Enterprise Governance

Enterprise Technology Solutions

Number Description Date Published Last Reviewed
16-03-S4-NJOIT  eCats Enterprise
Timekeeping Standard
04/10/2017 04/10/2017
16-03-S3-NJOIT  VoIP Service Enterprise
Telecomminication Standard
04/10/2017 04/10/2017
16-03-S2-NJOIT  WebGuard Enterprise Web
Content Filtering Standard
2017/05/22 2017/05/22
16-03-S1-NJOIT  CloudConnect Enterprise
Collaboration Standard
12/12/2016 12/12/2016


System Architecture Review

The System Architecture Review, or SAR, is a process that brings sponsors, administrators and technologists together to help ensure that technology solutions for the State of New Jersey are conceived, designed, developed, and deployed in an effective and efficient manner, to maximize the benefits and functionality of the technology and align IT investments with business needs at the Enterprise level, while minimizing its cost and risk. The SAR ensures compliance with existing standards and practices, controlled introduction of new technologies and services, and appropriate reuse of existing technology, to increase returns on investment and decrease total costs of ownership. The SAR incorporates the following criteria:

140x140
Cybersecurity
and privacy
140x140
Interagency
interoperability
140x140
Data sharing
and reuse
140x140
Opportunities for
economies of scale
140x140
Impact on
existing infrastructure
140x140
Resource
prioritization
140x140
Disaster recovery
and business continuity

SAR Resources

SAR Policy and Procedure

Number Description Date Published Last Reviewed
16-05-NJOIT System Architecture Review (SAR) Policy SAR Procedure
2016/12/12 2016/12/12
16-05-NJOIT PSystem Architecture Review Procedure 2016/12/12 2016/12/12

IT Governance Bodies

Statewide Public Safety Communication Commission Members:

  • Dave Weinstein
    Chief Technology Officer
    Office of Information Technology - Co-Chair
  • Jared Maples
    Acting Director
    Office of Homeland Security & Preparedness - Co Chair
  • Ford M. Scudder
    State Treasurer
    Department of the Treasury
  • Colonel Joseph R. Fuentes
    Superintendent
    State Police
  • Cathleen D. Bennett
    Commissioner
    Department of Health
  • Samuel D. Thompson
    Senate Representative (R)
  • Brian P. Stack
    Senate Representative (D)
  • David P. Rible
    Assembly Representative (R)
  • Eliana Pintor Marin
    Assembly Representative (D)
  • Craig Reiner
    Director
    Office of Emergency Telecommunication Services (OETS) NJOIT
  • Steven Gutkin
    Director
    Office of Homeland Security & Preparedness - Designee
  • Major David M. Brady
    Designee for Superintendent
    New Jersey State Police
  • Nancy Kelly-Goodstein
    Designee for Commissioner
    Department of Health
  • William Duffy
    Designee for Commissioner
    Department of Health
  • Christopher Rinn
    Designee for Commissioner
    Department of Health
  • Michael Tyger
    Designee for State Treasurer
    Department of the Treasury
  • Louis Kilmer
    State Fire Marshal - Director
    Division Of Fire Safety
  • Craig Augustoni
    Designee for State Fire Marshal - Director
    Division of Fire Safety
  • Scott Digiralomo
    Director
    Morris County Department of Public Safety
  • Robin Blaker
    Director
    Camden County Department of Public Safety And Juvenile Justice (Pending)
  • Dave Frauenheim
    Director
    Somerset County Public Safety Radio 911 Communications
  • Vince Jones III
    Director
    Atlantic County Department of Public Safety
  • Michael Rein
    Deputy Chief
    Rutgers University Police Department
  • Joseph Burlew Sr.
    EMS Operations Coordinator
    University Hospital Emergency Medical Services (Pending)

Information Technology Advisory Council Members:

