The Office of the State Chief Information Officer (OCIO) today released Information Policy Letter (ITPL) 10-03 for state agencies to implement secure, robust telework and remote access arrangements for state employees.
The need to implement telework and remote access solutions is becoming increasingly important. In addition to the traditional benefits of reduced traffic congestion, improved air quality, and increased employee productivity and job satisfaction; today’s business drivers include disaster and pandemic preparedness planning. However, the cybersecurity risks and incidents associated with unmanaged use of remote access and telework arrangements can be costly and impact the ability to deliver essential public services.
The policy is accompanied by a Telework and Remote Access Security Standard to assist agencies with strengthening secure and robust telework and remote access arrangements, and requires agency heads to certify compliance with the standard.
The Telework and Remote Access Security Standard is now included in the State Information Management Manual (SIMM) as Section 66A and the Agency Telework and Remote Access Security Compliance Certification included in Section 70E, both of which can be found online at http://www.cio.ca.gov/Government/IT_Policy/SIMM.html.
Development of the Telework and Remote Access Security Standard was part of a joint effort with the OCIO, the Department of General Services (DGS) and the Department of Personnel Administration (DPA). DGS has also published a new statewide model Telework Program Policy and Procedures available on their website at http://www.dgs.ca.gov/Telework/Resources.htm.
When the OCIO was established in January 2008, it was the intent of the Legislature and Governor to create an agency that, among other things, establishes policies and standards to ensure that state information technology systems run effectively. Through changes to the State Administrative Manual (SAM) and the SIMM, the OCIO creates statewide policy for the Executive Branch to ensure coordination as the agency works to oversee IT activities with a common direction and vision.