Information Resources Management Policies & Procedures
I. Purpose:
The purpose of this standards document is to define the standards and
procedures for the operation of automated information systems for the
State Attorney's Office (SAO). The document is
intended to be the guidelines and operational procedures for users, staff,
consultants, and vendors to follow in any actions related to Information
Systems.
II. Background:
The mission of Information Resources is to support the mission of the
Office of the State Attorney.
The SAO consists of approximately 308 workstations distributed over a
local and wide area network. The network is provided and maintained by
Palm Beach County Information System Services (ISS).
County Network Services Provide:
WAN Remote T1 and other remote connections.
10BaseT LAN connectivity and a 568a Standard
Remote Assess functionality
CICS Connectivity
County CIVIS & CJIS project management team provides a central point
of coordination for legal applications. The over-arching philosophy
adopted in 1997 was to connect different systems into an integrated
network to share information and reduce redundancy.
The SAO will adhere to the standards published by the County in
which we reside wherever possible. Copies of these
standards will be maintained in the systems documentation library.
The SAO is a State agency and will conform to policy and procedures
presented by the State Technology Office wherever possible. The SAO will conform to the
appropriate statutes governing information resources.
Senate Bill 940 eliminated the Information Resource Commission (IRC) and replaced it with the State Technology Office and the Technology
Task Force. “The head of each state agency is responsible and
accountable for information resource management (IRM) within the agency in
accordance with legislative intent and as defined in this chapter. The
agency head shall appoint or contract a Chief Information Officer (CIO).”
The CIO assists the agency head in carrying out the IRM responsibilities.
The CIO must have knowledge and experience in both management and
information technology resources. The Duties of the CIO include but are
not limited to:
- Coordinating and facilitating agency IRM projects and initiatives
- Preparing agency annual report (s.282.3063)
- Developing and implementing agency IRM policies, procedures, and
standards.
- Reviewing and approving of agency purchases of IT resources.
- Advising agency senior management on IRM needs for inclusion in
planning documents.
- Assisting in the development and prioritization of IRM schedule of
agencies LBR.
- Prepare and submit to State Technology Office the Agency Annual IRM
Report by November 1 of each year. (s.282.3063)
III. Definitions:
FDLE: Florida Department of Law Enforcement
CIO: Chief Information Officer: The CIO assists the agency head in
carrying out the IRM responsibilities
IR: SAO Information Resources
SAO-IP: SAO Information Platform are all the systems and the network
managed by IR.
SAO: State Attorney's Office.t
STO: Florida State Technology Office
Strategic Information: Information that would effect the critical
business functions of the SAO.
IV. Administration
A. The CIO is responsible for the strategic plan.
B. SAO Enterprise Architecture:
The architecture will conform to industry open system standards.
Information Resources will maintain current documentation on the
Architecture: following diagrams located in appendix A present the systems
architecture:
- Systems Architecture: This diagram presents a complete picture of the
entire SAO network.
- Server Architecture: This diagram presents a complete picture of the
applications located on each server.
- Business Process Diagram: This diagram documents the complete
business process flow. It shows the information and interrelationships
along with interfaces to outside organizations. This diagram and
documentation will be used for all business process applications
development.
- Communications Architecture: This diagram documents the various
requirements for inbound and outbound communications requirements. It
presents all information requirements.
- Applications Architecture: This diagram documents the various
software applications incorporated to deliver the information platform.
C. System Documentation Requirements:
- Copies of the application development code. The code and
documentation will be kept current by documenting all changes and
revisions. The changes and revisions will be documented by including
revision numbers in the code to be displayed during boot up and in the
physical documentation, as well as diagrams of the interrelationships of
the various applications modules, data definitions, and all metadata
specifications.
- Procedures for applications and systems maintenance will be
maintained in binders for easy access.
- Provide methods of audit and testing to ensure database integrity.
D. System Maintenance Procedures:
System maintenance documents will be implemented to ensure maintenance
on a daily, weekly and monthly/periodical basis. These documents will be
implemented on separate worksheets and will be available for all IR staff.
The forms will include dates and times activities are completed, and the
names of the persons conducting the activities. Completed forms will be
filed and maintained according to public records law.