  • Jim Fruscione
    Director
    Division of Revenue and Enterprise Services, Department of the Treasury
  • Gary Zayas
    IT Director
    Department of Transportation
  • John Harrison
    IT Director
    Department of Community Affairs
  • Evan Linhardt
    IT Director
    Department of Education
  • Jeremy Jedynak
    CIO
    State Parole Board
  • Lou Blauer
    IT Manager
    Juvenile Justice Commission, Department of Law and Public Safety
  • Sun Kim
    IT Manager
    Civil Service Commission
  • Tom Tagliareni
    IT Manager
    Highlands Water Protection and Planning Council
  • Satish Bhalerao
    IT Director
    Department of Corrections
  • Lori DiGaetano
    CIO
    Board of Public Utilities
  • Linda Holland
    IT Director
    Department of Children and Families
  • David Snedeker
    CIO
    Department of Military and Veterans Affairs
  • John Kiczek
    CIO
    Public Employment Relations Commission
  • Joseph Mingo
    CIO
    Department of Banking and Insurance
  • Denman Powers
    IT Manager
    State Police
  • Radica Ghooray
    IT Director
    NJ Office of Housing and Mortgage Finance Agency
  • Joy Vitoritt
    IT Director
    Department of Law & Public Safety
  • Peter Tenebruso
    IT Manager
    Department of Environmental Protection
  • Jayanthi Vilayanur
    CIO
    Department of Agriculture

Information Technology Project Review Board Members:

  • Jeanne Ashmore
    Deputy Chief Administrator
    Motor Vehicle Commission
  • Christopher Bailey
    Assistant Commissioner. Budget & Finance
    Department of Human Services
  • Gregory Townsend
    Chief of Staff
    Department of Labor and Workforce Development
  • Beth Leigh Mitchell
    Assistant Attorney General
    Department of Law & Public Safety
  • David Ridolfino
    Acting Director
    Office of Management and Budget
    Department of the Treasury

IT Policies and Standards

In accordance with N.J.S.A. 52:18a-230b, NJOIT is responsible for the policies and standards governing State agencies' use of technology. We subscribe to a variety of well-established standards and constantly review our policies to ensure compliance with industry best practices.

Number Description Date Published Last Reviewed
07-10-NJOIT  Use of Statewide Disaster Recovery Facilities 06/11/2007 06/11/2014
  J2EE Application Deployment Policy and Procedures
To obtain a copy contact Infrastructure Support Services
07/2007 05/2015
  NJ Shared IT Architecture  09/2011 01/1/2014
Number Description Date Published Last Reviewed
18-03-OMB/DPP/OIT  Procurements Of Information Technology (IT) Hardware, Software, Subscription-Based Solutions And Related Services And Non-IT Equipment 08/22/2017 08/22/2017
16-02-NJOIT  Financial Reporting and Accountability for Information Technology Expenditures Policy 08/25/2016 03/01/2017
16-02-NJOIT-P  Financial Reporting and Accountability for Information Technology Expenditures Procedure 08/25/2016 03/01/2017
16-02-NJOIT-F1  New Jersey Information Technology Expenditure Report [Excel KB] 01/31/2017 01/31/2017
16-02-NJOIT-F2  Expenditures Report Agency Certification Form    
15-06-NJOIT  Internet Access Policy for New Jersey State Agencies 04/08/2015 04/08/2015
11-05-NJOIT  Review and Approval of Agency RFPs 10/07/2011 10/7/2011

 

