cert. ef. 12-22-99 thru 6-19-00; DOC 15-2000, f. & cert. ef. 6-19-00; DOC 10-2004(Temp), f. & cert. ef. 9-28-04 thru 3-27-05; DOC 4-2005, f. 3-18-05, cert. ef. 3-21-05; DOC 23-2024, amend filed 10/14/2024, effective 10/14/2024

Statutory/Other Authority: ORS 179.040, 423.020, 423.030 & 423.075

Statutes/Other Implemented: ORS 179.040, 423.020, 423.030 & 423.075