DATE: June 22, 2021
TO: Board of Supervisors
SUBMITTED BY: Jean M. Rousseau, County Administrative Officer
SUBJECT: Revision of Administrative Policy No. 49 - Information Technology and Telecommunications Security Policy
RECOMMENDED ACTION(S):
TITLE
Approve revisions to Administrative Policy 49 - Information Technology and Telecommunications Security Policy.
REPORT
Administrative Policy No. 49 (AP 49) pertains to IT services and, where necessary, revisions are being recommending for your Board’s consideration. Approval of the recommended action will modernize the language in AP 49, last revised in November 2002, to reflect changes to security policies, standards and preferred practices. This item is countywide.
ALTERNATIVE ACTION(S):
Your Board could choose not to approve the proposed revisions; however, the policy would not be revised to reflect changes to ISD - IT security policies, standards and preferred practices. This item is countywide.
FISCAL IMPACT:
There is no fiscal impact associated with the recommended action.
DISCUSSION:
AP 49 was last updated in November 2002 and, with your Board’s approval, will be retitled the IT Security Policy. The recommended revisions reflect ISD - IT’s inclusion of telecommunications and cybersecurity in County operations. Specifically, the proposed changes:
• Modernize terminology;
• Affirm that technology-based security, privacy, and confidentiality are a responsibility of those employed and contracted by the County;
• Add cyber-security breach to list of disruptions;
• State that privacy and confidentiality include personal, health, and financial information of those with whom the County does business; and
• Remove of language better suited for the associated Management Directive.
The associated County Administrative Officer Management Directive No. 1300 is also being reviewed for revision.
ATTACHMENTS INCLUDED AND/OR ON FILE:
AP 49
AP 49 - Redline
CAO ANALYST:
Sonia M. De La Rosa