RCIT-01 Reeves County Cloud Usage Policy
|
Policy Title: |
RCIT Reeves County Cloud Usage Policy |
|||
|
Policy Number |
RCIT-01 |
Effective Date: |
09/01/2022 |
|
|
Purpose: |
Provide Guidelines About Cloud Usage |
|||
|
Regulation Reference |
|
Rev: 1.202204 |
||
RCIT Reeves County Cloud Usage Policy
Policy Statement:
This policy ensures that Protected Information and sensitive data are not inappropriately stored or shared through public cloud computing and file-sharing services. Cloud solutions, defined as servers or IT hosting not associated with the institution, are regulated to prevent risks such as loss of control, unauthorized disclosure, malware introduction, and legal exposure from unapproved software.
Guidelines:
A. Cloud Solution Approval:
- Users seeking third-party cloud solutions for institution business must submit a request to the IT Department, justifying the business need and case.
- Consideration factors:
- The specific business requirement necessitating a cloud solution.
- Rapid implementation needs.
- Realistic cost estimates, encompassing total lifecycle costs.
- Exploration of existing contracts and cloud solutions within the institution.
- Alignment with IT security, privacy impacts, records retention, and interoperability.
- Evaluation of training needs and the maturity of the considered solution.
B. Cloud Solution Use:
- Prior approval from the Reeves County Commissioners is mandatory for cloud solution use.
- Compliance with Reeves County policies, including Information Security Access and Protection, Information System Logging and Audit, Password Management, and Data Classification, among others, is required.
C. Policy Administration and Enforcement:
- Administered and implemented by the IT Department of the institution.
- Exception requests can be submitted through the Security Access Request (SAR) form on the institution's internal network.
- Questions related to this policy should be directed to IT Support Services.
Policy Compliance:
- The institution prioritizes the security of information and IT resources.
- Violations may lead to disciplinary actions, access restrictions, termination, and potential civil and criminal liability.
- Employment terms in this policy align with, but do not replace, amend, or supplement any terms or conditions of employment stated in any collective bargaining agreement between the institution and any union.