Policies

Policy Approach

DoIT operates within a policy framework that establishes guidelines and operational requirements. Services and products are provided and supported while adhering to standards that facilitate risk awareness, a security based focus and operational consistency while leveraging a wide range of information technology resources.

The IT Policies included herein document a best practice based approach to conducting the business of state government that relies on information technology based resources in supporting and promoting the missions of various agencies and associated activities related to an effective state government operation.

DoIT intends to follow, and expects its customers and partners who utilize DoIT provided solutions and associated resources to also adhere to, the policies that support our collective missions in a consistent and secure manner.

DoIT Website Privacy Information

Access to the Department of Innovation & Technology website is provided subject to the terms and conditions found on the Illinois Privacy Information page. Please read these terms carefully as use of this site constitutes acceptance of these terms.

Enterprise Information Security Policies

Name	Effective Date	Revised Date
Acceptable Use Policy	11.15.2018
Access Control Policy	11.29.2018
Audit and Accountability Policy	10.08.2018
Awareness and Training Policy	10.08.2018
CJIS Security Supplemental Policy	10.08.2018
Configuration Management Policy	11.05.2018
Contingency Planning Policy	10.08.2018
FTI Supplemental Policy	10.08.2018
Identification and Authentication Policy	10.08.2018
Information Security Incident Management Policy	10.08.2018
Media Protection Policy	10.08.2018
Overarching Enterprise Information Security Policy	11.29.2018
PCI Data Security Policy	10.08.2018
Personnel Security Policy	12.10.2018
PHI Supplemental	11.05.2018
Physical and Environmental Protection Policy	10.08.2018
Privacy Security Policy	11.05.2018
Program Management Policy	10.08.2018
Risk Assessment Policy	10.08.2018
Security Assessment and Authorization Policy	10.08.2018
Security Planning Policy	10.08.2018
System and Communication Protection Policy	10.08.2018
System and Information Integrity Policy	10.08.2018
System and Services Acquisition Policy	10.08.2018
System Maintenance Policy	10.08.2018
Accountability, Audit, and Risk Management Privacy Policy	10.08.2018
Data Minimization and Retention Privacy Policy	10.08.2018
Data Quality and Integrity Privacy Policy	10.08.2018
Individual Participation and Redress Privacy Policy	10.08.2018
Transparency, Authority, and Purpose Privacy Policy	10.08.2018
Use Limitation Privacy Policy	10.08.2018

Supporting Definitions

Name	Effective Date	Revised Date
DoIT Enterprise Information Security Policy Terminology Glossary	10.24.2018
DoIT Terminology Glossary	11.01.2008	10.27.2016

General Policies

Name	Effective Date	Revised Date
Backup Retention Policy	03.15.2011
Change Management Policy	12.15.2008	01.03.2012
Data Breach Notification Policy	12.01.2007	01.01.2010
Data Breach Support Document	08.31.2007
Data Classification and Protection Policy	12.15.2008	01.03.2012
Enterprise Desktop/Laptop Policy	12.15.2008	01.03.2012
ESI Retention Policy	02.15.2009
General Security for Statewide IT Resources Policy	12.15.2008	01.01.2010
General Security for Statewide Network Resources Policy	12.15.2008	01.01.2010
Identity Protection Policy	06.01.2011
IT Governance Policy	12.15.2008	01.03.2012
IT Resources Access Policy	12.01.2007
IT (Information Technology) Recovery Policy	10.01.2009
Laptop Data Encryption Policy	12.01.2007	01.01.2010
Mobile Device Security Policy BYOD Mobile Device Video: http://multimedia.illinois.gov/cms/cms-BYOD.html	09.08.2015	11.10.2016
Recovery Methodology	01.01.2010
Statewide CMS/BCCS Facility Access Policy	12.15.2008	01.01.2010
Wireless Communication Device Policy	12.15.2008	01.01.2010

Breadcrumb

Policy Approach

DoIT Website Privacy Information

Enterprise Information Security Policies

Supporting Definitions

General Policies