New State IT Security Policy Issued
Issue Date: March 2007
Source: IGD, Statewide IT Policy
As state government moves toward greater interconnection of information technology systems, data classification becomes a critical practice, underpinning both how government protects sensitive information and how it ensures openness and transparency. In recognition of the importance of data classification to security, the Office of Information Technology recently published Ohio IT Policy ITP-B.11, “Data Classification.” The policy addresses all data that is generated, collected, stored, processed, transmitted and maintained by state computers and information technology networks. Ohio IT Policy ITP-B.11 completes a comprehensive series of 16 interrelated Ohio information technology security policies.
Ohio IT Policy ITP-B.11 provides a common, disciplined process statewide for agencies to identify what information needs to be protected and to what extent against unauthorized access by requiring state agencies to ensure that data and information assets are properly identified and classified according to their confidentiality and criticality. In general, the policy requires the following:
The policy was subject to a rigorous research, development and quality control process. The process involved the efforts of agency chief information officers, industry security experts, legal counsel and a 13-agency working group. State information technology policies may be obtained online at www.ohio.gov/itp.
Comments, questions or inquiries may be directed to:
Ohio Office of Information Technology Investment and Governance Division 30 E. Broad St., 39th Floor Columbus, Ohio 43215-3414
Telephone: (614) 644-9352 Facsimile: (614) 644-9152 |