Information Security

A security incident is defined as an occurrence involving a CDA authorized user that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies.

Examples of security incidents include, but are not limited to:

• Stolen items such as a laptop; thumb drives, backpack containing work-related files
• Faxing client’s information to an unintended recipient

View our Information Security Definitions for an explanation of terms used in Information Security.

For step-by-step instructions on how to report a security incident, visit our Security Incident Reporting Procedures page. The forms identified in the step-by-step instructions can be found below.

For information on contractors and their subcontractors, view our note regarding CDA Contractors and their Subcontractors.

All CDA authorized users shall sign and return a Information Integrity and Security Statement (CDA 1024) to ensure the authorized user is aware of, and agrees to comply with, its obligations to protect CDA information assets from unauthorized access and disclosure, prior to contract execution.

Complete the California Department of Aging Privacy and Information Security Awareness Training for Authorized Users module within the following timeframes:

• Within 30 days of the start date of the Contract/Agreement
• Within 30 days of the start date of any new employee, Subcontractor, or volunteer

Contractors must maintain Certificates of Completion on file and provide them to CDA upon request