Related Websites

• State and Consumer Services Agency
• State Chief Information Officer
• CHP
• CalOHI
• OHS
• OES

Right Column

Risk Management

Overview

The following resources provide policy, standards, and guidelines to assist state agencies in the development and maintenance of their risk management programs.

• State Administrative Manual (SAM)
• Statewide Information Management Manual (SIMM)
• Go RIM for Policy Section 5305 - Risk Management
• Risk Assessment Toolkit

State Administrative Manual (SAM)

The SAM is a central point for statewide policies, procedures, regulations and information developed and issued by authoring agencies such as this Office, the Department of Finance (Finance), Department of General Services (DGS), and Governor's Office. The following SAM policies directly relate to operational recovery and business continuity.

As announced in Management Memo (MM) 08-02, the policy sections related to information security and privacy have been restructured and renumbered effective February 19, 2008. No policies were changed through MM 08-02 or this restructure.

Topic	New SAM Section	Old SAM Section(s)/Comments
Risk Management	5305	4840, 4842
Risk Analysis	5305.1	4842.1
Agency Risk Management Program	5305.2	4842.2

Statewide Information Management Manual (SIMM)

The following SIMM sections are applicable to risk management.

Agency Risk Management and Privacy Program Compliance Certification

The signed Certification acknowledges that each agency is in compliance with state policy governing risk management and privacy requirements as defined in SAM Section 5305.2, Government Code Section 11019.9, and the Information Practices Act (Civil Code Section 1798 et seq.). It is due to the California Office of Information Security by January 31st of each year.

Topic	Section
Agency Risk Management and Privacy Program Compliance Certification (.doc,62k)	70C

Risk Assessment Toolkit

These are tools for agencies to use in identifying information security risks and to help mitigate the issues.

---

The California Office of Information Security (Office) web site contains links to other sites that are not owned or controlled by us. The information provided at these sites does not reflect the views of this Office or indicate an endorsement of a particular company or product. Please be aware that our Office is not responsible for the security and privacy practices of such other sites.