Professional Documents
Culture Documents
Information Technology
Strategic Plan
2016 to 2021
Includes the Town of
Hillsborough’s
Mission
Vision
Values
Goals
Strategies
Page i
Table of Contents
Table of Contents
Table of Contents ............................................................................................................................................................... ii
Background ...........................................................................................................................................................................1
Mission, Vision and Values ..............................................................................................................................................2
Technology Service Goals – Overview............................................................................................................................3
Goal A: Technology Governance and Innovation........................................................................................................4
Goal B: Business System Applications...........................................................................................................................6
Goal C: Infrastructure and Operations ...........................................................................................................................7
Goal D: Security ..................................................................................................................................................................8
Goal E: Information Technology Delivery and Resources .........................................................................................9
Goal F: Technology Investment, Financial Resources and Administration ..........................................................10
Conclusion ..........................................................................................................................................................................11
Implementation Action Plan ...........................................................................................................................................13
Background
The Town of Hillsborough prides itself on the delivery of timely, reliable, and
personalized government services to the community. All of its operations are
supported by a variety of information technology tools. However, given the complexity
of today’s technology needs combined with the cross-departmental collaboration and
integration of many of its services and tools, a comprehensive information technology
strategy is required to ensure that appropriate, reliable and cost-effective tools are in
place to support the Town’s delivery of services to the community.
VISION
To provide the technology and engagement tools and resources necessary to support the
residents, staff and elected officials to achieve the Town’s mission of superior levels of
quality of life, safety and well-being.
VALUES
The Town values the characteristics listed below in its implementation of technology
resources to support the delivery of services to the community:
1. Customer Service: The ability to provide a high level of responsive, reliable and
timely service to the community.
2. Service Delivery: Using a variety of methods for serving the community, and for
the community to interact with the Town.
3. Strategic Alignment: Aligning with and enabling implementation of the Town’s
overall mission, vision, goals and initiatives to fulfill the organization’s business
requirements.
4. Efficiency: Alleviating steps and cycle times providing service delivery, with
information close to staff’s fingertips.
5. Transparency and Accuracy: Providing transparent information and decisions in an
accurate fashion.
6. Security: Protecting the Town’s and residents’ information from unauthorized use
or access.
7. Reliability: Ensuring that technology resources can be counted upon to support
service delivery
8. Adaptability: Preserving the small town feel but providing progressive, modern
tools to meet the changing demographics and community’s adoption of technology
in their daily lives.
Assessment Synopsis
The Town’s technology initiatives have been developed and implemented on a decentralized
basis, with staff from the Finance Department serving in a project management role for work
done under contract by the City of South San Francisco. The Town has not otherwise
designated a staff member with the authority and responsibility to develop, implement and
champion an organization-wide technology strategy. A well-defined and consistent process is
not in place to assist the Town in making technology decisions. There is no technical expert to
educate and guide technology decisions.
Strategies
Strategy 1: Appoint a leader within the organization to take full ownership of the IT Strategic
Plan to champion and provide oversight for the Town’s information technology (the Town’s
“Technology Champion”).
Strategy 2: Establish standard procedures to introduce and implement technology solutions to
facilitate and assimilate implementation by affected departments.
Strategy 3: Identify a technical expert to evaluate and recommend technical requirements to
guide the organization as information technology decisions are made.
Strategy 4: Develop technology-related policies to detail standards, compliance expectations,
and management of all technology introduced and utilized by the Town.
Strategy 5: Implement a mechanism to ensure technology is discussed regularly by staff
throughout the organization.
Strategy 6: Develop and implement a technology review process for the Town’s capital projects
to proactively identify components that potentially will interact with or utilize the Town’s IT
systems.
Strategy 7: Engage technology experts and staff on a regular basis to introduce innovative
solutions to support the Town’s goals and initiatives.
Assessment Synopsis
The Town has endeavored to use common and well-recognized applications in many
departments. The Town struggles to keep the systems running on the latest version, provide
on-going training, and develop power users for each system. There are not sufficient technical
resources to evaluate, implement and maintain business systems.
Strategies
Strategy 1: Assign a department owner for each business application to serve as a subject
matter expert and power user for the assigned application who will work closely with the
Town’s designated Technology Champion.
Strategy 2: Implement an application upgrade management program to regularly upgrade
major applications from the application provider, and ensure the Town’s IT service provider
follows the schedule.
