Information Security Management Policies

Information security policies are foundational to an information security program.  In accordance with Mayor Dean's Executive Order 38, Metro has adopted the following polices based on industry standards and best practices.  Departments or agencies may adopt more stringent policies should circumstances warrant.

Metro continues to evaluate and update existing policies and establish new policies based on an ever-changing environment and new requirements for information security.

Policies

• Acceptable Use of Information Technology Assets
• Human Resources Security
• Physical and Environmental Security
• External Party Security
• Cryptographic Controls
• Incident Management
• Information Classification
• Information Labeling and Handling
• Inventory and Ownership of Assets
• IT Contingency - Disaster Recovery
• Risk Assessment and Treatment
• Separation of Development, Test, and Production Facilities
• Teleworking and Mobile Computing

Supporting Documentation

• Metropolitan Government Scope, Background, and Governance Statement for Information Security Policies
• Metropolitan Government Information Security Glossary

For more information on Metro's information security initiative, please email CISO@nashville.gov

Last updated 1/22/2014.