The Official Code of Georgia Annotated, O.C.G.A. 50-25-04(a)(10), vests GTA with authority to "set technology policy for all agencies except those under the authority, direction or control of the General Assembly or statewide elected officials other than the Governor." The GTA Board of Directors has implemented technology policies pursuant to state statute through the policy on Information Technology Policies, Standards and Guidelines, PM-04-001.03.
The Official Code of Georgia Annotated, O.C.G.A. 50-25-4(a)(21), related to security policies, standards and guidelines is broader than the general statutory authority granted GTA with respect to technology policies. It authorizes GTA to establish statewide security policies and standards that are binding on all agencies. The GTA Board of Directors has implemented security policies pursuant to state statute through the Enterprise Information Security Charter, PS-08-005.01.
GTA's philosophy in developing policies and standards is to utilize pertinent and appropriate bodies of industry best practices as the authority for patterning both policies and standards. In some cases, materials are used, with attribution, as guidelines where more detailed explanations appear warranted. The PSG Development Framework illustrates the source bodies of best practices used for the various PSGs in Georgia.
Policies, standards and guidelines have a nine-character code following the name.
Example: Name, XX – 08 – 003 . 03
First X = P, S or G (Policy, Standard or Guideline)
Second X = M, A, O, S or G (Management, Application Development, Operations, Security or GETS Program)
08 = Last two digits of the fiscal year in which created
003 = Serial number of item during the fiscal year in which created
03 = Version number
PM-07-003.03 would be the third version of the PM-07-003 policy, which is in the area of Management. It was the third policy developed in FY 2007. Read the coding as follows: Policy, Management, FY 2007, serial number 3, version 3.
SG-11-005.01 would be the first version of the SG-11-005 standard, which is in the area of GETS Program standards. It was the fifth standard developed in FY 2011. Read the coding as follows: Standard, GETS Program, FY 2011, serial number 5, version 1.
How do policies, standards and guidelines differ?
Policy — A high-level statement of a direction, purpose, principle, method or procedure for managing technology and technology resources.
Standard — A prescribed specification, approach, directive, procedure, solution, methodology, product or protocol that must be followed.
Guideline — Similar to a standard or policy because it outlines a specific principle, direction, directive, specification and procedure, but it is not binding. A guideline is a recommended course of action.
Policies, standards and guidelines are organized in the following categories.