​​​​​​​​​​​​​​​​​​​​​​​Personnel Cabinet iSTEP Policy

050.101 Information Security, Training, Education and Policies/Procedures (iSTEP) Portal- Confidentiality and Use Agreement

Personnel Cabinet (PC) – Division of Technology Services (DTS)

Information Technology (IT) Policies

Category: 050.000 Administrative

Policy: This policy documents iSTEP as the Personnel Cabinet’s electronic IT policy/security training portal and confidentiality and use agreement for all users of the Cabinets’s technology and access to data.

Scope: This policy applies to all PC employees, contractors and external users of Personnel Cabinet’s enterprise HR systems, including all persons who provide contract services, use, process, or store electronic data relevant to agency business. Failure to comply may result in disciplinary actions up to and including dismissal of employment for employees or termination of contracts for volunteers, contractors, consultants, and other entities. Legal actions also may be taken for violations of applicable state and federal laws, statutes, and/or regulations. Users of Commonwealth resources should have no expectation of personal privacy associated with any information they access, publish, or store on Commonwealth resources or information they access, publish, or store via the Internet using Commonwealth resources.   

Policy/Procedure Maintenance Responsibility: DTS IT Director’s Office is responsible for the maintenance of this policy.

Exceptions: Any exceptions to this policy must follow the procedures established in PC-DTS IT Policy #060.101.

Description of Components: All new users shall complete the Information, Security, Training, Education, and Policies/Procedures (iSTEP) Portal. Completion of iSTEP is required prior to new users being granted access to the Cabinet’s technology and data. Users must review iSTEP annually in order to retain such access. Additionally, the DTS Director’s Office, HR, and/or the Office of Public Affairs is responsible for periodically sending out reminders concerning contemporaneous security events, current security risks, and/or communications for ongoing awareness. iSTEP is the PC’s electronic record to document that the initial and annual awareness activities, training, and acceptance of confidentiality and use agreement were completed.

Review Cycle: Annual

Timeline:
Revision Date: 12/21/2018
Review Date: 12/21/2018
Effective Date: 12/21/2018