Common use of CONFIGURATION & CHANGE MANAGEMENT POLICY STATEMENTS Clause in Contracts

CONFIGURATION & CHANGE MANAGEMENT POLICY STATEMENTS. 3.2.1 Changes to all information processing facilities, systems, software, or procedures shall be strictly controlled according to formal change management procedures. 3.2.2 Changes impacting security appliances managed by OCIT (e.g., security architecture, security appliances, County firewall, Website listings, application listings, email gateway, administrative accounts) shall be reviewed by OCIT Enterprise Privacy and Cybersecurity in accordance with the County Security Review and Approval Process. 3.2.3 Only authorized users shall make any changes to system and/or software configuration files. 3.2.4 Only authorized users shall download and/or install operating system software, service-related software (such as web server software), or other software applications on County computer systems without prior written authorization from department IT management. This includes, but is not limited to, free software, computer games and peer-to-peer file sharing software. 3.2.5 Each department shall develop a formal change control procedure that outlines the process to be used for identifying, classifying, approving, implementing, testing, and documenting changes to its IT resources. 3.2.6 Each department shall conduct periodic audits designed to determine if unauthorized software has been installed on any of its computers. 3.2.7 As appropriate, segregation of duties shall be implemented by all County departments to ensure that no single person has control of multiple critical systems and the potential for misusing that control.

CONFIGURATION & CHANGE MANAGEMENT POLICY STATEMENTS. 3.2.1 Changes to all information processing facilities, systems, software, or procedures shall be strictly controlled according to formal change management procedures. 3.2.2 Changes impacting security appliances managed by OCIT (e.g., security architecture, security appliances, County firewall, Website listings, application listings, email gateway, administrative accounts) shall be reviewed by OCIT Enterprise Privacy and Cybersecurity in accordance with the County Security Review and Approval Process. 3.2.3 Only authorized users shall make any changes to system and/or software configuration files. 3.2.4 Only authorized users shall download and/or install operating system software, service-service- related software (such as web server software), or other software applications on County computer systems without prior written authorization from department IT management. This includes, but is not limited to, free software, computer games and peer-to-peer file sharing software. 3.2.5 Each department shall develop a formal change control procedure that outlines the process to be used for identifying, classifying, approving, implementing, testing, and documenting changes to its IT resources. 3.2.6 Each department shall conduct periodic audits designed to determine if unauthorized software has been installed on any of its computers. 3.2.7 As appropriate, segregation of duties shall be implemented by all County departments to ensure that no single person has control of multiple critical systems and the potential for misusing that control.

CONFIGURATION & CHANGE MANAGEMENT POLICY STATEMENTS. 3.2.1 Changes to all information processing facilities, systems, software, or procedures shall be strictly controlled according to formal change management procedures. 3.2.2 Changes impacting security appliances managed by OCIT the County (e.g., security architecture, security appliances, County firewall, Website listings, application listings, email gateway, administrative accounts) shall be reviewed by OCIT Enterprise Privacy and Cybersecurity the County in accordance with the County Security Review and Approval Process. 3.2.3 Only authorized users shall make any changes to system and/or software configuration files. 3.2.4 Only authorized users shall download and/or install operating system software, service-related software (such as web server software), or other software applications on County computer systems systems/devices without prior written authorization from department IT management. This includes, but is not limited to, free software, computer games and peer-to-peer file sharing software. 3.2.5 Each department and/or contractor shall develop a formal change control procedure that outlines the process to be used for identifying, classifying, approving, implementing, testing, and documenting changes to its IT resources. 3.2.6 Each department and/or contractor shall conduct periodic audits designed to determine if unauthorized software has been installed on any of its computers. 3.2.7 As appropriate, segregation of duties shall be implemented by all County departments to ensure that no single person has control of multiple critical systems and the potential for misusing that control, if applicable.

CONFIGURATION & CHANGE MANAGEMENT POLICY STATEMENTS. 3.2.1 Changes to all information processing facilities, systems, software, or procedures shall be strictly controlled according to formal change management procedures. 3.2.2 Changes impacting security appliances managed by OCIT (e.g., security architecture, security appliances, County firewall, Website listings, application listings, email gateway, administrative accounts) shall be reviewed by OCIT Enterprise Privacy and Cybersecurity in accordance with the County Security Review and Approval Process. 3.2.3 Only authorized users shall make any changes to system and/or software configuration files. 3.2.4 Only authorized users shall download and/or install operating system software, service-related software (such as web server software), or other software applications on County computer systems without prior written authorization from department IT management. This includes, but is not limited to, free software, computer games and peer-to-peer file sharing software. 3.2.5 Each department shall develop a formal change control procedure that outlines the process to be used for identifying, classifying, approving, implementing, testing, and documenting changes to its IT resources. 3.2.6 Each department shall conduct periodic audits designed to determine if unauthorized software has been installed on any of its computers. 3.2.7 As appropriate, segregation of duties shall be implemented by all County departments to ensure that no single person has control of multiple critical systems and the potential for misusing that control.

CONFIGURATION & CHANGE MANAGEMENT POLICY STATEMENTS. 3.2.1 Changes to all information processing facilities, systems, software, or procedures shall be strictly controlled according to formal change management procedures. 3.2.2 Changes impacting security appliances managed by OCIT (e.g., security architecture, security appliances, County firewall, Website listings, application listings, email gateway, administrative accounts) shall be reviewed by OCIT Enterprise Privacy and Cybersecurity in accordance with the County Security Review and Approval Process. 3.2.3 Only authorized users shall make any changes to system and/or software configuration files. 3.2.4 Only authorized users shall download and/or install operating system software, service-related software (such as web server software), or other software applications on County computer systems without prior written authorization from department IT management. This includes, but is not limited to, free software, computer games and peer-to-peer file sharing software. 3.2.5 Each department shall develop a formal change control procedure that outlines the process to be used for identifying, classifying, approving, implementing, testing, and documenting changes to its IT resources. 3.2.6 Each department shall conduct periodic audits designed to determine if unauthorized software has been installed on any of its computers. 3.2.7 As appropriate, segregation of duties shall be implemented by all County departments to ensure that no single person has control of multiple critical systems and the potential for misusing that control.

CONFIGURATION & CHANGE MANAGEMENT POLICY STATEMENTS. 3.2.1 Changes to all information processing facilities, systems, software, or procedures shall be strictly controlled according to formal change management procedures. 3.2.2 Changes impacting security appliances managed by OCIT (e.g., security architecture, security appliances, County firewall, Website listings, application listings, email gateway, administrative accounts) shall be reviewed by OCIT Enterprise Privacy and Cybersecurity in accordance with the County Security Review and Approval Process. 3.2.3 Only authorized users shall make any changes to system and/or software configuration files. 3.2.4 Only authorized users shall download and/or install operating system software, service-related software (such as web server software), or other software applications on County computer systems without prior written authorization from department IT management. This includes, but is not limited to, free software, computer games and peer-to-peer file sharing software. 3.2.5 Each department shall develop a formal change control procedure that outlines the process to be used for identifying, classifying, approving, implementing, testing, and documenting changes to its IT resources.. Docusign Envelope ID: 720A06B8-0B1D-4BC0-90D5-335032640F9D 3.2.6 Each department shall conduct periodic audits designed to determine if unauthorized software has been installed on any of its computers. 3.2.7 As appropriate, segregation of duties shall be implemented by all County departments to ensure that no single person has control of multiple critical systems and the potential for misusing that control.