TO: Indian River County Board of County Commissioners
THROUGH: John Titkanich, County Administrator
FROM: Erik Harvey, Information Technology Director
Racheal Miller, Senior Information Technology Security Analyst
DATE: October 21, 2025
SUBJECT: IT Policies/Acceptable Use Policy Revision
__________________________________________________________________
BACKGROUND
The County currently maintains a set of twenty-one (21) information security policies. The first twenty (20) policies were originally developed by referencing the National Institute of Standards and Technology (NIST) Special Publication 800-53 security and privacy control framework. While this framework provided a structured starting point, the resulting policies were largely copied without sufficient tailoring to the County’s environment.
ANALYSIS
The first twenty (20) policies contain overly technical language that is difficult for staff to read and apply, are structured for compliance with federal systems rather than the County’s operational requirements, and require significant revisions to ensure they are usable, understandable, and effective. Staff have determined that attempting to revise these policies individually would be inefficient as they need substantial updates to improve clarity and align with County practices.
It is in the County’s best interest to remove these policies and develop new, targeted policies as needed. This approach will ensure that future policies are better aligned with current operational needs, are easier for staff to understand and follow, and support a more agile and effective information security program.
Because the Acceptable Use Policy (AM-1200.21) includes references to these policies, it must be revised to remove those references and clearly reflect its role as the County’s primary IT policy within the Administrative Policy Manual.
BUDGETARY IMPACT
There is no funding requirement associated with the revision of this policy. However...
Click here for full text