THE METROPOLITAN GOVERNMENT OF NASHVILLE AND DAVIDSON COUNTY
Karl F. Dean, Mayor
SUBJECT: Information Technology Advisory Board and Information Security Advisory Board
I, Karl Dean, Mayor of the Metropolitan Government of Nashville and Davidson County, by virtue of the power and authority vested in me, do hereby find, direct and order the following:
I. There is hereby established the Information Technology Advisory Board (ITAB), which has as its mission the provision of advice to the Metropolitan Government of Nashville and Davidson County (Metropolitan Government or Metro) regarding information technology service management and information technology standards and best practices for the reduction of costs, and improved information technology (IT) services, internal and external customer satisfaction, productivity, use of skills and experience, and delivery of third party services by and to the Metropolitan Government.
II. There is hereby established the Information Security Advisory Board (ISAB), which has as its mission the provision of advice to the Metropolitan Government regarding information security management standards and best practices for the preservation of the confidentiality, integrity and availability of electronic and non electronic information of the public, Metropolitan Government employees and third party users, and the Metropolitan Government itself.
III. The ITAB
1. Functions of the ITAB
The ITAB will provide advice to the Metropolitan Government concerning information technology service management and information technology optimization standards and best practices including:
a. IT and business strategic planning, as well as integrating and aligning IT and Metro’s goals;
b. implementing continual improvement processes and improving project delivery success;
c. measuring IT organization effectiveness and efficiency;
d. optimizing costs and the total cost of ownership and also achieving and demonstrating return on investment;
e. developing and maintaining organization and IT partnerships and relationships;
f. effective and efficient outsourcing and insourcing;
g. using IT to gain competitive advantage and innovate;
h. delivering required, organization justified IT services;
i. managing constant organization and IT change; and
j. demonstrating appropriate IT governance, including compliance with applicable laws, regulations and marketplace requirements.
2. Membership
The ITAB shall have seven (7) voting members and six (6) non-voting ex officio members.
a. The seven (7) voting members of the ITAB will consist of non-Metropolitan Government information technology experts who have an expertise in some or all of the following areas: service delivery, service support, information communication technology infrastructure management, planning to implement service management, application management, the organization objective, and security management. They will be selected and appointed by the Mayor.
b. The regular term of the seven (7) voting members of the board shall be two (2) years. However, of the initial membership of the board, four (4) members will serve two (2) years and three (3) members will serve one (1) year so that the terms are staggered. The Mayor will designate the term length for each initial board member at the time of appointment. Reappointments will serve a term of two (2) years.
c. The six (6) non-voting ex officio members of the ITAB will consist of the Deputy Mayor, the Director of Information Technology Services, the Director of Law, the Director of Finance, the Director of General Services, and the Director of Human Resources.
d. All members shall be able to select designees to appear at meetings of the ITAB.
e. The Mayor shall designate a voting member of the ITAB to serve as its Chair (Chair).
f. The Mayor shall designate a voting member of the ITAB to serve as the Vice-Chair and exercise all functions of the Chair when the Chair is unavailable.
3. Meetings
a. The ITAB shall hold regular meetings not less than once per quarter. The regular meetings will be held at a date, time and place to be determined by the Chair.
b. Special meetings may be called by the Chair or by request of three (3) permanent members, as necessary.
c. A quorum shall consist of four (4) voting members.
d. The ITAB shall submit meeting minutes and recommendations to the Mayor.
IV. ISAB
1. Functions of the ISAB
a. The ISAB will provide advice to the Metropolitan Government concerning information security management standards and best practices including:
b. quantitative and qualitative methodologies and tools for assessing and treating security risks;
c. organizational frameworks to manage information security internally and externally, and to keep up with evolving and changing information security management trends and requirements;
d. processes and procedures to manage information assets, including identification of information assets and responsibility for maintenance of controls for those assets;
e. methods of assigning security roles and responsibilities to employees, contractors and third party users of Metropolitan Government information assets;
f. physical and environmental security controls for Metropolitan Government facilities, equipment (i.e., hardware, cabling, supporting utilities, and the like), as well as secure disposal of equipment and devices containing sensitive information;
g. procedures and responsibilities for communications and operations management, including processes for change management, third party service delivery management, protection against malicious and mobile code, back-ups, network security management, exchange of information with organizations outside of Metro, electronic commerce and on-line transactions, and monitoring of Metropolitan Government systems;
h. policies and procedures to control access to information by system users, including password use, network and operating system access, application and information access, and mobile computing and teleworking;
i. security requirements for information systems acquisition, development and maintenance, including operating systems, infrastructure, business applications, off-the-shelf products, services, and user-developed applications, and policy for the use of cryptographic controls;
j. formal event reporting and escalation procedures for information security incident management;
k. the information security aspects of business continuity management; and
l. compliance with laws, regulations, contractual obligations, and other Metropolitan Government security requirements, and information systems audit requirements.
2. Membership
The ISAB shall have seven (7) voting members and six (6) non-voting ex officio members.
a. The seven (7) voting members of the ISAB will consist of non-Metropolitan Government information security management experts who have expertise in some or all of the following areas: access control systems/methods, applications/systems development, business continuity/disaster recovery, computer forensics, encryption, law/investigations, network security, physical security, records management, security architecture, security management practices, telecommunications security, and/or other security fields. They will be selected and appointed by the Mayor.
b. The regular term of the seven (7) voting members of the board shall be two (2) years. However, of the initial membership of the board, four (4) members will serve two (2) years and three (3) members will serve one (1) year so that the terms are staggered. The Mayor will designate the term length for each initial board member at the time of appointment. Reappointments will serve a term of two (2) years.
c. The six (6) non-voting ex officio members of the ITAB will consist of the Deputy Mayor, the Director of Information Technology Services, the Director of Law, the Director of Finance, the Director of General Services, and the Director of Human Resources.
d. All members shall be able to select designees to appear at meetings of the ISAB.
e. The Mayor shall designate a voting member of the ISAB to serve as its Chair (Chair).
f. The Mayor shall designate a voting member of the ISAB to serve as the Vice-Chair and exercise all functions of the Chair when the Chair is unavailable.
3. Meetings
a. The ISAB shall hold regular meetings not less than once per quarter. The regular meetings will be held at a date, time and place to be determined by the Chair.
b. Special meetings may be called by the Chair or by request of three (3) permanent members, as necessary.
c. A quorum shall consist of four (4) voting members.
d. The ISAB shall submit meeting minutes and recommendations to the Mayor.
Ordered, Effective and Issued:
Karl F. Dean
Mayor
Date: July 14, 2008