Reviewing PSGs to Determine Continuing Need

Terminology:

PSG – “Policy”, “Standard” or “Guideline”
A Policy is a general or high level statement of a direction, purpose, principle, process, method, or procedure for managing technology and technology resource.
A Standard is a prescribed or proscribed specification, approach, directive, procedure, solution, methodology, product or protocol which must be followed.
A Guideline is similar to either a standard or a policy, in that it outlines a specific principle, direction, directive, specification, or procedure but is not binding. Rather, a guideline is a recommended course of action.
EGAP – The Enterprise Governance and Planning Division
EGAP Business Ownership Topics

Director Security Program Management Office (CISO) – all security PSGs
Director Enterprise Portfolio Management Office – Project, program and portfolio PSGs
Director Strategy Office – Strategy, planning PSGs
Director Cross Function Frequency Management Office – Continuity, infrastructure and radio PSGs

PROCESS

The process for reviewing Georgia’s PSGs is as follows: Information Technology PSGs are reviewed every two years and Security PSGs are reviewed annually.
Reviews are directed by the PSGs business owner within the Enterprise Governance and Planning (EGAP) Office. (For example: Program Management PSG reviews are directed by the Director of the Enterprise Portfolio Management Office, Security PSG reviews are directed by the Director of the Enterprise Information Security Office.)
Reviews are performed by a Subject Matter Expert of the appropriate Office within EGAP.
If changes are required, the SME suggests wording changes and obtains initial review clearance from the EGAP Office Director
The suggested change is submitted to the GTA Policy Coordinator to actually make the change and take the suggested change through approval and publication processes. The approval and publication processes are described in “APPROVAL AND PUBLICATION OF PSGs” below).