Policies & Standards

CORA: Colorado Open Records Requests

Pursuant to C.R.S. §24-72-205, OIT does not impose a charge for the first hour of time expended in connection with the research and retrieval of public records. After the first hour, OIT charges $25 per hour for the research and retrieval of public records. When the number of pages produced in response to a records request exceeds 25 pages, OIT will charge $0.25 per page for all documents photocopied. CORA requests made of OIT should be submitted in writing, via email, to oit_cora@state.co.us.

Policies & Standards Issued By OIT

Acceptable Use Policy (AUP)

Acceptable Use of State and Personal Assets (POL 100-11)

Credentialing/Identity Management

Policy on the Issuance of Colorado Personal Identity Verification - Interoperable (PIV-I) Cards (OEA Policy GOV 100-00)

Data Management

Guidelines for Information Sharing Initiatives

Financial Services

IT Expense Approval Request

Governance

Policy to Create the Colorado Architecture Review Board (CARB) (OEA Policy GOV 100-01)

Information Security

The Office of Information Security has issued the following policies and standards under the authority of 24-37.5-401 through 406, C.R.S. These policies apply to public agencies as defined in section 402 of that part. Rules in support of the Colorado Information Security Act. Glossary of Terms for the below Colorado Information Security Policies (CISPs).

Colorado Information Security Policies (CISPs): These policies were updated in February 2017 and supersede any policies posted prior to this date.

CISP-001: Access Control

CISP-002: Security Awareness and Training

CISP-003: Audit and Accountability

CISP-004: Security Assessment and Authorization

CISP-005: Configuration Management

CISP-006: Contingency Planning

CISP-007: Identification and Authentication

CISP-008: Incident Response

CISP-009: System Maintenance

CISP-010: Media Protection

CISP-011: Physical and Environmental Protection

CISP-012: Personnel Security

CISP-013: Risk Assessment

CISP-014: System and Services Acquisition

CISP-015: System and Communications Protection

CISP-016: System and Information Integrity

CISP-017: Security Planning

Colorado Security Standards:

TS-Data Cat-001: Data Security Categorization Technical Standard

Project Management

The Portfolio and Project Management Center of Excellence (PPMCoE) is responsible for setting policies and procedures related to project, program and portfolio management within the Office of Information Technology (OIT) and for Executive Branch agencies who embark on projects that include an IT component.

Standard for Project Management Methodology (POL 200-01)
Major Projects Boards Policy (POL 200-02)
Independent Verification and Validation Policy (POL 200-03)
Project Lifecycle Methodology & Governance - POL 200-01 (formerly Standard for Project Management Methodology)

Technology

The Chief Technology Office has issued the following technical standards, superseding any standards posted prior. Each standard has been approved by the OIT Architecture Review Board (ARB), effective as of the "Effective Date" established in each document, and remains in effect until removed or revised by a decision of the ARB.