Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Acknowledgement of Country
The Town of Port Hedland would like to acknowledge the Kariyarra, Ngarla and Nyamal people as the Traditional Custodians of the Port Hedland lands. We recognise their strength and pay our respects to their Elders past and present.
We extend that respect to all Aboriginal & Torres Strait Islander people of the local community and recognise their rich cultures and their continuing connection to land and waters.
ToPH ICT Strategy 2020-25
2
Contents
Executive Summary - 4
Governance - 5
Vision - 6
ICT Strategic Roadmap - 7
Risk Management - 8
Policies & Internal Operating Procedures - 11
Human Resources - 11
Stakeholders - 12
Business Systems & Applications - 14
Infrastructure - 17
Business Continuity - 18
ICT Strategy Delivery - 19
Appendix 1: ICT Strategic Roadmap - 20
Appendix 2: ICT Detailed Risk Assessment - 31
Appendix 3: Risk Matrix - 35
ToPH ICT Strategy 2020-25
3
Executive Summary
The Town of Port Hedland (the Town) has an extensive and diverse Information andCommunication Technology (ICT) portfolio. This reflects the diversity of functions performedby the Town and the requirement for self-sufficiency caused by Port Hedland’s isolation. The ICT strategy aims to deliver ICT services and assets that meets users’ needs reliably and in a cost effective manner.
The ICT strategy has identified a significant program of work that is required over its term toimplement generational change to key business systems and applications, catch-up onhardware renewal and to improve network communications, disaster recovery capability andsecurity strength. The program is highly interdependent and the implications of each part onthe other needs to be clearly understood. At the end of the program the Town will be relianton Software as a Service (SaaS) arrangements that will reduce the on-premise hardware footprint but also increase dependency on the internet.
Initiatives that will have the greatest direct impact on users are:
• The core system replacement project toreplace SynergySoft
• Migration to Microsoft 365• Clean-up of corporate data
To successfully achieve these initiatives the organisation needs to adequately resource themand sustain the appetite to pursue process improvement.
As each initiative is delivered transactional interaction with the Town will be simplified for the community and vendors, internal business processes will flow more smoothly and staff will have a better suite of tools to perform their roles. The ability to resist and recover from business interruptions and cyber malevolence will increase and become simpler.
ToPH ICT Strategy 2020-25
4
Governance
Strategic Community Plan and Corporate Business Plan
ICT has a direct and indirect linkage to the Strategic Community Plan (SCP).
The direct linkage arises by specific actions for ICT to deliver in the Corporate Business Plan (CBP) as strategic responses identified in the SCP, summarised in Table 1:ICT Responses to the SCP.
Strategic Theme SCP Outcome Strategic Response ActionOur Community An inclusive and
involved community1.b.1 Newcomers toPort Hedland areprovided withinductions, informationand opportunities toengage and getinvolved
1.b.1.2 Provide freepublic Wi-Fi atidentified Townlocations
Our Economy An enabling, attractivebusiness environment
2.b.4 Businessapproval processesare transparent andpathways streamlined
2.b.4.1 Develop,implement and reviewan ICT and IS strategy
2.b.4.2 Develop,implement and reviewnew technology andsystem improvements
ICT has an indirect link to the SCP through the provision of the business systems andapplications and infrastructure needed by the various functions of the Town to deliver the services and programs contained in the SCP.
Table 1: ICT Responses to the SCP
ToPH ICT Strategy 2020-25
5
Vision
The vision for the ICT strategy is to provide a reliable and cost effective ICT solution that meets users’ needs.
Reliable
• Stable business systems and networkcommunications
• Appropriate redundancy to sustain criticalfunctionality
• Secure against cyberattack
Cost Effective
• Fit for purpose business systems,equipment and infrastructure
• Planned migration to proven technologiesin accordance with the ICT strategy
• Adherence to the asset management plan
Meeting User Needs
• Simplified ICT experience for all users• Community provided with the facilities it
is willing to pay for• Transactional ease for community and
vendors• Staff provided with the technology tools
they need to effectively and efficientlyserve the community.
The strategy to achieve the vision is structured around Business Systems and Applications, Infrastructure, Business Continuity and Security. The roadmap from the current state to the desired state isdetailed in Appendix 1: ICT Strategic Roadmap.
