Body
Department of Information Technology
Reference: Adopt the Information Technology (IT) Policies version 5
To: Mayor Richard N. McLean and Members of City Council
Through: Manuel Esquibel, City Manager
Prepared By: Jeromy King
Date Prepared: 3-11-2015
PURPOSE
The purpose of this report is to request adoption of the Information Technology (IT) Policies version 5.
BACKGROUND
The most significant updates to the IT policies include: Updated policy to include PCI (Payment Card Industry) DSS 3.0 compliance and Incorporate CJIS (Criminal Justice Information Services) Security Policy. The Payment Card Industry (PCI) Data Security Standard (DSS) represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. PCI DSS was originally introduced in 2004 and applies to every organization that processes credit or debit card information, including merchants and third-party service providers that store, process or transmit credit card/debit card data. PCI DSS is gaining more attention recently as Visa and MasterCard are more aggressively enforcing the PCI standards. Criminal Justice Information Services (CJIS) Security policy premise is to protect the full life cycle of CJI (Criminal Justice Information). Since our Law enforcement and Courts handle CJI, CJIS security policy provides guidance for the creation, viewing, modification, transmission, dissemination, storage and destruction of CJI.
The Information Technology staff continues to review PCI DSS requirements. In 2014 PCI DSS updated their policy to Version 3.0 and CJIS updated their policy to Version 5.3. There is a need for continued policy development of the City's Information Policies to be in compliance. City staff has identified several areas that require improvement including infrastructure, information security, training and password management. The revised IT policies version 5 has been updated to be compliant with the PCI and CJIS s...
Click here for full text