Text Size:   A+ A- A   •   Text Only
Site Image
Statewide Info Security Plan-Standards
Purpose: The Department of Administrative Services (DAS) has the responsibility for and authority over state agency information systems and the information stored on those systems under the authority of Oregon Revised Statute (ORS) 182.122[1](Statute).  DAS is fulfilling its authority by adopting a comprehensive approach to information security based on the International Organization for Standardization (ISO) 27001, which covers the framework for establishing security management and 27002:2005 addressing technical standards.  This resulting State Information Security Plan is the foundation for information security in the State of Oregon Executive Branch agencies. 
In this State Information Security Plan, DAS has defined policies, standards, and processes for state agencies with respect to information security.  Fundamental components of information security are addressed including roles and responsibilities.  Executive department agencies are required to meet or exceed this State Information Security Plan.  Agencies also may develop and adopt information security plans that are more stringent than the minimum requirements identified in this State Information Security Plan. 

Agency Resources

Real Player
Please note that logic is built into the survey so if you answer you are compliant you will be directed to the next deliverable or standard; you will not be asked if you have a plan or resources.