ICT Resource Usage Policy - according to the ICT Resource Usage Policy, other relevant policies, and

  • View
    0

  • Download
    0

Embed Size (px)

Text of ICT Resource Usage Policy - according to the ICT Resource Usage Policy, other relevant policies, and

  • Information and Communication Technology (ICT) Resource Usage Policy

    Printed copies are uncontrolled. It is the responsibility of each user to ensure that any copies of policy documents are the current issue

    Page 1 of 4

    DETAILS Council Admin Effective from: 30 October 2018 Contact officer: ICT Governance and Policy Officer, Business Innovation and

    Technology Services Next review date: October 2020 File reference: IM634/171/06 iSpot #

    This policy 22850062 Value Proposition 43575227

    OBJECTIVES AND MEASURES Objectives To ensure that Council of the City of Gold Coast (Council) ICT

    resources are used: • Appropriately and efficiently; • To assist Council to effectively deliver quality, value for money

    services; • To not create or increase risk to Council, Council employees,

    Councillors, contractors and third parties; • In accordance with other policies, legislation, standards, and

    business best practice; and • Managed with sound consistent governance across Council.

    Performance measures • Telephony, remote access and mobile device usage and cost patterns are monitored and reviewed to produce measurable management of costs.

    • Satisfactory compliance with software audits with regard to software licensing and device compliance.

    • Incidence of attacks upon Council systems and malicious software introduced through inappropriate or unauthorised usage is minimised through user awareness of responsibilities and obligations.

    Risk assessment Medium

    POLICY STATEMENT Council ICT Resources are to be used in an ethical and efficient manner within a sound governance framework, thereby enabling Council’s assets to be appropriately managed within acceptable risk tolerances. A key underpinning goal of this approach is to ensure users of ICT resources behave in ways that support the business activities of Council. This policy aligns with Queensland Governments Information Standard - IS 38 – Use of ICT Facilities and Devices. The provision of Council owned ICT resources including Internet, email facilities, telephony and devices are to be used for officially approved purposes. Limited personal use of ICT resources is available only in accordance with the uses outlined in this policy. Council employees, consultants, contracted external service providers and Councillors are all required to use Council ICT resources in accordance with this policy and the applicable Code of Conduct. All access to ICT resources is granted on the basis of business need and may be revoked at Management discretion.

    All ICT resource users must be aware of: • Types of ICT resources (as defined in Appendix I); • Authorised, unauthorised, and unlawful/criminal use of Council resources (as defined in Appendix C);

    and • Business rules regarding use of each resource (as defined in Appendices D – H).

  • Information and Communication Technology (ICT) Resource Usage Policy

    Printed copies are uncontrolled. It is the responsibility of each user to ensure that any copies of policy documents are the current issue

    Page 2 of 4

    Serious breaches of this policy will be referred to Integrity and Ethical Standards Unit & Security for consideration and action taken in accordance with Council’s Disciplinary Policy and Procedures. Reference is also made to the Portable and Attractive Items Policy for employee obligations regarding management of applicable items, as described in this related policy.

    SCOPE This policy applies to all Council employees, consultants, Councillors, contracted external staff, patrons and/or service providers. Note while the policy is now Administrative any amendments to the policy as it applies to the Councillors will need to be considered by Council. See Council Decision GA16.0125.007

    EXEMPTIONS Access to Council owned or provided public computers by Council patrons is beyond the scope of this policy and is covered in the document Library Services Operational Guidelines: Use of Public Access Computers. Usage of Council public access kiosks is beyond the scope of this policy.

    DEFINITIONS See Appendix I - Definitions

    RELATED POLICIES AND DELEGATIONS This policy is aligned with the Queensland Government’s approach to use of ICT resources provided through Information Standard 38 – Use of ICT Facilities and Devices. Other related polices and legislation is listed below.

    LEGISLATION Commonwealth Legislation

    • Australian Copyright Act 1968 - proscribes the copying of software or data files (including text, sound and images) in the absence of a licensing arrangement;

    • Crimes Act 1914 - describes procedures related to dealing with a crime; • Cybercrime Act 2001 - deals with a range of computer related offences; • Privacy Act 1988 - introduces principles related to protection of personal information; and • SPAM Act 2003 – which proscribes the sending of SPAM messages.

    Queensland Government Legislation • Crime and Corruption Act 2001 - establishes a commission to reduce the incidence of corruption in the

    public sector. Council must preserve and make information available for this Commission so that it can be effective in its investigations;

    • Copyright Act 1968 - is an Act relating to copyright law; • Criminal Code Act 1995 - proscribes computer hacking and general misuse; • Electronic Transactions (Queensland) Act 2001 - refers to the integrity of information and requirements

    to keep information associated with the need for businesses and the community to use electronic communications when dealing with government bodies;

    • Evidence Act 1977 - defines what must be preserved as evidence related to government activities; • Information Privacy Act 2009 - ensures the security and protection of personal information and restricts

    the collection, use and disclosure of information about an individual; • Right to Information Act 2009 - makes particular types of information concerning government

    documents available to members of the community in order to ensure such information is timely and accurate;

    • Local Government Act 2009 - requires local government employees not to willfully destroy or damage Council records;

  • Information and Communication Technology (ICT) Resource Usage Policy

    Printed copies are uncontrolled. It is the responsibility of each user to ensure that any copies of policy documents are the current issue

    Page 3 of 4

    • Public Records Act 2002 - states the responsibilities of government in the management of corporate

    records - particularly with regards to security; and • Public Sector Ethics Act 1994 - states the responsibilities public officials have in ensuring that public

    resources are not wasted, abused or improperly used.

    SUPPORTING DOCUMENTS Council Policies and Reference Documents

    • Code of Conduct for Employees – states Council’s standard for ethical behaviour for employees; • Disciplinary Policy - provides a fair and reasonable process for the investigation and management

    of unacceptable performance and suspected breaches of Council’s Code of Conduct for Employees Policy.

    • Fraud and Corruption Control Policy - assists Council to minimise the risk and consequences of unethical practice or fraud in or on Council or its programs;

    • Expenses Reimbursement and Provision of Facilities for Councillors and Mayor 2009; • Good Working Relationship Policy – establishes Council’s standards to limit discrimination

    (sexual, disability, racist) and harassment; • ICT Security Policy – states Council’s position with respect to securing access to Council systems

    including reference to private or confidential information; • Information Management and Information Privacy Policy – defines Council’s requirements for

    recordkeeping and managing personal information; • Right to Information and Information Provision Policy – defines Council’s position on the release and

    provision of information and the requirements under the Right to Information Act 2009. • Library Services Operational Guidelines: Use of Public Access Computers. • Portable and Attractive Items Policy – establishes policy, standards and guidelines for the ethical use

    and protection of portable and attractive items; • Corporate Security Policy – formalises key protective security measures; and • Working From Home Policy – provides flexible working arrangements to assist employees to balance

    the demands of work with their family and/or personal responsibilities. • Excluded Call Types – provides detail on the current list of call types excluded from Council’s current

    mobile access fees.

    Mandatory Queensland Government Information Standards Records Governance Policy – sets out foundational principles of recordkeeping for Queensland Government agencies and public authorities to meet minimum recordkeeping requirements.

    Other related Queensland Government Information Standards • IS18 Information Security - outlines Queensland Government’s mandatory information security

    principles (which are not yet mandatory for local government); • IS26 Internet – deals with the provision of information via web-based systems and the need to keep

    adequate records of this business activity; • IS34 Metadata – deals with the use and management of information metadata; • IS38 Use