Iowa Code r. 129-8.4 - Information technology governance requirements
(1)
Proposing information technology governance requirements.
Anyone may recommend the development or adoption of an information technology
governance requirement to the CIO or office or advisory committee created and
designated by the CIO for such purpose.
(2)
Development of information
technology governance requirements. Where the CIO, office, or advisory
committee created and designated by the CIO for such purpose is of the opinion
that a proposed information technology governance requirement has merit, the
CIO, office, or advisory committee created and designated by the CIO for such
purpose may work with the individual proposing the information technology
governance requirement to develop the requirement. In developing information
technology standards, the CIO, office, or advisory committee created and
designated by the CIO for such purpose may consider, by way of example only:
a. Whether and how such requirement furthers
the objectives of the enterprise;
b. Current industry standards or best
practices;
c. Whether and how the
requirement would help avoid the duplication of services, resources, or
support;
d. Whether and how the
requirement would further the state's information technology strategic plan,
enterprise architecture, security plans, or any other information technology
governance requirements;
e. Whether
and how the requirement would affect expenditures across the
enterprise;
f. Existing technology
deployments;
g. The impact on state
resources;
h. Acquisition,
development and deployment time frames associated with implementing the
requirement.
(3)
Types of information technology governance requirements.
Information technology governance requirements may include any of the
following:
a. "Policy(ies)" means a high-level
statement of intent applicable to the acquisition, utilization, or provision of
information technology designed to facilitate an enterprisewide goal or
objective.
b. "Standard(s)" means a
specific, minimum requirement(s) applicable to the acquisition, utilization, or
provision of information technology, typically designed to facilitate the
uniform application or implementation of one or more policies. Standards may
set forth required or prohibited technical approaches, solutions,
methodologies, products or protocols which must be adhered to in the design,
development, implementation, or upgrade of systems architecture, including
hardware, software and services. Standards are intended to establish uniformity
in common technology infrastructures, applications, processes or data, and may
define or limit the tools, proprietary product offerings or technical solutions
which may be used, developed or deployed by participating agencies.
c. "Process(es)" means a high-level overview
of required tasks, approvals, procedures, or other processes, typically
designed to operationalize one or more policies or standards in a manner that
leads to consistent results.
d.
"Procedure(s)" means an in-depth set of instructions for the completion of a
specific process, task, or action, typically designed to operationalize one or
more processes or standards in a manner that leads to consistent
results.
e. "Guideline(s)" or "best
practices" means a recommended policy, process, task, or action related to the
acquisition, utilization, or provision of information technology, typically
designed to support related policies or standards. Guidelines or best practices
are not required but are intended to aid participating agencies in assessing
risks associated with technology decisions, facilitate knowledge transfer, and
communicate lessons learned from past experience.
(4)
Goals for information technology
governance requirements. The underlying purpose of information
technology governance requirements is, by way of example only:
a. To promote collaboration and consistency
in the automation of systems;
b. To
eliminate duplicative development efforts and promote efficiencies for improved
services to citizens and businesses;
c. To ensure continuity of ongoing state
operations;
d. To ensure system
security and the confidentiality, integrity, and availability of confidential
or sensitive information stored or processed by state information
systems;
e. To promote
administrative efficiencies relating to development and maintenance of systems;
and
f. To enable the state to
realize its full purchasing power from the use of a statewide, enterprise
approach to the selection of technology solutions.
(5)
Adopting of information
technology governance requirements and taking effect.
a. Following the development of a proposed
information technology governance requirement, the CIO may adopt the
information technology governance requirement. The CIO shall solicit
stakeholder input and feedback, including feedback from participating agencies
to which the information technology governance requirement would apply, prior
to adopting an information technology governance requirement.
b. The effective date of an information
technology governance requirement shall be as stated in the applicable
information technology governance document.
c. Upon taking effect, an information
technology governance requirement shall apply to all participating
agencies.
d. Participating agencies
may request additional time to comply with information technology governance
requirements. Such requests shall be considered a request for temporary waiver
and must be submitted in accordance with rule 129-8.6 (8B).
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.