Strategy 3: Establish an annual evaluation program for all business systems to identify systems
that are not being fully implemented or that should be replaced.
Strategy 4: Evaluate and implement technology solutions to allow the public to do business
with the Town more easily.
Strategy 5: Develop policies, standards and conditions to evaluate all software purchases,
including options to implement “software as a service” models (e.g., subscriptions and cloud-
based services).
Assessment Synopsis
The Town’s contractor for IT services has implemented industry established hardware and
server virtualization software to support the business applications in an economical manner.
The age of the existing equipment in place is reasonable. The Town has not implemented a
business continuity or disaster recovery plan, or otherwise identified core and critical systems
to ensure availability in the event of a business interruption or catastrophic loss of systems or
data. The Town’s network does not have the redundancy necessary to maintain operations.
Strategies
Strategy 1: Conduct an annual inventory of all technology infrastructures and ensure the list is
updated by the IT service provider after any changes.
Strategy 2: Develop a disaster recovery plan to identify core and critical systems and strategies
to recover and restore those systems to full operation.
Strategy 3: Implement a town-wide business continuity plan to ensure the continuity of
government services related to any type of business interruption.
Strategy 4: Maintain a robust and reliable network to ensure a high level of availability for
users.
Strategy 5: Develop and implement operational procedures for all systems and require the IT
service provider to implement those procedures in the service agreement contract.
Strategy 6: Move towards cloud-based applications to reduce the need for onsite hardware and
onsite IT management.
Goal D: Security
Protect the Town’s information and
network from unauthorized access
(cyber-attacks, hacking, misuse) by
internal and external sources. Conduct
risk evaluations as part of the
implementation of all technology
projects.
Assessment Synopsis
The Town’s desktop and servers use industry-recognized software to protect from
unauthorized use. A next-generation firewall (integrated platform with multiple filtering
functionalities) is used to protect the network. The Town has not completed a full security
assessment and network review. Penetration testing is not done annually. The security policies
are inadequate to protect the Town’s systems and data resources.
Strategies
Strategy 1: Develop and implement an organization-wide information security program.
Strategy 2: Employ the services of an experienced security expert to recommend standards,
annually review security policies, and provide semi-annual updates to executive staff on Town
security.
Strategy 3: Provide cyber security awareness training for Town staff on an annual basis.
Strategy 4: Review updated federal and state legal requirements related to technology and local
government on a quarterly basis and implement any changes necessary to comply with those
requirements.
Assessment Synopsis
The Town’s current agreement for technology services is basic yet flexible to accommodate
requests, however it includes no details about performance expectations. The current service
provider is meeting the expectations of the end users.
Strategies
Strategy 1: Create and maintain a list of technology services needed by the Town on an annual
basis.
Strategy 2: Identify IT support alternatives to assess the best approach to provide support
services, identifying specific skills required based on importance.
Strategy 3: Incorporate a detailed scope of work, service level agreements, reports, metrics,
pricing terms and other required condition in all information technology services support
contracts.
Assessment Synopsis
The Town has previously set aside asset replacement funds in its equipment replacement
reserves for technology investment programs; however the advance replacement funding has
not incorporated all of the Town’s technology investment. The replacement funding is
commingled with other equipment replacement funding and has the risk of getting lost within
the existing equipment replacement fund. Operating expenditures related to IT are currently
captured in general or enterprise fund operating department budgets with organization-wide
support costs being allocated as part of the Town’s existing cost allocation model.
Strategies
Strategy 1: Establish an information technology internal services fund within the Town’s
general ledger.
Strategy 2: Develop a comprehensive list of information technology assets that would be
subject to future replacement by department and funding source, analyzing funding
requirements based on the age, expected life and replacement values for each asset.
Strategy 3: Provide seed funding for the information technology services fund through
transfers from the existing equipment replacement fund and, if necessary, transfers from the
general and/or enterprise funds where appropriate.
Strategy 4: Allocate annual technology replacement funding to operating department budgets
in the general and enterprise funds based on their use.
Strategy 5: Develop and publish an information technology asset replacement policy that
includes replacement, funding and asset management.
