- Cloud Acquisition and Management Policy The City and County of San Francisco encourages the use of cloud services when cost efficiencies are available, risk mitigation strategies are in place, and the services support the City’s data sharing strategy through interoperable systems.
- Green Technology Purchasing Policy The purpose of this Green Policy is to establish green information technology purchasing requirements that improve the environmental profile of City government operations, and that foster expanded environmental stewardship in the IT industry.
- Software Evaluation Policy The purpose of the COIT Software Evaluation policy is to ensure that all departments thoroughly and fairly evaluate software alternatives, including open source prior to acquiring new software.
- Data Classification Standard The Data Classification Standard requires departments to categorize and label or mark data per classification levels and review classification of data on a regular basis.
- Data Management Policy This policy establishes a framework for the management of data as an asset across the City.
- Metadata Standard The Metadata Standard helps users search, find, and understand published data.
- Citywide Employee Drone Policy This policy authorizes select departments to use drones. Departments are required to follow a variety of protections that emphasize public safety and the privacy of San Francisco residents.
- Surveillance Technology Inventories In 2019, San Francisco’s Board of Supervisors passed the Acquisition of Surveillance Technology Ordinance requiring an inventory of all surveillance technologies that are in possession or in use by City departments.
- Citywide Cybersecurity Policy The Cybersecurity Policy is intended to maintain and enhance key elements of a citywide cybersecurity program to support, maintain, and secure critical infrastructure and data systems.
- Cybersecurity Awareness & Training Standard All users of CCSF information systems shall participate in cybersecurity awareness training.
- Disaster Preparedness, Response, Recovery, and Resiliency Policy (DPR3) The DPR3 policy requires all City and County of San Francisco departments to develop and implement disaster-related planning for information technology systems and data.
- Email Policy This policy outlines the standards for use and management of email systems in the City and County San Francisco.
- Service Set Identifier (SSID) Standard All City-owned and operated public wireless networks located in the City and County of San Francisco must use the City SSID standard.
- Acceptable Use Policy Outline of the acceptable use of all City-owned or leased computer equipment. Inappropriate use of equipment exposes the City to risks including virus attacks, compromise of network systems and services, breach of confidentiality, and legal liability.
- Software License Compliance Policy The purpose of the Software License Compliance Policy is to establish the policy for software licenses compliance and tracking.
- Technology Project Management Policy This policy establishes the technology project management policy standard for the City and County San Francisco.
Last updated June 25, 2021