Reliable Cost Effective
MeetingUser
Needs
ToPH ICT Strategy 2020-25
6
ICT Strategic Roadmap
Business Systems& Applications
InfrastructureBusinessContinuity
Security
Core system replacement project
Managed migration ofMicrosoft suite to cloud
Effective governance ofapplications acquisition
Managed server operating
system updates
Whole of communicationsnetwork design
ICT asset managementplan
Server blueprint
Corporate dataclean-up
Warranties & maintenanceagreements review
Telephone systemreplacement
Mobile deviceutilisation
On-premise DRinfrastructure
Cloud DR
Documented and testedDR solution
Cybersecurity posture with recognised
framework
Utilisation of firewall &anti-virus software
Staff education
Effective userauthentication
ToPH ICT Strategy 2020-25
7
Risk Management
The risks associated with ICT changes as the delivery of ICT services evolves. A risk assessmentof the major ICT risks has been performed and reassessed to measure the impact successful implementation of the ICT strategy would have, summarised in Table 1: ICT Risk Profile Summary. The risk profile is assigned according to the likelihood of an event occurring and the severity of the consequence of the risk occurring. The risk matrix used to determine the risk profile is contained in Appendix 3: Risk Matrix.
Risk Current Risk Rating
Residual Risk Rating
1. Cyberattack – loss of service
2. Prolonged loss of local network communications
3. Prolonged server outage
4. Prolonged loss of internet communications
5. Obsolete business system or application
6. Under investment in ICT
7. Over investment in ICT
8. Data theft
9. Prolonged telephone system outage
10. Staff turnover
High
Moderate
Moderate
Moderate
High
High
Low
Moderate
Moderate
High
Moderate
Low
Moderate
Moderate
Low
Moderate
Low
Moderate
Moderate
High
Table 1: ICT Risk Profile Summary
Strategic responses to the major risks are summarised in Table 2: ICT Risk Mitigation. For risksrating that remain unchanged, in most instances the ICT strategy reduces the likelihood of anevent occurring but does not reduce the impact. For example, the consequence of data theftremains the same once it is stolen. The ICT strategy is not expected to have a singularly measurable impact on the likelihood of staff leaving the organisation.
ToPH ICT Strategy 2020-25
8
Risk Likelihood Consequence Strategic Response1. Cyberattack – loss of
servicePossible Major • Develop cybersecurity
posture with recognisedframework
• Effective utilisation offirewall and anti-virussoftware
• Staff education
• Effective userauthentication
2. Prolonged loss of localnetwork communications
Unlikely Major • Whole of communicationsnetwork design
3. Prolonged server outage Unlikely Major • Documented and testedDR solution
4. Prolonged loss of internetcommunications
Unlikely Moderate /major
• Core system replacementproject
• Managed migration ofMicrosoft suite to cloud
• Whole of communicationsnetwork design
• Server blueprint
• On-premise DRinfrastructure
• Cloud DR
5. Obsolete business systemor application
Likely Moderate • Core system replacementproject
• Managed migration tonewer versions of Microsoftproducts
• Effective governance ofapplications acquisition
6. Under investment in ICT Likely Moderate ICT strategic roadmap
Table 2: ICT Risk Mitigation
ToPH ICT Strategy 2020-25
9
Risk Likelihood Consequence Strategic Response7. Over investment in ICT Unlikely Minor • ICT strategic roadmap
8. Data theft Possible Moderate • Cybersecurity posture withrecognised framework
• Utilisation of firewall andanti-virus software
• Staff education
• Effective userauthentication
9. Prolonged telephonesystem outage
Possible Moderate • Telephone systemreplacement
10. Staff turnover Likely Moderate • Core system replacementproject
• Managed migration ofMicrosoft suite to cloud
• Effective governance ofapplications acquisition-Corporate data clean-up
Table 2: ICT Risk Mitigation
The detailed risk assessment outlining business impact and mitigations is contained in Appendix 2: ICT Risk Assessment.
The most significant change to the ICT risk profile will be driven by the continued adoption of Software as a Service (SaaS). As major systems are moved to SaaS the on-premise server footprint will decrease. Cybersecurity, including protection from data theft, and disaster recovery will be provided by the system providers who are better resourced to address these challenges. Disaster recovery for the residual systems and data, primarily the corporate drive, will also be in the cloud. This trend does however increase exposure to the risk of disruption to internet services. The mitigations for this will be the retention of on-premise back-up capability and duplicated internet connections on separate trunk routes.
A distinction is made between short-term and prolonged service outages for local networkcommunications, servers, internet and phone system. Increasing the probability ofuninterrupted services is achieved by increasing the investment in redundancy withautomatic fail-over capability. In some instances this may be achievable but the cost would need to be justified against the benefits.
