Title
Information Technologies Department recommending the Board approve revisions to the adopted Board Policy A-17 - Data Center and Network Systems Physical Security.
FUNDING: N/A
Body
DISCUSSION / BACKGROUND
Information Technologies Department (IT) is recommending that the Board of Supervisors approve revisions to the previously adopted Board Policy A-17 - Data Center and Network Systems Physical Security, which identifies safeguards for the physical protection of our information system assets. The last update to Policy A-17 was in 2018. The proposed revisions include best practices to maintain the best physical security for the Data Center in accordance with Code of Federal Regulations, Title 45, Section 164.310 entitled Physical Safeguards, and with the National Institute of Standards and Technology (NIST) publication 800-53 for Security and Privacy Controls for Information Systems.
This comprehensive policy includes physical safeguards and identifies reasonable and enforceable standards for the physical protection, security, and availability of County data. Revisions include controls around the periodic training and testing of disaster recovery processes to ensure County readiness and documentation requirements for maintenance records.
ALTERNATIVES
The Board could request further edits to the A-17 Policy.
PRIOR BOARD ACTION
1/9/2018 Legistar item 17-1345 - Last approval of the A-17 Policy
OTHER DEPARTMENT / AGENCY INVOLVEMENT
All Departments had the opportunity to review the proposed changes.
CAO RECOMMENDATION / COMMENTS
Approve as recommended.
FINANCIAL IMPACT
There is no direct financial impact to updating this policy. Indirectly, the proposed policy should assist in minimizing the County’s liability.
CLERK OF THE BOARD FOLLOW UP ACTIONS
Update the Board Policy Manual with the revised A-17 policy document.
STRATEGIC PLAN COMPONENT
Good Governance
CONTACT
Tonya Digiorno
Director of Information Technologies