CIO-051 Information Technology Standards Policy

Office of the Chief Information Officer Enterprise Policy

CIO-051: Information Technology Standards Policy

Effective Date: 12/23/2015
Revision Date: 01/23/2017

Policy Statement: The purpose of this policy is to establish the policy for the development and maintenance of Kentucky Information Technology Standards (KITS).  The Information Technology Standards Committee (ITSC) is the designated body responsible for the development of Kentucky Information Technology Standards (KITS) for on-premise products.  The CIO provides a comparable path for development and maintenance of standards for off-premise products/solutions.   These standards are in place to protect the data provided to the executive branch agencies within the Commonwealth of Kentucky and the infrastructure on which that data is shared.
Policy Maintenance: The Office of Enterprise Technology, Division of Enterprise Architecture shall be responsible for the maintenance of this policy. Agencies may choose to apply more restrictive internal policies as appropriate and necessary. Therefore, staff members are to refer to their agency's related policy which may contain additional information or clarification of this enterprise policy.
Authority: KRS 42.726 authorizes the Commonwealth Office of Technology (COT) to develop policies that support and promote the effective application of information technology within the executive branch of state government, as well as information technology directions, standards, and necessary management processes to assure full compliance with those policies.
Applicability: This policy is to be adhered to by all staff, including employees, contractors, consultants, temporaries, volunteers, vendors and other workers within the executive branch.
Responsibility for Compliance: Each agency shall be responsible for assuring appropriate staff members within their organizational authority are aware of the provisions of this policy, and that compliance by staff members is expected. It shall be each Executive Cabinets responsibility to enforce this policy. Agencies may develop and enforce additional more restrictive procedures; however, the minimum standards identified by this policy are required.
Agencies may incur additional shared service charges for support efforts and costs associated with non-compliance of approved IT standards.
Review Cycle: This policy will be reviewed at least every two years.
Definitions:
  • Information Technology Standards Committee (ITSC): The mission of the ITSC is to govern information technology standards for the executive branch of Kentucky State Government.
  • Kentucky Information Technology Standards (KITS): The KITS is comprised of formalized IT standards covering the broad spectrum of technology environments to include software, hardware, networks, applications, data, security, access, communications, project management and other relevant architecture disciplines.
Policy: In support of Executive Order 2012-880, the Commonwealth's CIO redefined the existing Enterprise Architecture and Standards Committee (EASC) into the Information Technology Standards Committee (ITSC). The ITSC reports operationally and administratively to the CIO through the Chief Architect. The mission of the ITSC is to support governance of information technology standards for the executive branch of Kentucky State Government. ITSC membership includes representatives from executive branch agencies in addition to the Commonwealth Office of Technology (COT). The ITSC advises and consults with the Technology Advisory Council (TAC) on an as-needed basis.  Only IT products listed within KITS are approved for installation and use within the executive branch of Kentucky State Government.
Agencies requesting the purchase and/or the use of products and services outside the parameters of KITS must, regardless of cost, develop a business case supporting their request for an exception or modification to existing standards or the addition of a new standard. All requests must be routed through the agency's highest ranking IT officer prior to being submitted and processed through the ITSC.
A parallel process to support the governance of off-premise solutions is administered by the Division of Enterprise Architecture through a cloud/vendor hosted stage gate process.  This process administers a dialogue with the requesting agency, the Chief Information Security Office, the Division of Enterprise Architecture and other COT staff as necessary, to provide a basis for CIO approval (and inclusion within KITS) for the use of off-premise solutions.
Visit the COT - Exceptions, Modifications and Additions to Kentucky Information Technology Standards web page for details related to the submission of these requests.
 
 
This page was last modified 8/30/2017 10:17 AM
​​​

Return to CIO Policies Home Page.

 

 

 

 

 

  

References:

 

 

 

 

 


 

​​ ​​​​​