Executive Office of Technology Services and Security Policies

The Business Continuity and Disaster Recovery Standard details the responsibility of the Enterprise Security Office to establish and follow processes for business continuity and disaster recovery management in the event of any organizational or information technology infrastructure failure.

This policy reinforces the Commonwealth's commitment to protecting its information assets, establishes high-level functions of the Enterprise Security Office, and outlines information security requirements to safeguard information assets and assist the Commonwealth to achieve its strategic objectives.

This standard reinforces the Commonwealth’s commitment to an incident management strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks.

The Information Security Risk Management Standard defines the key elements of the Commonwealth’s information security risk assessment model to enable consistent identification, evaluation, response and monitoring of risks facing IT processes

This standard reinforces the Commonwealth’s commitment to an risk management strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks.

This standard reinforces the Commonwealth's commitment to protecting its information assets, establishes high-level functions of the Enterprise Security Office, and outlines information security requirements to safeguard information assets and assist the Commonwealth to achieve its strategic objectives.

This standard reinforces the Commonwealth’s commitment to a logging and event monitoring strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks.

Microsoft Endpoint Configuration Manager (formerly SCCM and Intune) will be leveraged to securely manage iOS, Android, and Windows devices with a single endpoint management solution while on or off the Commonwealth network. This will streamline and automate deployment, provisioning, policy management, application delivery, and updates to end user devices. This solution will address mobile device management for Commonwealth-owned devices, and mobile application management for personal owned devic

This standard reinforces the Commonwealth’s commitment to an operational management strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks.

This standard reinforces the Commonwealth's commitment to protecting its information assets, establishes high-level functions of the Enterprise Security Office, and outlines information security requirements to safeguard information assets and assist the Commonwealth to achieve its strategic objectives.