Conclusion
1 Governance and Identify and assign an Information Technology City Manager Staffing – Responsibilities High A1 – Technical Leadership / The Technology Champion does not need to be an expert in
Innovation (IT) champion within the organization to be related to overseeing IT Organizational Ownership technology, but does need to be comfortable with the subject, able to
responsible for IT Strategic Plan and provide manage complex projects, oversee technology implementation, and
oversight (“Technology Champion”) Financial – salaries and monitor technology-related contracts
benefits if a new position is
required
2 Governance and Implement a formal project management City Manager Staffing - Management Analyst, Medium A2 – Technology Standard Check Municipal Information Systems Administrators of California
Innovation methodology for technology related projects Department Heads, South San Implementation Procedures (MISAC) website for best practices documents
Francisco (SSF) IT
3 Governance and Develop IT Forms for the following: City Manager Staffing - Management Analyst, Medium A2 – Technology Standard Check Municipal Information Systems Administrators of California
Innovation 1. IT Request to Purchase/Replace Department Heads, SSF IT Implementation Procedures (MISAC) website for best practices documents
2. IT Project Request
3. RFP Templates for IT Projects/Purchases A Cloud Services policy would identify the systems to include or
4. RFP Evaluation Steps and Rating Criteria consider anytime an application would be hosted outside the Town’s
5. Project Plan Templates for Implementations network.
6. Cloud Services Policy
7. Standards for Integration between Systems
4 Governance and Update the existing IT related policies and update Technology Staffing – CM, Managers, Tech Medium A4 – Policies / Procedures / Currently some policies do not use best practices (e.g., processes to
Innovation as appropriate Champion Expert, SSF IT Standards change passwords periodically) or conflict (e.g., e-mail policy does not
match Retention policy)
5 Governance and Create New IT Policies for the following areas: Technology Staffing – CM, Managers, Tech Medium A4 – Policies / Procedures / Social Media include section requiring approval to use;
Innovation 1. Social Media Champion Expert Standards Social Engineering: purpose of this policy is to make employees aware
2. Social Engineering that social engineering attacks exist and that the Town has policies and
3. Bring Your Own Device (BYOD) Policy procedures to help thwart these attacks.
6 Governance and Develop and implement an IT purchasing policy Technology Staffing – Finance, CM, Tech Medium A4 – Policies / Procedures / Use MISAC and California Society of Municipal Finance Officers
Innovation for all tech purchases, including approval levels Champion Expert Standards (CSMFO) listservs for samples
and disposal policy
Define roles and determine whether IT should be
a centralized function
Define asset tracking responsibility
Update annual IT purchasing needs in
conjunction with annual budget preparation
1 High Priority – Important to accomplish without delay within the first two years of implementation of the IT Strategic Plan
Medium Priority – Second tier of importance to accomplish within the first three years of implementation of the IT Strategic Plan
Low Priority – Least urgent to complete, but should be accomplished within the five-year timeline of the IT Strategic Plan
Priority
Task Lead Resources (High, Med,
No. Strategy Key Implementation Tasks Responsibility Needed Low)1 Supported Goal/Objective Comments (where applicable)
7 Governance and Develop a records retention policy related to Technology Staffing – City Clerk, SSF IT, Medium A4 – Policies / Procedures / Retention Schedule may include: backup types, network configuration,
Innovation technology; evaluate current practices related to Champion Tech Expert Standards maps and plans; program development, software licenses, warranties,
digital retention of paper documents to ensure installation media.
compliance with California Government Code
(GC) §34090.5 Trusted Systems Use MISAC and City Clerk listservs for samples
Determine how and when to address existing
records that are not in the newly developed Refer to GC 34090.5 -http://www.leginfo.ca.gov/cgi-
policy bin/displaycode?section=gov&group=34001-35000&file=34090-34095
8 Governance and Develop and implement an e-mail policy for Technology Staffing – City Manager, City High A4 – Policies / Procedures / Ensure Public Records Act (PRA) compliance
Innovation council members Champion Clerk Standards
9 Governance and Develop and implement procedures for staff to Technology Staffing – City Manager, City Medium A4 – Policies / Procedures /
Innovation respond to PRA requests to ensure all Champion Clerk Standards
departments follow the same procedures
10 Governance and Include periodic technology discussions during City Manager Staffing – Technology High A5 – Technology Discussions Quarterly or other regularly scheduled discussion points
Innovation the Council Meeting review meeting. Champion, SSF IT, Tech Expert,
Include technology discussions as part of the City All Departments
Council annual goal setting session
11 Governance and Review and update the IT Strategic Plan on an City Manager Staffing – Town Liaison, SSF IT, High A5 – Technology Discussions Suggest that the review be included as part of budget review.
