AGENCY/STATE ENTITY ROLES AND RESPONSIBILITIES - 4989.3

(Revised: 02/2017)

Management. Day-to-day management responsibility for desktop and mobile computing configurations resides with the manager who has supervisory responsibility for the individual or individuals who use the products. The manager must ensure that the acquisition and use of desktop and mobile computing commodities support the accomplishment of Agency/state entity objectives and that the individual or individuals who will be using the products are trained in their use.

Each Agency/state entity must have a plan for the appropriate application of desktop and mobile computing. Each Agency/state entity must ensure that its plans are consistent with the Agency/state entity’s information management standards, policies, and procedures and its IT infrastructure. Agency/state entity plans for implementing desktop and mobile computing must not preclude the implementation of other Agency/state entity’s applications on the same configuration.  Agencies/state entities are responsible for establishing desktop and mobile computing standard configurations, ensuring each acquisition made under this policy is consistent with those standards, and accurately tracking the costs associated with such acquisitions. In addition, Agencies/state entities are responsible for the creation and maintenance of IT assets inventories for commodities purchased under this policy.

Agency/state entity’s management has a responsibility to establish standards of technical assistance in support of Local Area Network activities such as installation, configuration, problem-determination, maintenance, backup, recovery, and required activities beyond those normally associated with stand-alone desktop or mobile computers. Agencies/state entities are expected to maintain internal processes to ensure that any IT commodities acquired under the authority of this policy are compliant with all applicable hardware, software, and security standards for the Agency/state entity.

Agency/state entity management is responsible for taking appropriate action in the event of employee misuse of desktop and mobile computing technology or employee failure to comply with State and Agency/state entity policy governing the use of desktop and mobile computing.

Security. Desktop and mobile computing environments owned by Agencies/state entities involve the risk of property loss, threats to privacy, and threats to the integrity of state operations. Accordingly, Agencies/state entities must be in compliance with all applicable provisions of the SAM and must implement appropriate safeguards to secure the Agency/state entity’s desktop and mobile computing infrastructure. Use of personally owned smartphones is restricted to devices that are compatible with the CA.Mail or the California Email Service, and are consistent with the Statewide Enterprise Architecture.

Current Agency/state entity Technology Recovery Plans or acceptable Technology Recovery Plan certifications must be on file at the Department of Technology. Agencies/state entities that do not demonstrate effective compliance with the State’s IT security policy and Business Continuity policy are not authorized to make any expenditures for desktop or mobile computing commodities until the Agency/state entity has complied.  See SAM Sections 5300-5399.

Desktop and Mobile Computing Coordinator. In order to ensure ongoing IT asset management practices are followed, Agencies/state entities employing desktop and mobile computing should designate a unit or individual employee of the Agency/state entity as the Agency/state entity’s Desktop and Mobile Computing Coordinator or equivalent function. The coordinator must be knowledgeable about (a) desktop and mobile computing configurations; (b) state-level and Agency/state entity policies for the use of desktop and mobile computing commodities; and (c) the relationship between desktop and mobile computing and other uses of IT within the Agency/state entity.

The responsibilities of the coordinator should include:

1. Maintaining current specifications for the Agency/state entity’s desktop and mobile computing commodity standards;
2. Assisting in the completion and review of any Desktop and Mobile Computing (DMCP) documents if required by the Agency/state entity’s policies and procedures;
3. Coordinating the acquisition of desktop and mobile computing commodities;
4. Informing desktop and mobile computing users of available training and technical support capabilities; and
5. Maintaining continuing liaison with Agency/state entity IT management to ensure that: (a) proposed desktop and mobile computing applications are consistent with the Agency/state entity’s established information management strategy and IT infrastructure, (b) the use of desktop and mobile computing devices is clearly demonstrated and the devices will cost-effectively meet a significant business need and increase the efficiency of the state entity, and (c) desktop and mobile computing configurations can support the implementation of other Agency/state entity applications.