Skip to Content

9-4 Information Technology Professionals Policy - Section VIII: Information Technology Resource Management Policy

Information Systems Department

Return to Information Technology Professionals Policy Table of Contents

What’s on this Page

Section VIII: Information Technology Resource Management Policy

Read next: Section IX: Network Management Policy

VIII. Information Technology Resource Management Policy

This Policy establishes the appropriate protection of Local Agency Information Technology (IT) resources.

  1. Inventory of IT Resources
    Local Information Service Providers must maintain an inventory listing of significant Local Agency IT resources. Listing should include:
    1. Core attributes for each IT resource, including make/model/format, creation/manufacture date;
    2. IT resource unique identifier (e.g., serial number, asset number, service tag number, or Universal Product Code);
    3. Assigned owner; and
    4. Location.
  2. Responsibility of IT Resources
    IT resources must have owners assigned from within the Local Agency who are responsible for ensuring appropriate protection from unauthorized use, access, disclosure, modification, loss or deletion.
  3. Classification of IT Resources
    IT resources must be classified and labeled based on the most restrictive classification of its individual data elements. For example, IT resources containing confidential data and restricted data must be classified as Confidential. IT resources containing Restricted data and Public data must be classified as Restricted.
  4. Return of IT Resources
    Procedures must be established to ensure Local Agency IT resources are returned upon a User’s separation from County employment or change of work assignment.
  5. Secure Disposal or Re-Use of IT Resources
    1. To prevent the unauthorized disclosure of Local Agency data, Local Agency IT resources containing storage media must be checked to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal.
    2. All Local Agency IT resources must be sanitized according to classification of data, prior to sale, transfer or disposal.
    3. Local Agency IT resources containing confidential data must be obliterated and/or made indecipherable before disposal.
    4. If licensed software is present on any Local Agency IT resource being sold, transferred, or otherwise disposed of, the terms of any licensed software agreements must be followed.
    5. To verify Local Agency data is inaccessible, a sample of Local Agency IT resources must be tested.

Back to top