X
STANDARDS BIT has established standard practices for development, processing and services
why?
  • Rules and regulations are essential to any well managed organization. Standards are valuable to our clients because of the cost savings, faster support and reliable technology infrastructure. They serve to establish uniform practices and common techniques used as guidelines to measure performance.

    For example, with one standard email system, a small number of administrators can maintain a system supporting all of state government. If the state had two email systems, the number of administrators and support staff would double with no corresponding benefit in functionality. The same principle applies to system designs, writing programs and setting up operations in a data processing center. All of which require certain individual skills, standard policies, procedures and equipment.

    More information >
important!
  • Vendors who are actively pursuing IT business opportunities with the State of South Dakota must also comply with the Information Technology Security Policy. For security purposes, this content is not for public consumption, however a modified version is available for you here.
X
FINANCE BIT Finance Office
BIT Rates and Information
  • Development >
    Analysis, design, programming, implementation and maintenance of the state’s information systems.
  • Data Center >
    Provides enterprise computer processing services for state government agencies, higher education, constitutional offices and the Unified Judicial System (UJS)..
  • Telecommunications >
    Provides all support for hardware/software, Active Directory accounts required for access to network, telephone access, videoconferencing, and more.

Security

Vendor and Client Security Requirements

NOTE: The Client is any State of South Dakota (State) entity acquiring information technology or services that:

  • Goes on or connects to the State IT system.
  • Requires State data in an electronic format.
  • Exchanges electronic data with the State.
  • Develops or modifies a website.
  • Provides cloud services.

The Client is any State of South Dakota (State) entity acquiring information technology or services.

The following are in addition to any contractual requirements unless stated otherwise in the contract.

IMPORTANT: Clients and Vendors must follow the Information Technology Security Policy (ITSP). You can find the ITSP-Client at:
Information Technology Security Policy (ITSP) - Client

Vendors must follow the Information Technology Security Policy at:
Information Technology Security Policy (ITSP) - Contractor

Vendors must read and follow ITSP 10.9, 10.11 and 230.73.

The ITSP has the State’s cyber security policies. The policies:

  • Ensure security controls are used on the State’s system.
  • Ensure State data is protected.
  • Show the State’s commitment to security.

The ITSP policies protect State IT resources against destruction, loss, unauthorized access, change, misuse and disruption or denial of service.

Information technology security is based on:

  • Confidentiality - Ensuring that only authorized individuals can access information.
  • Integrity - Ensuring the consistency, accuracy, and trustworthiness of information.
  • Availability - Ensuring that the State’s IT system and services are dependable.

Each policy in the ITSP follows one or more of these principles. Any departure from the ITSP must be in the project’s contract and approved by the State’s Chief Information Security Officer (CISO).

Maintenance Agreements

Clients and Vendors must have annual maintenance agreements for any Commercial Off the Shelf (COTS) product purchased for the State. If there is no maintenance contract, then the State agency must have a plan to:

  • Get a maintenance contract.
  • Move to a product that does have a maintenance contract.
  • Retire the product within the year.

If you have questions, please contact your POC.

Web Development

The State can perform security, load, vulnerability, PCI compliance, functional, and performance tests and scans on any product purchased by the State at any time. If the tests or scans show requirements were not met, the State can require fixes or adjustments be made either as part of a maintenance contract or before final payment.

All contracted websites and applications hosted by the State must meet the web standards and operate on the State’s system. Once code for a website or product is submitted by a Vendor, it will be uploaded to a test area on the State’s system. BIT staff will do load testing, security and vulnerability testing and PCI compliance testing along with performance testing as needed.

If the website or application meets the State’s web standards and requirements, it will be accepted by the State and go into user acceptance testing, if needed.

If the website or product does not meet the standards and/or requirements, the Vendor will be told why. The Vendor will make needed changes and the website or product be re-tested.

If the website will be developed by the Vendor and hosted by the State, it must meet these web standards.

If the website is developed and hosted by the Vendor, it must meet these web standards.

The State may take the website down (or if hosted by the Vendor require the Vendor to take it down) if there is security, performance issues, or unsuitable content. If the Vendor is at fault, the contract payments may be suspended by the State. If there is a blatant failure by the Vendor’s then the State, at the State’s discretion, may be reimbursed.