Group Number Description Date Published Last Reviewed
Asset Management 14-12-NJOIT  183 - Software License Management and Distribution 04/03/2014 04/3/2014
08-04-NJOIT  130 - Information Asset Classification Control Policy 07/31/2008 09/02/2015
08-04-P1-NJOIT  130-00-01 - Information Assets Classification and Control Procedure 07/31/2008 09/02/2015
08-04-S1-NJOIT  130-01 - Information Asset Classification and Control Standard 06/15/2012 09/02/2015
Attachment A to 08-04-P1-NJOIT   130-00-01  - Attachment A (Inventory Spreadsheet) [xls 30k] 07/31/2008 09/02/2015
Business Continuity Management 14-31-NJOIT  195 - Contingency Planning Policy 10/28/2014 10/28/2014
Compliance 14-28-NJOIT  202 -Asset Audit and Accountability Policy 11/13/2014 11/13/2014
14-13-NJOIT  205 - Certification and Accreditation Policy 03/10/2014 03/10/2014
Information Security Certification Accreditation Checklist  Information Security Certification Accreditation Checklist 10/14/2014 08/24/2015
09-05-NJOIT  203 - Information Security Payment Card Industry (PCI) Data Security Policy 10/02/2008 12/15/2011
09-05-S1-NJOIT  203-01 - Information Security Payment Card Industry (PCI) Data Security Standard 10/02/2008 12/15/2011
Contracts / Business 09-11-NJOIT  169 - Business Entity, IT Services and/or Extranet 07/06/2009 01/22/2015
09-11-P1-NJOIT   169-00-01 - Business Entity, IT Services and/or Extranet 08/07/2009 01/22/2015
Appendix A to 09-11-P1-NJOIT   Business Entity and/or IT Services Extranet Application Form [pdf 48k] 10/2/2012 01/28/2015
Appendix B to 09-11-P1-NJOIT   Business Entity and/or IT Services Extranet MOU [dot 67k] 10/02/2012 01/28/2015
Appendix C to 09-11-P1-NJOIT   Business Entity IT Services and/or Extranet Connection Detail [dot 99k] 10/01/2012 01/28/2015
Appendix D to 09-11-P1-NJOIT   Business Entity, IT Services and/or Extranet Security Controls Assessment Checklist [pdf 206k] 01/21/2015 01/21/2015
Identity and Access Management 14-32-NJOIT  177 - Password Management Policy 10/14/2014 10/14/2014
14-32-S1-NJOIT  177-01 - Password Management Standard 10/14/2014 10/14/2014
14-29-NJOIT  172 - Access Control Management Policy 11/13/2014 11/13/2014
14-27-2014  1701 - Identification and Authentication Policy 10/27/2014 10/27/2014
11-01-NJOIT  179 - Remote Access Policy 03/09/2012 03/9/2012
11-01-P1-NJOIT 179-01-P1-NJOIT - Remote Access Procedure
To obtain a copy contact Statewide Office of Information Security
07/20/2011 07/20/2011
11-01-S1-NJOIT   179-01 - Remote Access Standard 07/20/2011 07/20/2011
Incident Management 11-02-NJOIT  190-NJOIT - Information Security Incident Management Policy 05/24/2012 05/24/2012
11-02-P1-NJOIT  190-00-01 - Information Security Incident Management Reporting Procedures 05/24/2012 07/25/2013
Attachment A to 11-02-P1-NJOIT  Attachment A to 11-02-P1-NJOIT 07/26/2013 07/26/2013
11-02-P2-NJOIT  191 - Information Security Incident Management Response Procedure 05/24/2012 07/25/2013
Information Security Incident Reporting Form  Information Security Incident Reporting Form 07/26/2013 02/05/2015
Information Security Program 14-05-NJOIT  161 -Operational Security Policy 01/07/2014 01/7/2014
12-03-NJOIT  110 - Security Framework Policy 07/17/2012 01/21/2016
08-01-NJOIT  100 - Information Security Program 06/18/2008 01/21/2016
Information Security Structure 15-01-NJOIT  142 - Workforce Security Policy 01/22/2015 01/22/2015
Internet / Social Collaboration 14-30-NJOIT  1600 - Acceptable Internet Usage 09/05/2014 09/5/2014
14-17-NJOIT  166 - Electronic Mail/Messaging Content Policy and Standards 04/02/2014 03/30/2017
Monitoring and Management 15-02-NJOIT  176 - Information Security System Monitoring and User Review Policy 01/22/2015 01/22/2015
