Skip Maine state header navigation

Agencies | Online Services | Help

State Logo

Maine State Government

Dept. of Administrative & Financial Services

Office of Information Technology

Adoption of a Policy, Standard or Procedure

I. Statement

This document establishes standardized methods for adopting, formatting, reviewing and updating Information Technology (IT) policies, standards and procedures. (Abbreviated as: P/S/P).

II. Purpose

The Purpose is to define a procedure for the drafting, vetting, and adoption of regulations pertaining to IT and demonstrates the preferred format to be used.

III. Guidelines & Procedures

The Approval and Revision Process for IT Policies, Standards, or Procedures is outlined below.

A. Conception: The Associate CIO will accept and review suggestions for a new or to be amended policy. The Chief Technology Officer will accept and review suggestions for a new or amended standard/procedure. At their discretion, the Associate CIO and the Chief Technology Officer may decide to abbreviate the following process in order to expedite the adoption of a P/S/P as circumstances require. If the Associate CIO or the Core Technology declines to initiate an adoption/revision process, the originator may appeal to the Chief Information Officer (CIO). 

B. Foundation: The Associate CIO and the Chief Technology Officer will assign Office of the CIO management staff to lead, facilitate or monitor these efforts. Office of the CIO management staff will initially work with the originator to document the need and scope of the P/S/P. If applicable, a broadly advertised formal notice of intent to adopt or amend a P/S/P in X content area may be extended to invite appropriate decision makers, stakeholders, experts, users or others to participate. This notice will invite comments regarding the content area of the P/S/P and seek volunteers to join a working team. The CIO may waive this comment period.

C. Team Formed: Based upon feedback, the Office of the CIO management staff will form a working team. The Associate CIO and Chief Technology Officer may assign members to a working team. The working team will determine the required comment period and procedure abbreviations (if any) and ensure a sponsor has been designated.

D. Drafting: The Team will research and prepare a draft P/S/P which will include an impact assessment and a sunset or re-evaluation date. Policies will include language designating which organizations/positions are responsible for developing implementation procedures and enforcing the policy. Procedures and standards will incorporate similar language regarding enforcement.

E. Communication: The Associate CIO and the Chief Technology Officer will communicate regularly to OIT leadership on P/S/P development. It will be the responsibility of the leadership to communicate this information and provide feedback on behalf of the groups and functions they represent within the timeliness required by the working team. Final draft Policy will be presented to the Associate Chief Information Officer for review and comment. The Associate Chief Information Officer will present the final document to the Chief Information Officer.  The final draft of the S/P will be presented to the Chief Technology Officer for review and comment. The Chief Technology Officer will present S/P to the Chief Information Office at her/his discretion.

F. CIO Council – IT Leadership: The Associate CIO (or designated working team representative) will present the final draft and the impact of the proposed Policy. The Chief Technology Officer (or designated working team representative) will present the final draft S/P to the CIO Council – IT Leadership at her/his discretion. The CIO Council - I T Leadership will discuss and make recommendations.

G. IT Executive Committee (ITEC) Recommendations: The Associate CIO (or designated working team representative) will present the final draft and the impact of the proposed Policy. The Chief Technology Officer will present the final draft S/P to the ITEC at her/his discretion. The ITEC will discuss and make recommendations

H. CIO Decision: The Associate CIO will provide the policy draft and the ancillary documents, if required, to the CIO for an adoption decision.  At the CIO’s discretion, a policy and/or a S/P may be returned to any of the above groups for further comment and/or revision.

IV. Applicability

This process applies to Information Technology policies, standards, and procedures.

V. Responsibilities

A. Compliance - All staff engaged in operations, analysis or actions subject to a P/S/P are responsible for becoming familiar, and complying, with the contents of the P/S/P(s).  Supervisors are responsible for incorporating standard operating procedures to ensure their staffs are familiar with, and adhere to, the P/S/P affecting their program functions. 

B. Review - At his/her discretion, the CIO may initiate an effectiveness review of any existing P/S/P.





The format to be used for IT Policies, Standards and Procedures is outlined below.

