IMPORTANT NOTE:
Visit CDA’s Emergency Preparedness page for tips and resources on winter storms and other emergency preparedness.
A security incident is defined as an occurrence involving a CDA authorized user that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies.
Examples of security incidents include, but are not limited to:
View our Information Security Definitions for an explanation of terms used in Information Security.
For step-by-step instructions on how to report a security incident, visit our Security Incident Reporting Procedures page. The forms identified in the step-by-step instructions can be found below.
For information on contractors and their subcontractors, view our note regarding CDA Contractors and their Subcontractors.
All CDA authorized users shall sign and return a Information Integrity and Security Statement (CDA 1024) to ensure the authorized user is aware of, and agrees to comply with, its obligations to protect CDA information assets from unauthorized access and disclosure, prior to contract execution.
Complete the California Department of Aging Privacy and Information Security Awareness Training for Authorized Users module within the following timeframes:
Contractors must maintain Certificates of Completion on file and provide them to CDA upon request
Note: Reporting a security incident to CDA does not relieve CDA Contractors and their Subcontractors from other required reporting obligations e.g., reporting to local law enforcement, other State or Federal agencies, etc. Contractors and their Subcontractors must consult their own internal policies and procedures to ensure all security incident reporting requirements are met.