Policies, Standards, and Procedures

Statewide IT Policies, Standards, and Procedures are based on Enterprise Architecture (EA) strategies and framework. The purpose of EA is to provide a comprehensive framework of business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology (IT) for the state agencies. More information about EA is available in P700 Enterprise Architecture Policy.

Management Practices

• P100 - Statewide Information Technology Policy
• P105 - Policies, Standards, and Procedures (PSP) Policy
• S105 - PSP Standard
• P105 - ASET PSP Procedures
• P136 - IT Planning Policy
• P140 Web Conferencing
• P150 Virtual Office Policy
• P335 - Project Management Certification Policy
• P340 - Project Investment Justification (PIJ) Policy
• S340 - Project Investment Justification (PIJ) Standard
• P340 - ASET PIJ Procedure
• S341 - Project Status Reporting (PIJ) Standard
• S342 - Request for Special Funding (PIJ Projects) Standard
• S343 - Project Oversight Standard

Web Services

• P125 - Web Portal Acceptable Use Policy
• P130 - Web Site Accessibility Policy
• P170 - Privacy Policy
• P252 - Intellectual Property Policy
• P350 - Web Related Development - Notice of Intent (NOI)
• P401 - Email Use Policy
• P501 - Internet Use Policy
• P505 - Social Networking Policy

IT Enterprise Architecture

• P700 - Enterprise Architecture Policy
• P710 - Network Architecture Policy
• S710 - Network Infrastructure Standard
• P720 - Platform Architecture Policy
• S720 - Platform Infrastructure Standard
• P730 - Software Architecture Policy
• S730 - Applications and Related Software Standards
• S731 - Software Productivity Tools Standard
• P740 - Data/Information Architecture Policy
• S740 - Data Modeling Standard
• S741 - Classification and Categorization of Data Standard
• S742 - Database Access Standard
• P750 - Service Oriented Architecture Policy

Security

• P800 - IT Security Policy
• S805 - IT Risk Management Standard
• S810 - Account Management Standard
• S815 - Configuration Management Standard
• S820 - Authentication and Directory Services Standard
• S825 - Session Controls Standard
• S830 - Network Security Standard
• S850 - Encryption Technologies Standard
• S860 - Virus and Malicious Code Protection Standard
• S865 - IT Disaster Recovery Planning (DRP) Standard
• S870 - Backups Standard
• S875 - Maintenance Standard
• S880 - Media Sanitizing/Disposal Standard
• S885 - IT Physical Security Standard
• S890 - Personnel Security Standard
• S895 - Security Training and Awareness Standard

Privacy

• P900 - Information Security Incident Management Policy
• E901 - Exhibit Data Classification Matrix
• E902 - Exhibit Executive Checklist
• E903 - Exhibit Glossary
• S905 - Incident Submission and Response Standard
• S910 - Data Breach Notification Standard