Policy Statement: The purpose of
this policy is to establish the policy for the development and maintenance of
Kentucky Information Technology Standards (KITS). The Information Technology Standards
Committee (ITSC) is the designated body responsible for the development of
Kentucky Information Technology Standards (KITS) for on-premise products. The CIO provides a comparable path for
development and maintenance of standards for off-premise products/solutions. These standards are in place to protect the
data provided to the executive branch agencies within the Commonwealth of
Kentucky and the infrastructure on which that data is shared.
Policy Maintenance: The Office of
Enterprise Technology, Division of Enterprise Architecture shall be responsible
for the maintenance of this policy. Agencies may choose to apply more
restrictive internal policies as appropriate and necessary. Therefore, staff
members are to refer to their agency's related policy which may contain
additional information or clarification of this enterprise policy.
Authority: KRS 42.726 authorizes the Commonwealth Office of Technology (COT) to develop
policies that support and promote the effective application of information
technology within the executive branch of state government, as well as
information technology directions, standards, and necessary management
processes to assure full compliance with those policies.
Applicability: This policy is to be
adhered to by all staff, including employees, contractors, consultants,
temporaries, volunteers, vendors and other workers within the executive branch.
Responsibility for Compliance: Each
agency shall be responsible for assuring appropriate staff members within their
organizational authority are aware of the provisions of this policy, and that
compliance by staff members is expected. It shall be each Executive Cabinets
responsibility to enforce this policy. Agencies may develop and enforce
additional more restrictive procedures; however, the minimum standards
identified by this policy are required.
Agencies may incur additional shared service charges for support
efforts and costs associated with non-compliance of approved IT standards.
Review Cycle: This policy will be
reviewed at least every two years.
Information Technology Standards Committee (ITSC): The mission of the ITSC is to govern information technology standards for the executive branch of Kentucky State Government.
Kentucky Information Technology Standards (KITS): The KITS is comprised of formalized IT standards covering the broad spectrum of technology environments to include software, hardware, networks, applications, data, security, access, communications, project management and other relevant architecture disciplines.
Policy: In support of Executive
Order 2012-880, the Commonwealth's CIO redefined the existing Enterprise
Architecture and Standards Committee (EASC) into the Information Technology
Standards Committee (ITSC). The ITSC reports operationally and administratively
to the CIO through the Chief Architect. The mission of the ITSC is to support
governance of information technology standards for the executive branch of
Kentucky State Government. ITSC membership includes representatives from
executive branch agencies in addition to the Commonwealth Office of Technology
(COT). The ITSC advises and consults with the Technology Advisory Council (TAC)
on an as-needed basis. Only IT
products listed within KITS are approved for installation and use within the
executive branch of Kentucky State Government.
Agencies requesting the purchase and/or the use of products and
services outside the parameters of KITS must, regardless of cost, develop a
business case supporting their request for an exception or modification to
existing standards or the addition of a new standard. All requests must be
routed through the agency's highest ranking IT officer prior to being submitted
and processed through the ITSC.
A parallel process to support the governance of off-premise
solutions is administered by the Division of Enterprise Architecture through a
cloud/vendor hosted stage gate process.
This process administers a dialogue with the requesting agency, the
Chief Information Security Office, the Division of Enterprise Architecture and
other COT staff as necessary, to provide a basis for CIO approval (and
inclusion within KITS) for the use of off-premise solutions.
Visit the COT - Exceptions, Modifications and
Additions to Kentucky Information Technology Standards web page for details
related to the submission of these requests.