Skip to main content

Countywide IT Governance Policies, Standards, and Guidelines

Countywide IT Governance Policies, Standards, and Guidelines

The purpose of the information technology governance process countywide program is to develop and promote standards, policies, guidelines and methodologies for privacy, security, project management, application development, wireless, messaging, remote access, outside contractors, and disaster recovery. The following definitions provide the distinction between policies, standards, methods and guidelines:

Policy: Set of countywide organizational rules and practices that regulate how an organization manages, protects and uses its information system assets and data. These are required and must be complied with. Any exceptions to these must be documented, reviewed and approved. Policies are reviewed periodically and revised based on business operation changes.

Standard: Rules indicating how and what kind of software, hardware, databases, and business processes must be implemented, used and maintained to meet policy objectives. Standards are required and must be complied with. Any exceptions to these must be documented, reviewed and approved. Standards are based in part on technology and as technology changes, standards may need to be updated.

Method: A means or manner of procedure that indicates a regular and systematic way of accomplishing a business process or procedure. Methods will be updated as business processes change.

Guideline: Recommended actions and/or industry best practices that should be used to guide King County practices by users, IT staff and others. Guidelines are not compulsory. Guidelines are based largely on the technologies used therefore guidelines may change frequently as technology changes.

Policy, Standard, Method, & Guideline Overview

IT Governance approved countywide IT policies, standards, methods and guidelines

Acceptable Use Policy

ITG-P-21-01

2/16/2021

Access Management Policy

ITG-P-21-02

2/16/2021

Application Security Policy

ITG-P-21-03

2/16/2021

Asset Management Policy

ITG-P-21-04

2/16/2021

Audit Logging Monitoring Policy

ITG-P-21-05

2/16/2021

Data Security Policy

ITG-P-21-06

2/16/2021

Identification Authentication Policy

ITG-P-21-07

2/16/2021

Incident Response Policy

ITG-P-21-08

2/16/2021

Information Classification Policy

ITG-P-21-09

2/16/2021

Network Security Policy

ITG-P-21-10

2/16/2021

Security Awareness Training Policy

ITG-P-21-11

2/16/2021

Vulnerability Management Policy

ITG-P-21-12

2/16/2021

Device Security Policy

ITG-P-21-13

3/1/2021

Information Security Policy and Standards Glossary

2/16/2021

Domain and Subdomain Policy
ITG-P-22-1

10/6/2022

Mobile Cellular Policy
ITG-P-22-2  11/30/2022
County Multifunction Devices Standardization Policy
ITG-P-22-03-01 12/19/2022

Methods:

Guidelines:

Contact information:

Principal Technology Strategist: Zlata Kauzlaric, zlata.kauzlaric@kingcounty.gov

expand_less