Chapter 4 – Information Technology

49270.2 Objectives

• Objectives for this policy are to ensure the department:

  • Formally considers, identifies and assesses all implications and potential security risks related to a policy before a security variance is requested;

  • Prepares and maintains risk assessment documentation to support the security variance request; and,

  • Identifies, evaluates and documents alternate or compensatory controls and safeguards to mitigate security risks.