Get documents about "Information Technology Standard Operating Procedures - PDF
Description
Information Technology Standard Operating Procedures document sample
Document Sample
N~
, ,
j.
Standard Operating Procedure
Format and Procedures for Producing IT
Security SOPs
ITS-SOP-OOOIA
Effective Date: 20090219
Expiration Date: 20110918
Responsible Office: OCIO/Deputy CIO for Information Technology Security
ITS-SOP-OOOI A -- Founat and Procedures for Producing IT Security SOPs
TABLE OF CONTENTS
CHANGE HISTORY
CHAPTER I. Format and Procedures for Producing IT Security SOPs
1.1 Overview
1.2 Purpose
1.3 Scope
1.4 Applicable documents
1.5. Roles and Responsibilities
1.6 Process
APPENDIX A. Definitions
APPENDIX B. Acronyms
APPENDIX C. SOP Template
'- SOPs
ITS-SOP-OOOIA -- Fonnat and Procedures for Producing IT Securit"y,..::..,;:..:'-''----_ _ __
Change History
Version Date Summary of Changes
Number
ii
ITS-SOP-OOOI A -- Format and Procedures for Producing IT Security SOPs
CHAPTER 1. Format and Procedures for Producing IT Security SOPs
1.1 Overview
1.1.1 IT Security Standard Operating Procedures (SOPs) explain how to perform a NASA
specific IT Security process.
1.1.2 General Policy
a. A change to an IT Security NASA Procedural Requirement (NPR) document shall be by a
NASA Information Technology Requirement (NITR) in accordance with ITS-SOP-0004, not an
SOP.
b. Agency level SOPs shall be used when a common process is needed to implement a
procedural requirement across the agency. Normally SOPs are for use at the operational level.
c. The general format and numbering for an IT Security SOP shall be that of a NPR in
accordance with NPR 1400.1 , NASA Directives Procedural Requirement.
1.2 Purpose
This SOP describes the responsibilities and requirements for creating, revising, reviewing,
approving, and publishing IT Security SOPs.
1.3 Scope
This SOP applies to all personnel within NASA who want to create or update an IT Security
SOP.
1.4 Applicable Documents
a. NPR 2810.1, NASA Security ofInformation Technology.
b. NPR 1400.1, NASA Directives Procedural Requirements with Change 2 dated 26 July 2007.
1.5 Roles and Responsibilities
1.5.1 Author
a. Follow the instructions of this document and the SOP Template in Appendix C to create a
new SOP, or update an existing SO"" and submit it for approval.
b. Prepare an ITS Comment Disposition Worksheet (see ITS-SOP-0004A, NASA Information
Technology Requirement (NITR) Procedures, Appendix C) for all the comments received and
obtain IT Security Project Executive (PE) approval of recommended comment dispositions.
c. Update the SOP with the PE approved comment dispositions.
d. Using NASA Form 26, send updated document through the IT Security PE to the Deputy CIO
for IT Security for approval/signature.
e. After signature, enter the Effective and Expiration dates.
f. Prepare 508 compliant PDF version of the SOP with soft copy to IT Security PE for posting to
NODIS and post a copy to the OCIO Electronic Document Records SharePoint site.
ITS-SOP-OOOIA -- Format and Procedures for Producing IT ri",~O..;..-=-
Secu"" ty S.;:. P s _ _ _ _ _ __
g. Provide the signed copy to the IT Security Govemance PE.
1.6 Process
1.6.1 General instructions for creating a New SOP.
a. Use the SOP Template located in Appendix C.
b. Follow the instructions below and those in the SOP template.
c. Save the document.
d. Send the draft version to the IT Security PE and other appropriate staff or activities for
review/comments.
e. Using the IT Security Comment Disposition Worksheet, document and provide disposition
recommendations to the IT Security PE for approval/change.
r Update the new version with disposition approval and/or changes from the PE.
g. Prepare and submit NASA Form 26, Routing Slip to the PE for approval and the Deputy CIO
for IT Security for approval/signature.
h. After obtaining the Deputy CIO for IT Security signature, prepare signed SOP for posting on
NOmS (convert to 508 compliant PDF version). This includes entering the "Effective Date"
and the "Expiration Date" prior to converting to a PDF format.
