Breadcrumb

Policies

Policy Approach

DoIT operates within a policy framework that establishes guidelines and operational requirements.   Services and products are provided and supported while adhering to standards that facilitate risk awareness, a security based focus and operational consistency while leveraging a wide range of information technology resources. 

The IT Policies included herein document a best practice based approach to conducting the business of state government that relies on information technology based resources in supporting and promoting the missions of various agencies and associated activities related to an effective state government operation. 

DoIT intends to follow, and expects its customers and partners who utilize DoIT provided solutions and associated resources to also adhere to, the policies that support our collective missions in a consistent and secure manner.

DoIT Website Privacy Information

Access to the Department of Innovation & Technology website is provided subject to the terms and conditions found on the Illinois Privacy Information page. Please read these terms carefully as use of this site constitutes acceptance of  these terms.

Enterprise Information Security Policies

NameEffective DateRevised Date
Acceptable Use Policy
​11.15.2018​03.22.2022
​Access Control Policy
​11.29.201810.01.2021
Accountability, Audit, and Risk Management Privacy Policy10.08.201810.01.2021
Audit and Accountability Policy
​10.08.201810.01.2021
​Awareness and Training Policy
10.08.2018​​10.01.2021
​CJIS Security Supplemental Policy
​10.08.2018​10.01.2021
​Configuration Management Policy
​11.05.2018​10.01.2021
Contingency Planning Policy
​10.08.2018​10.01.2021
Data Minimization and Retention Privacy Policy​​10.08.2018​10.01.2021
​​Data Quality and Integrity Privacy Policy​10.08.2018​​10.01.2021
FTI Supplemental Policy
​10.08.2018​10.01.2021
Identification and Authentication Policy
​10.08.2018​10.01.2021
​Individual Participation and Redress Privacy Policy​10.08.2018​10.01.2021
Information Security Incident Management Policy
​10.08.2018​10.01.2021
​Media Protection Policy
10.08.2018​​10.01.2021
Overarching Enterprise Information Security Policy
​11.29.2018​03.22.2022
​PCI Data Security Policy
​10.08.2018​10.01.2021
​Personnel Security Policy
​12.10.2018​10.01.2021
PHI Supplemental
​11.05.2018​10.01.2021
Physical and Environmental Protection Policy
​10.08.2018​10.01.2021
Privacy Security Policy
​11.05.2018​10.01.2021
Program Management Policy
10.08.2018​​10.01.2021
​Risk Assessment Policy
​10.08.2018​10.01.2021
Security Assessment and Authorization Policy
​10.08.2018​10.01.2021
Security Planning Policy
​10.08.2018​10.01.2021
​System and Communication Protection Policy
​10.08.2018​10.01.2021
System and Information Integrity Policy
​10.08.2018​10.01.2021
System and Services Acquisition Policy
​10.08.2018​10.01.2021
System Maintenance Policy 
​10.08.2018​10.01.2021
Transparency, Authority, and Purpose Privacy Policy
​10.08.2018​10.01.2021
Use Limitation Privacy Policy​
​10.08.2018​10.01.2021

Supporting Definitions

Name
Effective DateRevised Date
​DoIT Enterprise Information Security Policy Terminology Glossary​10.24.2018
DoIT Terminology Glossary 11.01.2008 10.27.2016 

General Policies

NameEffective DateRevised Date
Identity Protection Policy06.01.2011​​11.19.2019

Mobile Device Security Policy        

       BYOD Mobile Device Video:  http://multimedia.illinois.gov/cms/cms-BYOD.html

09.08.2015 
02.04.2022
Wireless Communication Device Policy
12.15.2008 02.04.2022