Network Management 15-03-NJOIT  165 - Firewall Management Policy 01/22/2015 01/22/2015
14-33-NJOIT  121 - Confidential and/or Personally Identifiable Information 10/28/2014 10/28/2014
14-18-NJOIT  174 - Network Security Policy 06/12/2014 06/12/2014
14-03-NJOIT  173 -Wireless Network Security Policy 01/07/2014 01/7/2014
14-03-S1-NJOIT
This standard is published/posted in NJ-ISAC.
173-01 -Wireless Network Security Standard and Procedure 01/07/2014 01/7/2014
Prevention and Protection 15-04-NJOIT  164 - Backup and Restore Policy 01/22/2015 01/22/2015
14-26-NJOIT  181 - Encryption and Digital Signatures Policy 10/27/2014 10/27/2014
14-07-NJOIT  1602 -Media Protection Policy 01/07/2014 01/7/2014
14-01-NJOIT  171 - Minimum System Security and Protection Policy 01/23/2014 01/23/2014
14-01-S1-NJOIT
This standard is published/posted in NJ-ISAC.
171-01 -Minimum System Security and Protection Standards 01/07/2014 01/07/2014
12-02-NJOIT  132 - Portable Computing Use and Temporary Worksite Assignment Policy 03/28/2012 05/03/2013
Agreement   Portable Computing User Agreement 09/05/2013 04/19/2013
State-Owned Property Removal Form   State-Owned Property Removal Form 03/30/2012 03/20/2012
09-10-NJOIT  152 - Information Disposal and Media Sanitization Policy 04/08/2011 01/22/2015
09-10-S1-NJOIT  152-01 - Information Disposal and Media Sanitization Standards 04/08/2011 01/22/2015
09-10-P1-NJOIT   152-00-01 - Information Disposal and Media Sanitization Procedure 04/08/2011 01/22/2015
09-10-NJOIT Form   Media Disposal Forms [pdf 301 kb] 04/2011 04/2011
Privacy 14-04-NJOIT  123 - State of New Jersey Disclaimer Policy 07/28/2014 07/28/2014
14-04-S1-NJOIT  123-01 - State of New Jersey Disclaimer Standard 07/28/2014 05/27/2015
13-09-NJOIT  201 - State of New Jersey On-line Privacy Policy 12/19/2013 12/19/2013
Security Awareness 12-01-NJOIT  141 - Security Awareness Program Policy 03/21/2012 01/21/2016
Systems Development Life Cycle 14-25-NJOIT  182 - System and Services Acquisition Policy 10/27/2014 10/27/2014
14-09-NJOIT  168 - Change Management Policy 01/07/2014 01/7/2014
14-08-NJOIT  180 - Security in Application Development Policy 01/07/2014 01/7/2014
14-06-NJOIT  162 - System Planning and Acceptance Policy 01/07/2014 01/7/2014
Vulnerability / Risk Management 14-14-NJOIT  116 - Security Assessment Policy 07/28/2014 07/28/2014
14-02-NJOIT  115 - Information Security Risk Management Policy 01/07/2014 01/7/2014
SAS Software Request Form  SAS Software Request Form 01/12/2016 01/12/2016
Risk Management Remediation Report Template   Risk Management Remediation Report Template 01/10/2014 01/10/2014
12-04-NJOIT  184 - Information Security Vulnerability Management Policy 05/03/2012 12/11/2014
12-04-P1-S1-NJOIT   184-01 - Information Security Vulnerability Management Standard And Procedure 09/10/2012 12/11/2014
08-02-NJOIT  111 - Information Security Managing Exceptions 06/02/2008 11/15/2011
Policy Exception Request Form   Policy Exception Request Form 01/29/2014 01/29/2014
Group Number Description Date Published Last Reviewed
Asset Management 14-12-NJOIT  183 - Software License Management and Distribution 04/03/2014 04/3/2014
08-04-NJOIT  130 - Information Asset Classification Control Policy 07/31/2008 09/02/2015
08-04-P1-NJOIT  130-00-01 - Information Assets Classification and Control Procedure 07/31/2008 09/02/2015
08-04-S1-NJOIT  130-01 - Information Asset Classification and Control Standard 06/15/2012 09/02/2015
Attachment A to 08-04-P1-NJOIT   130-00-01  - Attachment A (Inventory Spreadsheet) [xls 30k] 07/31/2008 09/02/2015
Business Continuity Management 14-31-NJOIT  195 - Contingency Planning Policy 10/28/2014 10/28/2014
