Begin Main Content Area

IT Policies and Procedures

L&I Enterprise Standards
L&I, OIT Policy Definitions
Administration | Application | Network | Platform | Security | System Management

Administration

Policy
Number
Name Current
Version
ADM-001 OIT Policy and Procedure Development, Review, and Approval (HTML/PDF)
OIT Policy and Procedure Development, Review, and Approval Procedure (HTML/PDF)
March 2017
ADM-002 ITIL Compliance (HTML/PDF) February 2017

Application

Policy
Number
Name Current
Version
APP-000
System Development Life Cycle (HTML/PDF)
April 2017
APP-001
Release of Protected Data (HTML/PDF)
Requesting Release of Protected Data Procedure (HTML/PDF)
June 2017

Network

Policy
Number
Name Current
Version
NET-001 Mobile Device Usage (HTML/PDF) July 2017         

Platform

Policy
Number
Name Current
Version
PLT-001 Purchase, Deployment and Transport of IT Equipment (HTML/PDF)
Purchase, Deployment and Transport of IT Equipment Procedure (HTML/PDF)
May 2017
PLT-002 Disposition of IT Equipment and Electronic Waste Products (HTML/PDF)
Disposition of IT Equipment and Electronic Waste Products Procedure (HTML/PDF)
July 2017
July 2016
PLT-003 Computer Power Policy (HTML/PDF)
Restart Procedure (HTML/PDF)
June 2017
PLT-004 Inventory of Authorized & Unauthorized Hardware & Software (HTML/PDF) March 2017

Security

Policy
Number
Name Current
Version
SEC-000 Security Planning Policy (HTML/PDF)
System Security Plan (HTML/PDF)
June 2017
SEC-001 Personally Identifiable Information Storage and Transfer (HTML/PDF) July 2017
SEC-002 Annuitant Account Security (HTML/PDF)
Annuitant Account Procedure (HTML/PDF)
July 2017
SEC-003 Lost or Stolen IT Equipment (HTML/PDF)
Lost or Stolen IT Equipment Checklist and Questionnaire (Word/PDF)
August 2016
SEC-004 Computer and Information Security (HTML/PDF) June 2017
SEC-005 Identification and Authentication of Users on New L&I Computer Systems (HTML/PDF) July 2017
SEC-006 OIT Secured Area Access and Physical Security (HTML/PDF)
OIT Physical Security Access Request Procedure (HTML/PDF)
July 2017
SEC-007 Contractor Account Administration (HTML/PDF)
Contractor Account Administration Procedure (HTML/PDF)
June 2017
SEC-008 Security Incident Response Policy (HTML/PDF)
Security Breach Procedure (HTML/PDF)
Reporting Information Security Incidents Procedure (HTML/PDF)
Security Incident Reporting for Social Security Administration Procedure (HTML/PDF)
Security Incident Reporting for Internal Revenue Service Procedure (HTML/PDF)
December 2016




August 2018
SEC-009 Federal Tax Information Data Compliance Policy (HTML/PDF)
Federal Tax Information Fax Handling for UC Benefits Procedure (HTML/PDF)
Granting Contractors Access to Federal Tax Information (HTML/PDF)
September 2017
December 2016
August 2017
SEC-010 Access Control for Non-Commonwealth Users (HTML/PDF)
Access Control for Non-Commonwealth Users Procedures (HTML/PDF)
November 2016
SEC-011 Remote Access to the Commonwealth Network (HTML/PDF)
Remote Access to the Commonwealth Network Procedure (HTML/PDF)
June 2017
October 2016
SEC-012 Audit, Accountability, and Reporting Policy (HTML/PDF) December 2016
SEC-013 Access Management (HTML/PDF)
Account Revocation Procedure (HTML/PDF)
June 2017
SEC-014 Information Technology Equipment Restrictions (HTML/PDF) August 2017
SEC-015 Data Sanitization (HTML/PDF)
Data Sanitization of Workstations and Media Procedures (HTML/PDF)
Disposal of L&I-Owned & Leased Workstations Procedures (HTML/PDF)
September 2017

System Management

Policy
Number
Name Current
Version
SYM-001 Contingency Planning & Training Policy (HTML/PDF)
Contingency Planning & Training Procedure (HTML/PDF)
August 2017
December 2016
SYM-002 Configuration Management Policy (HTML/PDF) March 2017
SYM-003 Configuration Settings (HTML/PDF) March 2017
SYM-004 System Maintenance Policy (HTML/PDF)
Out of Band Patching Procedure (HTML/PDF)
Standard System Patching Procedure (HTML/PDF)
May 2017
SYM-005 Backup Policy (HTML/PDF) April 2017