Highlights of IS.002 Acceptable Use of Information Technology Policy

October 4, 2022

The IS.002 Acceptable Use of Information Technology Policy details acceptable uses of information collected, managed and stored by The Commonwealth of Massachusetts. 

Departments are required to conduct information security awareness training to new hires and on an ongoing basis that outlines acceptable and prohibited uses of technology, the secure transmission of information, the security of confidential data, records retention and maintaining a secure workspace.
The policy also requires that Departments protect confidential data at rest and transit, and that users are authorized and authenticated to access data with the least privilege needed to perform their roles, on site and remotely.

The Executive Office of Technology Services and Security (EOTSS) publishes Enterprise Information Security Policies and Standards which must be included in a Department’s Internal Control Plan, implemented, tested, and included in staff training. These standards apply to all Executive Department offices and agencies and are the default standard for non-Executive departments.

CTR Announcements