I. Send soft copy of signed 508 compliant PDF version to IT Security PE for posting on NOmS.
J. Provide signed original to the IT Security Governance PE. (NASA Record Copy).
k. Post copy of the signed 508 compliant PDF version to the OCIO Official Electronic Records
SharePoint site.
1. Post copies of the signed 508 compliant PDF version and the final MS Word version to the
NASA ITS SharePoint site.
1.6.2 Instructions for the Title Page.
a. Enter the title of the SOP.
b. Enter the SOP Number.
(I) The format of the SOP number is ITS-SOP-NNNN. Suffixes and A, B, C ......X shall be
used for revisions or follow-on versions.
(2) Replace the four Ns with the SOP number with the left most characters filled with zeros as
needed. For example, number 25 would be written as ITS-SOP-0025. Ifit is the first revision, it
would be ITS-SOP-0025A.
(3) The IT Security PE assigns the SOP number.
c. Enter the Effective Date. The format of the effective date is YYYYMMDD, indicating the
year, month, and day on which the Deputy CIO for IT Security signs the SOP, putting it into
effect.
d. Enter the Expiration Date. The format of the expiration date is YYYVMMDD, indicating the
year, month, and day on which the SOP is no longer in force. The standard expiration date is two
years from the effective date.
2
ITS-SOP-OOOIA -- Fonnat and Procedures for Producing IT Security SOPs
e. Enter the Responsible Office. The responsible office is the organization's name, followed by
the position of the responsible officer. (For example, OCIO/Deputy CIO for IT Security).
f. The title page does not contain a page number.
1.6.3 Instructions for the Table of Contents, the second Page.
a. The SOP Template in Appendix C includes the fonnat for the table of contents page.
b. The page number for the Table of Contents page will be "i".
1.6.4 Instructions for Change History page, the third page.
a. The SOP Template in Appendix C includes the fonnat for the change history page.
b. Only fill in for a revision to a SOP, not for internal staffing revisions/actions. These are
approved "final" revisions from the previous version, e.g. what was changed from SOP-OOOI to
SOP-OOOIA.
c. The page number for the change history page will be 'ii'.
1.6.5 Instructions for the body of the SOP.
a. The body of the SOP begins on the fourth page, which has the document title centered at the
top. The SOP Template shows the headings for these sections.
b. The page number for the body of the SOP will begin with "I" and be consecutive for all
pages following.
c. The body of the SOP must contain the following sections, in this order:
(J) 1.1 Overview
This section gives a brief summary of the overview or background of the subject of the SOP.
(2) 1.2 Purpose
This section succinctly sununarizes the purpose of the SOP in one or more sentences, but generally
not more than one paragraph.
(3) 1.3 Scope
This section explains the scope of the SOPs applicability. Who or what is affected by this
SOP.
(4) 1.4 Applicable Documents
This section lists documents that are pertinent to the origin or content of the SOP. For
example, if the SOP implements provisions of a directive, the directive appears in the list. It
is not a list of edifying reading. For example, a reference might be a National Institute of
Standards and Technology Special Publication (NIST SP), a NASA Procedural Requirement
(NPR), a NASA Policy Directive (NPD), a NASA Infonnation Technology Requirement
(NITR), or another SOP.
(5) 1.5 Roles and Responsibilities
This section lists the roles that have action items arising from the SOP and briefly explains
the responsibilities of each role.
3
ITS-SOP-OOOIA -- Format and Procedures for Producing IT Security SOPs
(6) 1.6 Process
This section explains in step-by-step detail how to execute the process being defined in the
SOP.
(7) Approval
This section contains a signature line with the name of the current Deputy CIO for IT
Security and the date of the signing.
1.6.6 The appendices will be as follows:
a. APPENDIX A Definitions
b. APPENDIX B Acronyms
c. APPENDIX C ... thrn. X As required.