A. Categories: Policies and their standards/procedures will be assigned to one of the following categories:

1. Application – includes system/application development and Internet/portal

2. Computer Environment and Platform – includes enterprise software and hardware platforms

3. Computing

4. General / Governance

5. Information and Data

6. Middleware and Integration

7. Internet, Network and Transport – includes network, telecommunications and electronic mail

8. Project Management

9. Security and Privacy

B. Content (a “Sample Copy” of the “Template” to be used is included as Attachment 1)

1. Heading 1 = Title of P/S/P

2. Indented on left margin from Heading 1, Heading 2 is Roman Numerals (I – VII)

3. Indented on left margin from Heading 2, Heading 3 is Capital Letters

4. Indented on left margin from Heading 3, Heading 4 is Numbers followed by a period

5.  Indented on left margin from Heading 4, Heading 5 a small letter followed by a period

6. Indented on left margin from Heading 5, Heading 6 a small letter enclosed in parentheses

 

C. Document Information (as appropriate) will be included for each policy, standard, and procedure as noted below:

1. Document Reference Number:   (assigned by OCIO)

2. Category:

3. Adoption Date:

4. Effective Date:

5. Review Date:

6. Point of Contact:

7. Approved by:

8. Position Title(s) or Agency Responsible for Enforcement:

9. Legal Citation:

10. Waiver Process:

VI. Definitions

1.      Associate CIO - The term Associate CIO refers to the Associate to the CIO the within the Department of Administrative and Financial Services.  See Guidelines and Procedures (A-B) for details of the responsibilities of the Associate CIO as they relate to the development or review of IT P/S/P(s).

2.      Chief Information Officer (CIO) - The term Chief Information Officer refers to the CIO, the chief administrative officer of the Office of Information Technology within the Department of Administrative and Financial Services.

3.      Chief Technology Officer – The term Chief Technology Officer refers to the role within the Department of Administrative and Financial Services responsible for all core technology services for the State of Maine.

4.      Commissioner - The term Commissioner refers to the Commissioner of the Department of Administrative and Financial Services, a State administrative agency.

5.      Policy - A policy is a statement of direction with respect to the planning and management of information technology approved by the Chief Information Officer of the State of Maine.

6.      Standard - A standard is a specific approach, solution, methodology, product, or protocol that must be adhered to for establishing uniformity.

7.      Standard Operating Procedure - The term Standard Operating Procedure (SOP) is the description of a prescribed method that must be used by Office of Information Technology staff to develop or review policies, standards, or procedures.  SOPs are not appropriate to describe procedures or requirements that apply to members of the public, other than persons acting as agents of, or under contract with, the Maine OIT.

 

VII. References

None

VIII. Document Information

1.      Document Reference Number:     1

 

2.      Category:     General / Governance

 

3.      Adoption Date:     May 9, 2006

 

4.      Effective Date:     May 9, 2006

 

5.      Review Date:     May 9, 2008

 

6.      Point of Contact:     Kathy Record, Associate CIO, Office of Information Technology (Voice: 624-9502)

 

7.      Approved By:     Richard B. Thompson, Chief Information Officer

 

8.      Position Title(s) or Agency Responsible for Enforcement:  Kathy Record, Associate CIO, Office of Information Technology, Greg McNeal, Chief Technology Officer, Office of Information Technology.

 

9.      Legal Citation:

 

10.  Waiver Process:

 


Attachment 1

 

This is a “Sample Copy: of the “Template” to be used for IT policies, standards, and procedures.

 

State Logo

Maine State Government

Dept. of Administrative & Financial Services

Office of Information Technology

 

 

Policy, Standard, or Procedure

 

I. Statement

 

 

II. Purpose

 

 

III. Guidelines & Procedures

IV. Applicability

 

 

V. Responsibilities

 

 

 

 

VI. Definitions

 

1.       

VII. References

 

1.       

VIII. Document Information

 

1.      Document Reference Number:

 

2.      Category:

 

3.      Adoption Date:

 

4.      Effective Date:

 

5.      Review Date:

 

6.      Point of Contact:

 

7.      Approved By:

 

8.      Position Title(s) or Agency Responsible for Enforcement:

 

9.      Legal Citation:

 

10.  Waiver Process: