Narrative of Resolution:
title
This resolution adopts a fully modernized and consolidated information technology and cybersecurity governance framework for Sullivan County. The policy replaces fragmented and outdated guidance with a single, unified standard that establishes clear authority, consistent requirements, and County-wide accountability. The framework aligns with applicable State and Federal regulations and incorporates recognized cybersecurity best practices to address the increasing risk of ransomware, data breaches, and system disruption. It also improves operational consistency, simplifies administration, and strengthens the County’s ability to respond to incidents in a coordinated and defensible manner. By adopting this policy, the County enhances protection of sensitive information, supports continuity of operations, and ensures a clear, enforceable structure for managing technology and cybersecurity risks across all departments.
end
body
If Resolution requires expenditure of County Funds, provide the following information:
Amount to be authorized by Resolution: $0
Are funds already budgeted? Choose an item.
If ‘Yes,’ specify appropriation code(s): Click or tap here to enter text.
If ‘No,’ specify proposed source of funds: Click or tap here to enter text.
Specify Compliance with Procurement Procedures:
RESOLUTION INTRODUCED BY THE MANAGEMENT & BUDGET COMMITTEE ADOPTING THE “SULLIVAN COUNTY INFORMATION TECHNOLOGY AND CYBERSECURITY GOVERNANCE POLICY AND STANDARDS (SCITS-0001.000)”
WHEREAS, Sullivan County relies on information technology systems, networks, applications, and data to conduct essential government operations and deliver public services, and such systems and data are critical public assets that must be protected from unauthorized access, misuse, disruption, and evolving cybersecurity threats; and
WHEREAS, the increasing frequency, sophistication, and impact of cybersecurity threats require a coordinated, risk-based, and enterprise-wide approach to information security; and
WHEREAS, Sullivan County’s Division of Information Technology Services has undertaken a comprehensive modernization of its information technology and cybersecurity policies to strengthen governance, improve internal controls, enhance accountability, and align with applicable federal and New York State laws, regulations, and industry standards; and
WHEREAS, the resulting Sullivan County Information Technology and Cybersecurity Governance Policy and Standards (SCITS-0001.000) establishes a unified, county-wide framework that consolidates previously separate policies into a single, authoritative document to improve consistency, clarity of authority, and implementation across all departments; and
WHEREAS, the policy establishes centralized oversight by the Commissioner of Information Technology / Chief Information Officer (CIO) and is designed to strengthen the County’s ability to protect sensitive information, maintain continuity of operations, meet legal and regulatory obligations, and respond effectively to cybersecurity incidents.
NOW THEREFORE BE IT RESOLVED, that the Sullivan County Legislature hereby adopts the Sullivan County Information Technology and Cybersecurity Governance Policy and Standards (SCITS-0001.000), effective immediately; and
BE IT FURTHER RESOLVED, that this policy shall serve as the County’s authoritative standard for information technology governance, cybersecurity, operational controls, and acceptable use of County technology resources; and
BE IT FURTHER RESOLVED, that all County departments, employees, contractors, and authorized users shall comply with the provisions of this policy; and
BE IT FURTHER RESOLVED, that the Commissioner of Information Technology / Chief Information Officer is authorized to administer, implement, maintain, and enforce this policy, and to issue supporting standards and procedures as necessary; and
BE IT FURTHER RESOLVED, that this policy supersedes all prior information technology and cybersecurity policies inconsistent with its provisions.