Title
BIR Security Requirements and Violations Order
Law
Bir Memorandum Order No. 44-98
Decision Date
May 22, 1998
BIR Memorandum Order No. 44-98 establishes security requirements for the technical computing environment, outlining guidelines for reporting violations, classifying offenses, and imposing sanctions to ensure compliance and protect sensitive data within the Bureau.

Law Summary

Definition of Terms

  • Security Breach/Violation: Failure to comply with policies in the Physical Security Manual.
  • Gravity of Offense: Classification of offenses as Grave, Less Grave, or Light.
  • Technical Sanctions: Penalties like suspension/deletion of accounts or reassignment.
  • Functional Sanctions: Penalties under Executive Order No. 292, like suspension or dismissal from service, processed through Internal Affairs.

Scope of Security Breaches

  • Acts negatively impacting the following areas are breaches:
    1. Hardware
    2. Software
    3. Data
    4. Network
    5. Operating System
    6. Printed Data
    7. Computer Media
    8. Computing Environment

Security Officer and Reporting

  • Each office head must appoint a Security Officer.
  • Security Officer enforces security policies and reports violations to ACIR of IPQS.
  • Upon report, ACIR of IPQS demands written explanation, then summons Security and Access Committee (SAC) to assess violation gravity and recommend penalties.

Role and Procedures of the Security and Access Committee (SAC)

  • Classify violations based on offense nature.
  • Determine seriousness and recommend appropriate sanctions.
  • Follow Executive Order No. 292 provisions including:
    • Only one penalty per administrative case.
    • Consider mitigating/aggravating circumstances; IT personnel status is an aggravating factor.
    • If multiple charges exist, sanction corresponds to the gravest charge.
    • Repeat offenses need not be identical but within the same classification.
  • SAC decisions escalate to ACIR of Internal Affairs Service for action.

Classification of Offenses and Corresponding Penalties

  • Infractions divided into Grave, Less Grave, and Light offenses with penalties under EO 292.

Grave Offenses

  • Examples include gross neglect of duty, grave misconduct (e.g., unauthorized software installation, unauthorized access to data/systems), falsification, corruption-related acts.
  • Penalties escalate from dismissal (usually at first offense).

Less Grave Offenses

  • Examples: Simple misconduct, e.g., unauthorized access to communication lines or spreading false information.
  • Penalties: suspension to dismissal for repeated offenses.

Light Offenses

  • Examples: Violation of reasonable rules (e.g., mis-labeling tapes, introducing viruses, unauthorized access to technical manuals).
  • Penalties: Written reprimand, suspension, then dismissal for repeated offenses.

Effectivity

  • The Order became effective immediately upon issuance.
  • Applies universally to all security violations within the Bureau's technical computing environment.

Analyze Cases Smarter, Faster
Jur is a legal research platform serving the Philippines with case digests and jurisprudence resources.

About Privacy Terms