Innovation annual basis Tech Expert, All Departments
12 Technology Incorporate a technology review of proposed Public Works Staffing – All Departments, Medium A6 – Technology Review
Review in Capital capital projects to ensure that any possible Technology Champion, Tech A7 – Innovation and
Project information technology impacts are addressed Expert Engagement
Development
13 Governance and Provide funding for staff to attend business City Manager Staffing – Technology Low A7 – Innovation and
Innovation system user group conferences and meetings Champion, CM, Department Engagement
Users
Priority
Task Lead Resources (High, Med,
No. Strategy Key Implementation Tasks Responsibility Needed Low)1 Supported Goal/Objective Comments (where applicable)
16 Business Systems Develop subject matter experts / power users Technology Staffing – Department Users High B1 – Department Owner Power user should ensure updates are completed timely. Document
Application and backups for each application and have them Champion each system; include requirements about how staff should use the
document each system system to ensure everything is in the system
Priority
Task Lead Resources (High, Med,
No. Strategy Key Implementation Tasks Responsibility Needed Low)1 Supported Goal/Objective Comments (where applicable)
21 Business Systems Evaluate and replace the Town’s current Agenda City Clerk Staffing – Department Users, Medium B2 – Maintain Business Paperless Agenda is one of the goals of the City Clerk
Application Management System City Clerk, Consultants Systems
B3 - Annual Evaluation, Consider consultant services to develop request for proposal (RFP)
Financial – no cost for Implementation and requirements and manage process.
evaluation of the system; cost Replacement
for implementation will B4 – Public Access
depend on evaluation of
solution as part of document
management system
22 Business Systems Replace the Town’s financial system (Fund Finance Staffing – Finance, Department High B2 – Maintain Business Best practice is to use an experienced consultant to develop RFP
Application Accounting), billing system, and budget Users, SSF IT, Tech Expert, Systems requirements and manage process.
application Technology Champion, Security B3 - Annual Evaluation,
Expert Implementation and
Replacement
Financial – no cost for
evaluation of the system; cost
for implementation will
depend on evaluation of
solution (est. $300,000)
23 Business Systems Evaluate the current use of SeeClickFix Public Works Staffing – Department Users, Low B2 – Maintain Business Identify integration with CRW or Lucity
Application Vendors, SSF IT, Tech Expert Systems
B3 - Annual Evaluation,
Financial – no cost for Implementation and
evaluation of the system; cost Replacement
for implementation will B4 – Public Access
depend on evaluation of
integration options
24 Business Systems Conduct a business process review on the use of Planning, Staffing – Staff from Planning, High B2 – Maintain Business Work with CRW to have a business process review (BPR) on how the
Application CRW Building Building, Code Enforcement, Systems Town is using the system. Discuss whether to do before or after the
Engineering, Public Works, B3 - Annual Evaluation, upgrade.
CRW, SSF IT, Tech Expert Implementation and
Replacement A BPR includes: analyzing existing business processes and systems;
B4 – Public Access designing new processes and systems; testing, simulating and
prototyping new designs prior to implementation; and managing the
implementation process.
Priority
Task Lead Resources (High, Med,
No. Strategy Key Implementation Tasks Responsibility Needed Low)1 Supported Goal/Objective Comments (where applicable)
25 Business Systems Perform CRW Upgrade (research upgrade version Planning, Staffing – Staff from Planning, High B2 – Maintain Business
Application options; consider hosted version) Building Building, Code Enforcement Systems
Evaluate and implement new features and Engineering B3 - Annual Evaluation,
Evaluate enhanced on-line capabilities for the Implementation and
public Financial – unknown pending Replacement
Evaluate Mobile access for inspectors evaluation of hosted solution B4 – Public Access
Identify and develop the necessary reports model; upgrade of existing
(performance numbers) platform likely part of existing
Evaluate using CRW for large projects maintenance contract
Evaluate remote scanning options
26 Business Systems Develop an in-house refresher training schedule Public Works Staffing – Public Works Tech Low B2 – Maintain Business
Application for staff with Lucity Champion, Other Departments Systems
Designate power users for each division as needed
Priority
Task Lead Resources (High, Med,
No. Strategy Key Implementation Tasks Responsibility Needed Low)1 Supported Goal/Objective Comments (where applicable)
30 Business Systems Evaluate the current SCADA system, upgrade to Public Works Staffing – PW staff, Medium B2 – Maintain Business
Application latest level and implement configuration for Wonderware, SCADA Systems
monitoring by specified staff consultant B3 - Annual Evaluation,
Implementation and
Financial – unknown pending Replacement
evaluation of current system;
upgrade costs may be covered
under existing maintenance
agreements; entire
replacement valued at ~
$100,000
31 Technology Implement an upgrade to the Audio Visual Technology Staffing – Technology High B3 - Annual Evaluation, Consider consultant services to develop RFP requirements and manage
Review in Capital equipment in the Council Chambers Champion Champion, SSF IT, Tech Expert, Implementation and process.
