Accessibility
- Enterprise IT Accessibility Standards
The Enterprise IT Accessibility Standards ensure that Massachusetts information technology solutions are available and accessible to people with disabilities.
- Web accessibility standards
These standards are intended for use by all state agencies and their contractors to address accessibility issues in web page design and application development.
Architecture
- Enterprise Technical Reference Model - Service Oriented Architecture (ETRM v. 5.1)
For future reference, this page may be accessed by using www.mass.gov/itd/etrm
The ETRM or the Enterprise Technical Reference Model is a blueprint for standards that provides the architectural framework for the Enterprise and ultimately is the roadmap to a Service Oriented Architecture for the Commonwealth.
- Enterprise Standard Operating Environment
- Open Standards Policy
Adopting open standards ensures the Commonwealth's investments in information technology result in systems that are sustainable, interoperable and do not result in vendor lock-in.
- Enterprise Information Technology Acquisition Policy
- Web accessibility standards
These standards are intended for use by all state agencies and their contractors to address accessibility issues in web page design and application development.
- Enterprise IT Accessibility Standards
The Enterprise IT Accessibility Standards ensure that Massachusetts information technology solutions are available and accessible to people with disabilities.
- Information Security Policy
This policy articulates requirements that assist management in defining a framework that establishes a secure environment for providing services provided by Commonwealth agencies, authorities, and business partners.
-
Secretariat Request for Waiver
This form is an application for a waiver for Executive Department agencies under a Secretariat to redesign an existing website or develop a new one.
Application/Software
- Enterprise Information Technology Acquisition Policy
- Acceptable Use Policy
This policy addresses the use of information technology resources for employees and contractors at all Administration & Finance agencies.
- Information Security Policy
This policy articulates requirements that assist management in defining a framework that establishes a secure environment for providing services provided by Commonwealth agencies, authorities, and business partners.
- Web accessibility standards
These standards are intended for use by all state agencies and their contractors to address accessibility issues in web page design and application development.
-
Secretariat Request for Waiver
This form is an application for a waiver for Executive Department agencies under a Secretariat to redesign an existing website or develop a new one.
- Enterprise Website Cookie Policy
Cookies are small text files which are downloaded to your personal computer, mobile, or other device when you visit a website. This policy updates the provisions of the Executive Department's "Requirements of Agency Web Site Privacy Policies" which pertain to use of cookies.
- Website Privacy Policies
All Executive Departments looking to create a new website must include a privacy policy that complies with certain guidelines that are described here.
eGov Services
- Web accessibility standards
These standards are intended for use by all state agencies and their contractors to address accessibility issues in web page design and application development.
- Enterprise Website Cookie Policy
Cookies are small text files which are downloaded to your personal computer, mobile, or other device when you visit a website. This policy updates the provisions of the Executive Department's "Requirements of Agency Web Site Privacy Policies" which pertain to use of cookies.
-
Secretariat Request for Waiver
This form is an application for a waiver for Executive Department agencies under a Secretariat to redesign an existing website or develop a new one.
E-Mail and Messaging
- Records Retention Policy, Standards and Procedures
An ongoing project the Secretary of State and the Records Conservation Board are preparing to issue guidance surrounding how the Commonwealth stores, maintains, and verifies it’s custodial responsibilities for public records.
- Enterprise Electronic Messaging Communications Security Policy
This policy focuses on the specific category of electronic messaging (i.e., email, instant messaging (IM), etc.) communication and related threats that, if left unmitigated, may lead to a loss of data and/or system integrity, confidentiality, or availability.
General/Administrative
- Acceptable Use Policy
This policy addresses the use of information technology resources for employees and contractors at all Administration & Finance agencies.
-
Criminal Offender Record Information (CORI) Policy
A Human Resources policy that outlines the implementation, process and accountability of CORI checks for employment with ITD.
- User Responsibility Agreement (ITD)
- Privacy & Security Policies and Practices
Link here to the Privacy and Security Policies and Practices on the Executive Office of Health and Human Services Web site.
Operations
- Enterprise Staff Information Technology Security Policy
This policy describes requirements for all Commonwealth Executive Department Secretariats, Agencies and Organizations sited within the Massachusetts Access to Government Network (MAGNet) as well as Executive Department Agencies outside of MAGNet for addressing data security considerations involving their staff.
-
Criminal Offender Record Information (CORI) Policy
A Human Resources policy that outlines the implementation, process and accountability of CORI checks for employment with ITD.
- Acceptable Use Policy
This policy addresses the use of information technology resources for employees and contractors at all Administration & Finance agencies.
- Disaster Recovery Resources
Templates and guides to assist agencies in planning for a disaster.
- User Responsibility Agreement (ITD)
Security
-
Enterprise Communications and Operations Management Policy
- Enterprise Security Incident Handling Procedures
A link to CommonWiki (requires a login) that outlines the Incident Handling Procedures.
- Enterprise IT Security Incident Response Policy
This policy articulates the requirements for responding to Security Incidents and Attack Intrusions.
- Enterprise Electronic Messaging Communications Security Policy
This policy focuses on the specific category of electronic messaging (i.e., email, instant messaging (IM), etc.) communication and related threats that, if left unmitigated, may lead to a loss of data and/or system integrity, confidentiality, or availability.
- Information Security Policy
This policy articulates requirements that assist management in defining a framework that establishes a secure environment for providing services provided by Commonwealth agencies, authorities, and business partners.
- Enterprise Information Security Standards: Data Classification
- Enterprise Physical & Environmental Security Policy
This document articulates requirements that management must address in defining a policy to implement adequate physical and environmental security controls at Secretariats and their respective Agencies or Contractors’ facilities to secure and protect information assets, infrastructure and Information Technology (IT) resources.
- Enterprise Staff Information Technology Security Policy
This policy describes requirements for all Commonwealth Executive Department Secretariats, Agencies and Organizations sited within the Massachusetts Access to Government Network (MAGNet) as well as Executive Department Agencies outside of MAGNet for addressing data security considerations involving their staff.
- Enterprise IT Asset and Risk Management Policy
This policy articulates requirements for performing periodic reviews of Secretariats' and their respective Agencies' IT (Information Technology) assets, determining appropriate data classifications and controls, and assessing and reacting to risks in order to safeguard those assets.
- Enterprise Website Cookie Policy
Cookies are small text files which are downloaded to your personal computer, mobile, or other device when you visit a website. This policy updates the provisions of the Executive Department's "Requirements of Agency Web Site Privacy Policies" which pertain to use of cookies.
- See All Security