The Town has not maintained a sufficient level of investment in its business systems and applications, specifically its core business system. The current system, SynergySoft, is at end of life and implementation of a replacement system will require significant investment in business process capability.
ToPH ICT Strategy 2020-25
10
Policies & Internal Operating Procedures
The governance framework for ICT is provided by polices, Internal Operating Procedures (IOP) and agreements.
Polices that directly impact ICT are:
• 15/003 CCTV Operations• 9/010 Asset Management
Staff usage of ICT is guided by:
• HR007 Mobile Phone Usage• HR012 Equal Employment Opportunity,
Bullying, Harassment and GrievanceHandling
• Conditions of Computer / CommunicationUse Agreement signed by employees
The strategy identifies a need for IOPs for:
• Acquisition and maintenance ofapplications software
• ICT asset management• Working from home
To further support the strategy, IOPs should be developed for:
• Business continuity and disaster recovery• Cybersecurity
An ICT asset management IOP should include guidance for the disposal of retired equipment.
Human Resources
ICT human resources are a hybrid of Town staff, contractors and support agreements. Town staff currently consists of support officers and a part-time manager. Support officers provide front-line user support and co-ordinate minor projects. Two key contractual arrangements are in place, one to provide technical ICT leadership and support and one to monitor and maintain the CCTV network. Support agreements are in place with software and hardware vendors to provide helpdesk support for specific products.
Consultant support will be required forvarious projects including the core systemreplacement project, Microsoft 365 migration, telephone system replacement, networkcommunications review and server blueprint.
ToPH ICT Strategy 2020-25
11
Stakeholders
The ICT strategy aims to best meet the ICT needs of relevant stakeholders in a reliable and sustainable manner within the constraints of available resources. The community, Town staff, vendors and regulatory agencies are identified as key stakeholders and their identified needs are detailed here.
The ICT strategy aims to ensure that the Town has the business systems and applications and ICT infrastructure in place, supported by adequate business continuity capability and protected by impenetrable security to meet these expectations in an operationally and financially sustainable manner.
Community
Access to technology based resources• Physical assets including computers and
printers• Internet access including public Wi-Fi• Library resources including e-library
resources
Technology for doing business with the Town• On-line payments including rates, fees
and fines• Obtaining permits and approvals
Respect for privacy• Opportunity to understand CCTV
deployment, capabilities and dataretention
• Transactions and approval data retention,access and security
Dependable• The Town is able to continue to deliver
services and provide leadership andassurance
• People are provided with importantinformation during significant communityincidents
The Town utilises technology to:• Operate efficiently and reduce costs• Promote sustainably in its operations
ToPH ICT Strategy 2020-25
12
Staff
Provided with the right tools to do their job• User devices including computers and
mobile devices and office devices• Business systems and applications• Access to on-line resources• Support for the way they work including
collaboration tools and remote working
User support• Training and support for specific business
systems and applications• Generic technical support for hardware
and connectivity issues
Reliability• Access to business systems and
applications and data always available• ICT hardware always working
Supported through change• Assistance and support to adopt to ICT
enabled changes to business processes
Vendors
Supported engagement• Communications from tender to
completion through technology enabledchannels
• Simple invoice submission and payment
Technology based service delivery• Core deliverable is a technology rather
than a service or a good• Communications and data access
necessary to fulfil deliverables
Regulatory Agencies
Compliance• Compliance with statutorily imposed
compliance obligations• Compliance with industry imposed
compliance obligations
Security• Data is properly secured• System and data access is appropriately
controlled
ToPH ICT Strategy 2020-25
13
Business systems and applications includes the core business system, currently SynergySoft, the Microsoft (MS) Office suite, ad hoc applications and server operating systems. This aspect of ICT is due for generational change that will impact the way people work and how ICT is delivered to the organisation. This change is dependent on organisational buy-in for process change and the availability of sufficient and reliable internet capacity.
Core Business System
SynergySoft supports business processes, primarily support services and some core services. The vendor has discontinued system development and are seeking to introduce a new product. Work has commenced by the Town to select and implement a replacement system.
Support services processes include: accounts payable and receivable, cash receipts, fixed asset register, general ledger, inventory, procurement, rating and rates notices, records management and trust and reserve administration. Core services processes include: cemetery administration, customer relationship management, desktop mapping, property administration and ranger services including dog registration and infringements.
Payroll is currently being outsourced and the Town does not have an asset management or maintenance management system.
