The Solutions Life Cycle Management Standard provides information and processes for managers and decision makers who are considering purchasing new information technology solutions or services. The standard defines required engagement with purchasing and the RIT Information Security Office and provides additional information about managing solutions from initial consideration of the solutions to their retirement.
The standard applies to new IT services (including third-party and RIT-hosted, and software as a service) that meet any one or more of the following:
host or provide access to Private or Confidential information
support a Critical Business Process
The following security controls are required to be implemented.
The solution owner is responsible for ensuring that the security impact of any change is evaluated and notify ITS and the Information Security Office accordingly if there is a potential increase in risk.
The solution owner will ensure that the solution is evaluated at an appropriate interval and retired if appropriate.
The solution administrator should ensure that Information is retained in accordance with the Records Management Policy, and to accommodate future technology changes that may render the retrieval method obsolete.
The solution administrator should ensure that Information is disposed of as required by the Information Access and Protection Standard.
Who does the standard apply to?
RIT departments exploring new IT services (including third-party and RIT-hosted, and software as a service) that meet any one or more of the following:
Host or provide access to Private or Confidential information
Support a Critical Business Process
Provides critical vs. non-critical business continuity classifications.
Requires the establishment of recovery point objectives, creation of appropriate documentation, and contingency planning for disaster recovery and business continuity.
Provides disaster recovery and restoration requirements for IT support organizations.