L&I, Office of Information Technology Policy ADM-001
||OIT Policy and Procedure Development, Review, and Approval
This policy provides requirements for the development, review, and approval of Department of Labor & Industry (L&I) Office of Information Technology (OIT) policies and procedures.
OOIT policies are statements issued by OIT management to define the organization’s mission, provide guidance, and detail actions. Each statement establishes boundaries for actions by L&I staff and may necessitate the creation of additional supporting policies or procedures to specify further direction. OIT procedures deconstruct OIT policies into specific workflows in order to establish methods for executing policy. Procedures assign responsibility and workflow, indicating what must be completed and how it should be accomplished.
This policy applies to all employees within all bureaus, divisions, boards, commissions, and councils within L&I. This includes any contracted employees in the service of L&I (hereinafter referred to collectively as “L&I Users”).
L&I OIT shall create and publish policies under the authority of the Chief Information Officer (CIO) that reflect the official position of OIT and L&I. L&I OIT division chiefs have the responsibility for creating and initiating changes in OIT policy and procedure. The L&I OIT, Enterprise Security and Compliance Section (ESC) shall serve as the policy administrator for OIT policies and will ensure OIT policies and procedures are initiated, refined, and approved for implementation.
All OIT policies shall be approved by the OIT division chiefs, bureau directors, and the CIO or the Deputy CIO (DCIO) (hereinafter referred to collectively as “OIT Management”), as well as Employee Relations (ER), the Office of Chief Counsel (OCC), and the Communications and Press Office (CPO). Additionally, policies initiated by L&I deputy secretaries or executive management shall be approved by the initiating Deputy Secretary or executive management.
OIT Management shall draft proposed policies and submit them to ESC with a statement describing the business need and impact, scope, and details of each proposed policy. ESC shall review and format any new or updated policy prior to it being submitted for review and approval. ESC shall allow five (5) business days for OIT Management to review and agree to a policy draft. Following OIT Management approval, ESC shall distribute the draft to OCC and ER for review and approval, allowing five (5) business days for response. Following approval by OCC and ER, ESC shall deliver the updated draft to CPO for a five (5) business day review.
All L&I OIT policies require written approval from the CIO or DCIO, OCC, ER, and CPO prior to publication.
L&I OIT shall document an outline of steps in separate procedure documents to comply with specific policies when deemed necessary by ESC. OIT procedures shall be referenced within OIT policies.
Any L&I User may initiate a procedure document. ESC and the L&I User who initiates the procedure shall identify the necessary review and approval for a procedure prior to publication. All OIT procedures require written approval from the initiator and CPO prior to publication.
All L&I OIT policies shall be compliant with documented IT Infrastructure Library (ITIL) and Information Technology Service Management (ITSM) processes.
All L&I OIT staff shall follow all implemented ITIL processes. Deviation from documented ITIL processes or OIT policies may result in disciplinary action up to and including termination of employment or contractor sanctions (including loss of e-mail, Internet, or computer access privileges).
All OIT policies shall be reviewed by ESC annually and shall be re-published at least every three (3) years.
- L&I user responsibilities:
- Comply with all L&I OIT policies and procedures;
- Work with OIT Management to submit policy suggestions; and
- Comply with all security policies, procedures, management directives, as well as state and federal laws.
- L&I management responsibilities:
- Comply with all L&I policies and procedures and ensure their employees comply with the policies and procedures; and
- Provide business need, impact, specifics and other information requested by OIT for the preparation of draft policies and detailed procedures.
7. Version Control
||Merged with A-100.1 and updated to new format
||Format and content update
||Update for ITIL Compliance and updated procedures