The Town intends to engage a consultancy to project manage implementation over the anticipated two to three year implementation timeframe. This approach is intended to provide access to the appropriate resources and continuity of knowledge having regard to the difficulty the Town has recruiting and retaining staff. Key challenges are anticipated to be data migration and change management.
The preferred solution will be selected following a tender process. The Town currently does not have a position on whether the preferred solution is a best of breed, that is, multiple products, or an integrated solution, that is, most functions performed by a single system.
It is anticipated that the new core system will be SaaS. This will require adequate internet capacity and business continuity planning will need to address disruptions of internet service.
Business Systems& Applications
ToPH ICT Strategy 2020-25
14
Microsoft Office Suite
The Town is currently working on MS Windows 10 operating system, MS Office 2016 Professional Plus and Internet Explorer. Migration to newer versions of Windows occurs periodically and once a version has been widely proven. Internet Explorer is used alongside Google Chrome and to a lesser extent, Firefox. Internet Explorer is anticipated to be phased out by Microsoft and replaced by Edge during the life of the strategic plan.
Microsoft Office has undergone generational change. The new generation is SaaS and has significant implications for users who adopt it. MS 365 integrates with corporate data storage, communications, security and disaster recovery. The implementation pathway will consume significant effort to properly understand the product and the implication for contiguous software.
A graduated implementation will be adopted. MS 365 will be piloted with a group of users before a whole of organisation roll-out. It will also operate in parallel with the existing on-premise solution. The objective will be to have fully migrated by the expiry of the on-premise MS Office licence. There is no immediate need to implement the change, particularly given the young age of the servers, however the Town should not dismiss the opportunity to avoid operating with redundant software in the future.
Ad Hoc Applications
The Town has a significant portfolio of applications, many of which are SaaS. The acquisition of these is usually user driven. It is not the role of ICT to adjudicate on a user’s need for a particular application however duplication of solutions and mistakes of the past should be avoided, ICT does not have the capacity or expertise to provide user support and network communication constraints need to be considered. Appropriate governance is required for acquisition decisions.
Some applications may have been adopted because the functionality was not available in SynergySoft. The new core business system may offer previously unavailable functionality that should be assessed first. Existing applications may also be made redundant by the new system.
There have been instances of technology purchases that have not been able to be utilised because of network communication constraints. Some applications have become disused after a key advocate for their acquisition has left the organisation.
Each application needs to have an independent support arrangement with the vendor. ICT needs to be consulted prior to any purchases to assess the ICT infrastructure and security implications.
An IOP is required for the acquisition and management of applications that as a minimum addresses regulatory considerations, approval process, agreement management and retirement. ICT will maintain a database of application agreements.
ToPH ICT Strategy 2020-25
15
Server Operating Software
The operating system for the servers has recently been updated to Windows 2016. Veeam is used to provide the virtual server environment and to back-up data. The server operating system will be updated periodically. Implementation planning for any alternative data back-up systems will need to accommodate statutory data retention requirements for the existing tape library.
ToPH ICT Strategy 2020-25
16
The Town has geographically dispersed infrastructure consisting of network communications, ICT hardware and telephony.
Network Communications Infrastructure
Network communications have developed organically in response to limited or uneconomical access to public telecommunications. The network currently utilises an enterprise grade 100Mb and 4G internet connections, point-to-point (PtP) radio links between sites and a SIP enabled telephone connection. The network has been expanded to address immediate user needs and a more considered approach is now possible.
A network communications infrastructure plan is required. The plan will assess existing infrastructure, forecast future demand and design a network to meet that demand and provide a sufficient level of redundancy. The assessment of existing infrastructure will include availability and reliability of internet communications that will be critical to business systems and applications and disaster recovery.
Infrastructure
ICT Hardware
The Town has lagged in ICT hardware renewal and this is addressed in the 2020/21 budget. Equipment is replaced according to age however there is no formal documentation of ICT asset management. An ICT asset management IOP will guide both hardware and software investment and renewal and the asset management plan needs to include the CCTV network.
The main server and storage is located at the Civic Centre. Other locations have task specific servers and a DR environment has been created at the Depot. The main server was renewed in 2019 and server requirements are expected to change significantly with the continued uptake of SaaS, including DR storage. It is intended to relocate the main server to the Depot. Accordingly a server blueprint is required to understand the implication of these considerations.
