Department of Administrative Services Information Technology
State of Ohio IT Policies


OIT develops and promulgates statewide information technology (IT) policies established by the state chief information officer. These policies help to protect public assets and information in a consistent manner across state agencies.  

State IT policies affect a wide variety of agencies, so OIT strives to ensure that each policy is based on comprehensive research and evaluation. Prior to adoption, each policy undergoes a rigorous research and development process that typically involves the contributions of state agencies, subject matter experts, expert advisory services and legal counsel.

IT Governance Policies — A Series  
    
ITP-A.1 Authority of the State Chief Information Officer to Establish Policy Regarding the  Acquisition and Use of Computer and Telecommunications Products and Services (.pdf)  
    
ITP-A.26 Software Licensing (.pdf)  

Security Policies — B Series  
    
ITP-B.1 Information Security Framework (.pdf)  
Audit ChecklistTipsWhite Paper User Requirements  
   
ITP-B.2 Boundary Security (.pdf)  
Audit ChecklistTipsWhite PaperUser Requirements  
   
ITP-B.3 Password-PIN Security (.pdf)  
Audit Checklist TipsWhite PaperUser Requirements  
   
ITP-B.4 Malicious Code Security (.pdf)  
Audit ChecklistTipsWhite Paper User Requirements  
   
ITP-B.5 Remote Access Security (.pdf)  
Audit Checklist TipsWhite Paper User Requirements  
   
ITP-B.6 Internet Security (.pdf)  
Audit Checklist TipsWhite Paper User Requirements  
   
ITP-B.7 Security Incident Response (.pdf)  
Audit Checklist TipsWhite Paper User Requirements  
   
ITP-B.8 Security Education and Awareness (.pdf)  
Audit Checklist TipsWhite Paper User Requirements  
   
ITP-B.9 Portable Computing Security (.pdf)  
Audit Checklist TipsWhite Paper User Requirements  
   
ITP-B.10 Security Notifications (.pdf)  
Audit Checklist TipsWhite Paper User Requirements  
   
ITP-B.11 Data Classification (.pdf)  
Audit Checklist TipsWhite PaperUser Requirements  
Data Classification Resource Kit (.pdf)  
    
ITP-B.12 Intrusion Prevention and Detection (.pdf)  
Audit ChecklistTipsWhite PaperUser Requirements  
    
IT Project Lifecycle Policies — D Series  
    
ITP-D.4 Information Technology Planning (.pdf)  
    
IT Asset Management Policies — E Series  
    
ITP-E.1 Disposal, Servicing and Transfer of IT Equipment (.pdf)  
Audit Checklist  
   
ITP-E.7 Business Resumption Planning (.pdf)  
IT Business Continuity Planning Guideline (replaces ITP-E.7) 
   
ITP-E.8 Use of Internet, E-mail and Other IT Resources (.pdf)  
Audit Checklist 
   
ITP-E.30 Electronic Records (.pdf) 
Audit Checklist  
    
Internet/Intranet Policies — F Series  
    
ITP-F.1 Registration of Internet Domain Names (.pdf)  
   
ITP-F.3 Web Site Accessibility (.pdf)  
   
ITP-F.4 Executive Branch Cabinet Agency Web Site Standardization  (.pdf)  
   
ITP-F.35 Advertisements, Endorsements, and Sponsorship on State-Controlled Web Sites (.pdf)  
   
Telecommunication Policies — H Series  
    
ITP-H.2 Use of State Telephones (.pdf)  
   
ITP-H.6 Telecommunications Utility Services (.pdf)   

 

Please Note 
To view information in portable document format (.pdf), you must have Adobe Reader installed on your computer. Click here to download a free copy of Adobe Reader.

To view information in MS Word (.doc), you must have MS Word 2003 or later or Word Viewer 2003 installed on your computer. Click here to download a free copy of Word Viewer 2003.