1.6.7 The Footer. All SOPs shall have footer with the page number that appears on all pages as
designated in the above paragraphs.
1.6 8 The Header. All SOPs shall have a header that appears on all pages except the title page
wi the N R number and the NITR title. The SOP template has as an example of the header.
VIS
Deputy C IT Security
Senior Agency Information Security Officer
4
ITS-SOP-OOOIA -- Fonnat and Procedures for Producing IT Security SOPs
Appendix A Definitions
Term Definition
Infonnation Technology NASA Center Senior Infonnation Security Officer responsible
Security Managers for assisting the Center CIO in implementing this directive,
NASA infonnation security policies and procedures, and the
Federal infonnation security laws, directives, policies,
standards, and guidelines and compliance with the FISMA
section 3541 et seq ..
Project Executive The NASA OCIO individual responsible for the associate
subject matter
NASA Online Directives A system that allows NASA employees to view directives and
InfoIination System other documents online.
Standard Operating Procedure Instructions for carrying out an official NASA process or
procedure
5
ITS-SOP-OOOIA -- Format and Procedures for ",-----,-ecu rit,,-- S Op s
Pr~~cing IT S____y_____ _ _ _ _ _ __
Appendix B Acronyms
CIO Chief Information Officer
ITSM Information Technology Security Managers
PE Project Executive
NIST SP National Institute of Standards and Technology Special Publications
NITR NASA Information Technology Requirements
NOmS NASA Online Directives Information System
NPD NASA Procedural Directive
NPR NASA Procedural Requirements
OCIO Office of the Chief Information Officer
SOP Standard Operating Procedure
6
:...:... . . ' i"'- '-'-P '
ITS-SOP-OOOIA -- Format and Procedures for Producing IT Sec.;ur-ty_SO --'s -_ _ _ _ __
Appendix C SOP Template
7
N~ ,
)
J
..
Standard Operating Procedure
ThisIsWhereTheTitleGoes
ITS-SOP-NNNN
Effective Date: YYYYMMDD
Expiration Date: YYYYMMDD
Responsible Office: OfficeName/Role
(e.g. OCIO/Deputy CIO for Information Technology Security)
ITS-SOP-XXXX -- SOP Title
TABLE OF CONTENTS
CHANGE HISTORY
CHAPTER 1. Format and Procedures for Producing IT Security SOPs
1.1 Overview
1.2 Purpose
1.3 Scope
1.4 Applicable documents
1.5. Roles and Responsibilities
1.6 Process
APPENDIX A. Definitions
APPENDIXB. Acronyms
ITS-SOP-Xxx)( -- SOP Title
------
Change History
Version Date Summary of Changes
Number
II
ITS-SOP-XXXX -- SOP Title
CHAPTER 1. Format and Procedures for Producing IT Security SOPs
1.1 Overview
Use Nonnal style for text.
1.1.1 Use Nonnal style for text.
1.1.1.1 Use Nonnal style for text
a., b., ........ x. for lists
1.2 Scope
1.2.1 . Use Nonnal style for text.
1.3 Applicable Documents
a.
b.
c. (etc forlist)
1.4 Roles and Responsibilities
Use Nonnal style for text.
1.5 Process
Use Nonnal style for text.
ITS-SOP-XXXX -- SOP Title
Approval
Jerry L. Davis Date
Deputy CIO IT Security
Senior Agency Infonnation Security Officer
2
ITS-SOP-XXXX -- SOP Title
Appendix A: Definitions
Term Definition
Standard Operating Procedure Instructions for carrying out an official NASA process or
procedure
3
ITS-SOP-XXXX -- SOP Title
Appendix B: Acronyms
I SOP I Standard Operating Procedure
4
Related docs
Other docs by hdj16238
Sydney Region DET procurement This area of the department is responsible for procurement
Views: 20 | Downloads: 0
Ministry of Information Technology Telecommunications Post and Date Ministry Name
Views: 215 | Downloads: 0
