Information Technology Policies and Standards

Title
Information Technology Protection Policy
Type
Policy
Category
Security
Status
Approved
Approved
01/09/2013
Revised
12/20/2012
To Be Reviewed
01/09/2015
Scope
Applies to all City information technology assets.
Policy
Policy Definitions:
  • Confidentiality – Confidentiality refers to limiting information access and disclosure to authorized users -- "the right people" -- and preventing access by or disclosure to unauthorized ones -- "the wrong people."
  • Integrity - Integrity refers to the trustworthiness of information resources.
  • Availability - Availability refers to the availability of information resources. An information system that is not available when you need it is almost as bad as none at all.

Policy Provisions:
It is the policy of the City of Albuquerque to protect the Confidentiality, Integrity and Availability of data and, protect against disruption of the operation of its information technology assets and thereby help to protect the citizens, economy, essential human and government services, and public safety of the City.

Information must be protected according to its sensitivity, criticality and value, regardless of the media on which it is stored, the manual or automated systems that process it, or the methods by which it is distributed. Maintaining the computer patch management and operating system security updates on all networked resources to include personal computers, mobile devices, application servers, printing devices and networked devices are critical in the protection of the City resources.

To ensure that City business objectives are met and the confidence of our citizens, customers, taxpayers, ratepayers and bondholders is maintained, all employees have a responsibility to protect information from unauthorized access, modification, disclosure, and destruction, whether accidental or intentional.

Except as otherwise provided by City policy:
  • Protection of centrally-managed or "City-wide" information technology assets is the responsibility of the Chief Information Officer, Information Security Office or designee.
  • protection of information technology assets under the physical control of a Department is the responsibility of the Department Director;
  • Patch Management and Security Updates:
  • The City of Albuquerque ITSD shall maintain and manage all operating system patches and security updates on personal computers, application servers, printing and all network related devices. System operating patches and security updates shall be reviewed on a monthly basis. Implementation of system operating patches and security updates shall be performed on an “as needed” basis but no longer than quarterly. All changes shall be presented to the Change Advisory Board for review.
  • In all cases, protection shall be provided in compliance with all City information technology policies, standards, procedures and guidelines.
Rationale
Information technology protection requires continuous efforts to secure the information systems for critical infrastructure, including emergency preparedness communications, and physical assets that support such systems. Protection of these systems and the data which resides on systems is essential to consistent and effective service delivery.

Contact: Art Montoya, (505) 768-2925