COIT Policy

Policy supports strategic goals like cybersecurity and disaster preparedness and helps to achieve greater aspirational goals like environmental sustainability. 

Buying technology

  • Software Evaluation Policy The purpose of the COIT Software Evaluation policy is to ensure that all departments thoroughly and fairly evaluate software alternatives, including open source prior to acquiring new software.
  • Green Technology Purchasing Policy The purpose of this Green Policy is to establish green information technology purchasing requirements that improve the environmental profile of City government operations, and that foster expanded environmental stewardship in the IT industry.
  • Cloud Acquisition and Management Policy The City and County of San Francisco encourages the use of cloud services when cost efficiencies are available, risk mitigation strategies are in place, and the services support the City’s data sharing strategy through interoperable systems.

Managing data

  • Data Classification Standard The Data Classification Standard requires departments to categorize and label or mark data per classification levels and review classification of data on a regular basis.
  • Metadata Standard The Metadata Standard helps users search, find, and understand published data.
  • Data Management Policy This policy establishes a framework for the management of data as an asset across the City.

Protecting privacy

  • Citywide Employee Drone Policy This policy authorizes select departments to use drones. Departments are required to follow a variety of protections that emphasize public safety and the privacy of San Francisco residents.
  • Surveillance Technology Inventories In 2019, San Francisco’s Board of Supervisors passed the Acquisition of Surveillance Technology Ordinance requiring an inventory of all surveillance technologies that are in possession or in use by City departments.

Risk management

Technology infrastructure

  • Email Policy This policy outlines the standards for use and management of email systems in the City and County San Francisco.
  • Service Set Identifier (SSID) Standard All City-owned and operated public wireless networks located in the City and County of San Francisco must use the City SSID standard.

Using technology

  • Acceptable Use Policy Outline of the acceptable use of all City-owned or leased computer equipment. Inappropriate use of equipment exposes the City to risks including virus attacks, compromise of network systems and services, breach of confidentiality, and legal liability.
  • Software License Compliance Policy The purpose of the Software License Compliance Policy is to establish the policy for software licenses compliance and tracking.
  • Technology Project Management Policy This policy establishes the technology project management policy standard for the City and County San Francisco.
Last updated May 27, 2021