Information Technology Policy Manual 2022

7) Infrastructure and technology components must be reviewed for continued viability. Vendor’s end of life/end of support notifications must be analyzed to determine the impact to the City of Greensboro as a result of end of life/end of support components and a plan must be defined to upgrade or retire the impacted component. 8) Work against systems and applications must be documented in the Infor EAM system and communicated to appropriate stakeholders using the change management protocols. The change management process ensures that changes to systems and applications have detailed implementation, testing and fallback plans and that risk to production systems and application as a result of a change is evaluated to minimize the impact to users and residents. 9) Configuration standards including secure configuration must be defined and implemented for workstations, printers, windows servers, SQL databases, IIS servers and network devices to maintain consistency and protect systems and applications from unauthorized access and disclosure of confidential information. The Cyber Security Team must ensure the standards are readily available and are communicated to all teams. 10) Security patches and hot fixes must be deployed regularly to systems, applications and network devices. Security patches and hot fixes must first be adequately tested before deployed to production systems and applications. Patches that address critical vulnerabilities must be deployed in timely manner to effectively mitigate the risk to the City of Greensboro systems and information.

11) IT technology standards must be defined and communicated to all IT groups responsible for managing technologies and infrastructure.

12) The Leasing Database is used to manage and track hardware assets that have been installed. Monthly hardware reports for expiring leases are generated and provided to management for review.

13) Periodic checks of desktop software packages must be conducted to ensure that all installed software is officially licensed for the use.

14) On-Premise Systems and applications must be backed up in accordance with the IT Backup and Retention Policy.

15) Active monitoring of network and Internet communications must be conducted to identify malicious activities and block intrusions and cyber-attacks. Cyber Security personnel must be alerted of any malicious activities to quickly analyze the behavior and prepare the proper response.

40 | P a g e