Commonwealth Office of Technology

• EPMO Home
  • EPMO Main Page
• About EPMO
  • About EPMO
  • EPMO Team Members
• Architecture & Standards
  • Architecture & Standards
  • 1-pg Summary
  • Justification for EA
• EPMO Services
  • EPMO Services
  • Project Mgmt Info System (PMIS)
• Policies & Procedures
  • Enterprise Policies
  • COT Policies & Procedures
• Projects
  • Enterprise Projects
  • Capital Projects
  • Capital Project Reporting
• IT Procurement
  • Procurement Info & Contracts
  • Strategic Alliance Services
• Resources
  • Project Management Resources

Enterprise IT Policies

Enterprise Policies articulate the rules and regulations of state government regarding information technology. These policies determine the type of activities that are approved for both agencies and employees. The Enterprise Architecture framework is constructed of several interrelated components, including policies that support the business process and functions.

COT administers the Enterprise Policy development, review and approval process. Enterprise IT policies are presented to the Commonwealth Technology Council for compliance by all appropriate agencies.

Enterprise IT Policies

CIO-060 -- Internet and Electronic Mail Acceptable Use Policy
As revised March 19, 2008 via Sec. Miller memo, with attached URL Filter Category List.

CIO-071 -- Wireless Voice & Data Services Policy
Effective 9-12-2001. The Commonwealth of Kentucky allows use of wireless devices, to include cellular telephones, where it can be shown that such use will improve efficiency, provide the ability to respond in emergencies, and/or enhance employee/client safety.

CIO-072 -- UserID and Password Policy

CIO-073 -- Anti-Virus Policy

CIO-074 -- Enterprise Network Security Architecture Policy

CIO-075 -- Enterprise IT Project Approval Process
Revised April 1, 2004. Effective September 1, 2002

CIO-076 -- Firewall and Virtual Private Network Administration Policy
Effective 01/01/03; adopted following review by CIOAdvisory Council on 10/24/02

CIO-077 -- Sanitization of IT Equipment Policy
Includes changes to Procedure 1.3 Certification of Sanitization approved 6/10/2003. Effective February 5, 2003

CIO-078 -- Wireless LAN Policy
Adopted by EASC 6-10-2003

CIO-079 -- Logon Security Notice
Effective April 1, 2004

CIO-080 -- Password Auditing and Policy Enforcement for Network Domains
Effective April 1, 2004

CIO-081 -- Securing Unattended Workstations Policy
Effective April 1, 2004

CIO-082 -- Critical Systems Vulnerability Assessments
Effective May 15, 2004

CIO-083 -- Securing Portable Devices – Policy under development

CIO-084 -- Email Review Request
Effective March 28, 2005

CIO-085 -- Agency Security Contact
Effective August 1, 2005