Findings. | |
Purpose of Chapter. | |
Definitions. | |
Office of Cyber Security. | |
City Chief Information Security Officer. | |
City Departments. |
On June 4, 2021, Mayor London Breed issued Executive Directive No. 21-02, announcing that protecting the City’s technology and information is vital to the proper functioning of the City and the ability of City departments and personnel to serve residents. In order to further the protection of City assets, the prevention, detection, and remediation of cyber-related incidents is a top priority of the City and essential to the security of San Francisco government and its residents. In the directive, the Mayor directed the City’s Chief Information Officer and the City Administrator to recommend changes to the Administrative Code to formalize and strengthen the City’s cyber security functions and programs.
(Added by Ord. 49-22, File No. 211294, App. 3/31/2022, Eff. 5/1/2022)
(a) The purpose of this Chapter 22I is to strengthen and coordinate the City’s security of information resources. The creation of the Office of Cyber Security will improve the City’s information security by doing the following:
(1) ensure coordination of City Departments’ response to cyber security threats;
(2) identify primary responsibility for the City’s response during emergencies caused by cyber security attacks;
(3) share best information security practices, procedures, and requirements with City Departments;
(4) provide review of proposed technology purchases by City Departments to address cyber security risks during procurement; and
(5) avoid uncoordinated and duplicative information or system security purchases by City Departments when such technology can be more effectively purchased as part of a coordinated City effort for maximum cost effectiveness and use.
(b) In enacting and implementing this Chapter 22I, the City is assuming an undertaking only to promote the general welfare. It is not assuming, nor is it imposing on its officers and employees, an obligation for breach of which it is liable in money damages to any person who claims that such breach proximately caused injury.
(c) Municipal Transportation Agency. Consistent with Charter Section 8A.101(d), the Municipal Transportation Agency shall comply with the provisions of this Chapter 22I
and shall be solely responsible for its administration and enforcement with respect to matters within the Municipal Transportation Agency’s jurisdiction. The Municipal Transportation Agency Board of Directors shall provide the City Administrator with an annual report of reported incidents and its compliance with the established City information security standard.
(d) Public Utilities Commission. Consistent with Charter Section 8B.121(a), the Public Utilities Commission shall comply with the provisions of this Chapter 22I
and shall be solely responsible for its administration and enforcement with respect to matters within the Public Utilities Commission’s jurisdiction. The Public Utilities Commission shall provide the City Administrator with an annual report of reported incidents and its compliance with the established City information security standard.
(Added by Ord. 49-22, File No. 211294, App. 3/31/2022, Eff. 5/1/2022)
Loading...