CIO-085 Authorized Agency Contacts

Office of the Chief Information Officer Enterprise Policy
 
CIO-085: Authorized Agency Contacts
Effective Date: 08/01/2005
Reviewed Date: 11/10/2016
Revision Date: 11/10/2016
 

Policy Statement: The intent of this policy is to ensure the establishment of a formal communications link between COT and the organizational entities that use COT services by condensing the existing agency contacts into five comprehensive lists for Agency Human Resources Contacts, Agency IT Services Contacts, Agency Compliance Contacts, Agency Security Contacts and Agency Management Contacts.

Policy Maintenance: The Commonwealth Office of Technology's Office of IT Service Management has the responsibility for the maintenance of this policy. Organizations may choose to add to this policy as appropriate, in order to enforce more restrictive standards. Therefore, staff members are to refer to their organization's internal policy, which may have additional information or clarification of this enterprise policy.

Authority: KRS 42.726 authorizes the Commonwealth Office of Technology (COT) to develop policies that support and promote the effective application of information technology within the executive branch of state government, as well as information technology directions, standards, and necessary management processes to assure full compliance with those policies.

Applicability: This policy is to be adhered to by all Executive Branch agencies and staff, including employees, contractors, consultants, temporaries, volunteers and other workers within state government.

Responsibility for Compliance: Each organization is responsible for ensuring that the provisions of this policy are followed, and that its staff members are aware of this policy.

Review Cycle: This policy will be reviewed at least every two years.

Definitions: 

Agency:  For purposes of this policy, an Agency is defined as follows:  within the Executive Branch, with the exception of the General Government Cabinet, "Agency" shall refer to the Cabinet as a  whole,  rather  than any distinct divisions within the cabinet.   Within the General Government Cabinet, the term " Agency " refers to each unique Board or constitutional office within the Cabinet.
 
Policy:  In keeping with COT’s renewed focus on customer service, the establishment of formal communication links between COT and the organizational entities that use COT services are essential to the success of both parties. These links will be established through a series of functional contact lists. Contacts provided to COT will have the authority to act on behalf of their Agency.  To protect both the Agency and COT from unauthorized service or procurement requests, COT will not be able to process requests that are not properly authorized and submitted.
 
Agency Human Resources Contact:
Each Agency will establish one or more Human Resources Contacts and provide a list of them to the Commonwealth Service Desk. These contacts will be approved to submit requests for the establishment, modification and deletion of end user identities and access, and must have spending authority for core, user-based services such as email, endpoint device support (i.e. desktop, laptop, tablet), VPN, etc. for personnel. These individuals should  understand  basic  identity  protection  and  privacy  practices,  and  be  knowledgeable regarding the processes for requesting services.
 
• Agency IT Services Contact:
Each Agency will establish one or more IT Services Contacts and provide a list of them to the Commonwealth Service Desk. These contacts will be approved to request all rated and non-rated services from COT (i.e. hardware, software, voice/data services, and disk space). These resources should have basic knowledge of COT rated services, and should be knowledgeable regarding the processes for requesting services. This role will also be responsible for distributing communications from COT, such as Agency Contact Memos or Awareness Notifications, to the appropriate authorities and/or affected parties within the organization.
 
• Agency Compliance Contact:
Each Agency will establish one or more Compliance Contacts and provide a list of them to the Commonwealth Service Desk. These contacts will be approved to serve as the central coordinator for the various business units within the Agency for matters of state, local, and/or federal regulatory compliance, such as audits.  This role will also be responsible for distributing communications pertaining to compliance to the appropriate authorities and/or affected parties within the organization.
 
• Agency Security Contact:
Each Agency will establish one or more Security Contacts and provide a list of them to the Commonwealth Service Desk.   These contacts will be approved to serve as the focal point for communications with the Office of the Chief Information Security Officer for security-related issues specifically affecting the organization, such as the protection of the organization’s data and computing resources. These individuals should be able to act and respond in a timely manner to any information received or requested, based on the Agency’s established policies and procedures. This role will also be responsible for distributing communications pertaining to security to the appropriate authorities and/or affected parties within the organization.
 
• Agency Management Contact:
Each Agency will establish a list of Management Contacts (Division Director or above) and provide a list of them to the Commonwealth Service Desk. These contacts will be authorized to submit and/or approve requests to the Commonwealth Service Desk in cases where the appointed contact(s) are unavailable. These resources will also be authorized to review and approve additions and/or changes to the Agency Contacts lists.
 

 

This page was last modified 9/28/2017 6:47 PM
 
Return to CIO Policies Home Page.
 
 
 
 
 
  
 
 
References: