Technology Policies, Standards, Procedures and Supplements

Purpose

WSSB is committed to ensuring its IT Systems are secure, agency data and systems are protected, and are only accessed by authorized users.

Scope

This policy applies to all students, staff, contractors and other authorized users. Any exceptions must be documented and approved by the Superintendent or designee.

POLICY

1. Unless otherwise stated, technology policies, standards, and procedures issued by the state Chief Information Officer (CIO) apply in the following ways to WSSB as a State agency:
   1. "State agency" means every state office, department, division, bureau, board, commission, or other state agency, including offices headed by a statewide elected official. State agencies as defined are required to adhere to all policies, standards, and procedures issued by the state Chief Information Officer.
2. Technical policies and standards will be developed and implemented by WSSB in accordance with the procedures outlined by the state Chief Information Officer (CIO)
   1. IT Technology guidelines, where published by the state Chief Information Officer, do not require compliance but are offered as best practice.
   2. In support of policies, standards, and guidelines, WSSB may develop and update procedures and supplements without a formal, multi-level review process.
   3. To fulfill its obligations in supporting services and supporting the agencies departments, the Department of Technology Services (DoTS) in cooperation with the Superintendent may develop confidential procedures.
      1. These confidential procedures would be evaluated for adherence to the Washington Public Records Act RCW 42.56 Public Records Request.
      2. Procedures will be made available through secure methods utilizing a relevant data-sharing agreement, as outlined in RCW 39.24.240 See SEC-08 Data Sharing Policy (CIO) if shared outside the agency.
   4. A selection of agency experts will participate in the development and review of technical policy and standards supplements, including identifying the desired outcome and documenting the business case for a policy or standard. Standing or ad hoc subject workgroups will be used to support technology policy and standard creation, and maintenance as needed.
   5. DoTS Policy supplements will provide additional guidelines and procedures to ensure compliance with state regulations and enhance the effectiveness of CIO policies. These supplements address specific areas of technology use, and administrative processes. By implementing these supplements, WSSB can better manage resources, mitigate risks, and maintain a secure environment for everyone.
   6. WSSB will use Equity, Diversity, Access & Inclusion (EDAI) principles in each policy, standard, procedure, and guideline.
3. WSSB is responsible for complying with all published technology policies and standards unless a waiver has been granted by the state Chief Information Officer. See POL-01-01-S Technology Policies, Standards, and Procedures Waiver Standard and POL-01-01-PR Waiver Procedure for more details.

Definitions

• Definition of Terms Used in WaTech Policies and Reports.
• Boards and Committees (Current IT governance framework).
• POL-01-01-S Technology Policy and Standard Naming Convention.
• POL-01-02-S Technology Policy and Standard Waiver Request Standard.
• POL-01-01-PR Technology Policies and Standards Waiver Procedure.
• RCW 42.56 Public Records Request.
• RCW 39.34.240: Data requests—When written agreement required.
• SEC-08 Data Sharing Policy
• SEC-09 IT Security Audit and Accountability Standard

Policy Review

The Agency will review the policy internally on an annual basis.

Policy sunset review periods will be no more than three (3) years from the adoption date.