9-2 Information Technology Use and Security Policy Manual - Purpose, Scope, Maintenance, Exceptions, Adverse Action
Return to IT Use and Security Policy Manual Table of Contents
Approved by: Board of Supervisors of the County of Sonoma (“County”), and the Boards of Directors of the Northern Sonoma County Air Pollution Control District, the Russian River County Sanitation District, Sonoma Valley County Sanitation District, Occidental County Sanitation District, South Park County Sanitation District, and the Board of Directors of the Sonoma County Agricultural Preservation and Open Space District (collectively referred to hereinafter as “Special Districts”), and the Sonoma County Water Agency (“Agency”), and the Board of Commissioners of the Sonoma County Community Development Commission (“Commission”). The County, Special Districts, Agency and Commission are collectively referred to herein as “Local Agencies” or singularly as “Local Agency.”
Read next: I. Introduction
What's on this Page
Purpose
This Policy manual provides directives to all users on the general use and protection of Local Agency IT resources and data.
Scope
This Policy manual applies to all Local Agencies. Where a conflict exists between this Policy manual and a Local Agency’s policy, the more restrictive policy will take precedence.
Maintenance
This Policy manual is subject to a policy review at least annually by the Information Security Steering Committee.
Exceptions
Requests for exceptions to this Policy manual must be reviewed by the Information Security Steering Committee (ISSC) and approved by the Chief Information Security Officer (CISO) or Designee. Local Agencies requesting exceptions must provide such requests to the ISSC. The request should specifically state the scope of the exception along with justification for granting the exception, the potential impact or risk attendant upon granting the exception, risk mitigation measures to be undertaken by the Local Agency, initiatives, actions and a time frame for achieving the minimum compliance level with the policies set forth herein. The ISSC will review such requests, confer with the requesting Local Agency and forward to the CISO along with a recommendation for action.
Adverse Action
Failure to comply with this Policy manual may result in disciplinary action up to, and including termination, in accordance with County Civil Service Rules, or a Local Agencies’ separate and distinct disciplinary rules and procedures.