The wealth of information maintained by the City of Detroit is an asset with tremendous potential
value to the public, entrepreneurs, and to our own government programs. This information takes
many forms. It can be unstructured content (e.g. press releases, help documents, how-to guides,
or any type of hardcopy documents) or more structured data (e.g. databases, files that are
located on servers or workstations).
The information maintained by the City of Detroit needs to be secured regardless of how data is
stored, processed, or transmitted. As information and devices become increasingly mobile, we
must ensure confidentiality, integrity, and availability by building security into City processes and
programs. As the government moves to an information-centric and mobility-enabled digital
environment, existing security, privacy, and data protections must be improved and continuously
monitored. Strong authentication or consistent Access Management requirements must be
considered throughout the entire life cycle of existing and emerging technologies. Security
processes and procedures must also be updated to reflect the realities of a rapidly changing
Recent losses of personal data at various levels of government require that all public bodies act
to bolster public trust and confidence in the way personal information is handled and kept safe.
The following guidelines are a response to that need. They set out the fundamental steps that
every governmental body should take to mitigate the ever-present risk that personal information is
lost or that data protection systems fail. They provide chief executives, senior managers and
elected members with a vital aid in discharging their responsibilities and accountability for secure
and effective handling of all confidential information.
The standards that the City of Detroit is establishing are challenging but necessary to build and
maintain public confidence. If we are to meet this challenge, it will only be through first creating
the right culture, and second, by having the right policies and procedures in place to provide
accountability and scrutiny.
The City will seek to develop a culture that properly values, protects and uses information for the
public good. The City should reinforce that information is a key business asset and that its proper
use is not simply an IT issue. There should be clear lines of accountability throughout the City,
together with a program of staff awareness. People goals include:
The City will ensure the security of its information through the physical security of its buildings,
premises and systems. There should be regular assessments of information risks by senior
The City will check that it has proper document systems in place and that its vendors and business partners
apply the same standards when handling the City’s information. The City will also monitor and audit the
effectiveness of its policies and, where appropriate, engage independent experts to test informationhandling
systems and make recommendations.
The City will produce all necessary policies that will set out how it will implement the measures.
Policy priority will be sorted by law and best practices. The City will ensure that there are
mechanisms in place to test, monitor, and audit the policies and procedures.
The City of Detroit will keep a Certified Information Systems Security Professional (CISSP) onsite,
either through full-time employment or through a consulting agreement, to function as the
Data Security Manager. The Data Security Manager shall provide the direction and technical
expertise to ensure that the City’s information assets are properly protected. The Data Security
Manager is responsible for the establishment and maintenance of organization-wide information
security policies, standards, guidelines, and procedures. This includes consideration of the
confidentiality, integrity, and availability of both information and the systems that process the
information. The cornerstone of the information security strategy shall be the principle of
accountability, by which a strong attempt is made to attribute all system events and responsibility
for activities to specific individuals. Major responsibilities include:
If you have any concerns, please send an e-mail to email@example.com or contact:
Ken Jaworski at firstname.lastname@example.org or (313) 224-1313
Terrence Sims at email@example.com or (313) 224-2159.
Tags: no tags
2004-2013© City of Detroit ITS/Communications and Creative Services Division
For information about the City of Detroit’s Web site, email the Web editor
Content Approval | Login