Data Security

Charlie Haase, Chief Information Officer, Information Services and Technology

Security at the Forefront - IST will ensure County data is secure and protected; ensure all County applications conform to security best practices; expand and mature our disaster recovery capabilities.

Strategy 1: Secure and protect County data across all platforms.

Action

Every five years complete a HIPAA Security Assessment working with all of the HIPAA covered departments to address findings.

Metrics

The first HIPAA Security Assessment is completed within the next year.

Action

Every three years complete a comprehensive security assessment.

Metrics

The first comprehensive security assessment is completed within the next two years.

Action

Implement a Bring Your Own Device policy and implement mobile device management software to support the increasing number of devices used by County employees.

Metrics

Complete within the next two years.

Strategy 2: All County applications conform to security best practices.

Action

Assess the degree in which in-house and vendor-supported business software applications comply with countywide security standards and develop an action plan for bringing applications into compliance.

Metrics

Assessment is completed within the next 2 years.

Action

All IST software developers are trained in the use of secure coding techniques that align with our countywide security standards.

Metrics

  • Training begins within the next year.
  • All developers are trained within the next three years.

Strategy 3: Expand and mature Disaster Recovery capabilities.

Action

In collaboration with our County stakeholders, conduct a minimum of one mock disaster tabletop exercise per year.

Metrics

First tabletop exercise completed within the first two years.

Action

Complete recovery testing for all critical business software applications and produce a detailed report documenting the results.

Metrics

Four systems tests completed within the next two years.

Action

Implement an emergency/incident policy that outlines the procedures for notification, communication and management of emergency incidents having to do with outages that impact the ability of County departments to conduct their normal work.

Metrics

Policy implemented within the next two years.