- Daily To Do Maintenance Log: Will include all activities required to
be done on a daily basis
- Weekly Maintenance Log: Will include all activities required to be
done on a weekly basis.
- Monthly/Periodic Maintenance Log: Will include all activities
required to be done on a monthly/periodic basis.
E. Network Management:
(State your network technical architecture and management)
F. Network Access:
Strict levels of access to servers, applications, applications
development and modification capability will be maintained. The security
manager will monitor all access levels assigned by the Chief Information
Officer. The network will be continuously monitored for access violations.
Detailed logs and reports will be maintained when feasible. Any violations
will be reported to the CIO.
G. Network Backup:
System files will be backed up and maintained in accordance with SAO and
State policy. Files will be backed up daily. Tapes will be rotated to a
secure fire safe cabinet and off site. A specific backup schedule will be
maintained. The back up schedule will be published to all SAO staff as it
may effect system performance. Initially the system will be backed up as
follows:
- Daily file backup (Schedule)
- System Backup (Schedule)
- Backups will be rotated off site in concert with the SAO
disaster recovery plan..
H. Desk Top Work stations:
The desk top workstation is the primary user interface. The ability to
effectively use information technology is based on ease of use,
commonality of function, stability of the system platform. To meet these
requirements a single windows-95 screen will be the standard when and
wherever possible. The workstation screen will present a uniform look and
icon placement. Icons will be available to support all business functions
to meet the mission requirements of the office.
A uniform system structure will be maintained on all workstations where
possible. The workstation C drive will maintain all applications and
system level files. Work files will be maintained on the server in
accordance with office policy.
I. Lap Top Workstations:
Lap tops will also have the same interface as the desktop. The lap top
is a device that must function remotely. Additional icons will be provided
for remote applications. A The lap top is documented in
Appendix C.
J. Server Architecture:
The server architecture will conform to industry open, county, and
state standards
where possible. Critical applications will be maintained in an environment
that is as stable as economically and technically acceptable. Critical
spare parts will be maintained on site to reduce down time. The systems
will be monitored for performance and system stability. The hardware will
be connected to a switchable uninterrupted power supply that duplicates a
sign wave when under battery power. The server will have a dual power
supply and multi-processor capability. Strategic information will be
maintained on RAID-5 disk configurations. Servers will be backed up daily.
K. Database Architecture:
The database architecture will conform to FDLE and the CJIS
specification. The architecture will also be in compliance with the State
Technology Office. The primary database engine will be SQL. The following
products will be used:
- Microsoft SQL - Server
- PowerBuilder - applications development
- Infomaker - ad hoc report writing
- S-designer - design layout and documentation
- Visio and Micrograph- Database Documentation
L. Software Licencing:
The SAO will comply with all software licencing agreements and the
executive order from the governors office. IR network
managers will be responsible for continuously monitoring the network for
software use. Licences will be maintained in the IR office. Frequently
used software (word processing, spreadsheet) may be installed on the
workstation. Less frequently used software will be maintained on the
application server. Software metering may be used to monitor usage level
and to maintain licences at the required levels of need.
V. User Requirements:
A. Background:
Today, with the implementation of client server technology and the
lessons learned by IT professionals, the enterprise computer network is
now considered a total system. This system is comprised of the
workstation, the network and servers working as one to ensure a stable
business platform. In the past the personal computer was considered a toy.
Today it is an integrated workstation that is engineered by the
manufacturer to perform in a consistent way. In order to maintain
consistency the workstation is configured by IR staff to meet the
requirements of the IT platform.
To maintain consistency the user must not make any changes to the
workstation. For example:
- The use of games is prohibited due to its effect on changing .dll
files.
- Graphic files waste system resources and slow processes.
- The screen has been standardized to allow users to use any
workstation without have IR support. This drastically reduces support
costs.
B. User Rules of Use:
The SAO Network is the lifeline for the business processes of the SAO.
The network contains sensitive information that must be properly
maintained. A user agreement will be read and signed by each user of the
SAO network including all IR staff. Any remote user accessing the SAO
network will be required to sign the agreement before access will be
granted.
