Information Technology Policy Manual FY22-23

8. Work against systems and applications must be documented in the Infor EAM system and communicated to appropriate stakeholders using the change management protocols. The change management process ensures that changes to systems and applications have detailed implementation, testing and fallback plans and that risk to production systems and application as a result of a change is evaluated to minimize the impact to users and residents. 9. Configuration standards including secure configuration must be defined and implemented for workstations, printers, windows servers, SQL databases, IIS servers and network devices to maintain consistency and protect systems and applications from unauthorized access and disclosure of confidential information. The Cyber Security Team must ensure the standards are readily available and are communicated to all teams. 10. Security patches and hot fixes must be deployed regularly to systems, applications and network devices. Security patches and hot fixes must first be adequately tested before deployed to production systems and applications. Patches that address critical vulnerabilities must be deployed in timely manner to effectively mitigate the risk to the City of Greensboro systems and information. 11. IT technology standards must be defined and communicated to all IT groups responsible for managing technologies and infrastructure. 12. The Leasing Database is used to manage and track hardware assets that have been installed. Monthly hardware reports for expiring leases are generated and provided to management for review. 13. Periodic checks of desktop software packages must be conducted to ensure that all installed software is officially licensed for the use. 14. On-Premise Systems and applications must be backed up in accordance to the below schedule. Backups must be stored at an off-site facility. Backup failures must be monitored and IT administrators immediately notified of any failure. a. File server backups are conducted in accordance to the following: • Backups are run every day of the week on every standalone server and retained for 30 days. • Using Netapp snapshot technology, a scheduled snapshot/backup of all file data residing on SAN/NAS systems are run every 1 hours and will be retained with 4 weekly, 7 daily and 8 hourly snapshots. • Using Netapp data mirror technology, all data residing on the Netapp Storage Systems are scheduled to replicate all LUNs data to a remote SAN/NAS system located at an off-site facility and retained forever or until the data is no longer needed. • SQL server backups are conducted in accordance to the following: o Full SQL database backups are run on each SQL server every day of the week and retained for 30 days.

o The SQL Transactional Logs backup jobs are run on each SQL server every 15 minutes of the day of the week and will be retained for the same duration of the full database backup.

21