9-4 Information Technology Professionals Policy - Section VIII: Information Technology Resource Management Policy
Return to Information Technology Professionals Policy Table of Contents
What’s on this Page
Section VIII: Information Technology Resource Management Policy
Read next: Section IX: Network Management Policy
VIII. Information Technology Resource Management Policy
This Policy establishes the appropriate protection of Local Agency Information Technology (IT) resources.
- Inventory of IT Resources
Local Information Service Providers must maintain an inventory listing of significant Local Agency IT resources. Listing should include:
- Core attributes for each IT resource, including make/model/format, creation/manufacture date;
- IT resource unique identifier (e.g., serial number, asset number, service tag number, or Universal Product Code);
- Assigned owner; and
- Responsibility of IT Resources
IT resources must have owners assigned from within the Local Agency who are responsible for ensuring appropriate protection from unauthorized use, access, disclosure, modification, loss or deletion.
- Classification of IT Resources
IT resources must be classified and labeled based on the most restrictive classification of its individual data elements. For example, IT resources containing confidential data and restricted data must be classified as Confidential. IT resources containing Restricted data and Public data must be classified as Restricted.
- Return of IT Resources
Procedures must be established to ensure Local Agency IT resources are returned upon a User’s separation from County employment or change of work assignment.
- Secure Disposal or Re-Use of IT Resources
- To prevent the unauthorized disclosure of Local Agency data, Local Agency IT resources containing storage media must be checked to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal.
- All Local Agency IT resources must be sanitized according to classification of data, prior to sale, transfer or disposal.
- Local Agency IT resources containing confidential data must be obliterated and/or made indecipherable before disposal.
- If licensed software is present on any Local Agency IT resource being sold, transferred, or otherwise disposed of, the terms of any licensed software agreements must be followed.
- To verify Local Agency data is inaccessible, a sample of Local Agency IT resources must be tested.