Information Technology Policies and Standards

Title
Employee IT Security Certification
Type
Policy
Category
Security
Status
Approved
Approved
07/13/2005
Revised
02/14/2007
To Be Reviewed
01/09/2015
Scope
Applies to all City employees who possess or apply for credentials (e.g., User ID and password) to access City information technology assets. For the purposes of this policy, elected officials (as established by the City Charter) are not employees and shall be exempt from its provisions.
Policy
  1. All City employees who are issued credentials to access City information technology assets shall complete an annual information technology security certification process.
  2. The Information Systems Division (ISD) shall develop the testing methods and subject areas for certification. It is contemplated that an employee should be able to complete the certification process at his or her regularly assigned computer workstation via the City's intranets in a reasonable amount of time.
  3. The subject areas for certification shall be published in a Standard.
  4. Testing methods shall be published in a Procedure.
  5. Each City employee who has already been issued access credentials as of the date of implementation of the certification standards and procedures outlined in this policy shall complete the certification process within one year of said implementation date, then annually within 30 days of the employee's anniversary date.
  6. Each City employee who applies for new or modified access credentials after the date of implementation of the standards and procedures outlined in this policy shall complete the certification process within 30 days of the date the request for access is made by the employee's Department, then annually within 30 days of the employee's anniversary date.
  7. An employee who fails to complete initial certification or subsequent annual renewal within the specified time period shall have their credentials to access City information technology assets revoked by the Chief Information Officer or his designee, in accordance with the City's Access Revocation Policy, until such time as the employee successfully completes the certification or renewal process.
Rationale
Ensures that every employee who uses City information technology assets is regularly informed of expectations concerning the safe and secure use of those assets.

Contact: Arthur C. Montoya, (505) 768-2925