IT Policies Manual FY 2024-2025

First page Table of contents Previous page 20 Next page Last page

Docusign Envelope ID: CE02E790-7159-459B-9F50-C807BADBC958

ROLES AND RESPONSIBILITIES

Function

Responsibility

Chief Information Officer

Provide recommendations regarding IT operations processes and procedures

Conduct internal audits and compliance reviews of systems and applications to ensure compliance to IT Operations Policy

Cyber Security Team

IT Functional Teams

Follow IT Operations Policy to manage systems and applications

POLICY

1. Systems and applications must reside on redundant hardware configurations to provide faster recovery in the event of device failure. Processes and procedures must be defined to provide faster recovery of systems and applications in the event of a hardware failure. 2. On-Premise Systems and applications must be monitored for hardware failures and software availability. In the event of an outage, the appropriate IT administrators must be notified so that action is initiated to mitigate the outage. 3. To manage capacity, performance of major systems and applications must be monitored. If an environment exceeds predefined thresholds, IT administrators must be notified so that additional hardware resources are added to mitigate the performance issue.

4. Bandwidth utilization on network links must be continuously monitored. If bandwidth utilization exceeds predefined thresholds, network administrators must be notified to mitigate the issue.

5. Application level firewalls and intrusion prevention systems must be used to restrict access to City of Greensboro systems and applications and automatically block intrusions and cyberattacks. Cyber Security Team Members and network administrators must automatically be notified of potential intrusions so that additional measures can be taken to stop the attack and prevent further damage.

6. Infrastructure and security related incidents that impact systems and applications must be captured, documented and tracked using Fresh Service. This helps ensure that corrective and preventative actions have been documented and implemented to mitigate the incident.

7. Infrastructure and technology components must be reviewed for continued viability. Vendor’s end of life/end of support notifications must be analyzed to determine the impact to the City of

20

Made with FlippingBook - Online catalogs