ITP.1.3.010 Responsibilities

(a) The Tribal Governing Board hall oversee the Tribe's efforts to develop, implement, and maintain an effective Information Security Program. The Tribal Governing Board Counsel shall be responsible for approving this policy and the written report on the effectiveness of the Tribe's Information Security Program on an annual basis.

(b) The Tribe's IT Department shall assist with the enforcement and adherence to the standards and guidelines established within this policy.

(c) The Tribe's IT Department shall provide direction and control for information security at the Tribe.

(d) The Tribe shall exercise due diligence in selecting its service providers and require its service providers by contract to implement security measures that safeguard Tribal information.

(e) Employees shall know and understand their duties with respect to the Information Security Policy and comply with the terms of this policy.

(f) Security Objectives. The Tribe shall meet its business objectives by implementing business systems with due consideration of information technology (IT) related risks to the Tribe, business and trading partners, technology service providers, and customers. The Tribe shall meet this goal by striving to accomplish the following objectives:

(1) Availability, integrity and confidentiality of data or systems

(2) Accountability and assurance of processes and controls

(g) Security Process. The Tribe shall implement an ongoing security process and shall assign clear and appropriate roles and responsibilities to the Tribal Governing Board, management, and employees. The process shall be designed to identify, measure, manage and control the risks to system and data availability, integrity, and confidentiality, and ensure accountability for system actions.