Text Size:   A+ A- A   •   Text Only
Site Image
Statewide IT Policies
Policy Overview
Within the Chief Information Office (CIO), the Information Technology (IT) Investment and Planning Section is responsible for recommending and developing IT-related administrative rules, policies, standards, practices and guidelines for Oregon State government. 
Policy development duties are to:  
  • serve as a resource for IT-related rule and policy interpretation;
  • seek broad based input and collaborative rule and policy development with agency stakeholders;
  • track and coordinate IT-related rule and policymaking;
  • review, evaluate and report the effectiveness of policy implementation;
  • conduct research on "best practices" and industry trends; and
  • develop and maintain a comprehensive web-based policy information repository.

Statewide IT Policies
107-004-040 - State Information Technology Governance Policy (doc) (pdf
Effective date: 06/29/05
107-004-130 - Information Technology Investment Review / Approval (pdf )
Effective date:  04/23/10
107-004-110 - Acceptable Use of State Information Assets (pdf
Effective date: 10/16/07
(Note: Replaces Statewide Policy 1.3 Acceptable Use of Information Related Technology) 
107-004-030 - Technology Investment Strategy Development And Quality Assurance Reviews Policy (doc) (pdf)
Effective date: 02/01/2004 
(Note: Replaces Statewide Policy 1.7 Quality Assurance Reviews)
107-004-010 Information Technology Asset Inventory / Management  (pdf)
Effective date:  09/08/2008 
Statewide Policies developed in October 2001
1.0 Acquisition of Information and Related Technologies (Note: Policy has been replaced (doc) (pdf
1.1 Gifts (including trials and evaluations)*
1.2 Joint Legislative Committee on Information Management & Technology *
1.3 Acceptable Use of Information Related Technology (Policy has been replaced by 107-004-110 )
1.4 Public Access to Electronic Records *
1.5 Electronic Commerce *
1.6 Governance and Control Objectives *
1.7 Quality Assurance Reviews (Policy has been replaced by 107-004-030 - (doc) (pdf)
1.8 Privacy & Information Disclosure *
1.9 Navigation and Site Design *
Appendix A - Glossary of Terms 
Appendix B - Sample Service Level Agreement
Appendix C - Web Site Privacy & Information Disclosure Notice

IT Policies Under Development
To be determined
Enterprise IRM Strategy
Oregon´s Enterprise Information Resource Management Strategy

Architecture and Standards
Enterprise Architecture

Enterprise Security Policies
Enterprise Security Policies
In January 2008, the Enterprise Information Security Advisory Board voted to adopt the following Enterprise Information Security Policy Review and Approval Process - 01/18/2008 (doc)

Policy Contact Information
For information about information technology-related policies or the policy development unit, please contact the Office of the CIO at 503-378-3175.