Information Technology Policy Manual 2022

ROLES AND RESPONSIBILITIES

Function

Responsibility

Provide recommendations regarding IT operations processes and procedures

Chief Information Officer

Conduct internal audits and compliance reviews of systems and applications to ensure compliance to IT Operations Policy Follow IT Operations Policy to manage systems and applications

Information Security Division

IT Functional Teams

POLICY 1) Systems and applications must reside on redundant hardware configurations to provide faster recovery in the event of device failure. Processes and procedures must be defined to provide faster recovery of systems and applications in the event of a hardware failure. 2) On-Premise Systems and applications must be monitored for hardware failures and software availability. In the event of an outage, the appropriate IT administrators must be notified so that action is initiated to mitigate the outage. 3) To manage capacity, performance of major systems and applications must be monitored. If an environment exceeds predefined thresholds, IT administrators must be notified so that additional hardware resources are added to mitigate the performance issue. 4) Bandwidth utilization on network links must be continuously monitored. If bandwidth utilization exceeds predefined thresholds, network administrators must be notified to mitigate the issue. 5) Application level firewalls and intrusion prevention systems must be used to restrict access to City of Greensboro systems and applications and automatically block intrusions and cyber attacks. Cyber Security and Compliance Manager and network administrators must automatically be notified of potential intrusions so that additional measures can be taken to stop the attack and prevent further damage. 6) Infrastructure and security related incidents that impact systems and applications must be captured, documented and tracked using the incident category in the Infor EAM system. This helps ensure that corrective and preventative actions have been documented and implemented to mitigate the incident.

39 | P a g e