Security Policies, Standards and Procedures 

Security Standard Procedures Manual, (COT-067), as developed by and is maintained by Kentucky’s Commonwealth Office of Technology (COT). It is a customized and comprehensive document which contains IT security procedures that are to be reviewed and practiced by all COT employees, contractors and managed agencies. This manual provides guidance regarding security policies as they relate to Commonwealth of Kentucky’s goals, principles, ethics, and responsibilities and identifies the specific procedures that employees must follow to comply with the COT security objectives.


Enterprise IT Policies articulate the rules and policies of state government regarding information technology. Many of the enterprise policies are directly related to security issues or concerns. These policies determine the type of IT activities that are approved and required for both agencies and employees. The Enterprise Architecture framework is constructed of several interrelated components, including policies that support the business process and functions. COT administers the Enterprise Policy development, review and approval process. Enterprise IT policies are presented to the Commonwealth Technology Council for compliance by all appropriate agencies.

Specific Enterprise IT Policies relating to Security are listed below:


Security Domain of the Enterprise Architecture and Standards documents the enterprise standards that pertain specifically to IT security. The entire Enterprise Architecture and Standards process and comprehensive list of all enterprise standards can be found here.

This page was last modified 7/22/2014 2:20 PM 
Security Policies Procedures Standards image