All users will be given unique system addresses. User passwords will not
be shared or given out to anyone. They are the exclusive proprietary
information of the user. Logs of usage will be maintained by IR to ensure
system security. Passwords will be changed a minimum of every 90 days.
Passwords should not include: the names of individuals close to or related
to the user, user SSAN, addresses, dates of birth. (See ISS Server
Standards)
Users will not make any changes to the workstations without the approval
of the CIO. Any deviation well be considered a violation of the office
policy and procedures.
VI. Security:
A. Computer Room Security:
The computer room houses the critical resources of the SAO. Access to
the computer room will be restricted to IR staff. Access to the room is to
be restricted to one point of entry. Any other door should have key access
only by IR staff. A visitor log will be maintained for all accesses to the
computer area.
B. Server Security:
(Describe server security)
C. Workstation Security:
To ensure network stability and security, all workstations will have a
standardized, locked-down Windows-xxx GUI. applications will only be
accessible through pre-configured icons. Workstation access icons will be
password protected. Workstations will be continually audited for changes
in configuration and scanned for virus intrusion. Workstations will be
managed by IR staff. Any deviation from the standard must be approved by
the CIO.
D. System Security:
System security is the responsibility of all users of
the SAO Information Platform. All users will sign the SAO user agreement
prior to being given an address on the system. The following standards
will be followed:
County Security Document -
State of Florida Security Document
The Chief Information Officer is responsible for electronic information
security. A security manager may be appointed to maintain the inventory
and security of the network, hardware, and software of the information
platform. The network administrator will act as the security manager.
VII. Standardization
Equipment Standardization:
Equipment connected to the network will conform to industry open and ISS
Standards where possible. In addition, to reduce long term cost, reduce
training costs, decrease labor costs, IR will conform to standards for
equipment purchases. Equipment will be purchased in compliance with the
specified recommendations of the software vendor, ISS and the State of
Florida. Any conflicts will be resolved by the CIO. The following is the
current configuration standard:
| Product |
Manufacturer |
Model(s) |
| Laptops |
DELL |
|
| Workstations |
DELL |
|
| Servers |
Compaq |
|
| Network Cards |
3Comm |
|
| Laser Printers |
Hewlett Packard |
5si, |
|
|
|
|
|
|
Software Standardization:
To ensure long term information management standard software will be
used. The following applications are standard:
| Application |
Manufacturer |
Product |
| Word Processing |
Corel |
WordPerfect |
| Spreadsheet |
Microsoft |
Excel |
| Presentations |
Microsoft |
Powerpoint |
| Flowchart Diagrams |
Microsoft |
Visio |
| E-mail, Calendaring, Workflow |
Novell |
GroupWise |
| Internet-Intranet-Extranet |
Microsoft |
Internet Explorer |
|
|
|
|
|
|
Public Record
Maintaining Information for Public Record:
All electronic information will be maintained in compliance with all
public records laws.
REF: State of Florida
Electronic Mail:
- Public Records:
- The SAO will maintain an electronic mailbox named (public). This
mailbox will hold copies (cc) of all e-mail that is not related to a
criminal case and meets the public record laws requiring copies of this
electronic correspondence to be maintained. Staff will be familiar with
public records law and follow the basic precept that "any e-mail
that transfers knowledge of substance will be copied" to the public
mailbox.
- The public mailbox will be accessed by the public information office
and maintained by Information Resources. Any requests for release of the
electronic mail based on a public information request must be approved
by the Public Information Officer and the State Attorney.
- E-mail Usage:
- The SAO email policy is an addendum to
this document and part of the office policy manual.
Network Connectivity:
The SAO Information Platform (SAO-IP) will maintain an active network to
provide timely services to support the criminal justice mission of the
office. The following connections will be maintained:
| Provider Manager |
Application |
| DivCom |
(FCN) - COPES, STAMAS, Internet |
| FDLE (Secure) |
CJnet, NCIC, FLASH |
| |
|
|
|
Training:
The workstation is a standard configuration supporting all common
applications available to the office. This will allow anyone to go to a
workstation and do their work without needing speacial assistance.
Training will be conducted on an as needed basis.
Training for work applications will be conducted in the training lab.
Training will be designed to address specific business related tasks.
|