Countywide IT Governance Policies, Standards, and Guidelines
The purpose of the information technology governance process and OIRM countywide programs is to develop and promote standards, policies, guidelines and methodologies for privacy, security, project management, application development, wireless, messaging, remote access, outside contractors, and disaster recovery. The following definitions provide the distinction between policies, standards, methods and guidelines:
Policy: Set of countywide organizational rules and practices that regulate how an organization manages, protects and uses its information system assets and data. These are required and must be complied with. Any exceptions to these must be documented, reviewed and approved. Policies are reviewed periodically and revised based on business operation changes.
Standard: Rules indicating how and what kind of software, hardware, databases, and business processes must be implemented, used and maintained to meet policy objectives. Standards are required and must be complied with. Any exceptions to these must be documented, reviewed and approved. Standards are based in part on technology and as technology changes, standards may need to be updated.
Method: A means or manner of procedure that indicates a regular and systematic way of accomplishing a business process or procedure. Methods will be updated as business processes change.
Guideline: Recommended actions and/or industry best practices that should be used to guide King County practices by users, IT staff and others. Guidelines are not compulsory. Guidelines are based largely on the technologies used therefore guidelines may change frequently as technology changes.
Policy, Standard, Method, & Guideline Overview
IT Governance approved countywide IT policies, standards, methods and guidelines
Policies: Acceptable Use of IT Assets
| Acceptable Use of IT Assets Policy | ITG-P-08-02-01 | 5/25/11 |
| Acceptable Use of IT Assets Guidelines | ITG-G-08-01-01 | 12/15/08 |
| Employee and Third Party Policy for IT Security and Privacy Policy | ITG-P-08-03-01 | 12/15/08 |
| Acknowledgement of IT Security Responsibilities and Confidentiality Guidelines | ITG-G-08-02-01 | 12/15/08 |
| Acceptable Use FAQ Acceptable Use FAQ - updated Sept.,2011 |
12/15/08 |
| Enterprise Information Security Policy | ITG-P-05-03-02 | 09/09/09 |
| King County IT Business Continuity Policy | N/A | 01/25/05 |
| Password Management Policy | ITG-P-05-02-02 | 09/09/09 |
| Privacy Policy | ITG-P-05-04-01 | 06/09/10 |
| Privacy Notice - English Version | 06/09/10 | |
| Privacy Notice - Cambodian Translated Version | 10/30/07 | |
| Privacy Notice - Chinese Translated Version | 06/16/06 | |
| Privacy Notice - Japanese Translated Version | 10/30/07 | |
| Privacy Notice - Korean Translated Version | 10/30/07 | |
| Privacy Notice - Lao Translated Version | 10/30/07 | |
| Privacy Notice - Russian Translated Version | 10/30/07 | |
| Privacy Notice - Spanish Translated Version | 06/05/06 | |
| Privacy Notice - Tagalog Translated Version | 10/30/07 | |
| Privacy Notice - Vietnamese Translated Version | 10/30/07 |
| Network Administration Policy | ITG-P-07-05-01 | 10/3/07 |
| Vulnerability Assessment and Management Policy | ITG-P-06-04-01 | 11/1/07 |
| External Network and Systems Connectivity Policy | ITG-P-07-01-01 | 10/03/07 |
| Network Service and Performance Policy | ITG-P-07-02-02 | 06/17/09 |
Standards:(for internal KC use)
Methods:
Guidelines:
| Procedures for Managing a Security Breach Under the 'Personal Information - Notice of Security Breach' Law | 10/07 |
| Project Manager Guide to PRB Reviews |
01/16 |
| Project Review Board Governance Guide |
02/18 |
Contact information:
IT Services Manager: Zlata Kauzlaric, zlata.kauzlaric@kingcounty.gov