There is a pressing need to clean-up the corporate drive which will be a major undertaking and data retention requirements must be complied with. The Town incurs considerable expenditure on equipment warranties and maintenance agreements and the cost effectiveness of these will be reviewed.
ToPH ICT Strategy 2020-25
17
Telephony
The telephone system is overdue for replacement and the Town makes extensive use of mobile devices. A new system is likely to be cloud hosted and integrate with Microsoft 365 in the future. Existing telecommunications are internet dependent and a DR solution will need to be independent of the internet.
Mobile devices are currently well utilised to assist staff in the field. Future considerations include: equipping users with the most appropriate device for their role, accommodating the desire for bring-your-own devices in a sustainable manner and pushing messages to staff and the community with mobile devices.
The Town has established a DR solution at the Depot that replicates critical data a number of times per day. This solution is still maturing and requires documenting. Two further stages of development of the Town’s DR capacity will be pursued: documenting scenario responses beyond the DR site and a cloud solution.
BusinessContinuity
The Town has established a DR solution at the Depot that replicates critical data a number of times per day. This solution is still maturing and requires documenting. Two further stages of development of the Town’s DR capacity will be pursued: documenting scenario responses beyond the DR site and a cloud solution.
The ICT response to COVID-19 proved that the Town has the capability to rapidly respond to significant workplace interruption. The lessons from this response need to be captured and the response further refined. Documented responses to various scenarios and periodic testing of the DR site will ensure the Town is best placed to continue to serve the community in the event of disruptive events.
Numerous vendors offer cloud DR solutions that can be utilised in the event of physical disruption or a cyberattack. The Town had initially identified a preferred cloud DR solution however this was considered in isolation of the DR solution available with SaaS business systems and applications. The DR solution will evolve with the core business system replacement project and MS 365 transition. In the interim, the Town will continue to rely on the Depot DR site and weekly back-up tapes.
ToPH ICT Strategy 2020-25
18
Security
The Town currently does not have a formal cybersecurity plan and relies primarily on its firewall and anti-virus software. Information to help staff stay safe on-line is shared periodically across the organisation. A formal cybersecurity risk assessment and plan will be developed using a recognised framework followed by periodic penetration testing. The opportunity to utilise multi-factor user authentication will be investigated.
ICT Strategy Delivery
The strategy will be delivered over five years as outlined in the implementation project plan. The implementation plan seeks to achieve generational change in the first three years. The final two years of the plan will be dedicated to bedding down the change.More significant projects will be formally project managed, including the core business system replacement project, MS 365 migration and corporate drive data clean-up. A project manager will be engaged to lead the core business system replacement project.
Business Systems and Applications
Core system replacement projectManaged migration of Microsoft suite to cloudEffective governance of applications acquisitionManaged server operating system updates
Infrastructure
