The purpose of this policy is to define the requirements for an enterprise and an Ohio Department of Administrative Services (DAS) information security and privacy incident response capability.