Current through Register Vol. 46, No. 51, December 18, 2024
(a) OCFS, local social service districts, and public or private agencies providing child welfare services that have access to the CONNECTIONS system must establish and maintain a CONNECTIONS security plan addressing the following areas: (1) physical security of CONNECTIONS resources;(2) equipment security to protect equipment from theft and unauthorized use;(3) software and data security;(4) telecommunications security;(5) personnel access control;(6) contingency plans for meeting critical processing needs in the event of short- or long-term interruption of services;(7) emergency and/or disaster preparedness;(8) designation of a security manager for OCFS and a security coordinator for the local district or public or private agency; and(9) a program for conducting periodic security reviews at least once every two years to evaluate physical and data security operating procedures and personnel practices and to determine whether appropriate, cost effective safeguards exist to comply with the areas set forth in this subdivision. A report of each security review and all relevant supporting documentation must be maintained and made available to OCFS upon request.(b) Each social services district and each public or private agency providing child welfare services that has access to the CONNECTIONS system must immediately report in writing to the State Information Technology staff person designated by OCFS the loss or theft of any CONNECTIONS equipment and any event that may jeopardize the security of the CONNECTIONS system.N.Y. Comp. Codes R. & Regs. Tit. 18 § 466.6