CREATING CHAPTER 34 OF THE SAUK COUNTY CODE OF ORDINANCES RELATING TO MANAGEMENT INFORMATION SYSTEMS

34.01 Purpose. 

The purpose of this chapter is to establish a uniform policy concerning the management of information systems used by County government in order to:

(1) Preserve the taxpayers’ investment in Information Systems purchased and maintained by the County;

(2) Ensure the efficient support of County departments and programs;

(3) Maintain the integrity of County and client data;

(4) Comply with state and federal laws pertaining to the safeguarding of data.

34.02 Definitions. 

The following words, terms and phrases, when used in this chapter shall have the meanings ascribed to them as set forth in this section.

County means Sauk County.

Director means the Sauk County MIS Director.

Information Systems means all electronic information processing, storage and communications technology owned or utilized by Sauk County government.

34.03 Director responsibilities. 

In addition to the Director’s obligations and responsibility set forth in the County ordinances and policies, under the supervision of the County Administrator, and subject to policy direction of the County Board of Supervisors, the Director is responsible for the acquisition, support and maintenance of all County Information Systems.  The Director is responsible for insuring that the Information Systems comply with any applicable legal requirements and are sufficient to serve the needs of the County. 

34.04 Manner of implementing policy.

(1)  The County Administrator, in consultation with the Director, is authorized to promulgate such administrative procedures as may be necessary to carry out the provisions of this Chapter.

(2) Any department head aggrieved by an interpretation by the Director of the provisions of this chapter, or administrative procedures promulgated hereunder, may appeal such decision to the County Administrator. Interpretations of the County Administrator shall be subject to review by the Executive & Legislative Committee.

(3)  The procedures authorized in (1) shall comply with all County Ordinances and State and Federal law.  At a minimum such administrative procedures will address the following subjects:

(a)  Information System end user procedures.  Such procedures will be applicable to all authorized system users and will include procedures for system access authorization, access termination and acceptable use.  Such procedures shall require acknowledgement by all end users of receipt of and consent to such procedures.  

(b) Information System technology standards.  The procedures shall contain standards for the technology utilized by County government.  The goal of such standards shall ensure the compatibility, interoperability of all County Information Systems.  The introduction of technology that is incompatible with these standards into will be prohibited.

(c ) Technology budgeting and acquisition.  The procedures will direct the acquisition of information technology components, systems, services, licensing, etc. for use by the County.   To ensure compliance with established standards and interoperability, all information technology products purchased by the County are to be purchased through the MIS Department.

(d) Information system management and administration.  The procedures will direct the management of the Information System by authorized staff.  The purpose of these standards is to ensure that such management practices conform to industry best practices and provide for appropriate user access, data management and security administration.

(e) System replacement schedules.The procedures will set standards for the routine replacement of Information System hardware, to include end user equipment.The goal of the replacement schedule is to ensure that system equipment is compatible with current technology standards and facilitates day-to-day operations in a manner that seeks to minimize system failures and end user downtime.

(f) Security screening of MIS staff.  The procedures will outline standards for the routine, periodic screening of current and perspective MIS Department employees to ensure compliance with applicable regulations and security standards.

34.05  Budget preparation.

(1) The Director shall develop an annual technology budget for each County department.  This budget will be subject to final approval by the County Administrator and the County Board of Supervisors as part of the County's annual budget and shall incorporate all costs for technology specific to the department (licensing, support and equipment replacement) and any items requested by the department through the annual budget process. 

(2)  Each Department Head is responsible to include these costs in his or her annual departmental budget.

34.05  Licensing, support and maintenance contracts.

The Director is authorized to update and/or renew applicable license, support and maintenance agreements, to ensure compliance with such agreements and provide to necessary maintenance and support for all information technology and telecom systems purchased in accordance with County Ordinances, provided such agreements were included in the original purchase, or subsequently authorized by the County Board of Supervisors, unless such authorization specifically limited the agreement to a set number of terms.

Incident Response.

(1) To facilitate system security and to ensure compliance with applicable laws and regulations, any system event that may result in the loss, compromise or unauthorized release of stored information, it is the responsibility of each employee to report such incident to the Department. 

(2)  The Director shall investigate any reported incident and implement appropriate safeguards or reclamation processes necessary to mitigate any loss of data integrity.  

BE IT FURTHER ORDAINED by the Sauk County Board of Supervisors that this Ordinance shall become effective upon passage and publication.

PASSED and ADOPTED by the Sauk County Board of Supervisors this 15th day of September, 2020.