Policies

Policy Approach

DoIT operates within a policy framework that establishes guidelines and operational requirements.   Services and products are provided and supported while adhering to standards that facilitate risk awareness, a security based focus and operational consistency while leveraging a wide range of information technology resources. 

The IT Policies included herein document a best practice based approach to conducting the business of state government that relies on information technology based resources in supporting and promoting the missions of various agencies and associated activities related to an effective state government operation. 

DoIT intends to follow, and expects its customers and partners who utilize DoIT provided solutions and associated resources to also adhere to, the policies that support our collective missions in a consistent and secure manner.

DoIT Website Privacy Information

Access to the Department of Innovation & Technology website is provided subject to the terms and conditions found on the Illinois Privacy Information page. Please read these terms carefully as use of this site constitutes acceptance of  these terms.

Enterprise Information Security Policies

Name	Effective Date	Revised Date
​Acceptable Use Policy	​11.15.2018	​11.19.2019
​Access Control Policy	​11.29.2018	​
​Accountability, Audit, and Risk Management Privacy Policy	10.08.2018	​
​Audit and Accountability Policy	​10.08.2018	​
​Awareness and Training Policy	10.08.2018​	​
​CJIS Security Supplemental Policy	​10.08.2018	​
​Configuration Management Policy	​11.05.2018	​
​Contingency Planning Policy	​10.08.2018	​
​​Data Minimization and Retention Privacy Policy	​​10.08.2018	​
​​Data Quality and Integrity Privacy Policy	​10.08.2018​	​
​FTI Supplemental Policy	​10.08.2018	​11.19.2019
​Identification and Authentication Policy	​10.08.2018	​11.19.2019
​Individual Participation and Redress Privacy Policy	​10.08.2018	​
​Information Security Incident Management Policy	​10.08.2018	​
​Media Protection Policy	10.08.2018​	​
​Overarching Enterprise Information Security Policy	​11.29.2018	​12.26.2019
​PCI Data Security Policy	​10.08.2018	​
​Personnel Security Policy	​12.10.2018	​
​PHI Supplemental	​11.05.2018	​11.19.2019
​Physical and Environmental Protection Policy	​10.08.2018	​
​Privacy Security Policy	​11.05.2018	​
​Program Management Policy	10.08.2018​	​
​Risk Assessment Policy	​10.08.2018	​
​Security Assessment and Authorization Policy	​10.08.2018	​
​Security Planning Policy	​10.08.2018	​
​System and Communication Protection Policy	​10.08.2018	​
​System and Information Integrity Policy	​10.08.2018	​
​System and Services Acquisition Policy	​10.08.2018	​
​System Maintenance Policy	​10.08.2018	​
​Transparency, Authority, and Purpose Privacy Policy	​10.08.2018	​
Use Limitation Privacy Policy​	​10.08.2018	​

Supporting Definitions

Name	Effective Date	Revised Date
​DoIT Enterprise Information Security Policy Terminology Glossary	​10.24.2018	​
DoIT Terminology Glossary	11.01.2008	10.27.2016

General Policies

Name	Effective Date	Revised Date
​Identity Protection Policy	06.01.2011​	​11.19.2019
Mobile Device Security Policy                BYOD Mobile Device Video:  http://multimedia.illinois.gov/cms/cms-BYOD.html	09.08.2015	11.10.2016
Wireless Communication Device Policy	12.15.2008	01.01.2010