Project Evaluate implementation of video and audio Department Users Replacement
Development solutions for the Town Hall Atrium for overflow
use Financial – audiovisual
Incorporate ADA enhancements into design of upgrades can cost $95,000 to
the upgraded audiovisual equipment $150,000 depending on nature
and extent of equipment
desired
32 Technology Evaluate and implement a replacement Technology Staffing – Town Tech Liaison, Low B3 - Annual Evaluation, Consider integrating with Council Chamber review.
Review in Capital configuration to the Admin Room AV system to Champion SSF IT, Tech Expert, Implementation and
Project improve usability for all user types Department Users Replacement
Development
Financial – unknown pending
evaluation of needs; see above
33 Business Systems Evaluate how the Police Department can Police Chief Staffing – Technology Low B3 - Annual Evaluation,
Application enhance their current alarm monitoring services Champion, Technical Expert, Implementation and
PD Department Staff Replacement
B4 – Public Access
Financial – unknown pending
evaluation of enhancement
options with current solution
34 Business Systems Implement an Electronic Plan Review system Planning, Staffing – Department Users, Medium B4 – Public Access Consider consultant services to develop RFP requirements and manage
Application Building Technology Champion, Tech process.
Expert, SSF IT
Financial – unknown
depending on evaluation of
solutions
Priority
Task Lead Resources (High, Med,
No. Strategy Key Implementation Tasks Responsibility Needed Low)1 Supported Goal/Objective Comments (where applicable)
35 Business Systems Define the responsibilities of a webmaster and Town Web Staffing – Department Staff, Medium B4 – Public Access
Application assign the role to a staff person to ensure Master Web Master, Civic Plus
website is maintained
Establish website user group to meet/exchange
information
36 Business Systems Contact existing website provider to discuss a Town Staffing – Department Staff, High B4 – Public Access Should support the communication plans initiative.
Application basic website redesign and implementation of Webmaster Web Master, Civic Plus, A redesign would allow the City to drop the website app and only have
the latest platform to implement a responsive Technology Champion one platform to support
design Training for Town staff needs to be part of rollout
Financial – website redesign
can range from $10,000 to
$40,000 or more depending on
nature and extent of redesign
37 Business Systems Establish a method to hire consultant services for Technology Staffing – Department Staff, Medium B5 – Policies and Standards An experienced consultant would be valuable to an agency whose
Application major technology projects to assist with Champion SSF IT, Town Tech Expert for Business Systems resources are limited and staff is stretched. An experienced consultant
implementations. (Project Manager) would be used to develop and manage the RFP process to allow the
Financial – consulting services Town to be as efficient as possible in the process and ensure all areas
could run $20,000 to $100,000 (i.e., scope, system requirements, technical requirements, and
depending on nature of interoperability) are identified, documented and included in RFP.
project(s) evaluated.
38 Business Systems Evaluate compliance with PCI Compliance and Finance Staffing – Finance Dept., SSF IT, Medium B5 – Policies and Standards Consider the following web resources for more information:
Application California Privacy Requirements related to Tech Expert for Business Systems https://www.pcisecuritystandards.org/
Personal Identifiable Information (PII) during https://www.pcisecuritystandards.org/document_library?category
Credit Card acceptance implementation =pcidss&document=pci_dss
http://www.leginfo.ca.gov/cgi-
bin/displaycode?section=bpc&group=22001-23000&file=22575-
22579
https://oag.ca.gov/sites/all/files/agweb/pdfs/cybersecurity/making
_your_privacy_practices_public.pdf
39 Infrastructure Implement a hardware inventory system and Technology Staffing – SSF IT, Technology High C1 – Maintain Inventory Listing should include equipment, by department, vendor, maintenance
and Operation ensure it is maintained by service providers Champion Champion, Tech Expert (y/n), renewal dates. An automated system that would notify staff of
expiration is ideal.
