Information Security Management Policies

Information security policies are foundational to an information security program.  In accordance with Mayor Dean's Executive Order 38, Metro has adopted the following polices based on industry standards and best practices.  Departments or agencies may adopt more stringent policies should circumstances warrant.

Metro continues to evaluate and update existing policies and establish new policies based on an ever-changing environment and new requirements for information security.

Policies

• Acceptable Use of Information Technology Assets
• Human Resources Security
• Physical and Environmental Security
• External Party Security
• Information Security Incident Management
• Teleworking and Mobile Computing
• Risk Assessment and Treatment
• Cryptographic Controls
• Information Classification
• Information Labeling and Handling
• Inventory and Ownership of Assets
• IT Contingency - Disaster Recovery
• Separation of Development, Test, and Production Facilities

Supporting Documentation

• Metropolitan Government Scope, Background, and Governance Statement for Information Security Policies
• Metropolitan Government Information Security Glossary

For more information on Metro's information security initiative, please email CISO@nashville.gov

Last updated 5/20/2014.