Statutes, codes, and regulations
Iowa Administrative Code
Agency 129 - CHIEF INFORMATION OFFICER, OFFICE OF THETitle I - GENERAL OFFICE PROCEDURES
Chapter 8 - INFORMATION TECHNOLOGY GOVERNANCE
Rule 129-8.4 - Information technology governance requirements

Iowa Admin. Code r. 129-8.4

Download
PDF
Current through Register Vol. 47, No. 11, December 11, 2024
Rule 129-8.4 - Information technology governance requirements
(1)Proposing information technology governance requirements. Anyone may recommend the development or adoption of an information technology governance requirement to the CIO or office or advisory committee created and designated by the CIO for such purpose.
(2)Development of information technology governance requirements. Where the CIO, office, or advisory committee created and designated by the CIO for such purpose is of the opinion that a proposed information technology governance requirement has merit, the CIO, office, or advisory committee created and designated by the CIO for such purpose may work with the individual proposing the information technology governance requirement to develop the requirement. In developing information technology standards, the CIO, office, or advisory committee created and designated by the CIO for such purpose may consider, by way of example only:
a. Whether and how such requirement furthers the objectives of the enterprise;
b. Current industry standards or best practices;
c. Whether and how the requirement would help avoid the duplication of services, resources, or support;
d. Whether and how the requirement would further the state's information technology strategic plan, enterprise architecture, security plans, or any other information technology governance requirements;
e. Whether and how the requirement would affect expenditures across the enterprise;
f. Existing technology deployments;
g. The impact on state resources;
h. Acquisition, development and deployment time frames associated with implementing the requirement.
(3)Types of information technology governance requirements. Information technology governance requirements may include any of the following:
a. "Policy(ies)" means a high-level statement of intent applicable to the acquisition, utilization, or provision of information technology designed to facilitate an enterprisewide goal or objective.
b. "Standard(s)" means a specific, minimum requirement(s) applicable to the acquisition, utilization, or provision of information technology, typically designed to facilitate the uniform application or implementation of one or more policies. Standards may set forth required or prohibited technical approaches, solutions, methodologies, products or protocols which must be adhered to in the design, development, implementation, or upgrade of systems architecture, including hardware, software and services. Standards are intended to establish uniformity in common technology infrastructures, applications, processes or data, and may define or limit the tools, proprietary product offerings or technical solutions which may be used, developed or deployed by participating agencies.
c. "Process(es)" means a high-level overview of required tasks, approvals, procedures, or other processes, typically designed to operationalize one or more policies or standards in a manner that leads to consistent results.
d. "Procedure(s)" means an in-depth set of instructions for the completion of a specific process, task, or action, typically designed to operationalize one or more processes or standards in a manner that leads to consistent results.
e. "Guideline(s)" or "best practices" means a recommended policy, process, task, or action related to the acquisition, utilization, or provision of information technology, typically designed to support related policies or standards. Guidelines or best practices are not required but are intended to aid participating agencies in assessing risks associated with technology decisions, facilitate knowledge transfer, and communicate lessons learned from past experience.
(4)Goals for information technology governance requirements. The underlying purpose of information technology governance requirements is, by way of example only:
a. To promote collaboration and consistency in the automation of systems;
b. To eliminate duplicative development efforts and promote efficiencies for improved services to citizens and businesses;
c. To ensure continuity of ongoing state operations;
d. To ensure system security and the confidentiality, integrity, and availability of confidential or sensitive information stored or processed by state information systems;
e. To promote administrative efficiencies relating to development and maintenance of systems; and
f. To enable the state to realize its full purchasing power from the use of a statewide, enterprise approach to the selection of technology solutions.
(5)Adopting of information technology governance requirements and taking effect.
a. Following the development of a proposed information technology governance requirement, the CIO may adopt the information technology governance requirement. The CIO shall solicit stakeholder input and feedback, including feedback from participating agencies to which the information technology governance requirement would apply, prior to adopting an information technology governance requirement.
b. The effective date of an information technology governance requirement shall be as stated in the applicable information technology governance document.
c. Upon taking effect, an information technology governance requirement shall apply to all participating agencies.
d. Participating agencies may request additional time to comply with information technology governance requirements. Such requests shall be considered a request for temporary waiver and must be submitted in accordance with rule 129-8.6 (8B).

Iowa Admin. Code r. 129-8.4

Adopted by IAB December 18, 2019/Volume XLII, Number 13, effective 1/22/2020