9-2 Information Technology Use and Security Policy Manual - Chapter III: Information Technology and Security Governance Policy

Information Systems Department

Return to IT Use and Security Policy Manual Table of Contents

Approved by: Board of Supervisors of the County of Sonoma (“County”), and the Boards of Directors of the Northern Sonoma County Air Pollution Control District, the Russian River County Sanitation District, Sonoma Valley County Sanitation District, Occidental County Sanitation District, South Park County Sanitation District, and the Board of Directors of the Sonoma County Agricultural Preservation and Open Space District (collectively referred to hereinafter as “Special Districts”), and the Sonoma County Water Agency (“Agency”), and the Board of Commissioners of the Sonoma County Community Development Commission (“Commission”). The County, Special Districts, Agency and Commission are collectively referred to herein as “Local Agencies” or singularly as “Local Agency.”

This Policy serves as the governing policy for Information Technology and Security. Security measures for Local Agency IT resources and data must be implemented to provide:

Confidentiality – Ensures information is accessible to only those authorized to have access
Authentication – Establishes the identity of the sender and/or receiver of information.
Data Integrity - Ensures information is complete, accurate and protected against unauthorized modification.
Availability - Ensures information is accessible to authorized users when required.
Accountability - Ensures correct use and individual responsibility of Local Agency IT resources and data.
Auditing - Ensures the collection of data and processes to provide assurance of the effectiveness of controls.
Appropriate Use – Ensures Users conform to County rules, ordinances, policies, state and federal laws.