Contact Us  |  Twitter  |  Facebook
 
Government Information Technology Agency - Home Technology Graphics AZ.GOV - Arizona's Official Web Site

 

About GITA

IT Coordination and Planning
  Statewide Plan and Applications
  Enterprise Architecture
  Service Oriented Architecture
  Policies, Standards, Procedures

IT Project Review and Monitoring
   Project Investment Justification
  Project Oversight
  Project Management Certification

E-Government

Information Security and Privacy
  Incident Response
  Security Practitioner Certification

Public Safety Communications

Strategic Initiatives 

Telecommunications

Councils and Committees

 

Technology Infrastructure and Security Assessment (TISA)

 Web Applications

Group 2 Agencies -- FY 2010
Technology Infrastructure Standards Assessment (TISA)

 

Background

 

An annual IT Plan and Standards Assessment is performed annually by Group 2 state agencies, boards and commissions to determine the versatility and privacy/security practices of target technologies as identified by statewide IT policies and standards located at http://www.azgita.gov/policies%5Fstandards/.    Both IT Planning and Standards Assessment reporting are online applications located at www.azgita.gov/apps/.  For further information please refer to P136 IT Planning Policy and the S805 IT Risk Standard located at www.azgita.gov/planning/.

 

Purpose

 

The purpose of IT Plans and the Technology Infrastructure Standards Assessment (TISA) is as follows:

  1. 1.      To assess overall compliance of Group 1 agencies with statewide IT policies and standards;

  2. 2.      To create awareness among state agencies of statewide IT policies and standards with emphasis on privacy/security practices for confidential and sensitive information of the state;

  3. 3.      To identify Privacy and IT Security vulnerabilities of the state to mitigate further risks of the agency.

  4. 4.      To help prepare for technical compliance reviews with GITA.

Requirements

 

Each Group 2 agency, board and commission shall evaluate its IT environment through TISA on or before September 2nd of the current year.  If there have been significant changes to infrastructure and technologies which may reveal vulnerabilities and risks, mid-year updates to TISA are recommended. 

 

The TISA assessment has eighteen “Yes” or “No” questions pertaining to technology risks for Group 2’s and addresses the following:

  • ·         Password Protection

  • ·         File Maintenance & Backup

  • ·         Sensitive Data and Documentation      

  • ·         Anti-Virus Software

  • ·         Firewall Protection 

  • ·         Destruction of Sensitive Data/Media

  • ·         Destruction of Sensitive Documentation         

  • ·         Privacy Policy

  • ·         HIPAA Compliance

  • ·         Breach Notification

  • ·         Business Continuity Plans

A “No” response can be considered as either non-compliance or not applicable to the organization.  In either case, a detailed explanation is required in the COMMENTS section of TISA. 

 

Questions

 

For access into the TISA application or general questions, contact the Security Manager at 364-3583 or JDzierzanowski@azgita.gov. For specific questions regarding IT security standards compliance, contact the Chief Information Security Officer at 364-4771 or jryan@azgita.gov.

Page last edited: 06/09/2009

Top

 

Privacy Policy    Accessibility Policy    Contact GITA |  © Copyright 2009 GITA