“I CERTIFY THAT I HAVE READ THE STATEMENTS ABOVE AND AGREE TO ABIDE BY THEM.”

Name(Printed) Signature Date

Supervisor/Contract Manager Name (Printed) Supervisor/Contract Manager Signature Date

Division Name(Printed) Unit/Office Name (Printed)

ISO-01 - v2018 Page 1 of 2

DGS ETS Information Security Office(916) 376-3940 or DGSInfoSec@dgs.ca.gov

Information Security, Privacy, and Acceptable Use Acknowledgement (ISO-01)

The Department of General Services (DGS), under the authority of State Administrative Manual (SAM) Section 5320, requires all personnel to receive Information Security and Privacy Awareness training. Additional information security and privacy laws and requirements are available on the DGS Information Security Office intranet website at

http://inside.dgs.ca.gov/iso or by email at DGSInfoSec@dgs.ca.gov.

Immediately upon gaining access to state information assets, personnel must complete the Information Security Awareness training provided by "SANS - Securing the Human”, complete the Privacy Awareness training pertaining to the Information Practices Act of 1977, and read the DGS Acceptable Use Policy before completing the information below. This document is an acknowledgement of having received the required training and information regarding your roles and responsibilities in protecting state information assets for which you have been granted access. Training is required to be completed immediately upon gaining access to state information assets and once annually thereafter, each calendar year. Sign and date this acknowledgement after reading each statement below. By signing this document, you agree to comply with DGS information security policies and the DGS Acceptable Use Policy directives.

By initialing next to each statement below, I HEREBY ACKNOWLEDGE THAT:

I have completed the Information Security Awareness training provided by SANS – Securing the Human.

I have completed the Privacy Awareness training by watching the video about applicable privacy laws.

I have read, understand, and agree to comply with the DGS Acceptable Use Policy.

I agree to comply with the requirements indicated in applicable information security and privacy laws, policies, and standards as it pertains to my assignment with the Department of General Services.

I may have access to confidential and sensitive information as a result of my employment, assignment or duties. I agree to use precautions to assure that this information is not disclosed to unauthorized persons or used or disposed in an unauthorized or inappropriate manner.

I may have physical access to state owned or leased facilities. I agree to use precautions to ensure that my authorized access is restricted to my own usage.

I may be granted access to state owned computing systems. I agree to ensure that my authorized access is restricted to my own use.

I understand that applicable information security and privacy laws, policies and requirements apply when accessing state information assets from on-site and remote locations such as mobile devices or from telework locations.

I will immediately report information security or privacy incidents to my supervisor or contract manager and the ISO (916-376-3940 or DGSInfoSec@dgs.ca.gov). A security or privacy incident is defined as an intentional or unintentional event which may result in unauthorized access, loss, disclosure, modification or destruction of state information assets.

I understand that non-compliance with applicable information security and privacy laws, policies and requirements may result in internal discipline up to and including dismissal, in accordance with agency and civil service rules. In certain instances, criminal or civil action may be initiated under the authority of state and federal laws including the California Information Practice Act of 1977 (California Civil Code Section 1798.24), California Government Code 8314-8314.5, and California Penal Code Section 502.

Department of General Services Information Security, Privacy, & Acceptable Use Acknowledgment

DGS Personnel: Complete the Information Security Awareness training hosted through SANS “Securing the Human”

and print the certificate of completion.

View the Privacy Awareness training pertaining to the Information Practices Act of 1977.

Read the DGS Acceptable Use Policy. Review, sign and date this Information Security, Privacy, & Acceptable Use Acknowledgement (ISO-01).

Provide this completed ISO-01 and the security training certificate to your DGS supervisor orcontract manager ONLY. They will validate completion of the training and acknowledgement and willstore them in the appropriate personnel file or contract file.

DGS Supervisors and Contract Managers:

Allow personnel approximately one to two hours to complete the Information Security and Privacy Awareness training and answer any questions as they pertain to the personnel duties or responsibilities. Contact the DGS ISO if you require assistance answering any information security, privacy, or acceptable use related questions.

Review, sign and date each completed Information Security, Privacy, & Acceptable Use Acknowledgement (ISO-01). Contact the DGS ISO if you require assistance.

Retain the completed ISO-01 and security training certificates in the appropriate personnel files or contract files for the specified duration pursuant to the applicable DGS records retention policy. The DGS ISO, Audit Office, or State ISO may validate compliance by reviewing your files. For DGS employees, the DGS ISO will update the ABMS profiles to reflect annual completion of the training.

Contact Us:

DGS Information Security OfficeEnterprise Technology Solutions Department of General Services707 Third Street, Third FL West Sacramento, CA 95605

Ph: (916) 376-3940

http://inside.dgs.ca.gov/iso/Home.aspx Email: DGSInfoSec@dgs.ca.gov

References: Information Security and Privacy Awareness Training Policy Acceptable Use Policy California Information Practice Act of 1977 (Civ. Code § 1798 et seq.) California Gov. Code § 8314 et seq. California Pen. Code § 502 State Administrative Manual (SAM) Section 5320 et seq. SAM Information Security § 5300-5365.

Department of General Services Information Security, Privacy, & Acceptable Use Acknowledgment

ISO-01 - v2018 Page 2 of 2

DGS ETS Information Security Office(916) 376-3940 or DGSInfoSec@dgs.ca.gov

Information Security, Privacy, and Acceptable Use Acknowledgement (ISO-01)