Information Technology Policy Manual FY23-24

ROLES AND RESPONSIBILITIES

Function

Responsibility

Chief Information Officer

Provide recommendations regarding IT operations processes and procedures

Conduct internal audits and compliance reviews of systems and applications to ensure compliance to IT Operations Policy

Cyber Security Division

IT Functional Teams

Follow IT Operations Policy to manage systems and applications

POLICY

1. Systems and applications must reside on redundant hardware configurations to provide faster recovery in the event of device failure. Processes and procedures must be defined to provide faster recovery of systems and applications in the event of a hardware failure. 2. On-Premise Systems and applications must be monitored for hardware failures and software availability. In the event of an outage, the appropriate IT administrators must be notified so that action is initiated to mitigate the outage. 3. To manage capacity, performance of major systems and applications must be monitored. If an environment exceeds predefined thresholds, IT administrators must be notified so that additional hardware resources are added to mitigate the performance issue.

4. Bandwidth utilization on network links must be continuously monitored. If bandwidth utilization exceeds predefined thresholds, network administrators must be notified to mitigate the issue.

5. Application level firewalls and intrusion prevention systems must be used to restrict access to City of Greensboro systems and applications and automatically block intrusions and cyberattacks. Cyber Security and Compliance Manager and network administrators must automatically be notified of potential intrusions so that additional measures can be taken to stop the attack and prevent further damage.

6. Infrastructure and security related incidents that impact systems and applications must be captured, documented and tracked using the incident category in the Infor EAM system. This helps

2 0