Financial – none assuming
Excel or other existing
database software is used
40 Infrastructure Evaluate equipment, identify useful life, identify Technology Staffing – SSF IT, Technology High C1 – Maintain Inventory An automated system that would notify staff of expiration is ideal.
and Operation inventory to be replaced, and evaluate annually Champion Champion, Tech Expert
Evaluate Data Centers and make
recommendations for reliability/resilience Financial – to be evaluated as
part of annual replacement
cost review during budget
preparation
Priority
Task Lead Resources (High, Med,
No. Strategy Key Implementation Tasks Responsibility Needed Low)1 Supported Goal/Objective Comments (where applicable)
41 Infrastructure Implement a schedule for upgrades, Technology Staffing – SSF IT, Tech Expert Medium C1 – Maintain Inventory
and Operation maintenance, patching for all hardware and Champion
software and ensure the IT service provider Financial – to be evaluated as
follows it. part of annual replacement
cost review during budget
preparation
42 Infrastructure Develop and Implement a disaster recovery plan Technical Staffing – All City Departments, Low C2 – Core/Critical Systems Consider using the services of a consultant to develop the plan; will
and Operation Expert Tech Expert, SSF IT, Town and Disaster Recovery need participation by all departments.
Liaison
43 Infrastructure Identify core and critical systems; create, Technical Staffing – SSF IT, Technology High C2 – Core/Critical Systems Identification of core and critical systems is important to know which
and Operation maintain and test IT emergency operational Expert Champion, Department Heads, and Disaster Recovery systems have the highest priority to be restored during any emergency
contingency procedures CM, Technology Champion event or other system outage. The listing should identify all the other
systems that would be needed to restore the application. The Plan
Financial – unknown pending should identify funding mechanism for replacements, off-site storage,
development of disaster how to replace and a regular testing of the plan.
recovery plan and if any offsite
backup sites are identified as
part of the plan
44 Infrastructure Schedule regular updating of emergency contact Technology Staffing – Technology High C2 – Core/Critical Systems Contact List for IT resources, Contact list for vendor hardware and
and Operation information for technical staff and vendor Champion Champion, SSF IT, Tech Expert, and Disaster Recovery software, Telecommunication Vendors, Password List. Contact
contacts Vendors Information Should include: names, email, websites, phone numbers
Assign a first-line and backup administrator for (cell/desk) by type. Protocol for calling contacts should be defined.
each software/system
45 Infrastructure Implement and annually test a city-wide business Technology Staffing – All Departments, SSF Low C3 – Business Continuity Plan Consider using the services of a consultant to develop the plan. Will
and Operation continuity plan Champion IT, Tech Expert need participation by all departments.
46 Infrastructure Create IT Policies for the following areas: Technology Staffing –SSF IT, Tech Expert Medium C4 – Robust and Reliable
and Operation 1. System Access Policies (Physical, Remote) Champion Network
2. Change Control Policy
3. Antivirus, Malware, Spyware
4. Wi-Fi Policy
5. Network Related (Network, Security, Server,
Server Rooms, Firewall, Router, Switch,
Telecom)
47 Infrastructure Implement an intrusion or incident response plan Technology Staffing – Tech Expert, Security High C4 – Robust and Reliable
and Operation Champion Expert, SSF IT, Departments Network
Priority
Task Lead Resources (High, Med,
No. Strategy Key Implementation Tasks Responsibility Needed Low)1 Supported Goal/Objective Comments (where applicable)
48 Infrastructure Implement redundancy for Internet Service Technical Staffing – SSF IT, Tech Expert High C4 – Robust and Reliable
and Operation Provider (ISP) Expert Network
Financial – unknown pending
evaluation of options;
redundant ISP may cost
anywhere from $10,000 to
$20,000 annually depending on
level of service provided
49 Infrastructure Implement a redundant Firewall Technical Staffing – SSF IT, Tech Expert High C4 – Robust and Reliable
and Operation Expert Network
Financial – unknown pending
evaluation of network
architecture; firewall
replacement value estimated
at $20,000 per device
50 Infrastructure Implement a Network Management Tool Technical Staffing – SSF IT, Tech Expert, Medium C4 – Robust and Reliable
and Operation Expert Security Expert Network
Priority
Task Lead Resources (High, Med,
No. Strategy Key Implementation Tasks Responsibility Needed Low)1 Supported Goal/Objective Comments (where applicable)
54 Security Create IT Policies for the following areas: Technical Staffing – Technology Medium D1 – Security Program The updated Security Policy will include updated information on how
1. Password Policy Expert Champion, SSF IT, Tech Expert, to maintain security, NIST standards, reviewed and tested, encryption
2. Information Security Policy Security Expert, CM, Executive methods, background checks on IT staff, response to security breach or
