Information Technology Policies, Standards and Procedures
Information Technology (IT) Policies, Standards, and Procedures are based on Enterprise Architecture (EA) strategies and framework. EA provides a comprehensive framework of business principles, best practices, technical standards, migration and implementation strategies that direct the design, deployment and management of IT for the State of Arizona.
For more information, please contact Enterprise Architecture.
Procurement pricing related to end user devices such as laptops, desktops, etc., is available in the IT Governance section under "1000 - Information Technology" policy. Please contact your SPO representative for assistance with ordering from these contracts.
PSP Training PowerPoint Presentation
Information Security
| Risk Acceptance Form |
| Risk Acceptance Questionnaire |
| State Access Agreement (Word) |
| F8280 State Access Agreement (pdf) |
| Acceptable Use Policy (pdf) |
| Acceptable Use Policy Template (Word) |
| Acceptable Use Summary (pdf) |
| Arizona Control Quick Guide v2.0 (pdf) |
| Arizona Baseline Infrastructure Security Controls 2017 (Excel) |
| NIST SP800-53 R4 (pdf) |
| Tailoring PSP Templates Guide |
| Data Classification Policy (pdf) |
| Data Classification Policy Template (Word) |
| Data Classification Summary (pdf) |
| System Security Acquisition and Development Policy (pdf) |
| System Security Acquisition and Development Policy Template (Word) |
| System Security Acquisition and Development Summary (pdf) |
| Contingency Planning Policy (pdf) |
| Contingency Planning Policy Template (Word) |
| Contingency Planning Summary (pdf) |
| Media Protection Policy (pdf) |
| Media Protection Policy Template (Word) |
| Media Protection Standard (pdf) |
| Media Protection Summary (pdf) |
| Physical Security Protections Policy (pdf) |
| Physical Security Protections Policy Template (Word) |
| Physical Security Protections Summary (pdf) |
| Personnel Security Controls Policy (pdf) |
| Personnel Security Controls Policy Template (Word) |
| Personnel Security Controls Summary (pdf) |
| Account Management Policy (pdf) |
| Account Management Policy Template (Word) |
| Account Management Summary (pdf) |
| Access Control Policy (pdf) |
| Access Controls Policy Template (Word) |
| Access Control Standard (pdf) |
| Access Control Summary (pdf) |
| System Security Audit Policy (pdf) |
| System Security Audit Policy Template (Word) |
| System Security Audit Standard (pdf) |
| System Security Audit Summary (pdf) |
| System Privacy Policy (pdf) |
| System Privacy Policy Template (Word) |
| System Privacy Summary (pdf) |
| Executive Order 2008-10 Mitigating Cyber Security Threats |
IT Governance
| Project Summary Form |
| Information Technology Planning Policy |
| Information Technology Policy |
| Information Technology Policy Template |
| SPO End User Hardware Pricing 2016-02-11 |
| Policies, Standards and Procedures (PSP) Policy |
| Policies, Standards and Procedures (PSP) Template |
| Website Design Policy |
| Website Accessibility Policy |
| Website Accessibility Policy Template |
| Domain Naming Policy |
| Domain Naming Standard |
| Release Management Policy |
| Release Management Policy Template |
| Project Investment Justification Policy |
| Project Investment Justification Standard |
| Project Status Reporting |
| Project Special Funding |
| Project Oversight |
Data Governance
| Data Governance Policy Implementation Guidelines |
| Data Governance policy adoption cost worksheet |
| P4470 - Data Governance Documentation Policy |
| P4470 - Data Governance Documentation Policy Template |
| P4400 - Data Governance Organization Policy |
| P4400 Data Governance Organization Policy Template |
| P4430 - Data Governance Technology Policy |
| P4430 Data Governance Technology Policy Template |
Collaboration and Communication
| Email Public Records Management Policy |
| Social Media Policy |
| Social Media Policy Template |
State Data Center
| State Data Center Contingency Planning Policy |
| State Data Center Infrastructure Configuration and Change Control Policy |
| State Data Center Physical Security Policy |
Enterprise Architecture
| Enterprise Architecture Policy |
| Network Architecture Policy |
| Network Infrastructure Standard |
| Platform Architecture Policy |
| Software Architecture Policy |
| Application Software Standard |
| Software Productivity Tools Standard |
| Software Architecture Policy |
| Software Architecture Policy Template |
| Data Information Architecture Policy |
| Database Access Standard |
| Data Modeling Policy |
| Service Oriented Architecture Policy |
Policies and documents on this tab represent transformational initiatives undertaken by Enterprise Architecture at ADOA-ASET. We invite you to actively participate in developing these by submitting comments, making recommendations and participating in one or more working sessions that we are planning in the near future. With your active participation we plan to eventually tune these into statewide polices or templates that you can tailor to your agency’s needs.
There is no set target date for implementation of the items in this tab. Please e-mail [email protected] or click the “Submit a Comment” link below to submit comments, join a working group or submit suggestions for new policies to bridge gaps in your environment.
