- News
- Events
- Winter Storm Event 2023
-
- Deferred Compensation
- Employee Assistance Program
- eForms
- Email Services
- Benefits
- Employee Self Service
- Lactation Accommodation Request Form
- Dimensions System
- VHR Program
- Employee Safety and Health
- Staying Connected
- Kaiser Occ Health
- Flexible Spending Account
- Disaster Worker
- Trainings
- Drug-Free Workplace
-
- Preface
- 1-1 Advisory Bodies Roles and Relationships
- 1-2 Providing County Support of Grant Applications from Outside Agencies
- 2-1 Policy for Submitting Agenda Items
- 2-2 Departmental Representation at BOS Meetings
- 2-3 Policy for Board Chambers Security
- 3-1 Policy for Appropriation Transfers
- 3-2 Travel and Meal Reimbursements
- 3-3 Interdepartmental Billings for Services Policy
- 3-4 Policy for Memberships to Professional Associations & Organizations – Use of Public Funds
- 4-1 Performance Evaluations
- 4-2 Policy for Position Allocation List
- 4-3 Position Reclassifications
- 4-4 EEO Policy
- 4-5 Departmental/Internal Reorganizations
- 4-6 Policy for Hiring/Retaining Personnel Services in EMP or Ind. Contractor Status - See Civil Service Rules
- 4-7 Policy for Flexible Merit Increases
- 4-8 Advanced Salary Step Appointments
- 4-9 Policy for Relocation Incentives
- 4-10 Medical Leave Policy
- 4-11 Preemployment Preplacement Screening Policy
- 4-12 COVID-19 Vaccination and Testing Policy
- 4-13 Telework Policy
- 4-14 Lactation Policy
- 5-1 Vehicle Use
- 5-2 Policy for Capital Project and Asset Responsibility
- 5-3 Public Art Policy
- 6-1 Records Retention Storage Destruction Policy
- 6-2 Incompatible Activities Policy
- 6-3 TTrD Policy
- 6-4 Safety Management Policy
- 6-5 Identity Theft Prevention Program
- 7-1 Purchasing Policy
- 7-2 Real Property Acquisition and Management Policy
- 8-1 Investigations of Alleged Inappropriate Activities
- 8-2 Reasonable Suspicion Policy
- 8-3 Safety and Security for County Employees
- 8-4 Policy for Receipt and Distribution of Tickets or Passes
- 9-1 Official Use of Social Media Sites Policy
- 9-2 IT Use and Security Policy
- 9-3 Website Accessibility Policy
- 9-4 Information Technology Professionals Policy
- 9-5 Information Technology Governance Policy
- 9-6 Information Technology Artificial Intelligence (AI) Policy
- Employee & Volunteer Engagement & Recognition (EVER)
- Combined Fund Drive
- Website Accessibility Assistance
- Back to Administrative Policy Manual
9-2 Information Technology Use and Security Policy Manual - Appendix C: Security Policy/Standard Waiver
Return to IT Use and Security Policy Manual Table of Contents
Approved by: Board of Supervisors of the County of Sonoma (“County”), and the Boards of Directors of the Northern Sonoma County Air Pollution Control District, the Russian River County Sanitation District, Sonoma Valley County Sanitation District, Occidental County Sanitation District, South Park County Sanitation District, and the Board of Directors of the Sonoma County Agricultural Preservation and Open Space District (collectively referred to hereinafter as “Special Districts”), and the Sonoma County Water Agency (“Agency”), and the Board of Commissioners of the Sonoma County Community Development Commission (“Commission”). The County, Special Districts, Agency and Commission are collectively referred to herein as “Local Agencies” or singularly as “Local Agency.”
Read next: Glossary
Text of Waiver
Local Agency Name: [name]
Date: [date]
Phone Number: [phone number]
Email: [email]
County Policy/Standard: [standard to be waived]Exception Scope:
[Identify the scope of the exception being requested (i.e., for all systems/Users? One system/group of Users?):]Justification for Exception:
[Explain why compliance with this policy/standard is not possible due to technical limitations, conflict with business requirements, or other circumstances:]Exception Risk:
[Explain the potential impact or risk attendant upon granting the exception:]Compensating Controls:
[In the absence of the controls specified by this policy/standard, what compensating controls will be implemented?]Approval and Conditions:
I, hereby, acknowledge that I have reviewed the aforementioned request for a policy/standard waiver and certify that the compensating controls necessary to justify the policy/standard waiver are adequate.
Signatories:
[1]County Chief Information Security Officer or approved designee
Local Agency Department Head, General Manager or approved designeeUpon approval, scan and e-mail to issc@sonoma-county.org. The approver shall retain the original.
Please note: This waiver and it’s applicability must be reviewed at least annually by the requesting Local Agency. Waivers must be renewed every three years or when significant changes which affect the system categorization (e.g., Confidential, Restricted or Public), justification for noncompliance, and/or compensating controls are made.
[1]In most cases the Information Systems Director who serves as the Chief Information Security Officer will be the appropriate approver, unless otherwise noted in the individual policy or standard for which the waiver is submitted.
Download Security Policy/Standard Waiver
(PDF: 60 kb)