RCIT-07 Implementation and Technology Approval

RCIT POLICY FOR Reeves County IT Department

Policy Statement:

This policy outlines the governance and procedures related to information technology (IT) solutions within Reeves County IT Department. Recognizing the critical role of IT in the success of the institution, this policy underscores the commitment to ensuring effective, efficient, and economical support and development of the IT environment in alignment with Reeves County IT Department's mission.

Guidelines:

A. Scope:

This policy covers projects involving any IT Resources managed by Reeves County IT Department, including but not limited to:

- Hardware

- Software

- Network connections

- Cloud-based services

- IT staff time for project activities

- IT staff time for ongoing project-related support activities

- Changes to Reeves County IT Department's IT infrastructure

- Collection or protection of Protected Information (e.g., Personally Identifiable Information, Protected Health Information)

- Third parties requiring access to IT Resources

B. Purchases:

All technology purchases must be approved by the office of the Chief Information Officer (CIO) and comply with standards set forth by the CIO's office and defined within Reeves County IT Department policies. Exceptions require approval by the CIO via email or helpdesk ticket before purchase. Monthly reviews of technology-related purchases will be conducted by the CIO's office.

C. Proposals:

IT project proposals must be assessed and approved by the Reeves County IT Department IT Department, with final approval from the CIO. Departments initiating IT projects should collaborate with the IT Department to ensure appropriate analysis, classification, approval, and documentation steps are undertaken. A designated individual from the CIO's office must be involved in all project phases.

Departments seeking approval should compile information, including:

- Project Title

- Executive Sponsor

- List of major stakeholders

- Business Case with synopsis, cost analysis, and project schedule

D. Approval and Implementation:

Approval for IT projects follows a 2-Tier approach:

- Business Case approval by Portfolio Management Team (Tier-1)

- Further review and approval by the Executive Steering Committee (Tier-2)

The Project Management Office will track approved IT projects and issue monthly status reports. Any modifications to IT infrastructure/software must undergo a Change Control review process. An annual audit report is required for SaaS, PaaS, IaaS, and DaaS solutions.

All procured software must be supported by the vendor or appropriately secured. RCIT-developed software must use up-to-date third-party software/tools.

Third-party providers accessing or hosting Reeves County IT Department data must, depending on data classification:

- Sign a Business Associate Agreement (if PHI is involved)

- Sign a Non-Disclosure Agreement

- Provide proof of cybersecurity insurance

E. Policy Administration and Enforcement:

The IT Department administers and implements this policy. Exceptions may be requested through the RCIT Help Desk procedure on Reeves County IT Department's network. Questions should be directed to IT Support Services.

Violations of this policy may result in disciplinary actions, including access restrictions, termination, and potential legal consequences. This policy works in conjunction with and does not replace or amend, any terms or conditions in collective bargaining agreements.

Reeves County IT Department prioritizes information security and takes violations seriously to safeguard IT Resources.