Compliance 14-28-NJOIT  202 -Asset Audit and Accountability Policy 11/13/2014 11/13/2014
14-13-NJOIT  205 - Certification and Accreditation Policy 03/10/2014 03/10/2014
Information Security Certification Accreditation Checklist  Information Security Certification Accreditation Checklist 10/14/2014 08/24/2015
09-05-NJOIT  203 - Information Security Payment Card Industry (PCI) Data Security Policy 10/02/2008 12/15/2011
09-05-S1-NJOIT  203-01 - Information Security Payment Card Industry (PCI) Data Security Standard 10/02/2008 12/15/2011
Contracts / Business 09-11-NJOIT  169 - Business Entity, IT Services and/or Extranet 07/06/2009 01/22/2015
09-11-P1-NJOIT   169-00-01 - Business Entity, IT Services and/or Extranet 08/07/2009 01/22/2015
Appendix A to 09-11-P1-NJOIT   Business Entity and/or IT Services Extranet Application Form [pdf 48k] 10/2/2012 01/28/2015
Appendix B to 09-11-P1-NJOIT   Business Entity and/or IT Services Extranet MOU [dot 67k] 10/02/2012 01/28/2015
Appendix C to 09-11-P1-NJOIT   Business Entity IT Services and/or Extranet Connection Detail [dot 99k] 10/01/2012 01/28/2015
Appendix D to 09-11-P1-NJOIT   Business Entity, IT Services and/or Extranet Security Controls Assessment Checklist [pdf 206k] 01/21/2015 01/21/2015
Identity and Access Management 14-32-NJOIT  177 - Password Management Policy 10/14/2014 10/14/2014
14-32-S1-NJOIT  177-01 - Password Management Standard 10/14/2014 10/14/2014
14-29-NJOIT  172 - Access Control Management Policy 11/13/2014 11/13/2014
14-27-2014  1701 - Identification and Authentication Policy 10/27/2014 10/27/2014
11-01-NJOIT  179 - Remote Access Policy 03/09/2012 03/9/2012
11-01-P1-NJOIT 179-01-P1-NJOIT - Remote Access Procedure
To obtain a copy contact Statewide Office of Information Security
07/20/2011 07/20/2011
11-01-S1-NJOIT   179-01 - Remote Access Standard 07/20/2011 07/20/2011
Incident Management 11-02-NJOIT  190-NJOIT - Information Security Incident Management Policy 05/24/2012 05/24/2012
11-02-P1-NJOIT  190-00-01 - Information Security Incident Management Reporting Procedures 05/24/2012 07/25/2013
Attachment A to 11-02-P1-NJOIT  Attachment A to 11-02-P1-NJOIT 07/26/2013 07/26/2013
11-02-P2-NJOIT  191 - Information Security Incident Management Response Procedure 05/24/2012 07/25/2013
Information Security Incident Reporting Form  Information Security Incident Reporting Form 07/26/2013 02/05/2015
Information Security Program 14-05-NJOIT  161 -Operational Security Policy 01/07/2014 01/7/2014
12-03-NJOIT  110 - Security Framework Policy 07/17/2012 01/21/2016
08-01-NJOIT  100 - Information Security Program 06/18/2008 01/21/2016
Information Security Structure 15-01-NJOIT  142 - Workforce Security Policy 01/22/2015 01/22/2015
Internet / Social Collaboration 14-30-NJOIT  1600 - Acceptable Internet Usage 09/05/2014 09/5/2014
14-17-NJOIT  166 - Electronic Mail/Messaging Content Policy and Standards 04/02/2014 03/30/2017
Monitoring and Management 15-02-NJOIT  176 - Information Security System Monitoring and User Review Policy 01/22/2015 01/22/2015
Network Management 15-03-NJOIT  165 - Firewall Management Policy 01/22/2015 01/22/2015
14-33-NJOIT  121 - Confidential and/or Personally Identifiable Information 10/28/2014 10/28/2014
14-18-NJOIT  174 - Network Security Policy 06/12/2014 06/12/2014
14-03-NJOIT  173 -Wireless Network Security Policy 01/07/2014 01/7/2014
14-03-S1-NJOIT
This standard is published/posted in NJ-ISAC.
173-01 -Wireless Network Security Standard and Procedure 01/07/2014 01/7/2014
Prevention and Protection 15-04-NJOIT  164 - Backup and Restore Policy 01/22/2015 01/22/2015
14-26-NJOIT  181 - Encryption and Digital Signatures Policy 10/27/2014 10/27/2014
