Personnel Cabinet iSTEP Policy
050.101 Information Security, Training, Education and Policies/Procedures (iSTEP) Portal- Confidentiality and Use Agreement
Personnel Cabinet (PC) – Division of Technology Services (DTS)
Information Technology (IT) Policies
Category: 050.500 Administrative
050.501 Security Awareness Program - iSTEP
Policy: This policy documents iSTEP as the Personnel Cabinet’s electronic IT policy/security training portal and confidentiality and use agreement for all users of the Cabinet's technology and access to data.
Scope: This policy applies to all PC employees, contractors and external users of Personnel Cabinet’s enterprise HR systems, including all persons who provide contract services, use, process or store electronic data relevant to agency business. Failure to comply may result in disciplinary actions up to and including dismissal of employment for employees or termination of contracts for volunteers, contractors, consultants and other entities. Legal actions also may be taken for violations of applicable state and federal laws, statutes, and/or regulations. Users of Commonwealth resources should have no expectation of personal privacy associated with any information they access, publish, or store on Commonwealth resources or information they access, publish, or store via the Internet using Commonwealth resources.
Policy/Procedure Maintenance Responsibility: DTS CIO/Director's Office is responsible for the maintenance of this policy.
Exceptions: Any exceptions to this policy must follow the procedures established in PC-DTS IT Policy #060.101.
Description of Components: All new users shall complete the Information, Security, Training, Education, and Policies/Procedures (iSTEP) Portal. Completion of iSTEP is required prior to new users being granted access to the Cabinet’s technology and data. Users must review iSTEP annually in order to retain such access. Additionally, the Cabinet CIO and/or the Office of Public Affairs is responsible for periodically sending out reminders concerning contemporaneous security events, current security risks, and/or communications for ongoing awareness. iSTEP is the PC’s electronic record to document that the initial and annual awareness activities, training, and acceptance of confidentiality and use agreement were completed.
Review Cycle: Annual
Effective Date: 10/01/2016