Highlights of IS.012 Operations Management Standard
Massachusetts Executive Office of Technology Services and Service IS.012 Operations Management Standard documents the requirements and key information security considerations for information technology operations, including the definition of standard operating procedures, change management, configuration management, release management, information backup and restoration and cloud computing. Topics include:
- Documented procedures for daily operations and changes
- Maintain and regularly update your asset inventory (authorized hardware and software)
- Capacity and release management (separate test and production environments)
- Data Back up and restoration (including multiple backups)
- Secure cloud environments and service providers
See the Enterprise Information Security Standards Self-Assessment Questionnaire [Excel] that can be used to track compliance with implementing these internal controls. Departments should expect to be audited on compliance with these internal controls.
The Executive Office of Technology Services and Security (EOTSS) publishes Enterprise Information Security Policies and Standards which must be included in a Department’s Internal Control Plan, implemented, tested, and included in staff training. These standards apply to all Executive Department offices and agencies and are the default standard for non-Executive Departments who have not adopted comparable cyber and data security standards as part of their Internal Control Plan.