3. User Access Policy Team, HR anti-virus/malware outbreak.
User access policy should include not allowing end users to run with
admin privileges
55 Security Implement the ability for Town to review logs for Technical Staffing – SSF IT, Tech Expert Medium D1 – Security Program
items related to security such as unauthorized Expert
access or attempts
56 Security Annually review user accounts and audit access Technology Staffing – Town Liaison, SSF IT, Medium D1 – Security Program
to network files and applications Champion Security expert
57 Security Limit overseas IP address access Technical Staffing – SSF IT, Tech Expert High D1 – Security Program Limiting overseas IP addresses on the town’s routers and firewalls will
Expert D2 – Security Technology provide additional protection against intrusions
Expert
58 Security Schedule regular password changes for all users. Technical Staffing – SSF IT, Tech Expert, High D1 – Security Program
Expert all users D2 – Security Technology
Expert
59 Security Utilize a security expert to assist with the Technology Staffing – Technology High D2 – Security Technology Managed Services firms will have security experts. Skill sets could be
creation of necessary policies, recommend Champion Champion, Tech Expert Expert combined with Technology Expert role.
standards and educate Department Heads
Financial – unknown pending
evaluation of extent of
services. Current rates
estimated between $150-200
per hour.
60 Security Implement an annual Security Awareness Technical Staffing – SSF IT, Security Medium D3 – End User Security Consider the following possible resources:
Training Program for End Users Expert Expert Training https://www.sans.org/security-resources/
https://securingthehuman.sans.org/security-awareness-
training/enduser/
Priority
Task Lead Resources (High, Med,
No. Strategy Key Implementation Tasks Responsibility Needed Low)1 Supported Goal/Objective Comments (where applicable)
61 Security Evaluate Open Data options (AB169) and Technology Staffing – Medium D4 – Legal Requirements AB169 – Public Records – Internet “Open Data” – GC 6253.10 is added
determine a plan to implement as appropriate Champion SSF IT, Technical Expert, to the Government Code:
for the Town Department Heads
“If a local agency, except a school district, maintains an Internet
Financial – unknown pending Resource, including, but not limited to, an Internet Web site, Internet
evaluation of requirements and Web page, or Internet Web portal, which the local agency describes or
their impacts on existing Town titles as ‘open data,’ and the local agency voluntarily posts a public
technology resources record on that Internet Resource, the local agency shall post the public
record in an open format.
Priority
Task Lead Resources (High, Med,
No. Strategy Key Implementation Tasks Responsibility Needed Low)1 Supported Goal/Objective Comments (where applicable)
66 Technology Create an information technology internal service Finance Staffing – Finance High F1 – IT Internal Service Fund
Investment, fund in the Town’s general ledger; transfer all
Financial related assets and reserves from the existing
Resources and asset replacement fund; create appropriate
Administration revenue (internal service charges, interest) and
expenditure (capital outlay, operating
expenditures) accounts
67 Technology Develop a replacement schedule for all Technology Staffing – All Departments High F4 – Annual Replacement Include all radio and mobile handheld devices
Investment, equipment; have departments review annually Champion Funding
Financial for accuracy Financial – annual replacement
Resources and Include a useful life definition for all equipment funding as part of annual
Administration and estimated replacement value budget process. Estimated
annual replacement funding is
~ $100,000
68 Technology Develop and publish an information technology Finance Staffing – Technology Medium F5 – IT Asset Replacement Create policies similar to those policies available from other agencies
Investment, asset replacement policy that includes guidelines Champion, Finance, All Policy on both MISAC and CSMFO listservs.
Financial and methodologies related to replacement Departments
Resources and criteria, standard useful lives, funding sources
Administration (including grants and ongoing replacement
funding sources), and asset management