Contact Us  |  Twitter  |  Facebook
 
Government Information Technology Agency - Home Technology Graphics AZ.GOV - Arizona's Official Web Site

 

About GITA

IT Coordination and Planning
  Statewide Plan and Applications
  Enterprise Architecture
  Service Oriented Architecture
  Policies, Standards, Procedures

IT Project Review and Monitoring
   Project Investment Justification
  Project Oversight
  Project Management Certification

E-Government

Information Security and Privacy
  Incident Response
  Encryption Readiness NOI

Public Safety Communications

Strategic Initiatives 

Telecommunications

Councils and Committees

 

Technology Infrastructure and Security Assessment (TISA)

 Web Applications

Group 2 Agencies -- FY 2012

Technology Infrastructure Standards Assessment (TISA)


Background

An annual IT Plan and Standards Assessment is performed annually by Group 2 state agencies, boards and commissions to determine the versatility and privacy/security practices of target technologies as identified by statewide IT policies and standards located at http://www.azgita.gov/policies_standards/

For FY 2012 G2 agencies, boards and commissions are to focus on the TISA Standards Assessment questionnaire application located at www.azgita.gov/apps/.  For further information on Statewide IT Policies, Standards and Practices please refer to http://www.azgita.gov/policies_standards/.

Purpose

The purpose of IT Plans and the Technology Infrastructure Standards Assessment (TISA) is as follows:

1. To assess overall compliance of Group 2 agencies with statewide IT policies and standards;

2. To create awareness among state agencies of statewide IT policies and standards with emphasis on privacy/security practices for confidential and sensitive information of the state;

3. To identify Privacy and IT Security vulnerabilities of the state to mitigate further risks of the agency.

4. To help prepare for technical compliance reviews with GITA.

 
Requirements

Each Group 2 agency, board and commission shall evaluate its IT environment through TISA on or before September 2nd of the current year. If there have been significant changes to infrastructure and technologies which may reveal vulnerabilities and risks, mid-year updates to TISA are recommended.

The TISA assessment has twenty (one general and 19 specific) “Yes” or “No” compliance questions pertaining to technology risks for Group 2 agencies. The questions address the following:

 
  • Password Protection
  • File Maintenance & Backup
  • Sensitive Data and Documentation
  • Anti-Virus Software
  • Firewall Protection
  • Destruction of Sensitive Data/Media
  • Destruction of Sensitive Documentation
  • Privacy Policy
  • HIPAA Compliance
  • Breach Notification
  • Buisness Continuity Plans (aka Contiuity of Operations Plans, COOP)

Completing TISA

Once the TISA application has been accessed an agency can continuously change its responses as long as the status at the top remains as “Work in Progress”.  When the status has changed to “SUBMITTED” by the agency, this prevents TISA result from being further updated.  If the status is accidentally changed, a phone call to GITA at (602) 364-4790 can change the status back to “Work in Progress.  When a plan has been changed to “SUBMITTED”, GITA will review the submitted TISA questionnaire for completeness and then can change the status to either modification requested or APPROVED within one week of a “SUBMITTED” TISA questionnaire.  When an agency completes their TISA and it is approved, the State CIO will send a letter to each agency’s CEO noting either approval or disapproval, usually around the beginning of the calendar year. 

Please note, all “No” response can be considered as either non-compliance or not applicable to the organization. A detailed explanation for all “No” responses is required in the COMMENTS section of TISA.

Special attention should be paid to these areas, as they apply to your agency, board or commission:

  • Enforcement of Email Policies
  • Developement of an annual IT Security Awareness program
  • Patch Management
  • Regular disaster recovery planning and documentation for mission-essential functions

Questions

For access to the TISA application, or questions on TISA or IT security policy and standards compliance, contact the ISO Manager at 602-284-3234 or dchristofferson@azgita.gov or the CISO at 602-364-4771 or jryan@azgita.gov.


 

Page last edited: 07/18/2011

Top

 

Privacy Policy    Accessibility Policy    Contact GITA |  © Copyright 2011 GITA