9-4 Information Technology Professionals Policy -Purpose, Scope, Maintenance, Exceptions and Amendments
Read next: Section I: Introduction
This Policy manual provides direction to all individuals responsible for the implementation, configuration, maintenance and support of Local Agency IT resources.
This Policy manual applies to all Local Agencies. Where conflict exists between this Policy manual, Local Agency’s policy, or state/federal regulations, the more restrictive policy will take precedence.
This Policy manual is subject to a policy review at least annually by the Information Security Steering Committee (ISSC).
Requests for exceptions to this Policy manual must be reviewed by the Information Security Steering Committee (ISSC) and approved by the Chief Information Security Officer (CISO) or Designee. Local Agencies requesting exceptions must provide such requests to the ISSC. The request should specifically state the scope of the exception along with justification for granting the exception, the potential impact or risk attendant upon granting the exception and risk mitigation measures to be undertaken by the Local Agency. The ISSC will review such requests, confer with the requesting Local Agency and forward to the CISO a recommendation for approval or denial. Appeals will be directed to the Board of Supervisors for resolution. All exceptions are reviewed annually by the ISSC.
Requests for amendments (i.e., changes, deletions, additions) to this Policy manual must be presented by the Department Information Security Representative to the Information Security Steering Committee (ISSC). If the ISSC agrees to the change, the Policy manual will be updated, reviewed and approved through the normal County approval process.