Contact Us  |  Twitter  |  Facebook
 
Government Information Technology Agency - Home Technology Graphics AZ.GOV - Arizona's Official Web Site

 

About GITA

IT Coordination and Planning
  Statewide Plan and Applications
  Enterprise Architecture
  Service Oriented Architecture
  Policies, Standards, Procedures

IT Project Review and Monitoring
   Project Investment Justification
  Project Oversight
  Project Management Certification

E-Government

Information Security and Privacy
  Incident Response
  Encryption Readiness NOI

Public Safety Communications

Strategic Initiatives 

Telecommunications

Councils and Committees

 

Technology Infrastructure and Security Assessment (TISA)

 Web Applications

Group 2 Agencies -- FY 2011

Technology Infrastructure Standards Assessment (TISA)


Background

An annual IT Plan and Standards Assessment is performed annually by Group 2 state agencies, boards and commissions to determine the versatility and privacy/security practices of target technologies as identified by statewide IT policies and standards located at http://www.azgita.gov/policies_standards/

Both IT Planning and Standards Assessment reporting are online applications located at www.azgita.gov/apps/.  For further information please refer to P136 IT Planning Policy and the S805 IT Risk Standard located at www.azgita.gov/planning/.

Purpose

The purpose of IT Plans and the Technology Infrastructure Standards Assessment (TISA) is as follows:

1. To assess overall compliance of Group 2 agencies with statewide IT policies and standards;

2. To create awareness among state agencies of statewide IT policies and standards with emphasis on privacy/security practices for confidential and sensitive information of the state;

3. To identify Privacy and IT Security vulnerabilities of the state to mitigate further risks of the agency.

4. To help prepare for technical compliance reviews with GITA.

Requirements

Each Group 2 agency, board and commission shall evaluate its IT environment through TISA on or before September 2nd of the current year. If there have been significant changes to infrastructure and technologies which may reveal vulnerabilities and risks, mid-year updates to TISA are recommended.

The TISA assessment has twenty (one general and 19 specific) “Yes” or “No” compliance questions pertaining to technology risks for Group 2 agencies. The questions address the following:

- Password Protection
- File Maintenance & Backup
- Sensitive Data and Documentation
- Anti-Virus Software
- Firewall Protection
- Destruction of Sensitive Data/Media
- Destruction of Sensitive Documentation
- Privacy Policy
- HIPAA Compliance
- Breach Notification
- Business Continuity Plans (aka Continuity of Operations Plans, COOP)

A “No” response can be considered as either non-compliance or not applicable to the organization. A detailed explanation for all “No” responses is required in the COMMENTS section of TISA.

Questions

For access to the TISA application or general questions, contact Sherri Eshkibok, SISPO Operations Manager at 480-335-7642 or seshkibok@azgita.gov. For specific questions regarding IT security standards compliance, contact the Chief Information Security Officer at 602-364-4771 or jryan@azgita.gov.
 

Page last edited: 07/13/2010

Top

 

Privacy Policy    Accessibility Policy    Contact GITA |  © Copyright 2009 GITA