You are here

Home » News » Newly Adopted Technology Policies and Standards

Newly Adopted Technology Policies and Standards

On November 9th, the Policy and Portfolio Subcommittee of the Technology Services Board (TSB) recommended approval of several policies and standards.  Based on this recommendation, these policies/standards have been adopted pending approval by the full TSB.  The adopted policies and standards are now posted on the OCIO Website at and are in effect.

Project Approval and Oversight Policy

An interim change to Policy 121 – IT Investments Approval and Oversight Policy formalizes the recent adoption of a new IT investment assessment tool.  With this new tool, the terminology for final assessment results changes.  Rather than being a Level 1, 2 or 3 project, an investment is either ‘under oversight’ or ‘not under oversight’.   The material clarifies that the Office of the Chief Information Officer (OCIO) can independently escalate concerns to a project sponsor or agency head when necessary.

Project Go-Live Readiness Decision Governance Standard

Premature implementation of a solution can create issues that could have been avoided.  Examples are disruption to the business, dissatisfied users, unserved customers, negative press coverage, and exposure to legal risk.  Among other things, Standard 121.10 – Project Go-Live Readiness Decision Governance requires projects under oversight to define go-live criteria early in the project and assign responsibility for collecting and tracking go-live data.  It identifies the Executive Sponsor as the person to make the Go-Live decision in consultation with the Steering Committee.  Because some projects have a higher profile or potential for impact, the standard notes projects may be required to brief the OCIO prior to go-live.   

The OCIO Consultants will work with in-flight projects to determine how to apply this new standard with a goal of having all projects compliant by 5/31/2018.

Security Standard Updates

Standard 141.10 – Security Information Technology Assets is updated to raise awareness of where and when the standards apply, introduce new encryption requirements to further protect the states most confidential data and to otherwise maintain alignment with IT security.  The encryption requirements have been updated such that all systems storing or processing Category 3 or 4 data outside the State Governmental Network (SGN), or any new system storing  or processing Category 3 or 4 data within the SGN, implement encryption. While many agencies are already moving in this direction, until encryption becomes truly ubiquitous, agencies may need to allocate more money and staffing resources to meet the updated requirements.  

NG 9-1-1 Geospatial Data Standard

New Standard 161.07 – NG9-1-1 Geospatial Data Standard adopts the National Emergency Association data standard used to coordinate all Next Generation (NG) 9-1-1 programs across the country.  Use of this standard assists 911 dispatch to locations that cross jurisdictional boundaries or used non-landline communications to report emergencies.  The Military Department has primary responsibility for ensuring standards are met tine the Emergency Services IP Network, the backbone of the NG911. 

Commonly Used Software Policy and Standard

Policy 186 – Commonly Used Software Product Retirement Policy and Standard 186.10 – Commonly Used Software Standard have been updated as a result of a sunset review.    While agencies should generally use software that is supported by the manufacturer, the policy and standard focus on those products used widely across state government.   

Policy 142 – Windows XP End of Life is recommended for rescission.  It is redundant to Policy 186 and Standard 186.10.


The industry is moving to a new version of internet protocol addressing called IPv6.  IPv6 replaces IPv4.  This change is necessary because all available IPv4 addresses are nearly used up.  IPv6 addresses are longer and also allow a whole host of improvements.  The migration to IPv6 is not an option, it is where the world is headed.  The new Statewide Migration to IPv6 sets December 2020 as the target for all state agencies to complete planning activities and December 2025 as the target for completion of migration.  More communications about IPv6 and its importance will be available in the coming months.