Information Technology Policy Manual FY22-23

ROLES AND RESPONSIBILITIES

Function

Responsibility

Chief Information Officer

Provide recommendations regarding IT operations processes and procedures

Cyber Security Division

Conduct internal audits and compliance reviews of systems and applications to ensure compliance to IT Operations Policy

IT Functional Teams

Follow IT Operations Policy to manage systems and applications

POLICY

1. Systems and applications must reside on redundant hardware configurations to provide faster recovery in the event of device failure. Processes and procedures must be defined to provide faster recovery of systems and applications in the event of a hardware failure. 2. On-Premise Systems and applications must be monitored for hardware failures and software availability. In the event of an outage, the appropriate IT administrators must be notified so that action is initiated to mitigate the outage. 3. To manage capacity, performance of major systems and applications must be monitored. If an environment exceeds predefined thresholds, IT administrators must be notified so that additional hardware resources are added to mitigate the performance issue. 4. Bandwidth utilization on network links must be continuously monitored. If bandwidth utilization exceeds predefined thresholds, network administrators must be notified to mitigate the issue. 5. Application level firewalls and intrusion prevention systems must be used to restrict access to City of Greensboro systems and applications and automatically block intrusions and cyber attacks. Cyber Security and Compliance Manager and network administrators must automatically be notified of potential intrusions so that additional measures can be taken to stop the attack and prevent further damage. 6. Infrastructure and security related incidents that impact systems and applications must be captured, documented and tracked using the incident category in the Infor EAM system. This helps ensure that corrective and preventative actions have been documented and implemented to mitigate the incident. 7. Infrastructure and technology components must be reviewed for continued viability. Vendor’s end of life/end of support notifications must be analyzed to determine the impact to the City of Greensboro as a result of end of life/end of support components and a plan must be defined to upgrade or retire the impacted component.

20