ITS will maintain IT Policies Procedures and Standards | Lee's Summit IT Policies, Procedures and Standards

Policy Reference

Category	IT Management
Approval Date	01-29-2010
Scope	All Personnel

Purpose

The City and its operations are required to meet various regulations, laws, contractual obligations and other standards which demand adoption of formal employee policies for the use of IT related resources. ITS will be responsible for ensuring the IT components of those compliance requirements are addressed regularly.

Policy

Use of the City's computer resources is subject to all federal, state and local law.
Information Technology Services (ITS) will be responsible for identification, evaluation and implementation of IT related policy requirements as directed by applicable compliance requirements related to City operations.
ITS will review compliance requirements and associated policies on an annual basis; or as they are made aware of new compliance mandates.
City Management must inform ITS of IT compliance and governance topics as departments are made aware of them. Any related requirements which are applicable to the City Operations and Services they are responsible for should be provided to ITS as available. ITS will then evaluate potential compliance requirements and initiate any relevant changes to IT Polices and/or Procedures.
City staff may be asked to assist in the definition of appropriate polices and the evaluation of the impact of policy changes on City operations.
ITS will maintain proper documentation related to management of City IT Policies, including obtaining appropriate approval of key policies and procedures.
The City will maintain proper documentation for what is expected of the role of the Chief Security Officer. The Chief Technology Officer will be required to fulfill or delegate the functions required of the Chief Security Officer.
IT policies will be rolled out to all relevant staff and enforced, so they are built into and are an integral part of City operations.

Compliance

Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures 1.2, SAQ A, B, C and D.
SM3.5.6, CB2.1.2 The Standard of Good Practice for Information Security
The organization must ensure that a Chief Security Officer has been formally assigned. § 12.5, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 1.2
The organization must ensure security policies and procedures are developed and distributed throughout the organization. § 12.5.1, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 1.2