14-07-NJOIT  1602 -Media Protection Policy 01/07/2014 01/7/2014
14-01-NJOIT  171 - Minimum System Security and Protection Policy 01/23/2014 01/23/2014
14-01-S1-NJOIT
This standard is published/posted in NJ-ISAC.
171-01 -Minimum System Security and Protection Standards 01/07/2014 01/07/2014
12-02-NJOIT  132 - Portable Computing Use and Temporary Worksite Assignment Policy 03/28/2012 05/03/2013
Agreement   Portable Computing User Agreement 09/05/2013 04/19/2013
State-Owned Property Removal Form   State-Owned Property Removal Form 03/30/2012 03/20/2012
09-10-NJOIT  152 - Information Disposal and Media Sanitization Policy 04/08/2011 01/22/2015
09-10-S1-NJOIT  152-01 - Information Disposal and Media Sanitization Standards 04/08/2011 01/22/2015
09-10-P1-NJOIT   152-00-01 - Information Disposal and Media Sanitization Procedure 04/08/2011 01/22/2015
09-10-NJOIT Form   Media Disposal Forms [pdf 301 kb] 04/2011 04/2011
Privacy 14-04-NJOIT  123 - State of New Jersey Disclaimer Policy 07/28/2014 07/28/2014
14-04-S1-NJOIT  123-01 - State of New Jersey Disclaimer Standard 07/28/2014 05/27/2015
13-09-NJOIT  201 - State of New Jersey On-line Privacy Policy 12/19/2013 12/19/2013
Security Awareness 12-01-NJOIT  141 - Security Awareness Program Policy 03/21/2012 01/21/2016
Systems Development Life Cycle 14-25-NJOIT  182 - System and Services Acquisition Policy 10/27/2014 10/27/2014
14-09-NJOIT  168 - Change Management Policy 01/07/2014 01/7/2014
14-08-NJOIT  180 - Security in Application Development Policy 01/07/2014 01/7/2014
14-06-NJOIT  162 - System Planning and Acceptance Policy 01/07/2014 01/7/2014
Vulnerability / Risk Management 14-14-NJOIT  116 - Security Assessment Policy 07/28/2014 07/28/2014
14-02-NJOIT  115 - Information Security Risk Management Policy 01/07/2014 01/7/2014
SAS Software Request Form  SAS Software Request Form 01/12/2016 01/12/2016
Risk Management Remediation Report Template   Risk Management Remediation Report Template 01/10/2014 01/10/2014
12-04-NJOIT  184 - Information Security Vulnerability Management Policy 05/03/2012 12/11/2014
12-04-P1-S1-NJOIT   184-01 - Information Security Vulnerability Management Standard And Procedure 09/10/2012 12/11/2014
08-02-NJOIT  111 - Information Security Managing Exceptions 06/02/2008 11/15/2011
Policy Exception Request Form   Policy Exception Request Form 01/29/2014 01/29/2014
Number Description Date Published Last Reviewed
NJOIT-2017-02  Alternative Workweek Policy 2017/04/03 2017/04/03
NJOIT-2017-02-S1  Alternative Workweek Standard 2017/04/03 2017/04/03
NJOIT-2017-02-P1  Alternative Workweek Procedure 2017/04/03 2017/04/03
NJOIT-2017-02-F1  Alternative Workweek Request Form 2017/04/03 2017/04/03
16-05-NJOIT  System Architecture Review (SAR) Policy SAR Procedure
16-05-NJOIT PSystem Architecture Review Procedure 
2016/12/12 2016/12/12
16-03-NJOIT  Enterprise Tech Solution Policy 2016/12/12 2016/12/12
16-01-NJOIT  Project Management Policy
16-01-NJOIT Attachment_A
16-01-NJOIT Attachment_B
16-01-NJOIT Attachment_C
16-01-NJOIT Attachment_D 
2016/12/12 2016/12/12
Number Description Date Published Last Reviewed
15-05-NJOIT  State Telecommunication Coordinators 05/27/2015 05/27/2015
Cellular Wireless Device and Portable Computing Device Request  Cellular Wireless Device and Portable Computing Device Request 12/03/2013 12/03/2013
Number Description Date Published Last Reviewed
14-11-NJOIT  Internet and Statewide Intranet Presence for New Jersey State Government 01/23/2014 01/23/2014
13-09-NJOIT  201 - State of New Jersey On-line Privacy Policy 12/19/2013 12/19/2013
07-12-NJOIT  Web Accessibility Policy 06/13/2007 10/27/2014
06-06-NJOIT  State of New Jersey Online Disclaimer Policy 08/10/2001 10/29/2015