Whole of communications network designICT asset management placeServer blueprintCorporate data clean-upWarranties / maintenance agreements reviewTelephone system replacementMobile service utilisation
Business Continuity
Documented and tested DR solutionOn-premise DR infrastructureCloud DR
Security
Cybersecurity posture using recognised frameworkUtilisation of firewall and anti-virus softwareStaff educationEffective user authentication
1 2 3 4 5Year
ToPH ICT Strategy 2020-25
19
AP
PE
ND
IX 1
: IC
T S
TRA
TEG
IC R
OA
DM
AP
Bus
ines
s S
yste
ms
and
Ap
plic
atio
ns
As-
Is
To-B
e B
ridg
ing
the
Gap
A
ctio
ns
Tim
efra
me
(Yea
r)
Cor
e B
usin
ess
Syst
em
Syne
rgyS
oft
A
t end
of l
ife
Util
isat
ion
has
not b
een
fully
deve
lope
d by
Tow
n
Som
e fu
ndam
enta
lun
derly
ing
busi
ness
proc
esse
s un
der-
deve
lope
d
New
gen
erat
ion
of b
usin
ess
syst
em s
ucce
ssfu
lly
impl
emen
ted
Effic
ient
und
erly
ing
busi
ness
pr
oces
ses
capa
ble
and
in
cont
rol
Cor
e sy
stem
repl
acem
ent
proj
ect
Cor
e sy
stem
repl
acem
ent
proj
ect:
A
ppoi
nt p
roje
ct m
anag
er
Proc
ure
new
sys
tem
D
evel
opm
ent i
mpl
emen
tatio
npl
an
Acq
uire
add
ition
al h
uman
reso
urce
s as
nee
ded
Pr
epar
e bu
sine
ss a
nd d
ata
for c
hang
e
Impl
emen
t new
sol
utio
n
Post
-impl
emen
tatio
n su
ppor
t
1-3
Mic
roso
ft O
ffice
Sui
te
M
icro
soft
Win
dow
s 10
OS
Opt
imal
ly ti
med
mig
ratio
n to
ne
xt v
ersi
on
Man
aged
mig
ratio
n of
M
icro
soft
suite
to c
loud
M
S W
indo
ws
vers
ion
cont
rol:
M
onito
r MS
Win
dow
sm
atur
ity a
nd in
dust
ry tr
end
to id
entif
y op
timal
mig
ratio
npo
int
M
anag
e m
igra
tion
2-3
M
icro
soft
Offi
ce 2
016
Prof
essi
onal
Plu
s su
it of
desk
top
appl
icat
ions
Com
preh
ensi
ve u
tilis
atio
n of
M
icro
soft
clou
d M
S 36
5 m
igra
tion:
Ass
ess
capa
city
and
relia
bilit
y of
inte
rnet
conn
ectio
n
2-3
ToPH ICT Strategy 2020-25
20
En
terin
g th
ree
year
lice
nce
rene
wal
A
sses
s re
liabi
lity
of M
S365
U
nder
stan
d pr
oduc
tion
func
tiona
lity
and
impl
icat
ion
for s
tora
ge, s
erve
rs, D
R,
secu
rity,
etc
D
evel
op im
plan
tatio
n pl
an
Am
end
licen
cing
agr
eem
ent
as r
equi
red
M
anag
e im
plem
enta
tion
ToPH ICT Strategy 2020-25
21
As-
Is
To-B
e B
ridg
ing
the
Gap
A
ctio
ns
Tim
efra
me
(Yea
r)
Ad
hoc
App
licat
ions
Subs
tant
ial p
ortfo
lio o
f ad
hoc
appl
icat
ions
that
are
mos
tly
user
initi
ated
and
web
bas
ed
Mis
sing
lice
ncin
g ag
reem
ent
docu
men
tatio
n A
cqui
sitio
n re
quire
s EL
T ap
prov
al
Ad
hoc
appl
icat
ions
incl
ude:
Act
ive
Car
rot
A
rman
do
Big
Red
Sky
C
arpo
ol
Cop
erni
c
Dan
thon
ia
Dee
pfre
eze
El
mo
Fi
xie
H
oots
uite
In
dust
rial A
utom
atio
nSm
artp
ack
In
foC
ounc
il
Intra
map
s G
IS
iSen
tia
LG H
UB
Li
nked
-in
Link
s M
odul
ar S
olut
ion
M
ailc
him
p
Man
dala
y
Mile
ston
e
Use
rs h
ave
acce
ss to
req
uire
d ap
plic
atio
ns
Cen
tral
regi
ster
of a
pplic
atio
ns
Ade
quat
e st
ewar
dshi
p of
ap
plic
atio
n ag
reem
ents
Agr
eem
ent t
erm
and
pric
e st
ruct
ure
mat
ches
bus
ines
s ne
eds
Effic
ient
pro
cess
to c
ontro
l ac
quis
ition
Cla
rity
on th
e ro
le o
f the
ICT
func
tion
in m
anag
ing
appl
icat
ions
Effe
ctiv
e go
vern
ance
of
appl
icat
ions
acq
uisi
tion
Col
late
dat
abas
e of
all
appl
icat
ion
licen
cing
ag
reem
ents
Rat
iona
lise
appl
icat
ions
bas
ed
on u
sage
Dev
elop
IOP
for
acqu
isiti
on
and
cont
rol o
f app
licat
ions
in
clud
ing
min
imum
sta
ndar
ds
for a
gree
men
ts, b
usin
ess
case
, sup
port
prov
isio
n an
d bu
dget
and
man
agem
ent s
ign-
off
2 2 2
ToPH ICT Strategy 2020-25
22
M
ozai
c
Ope
n In
sigh
t
Pape
rCut
Po
wer
BI
R
apid
Pla
n
Secu
re P
ay
Sign
age
Live
SL
IP
Smar
t She
et
Smar
ty G
rant
s
Spyd
us
Surv
ey M
onke
y
Trap
eze
Plan
Man
ager
Tr
eeSi
ze P
rofe
ssio
nal
Ty
pefo
rm
Vend
orpa
nel
W
hen-
I-Wor
k
Won
ders
hare
Film
ora
Sm
artfi
ll
Serv
er O
pera
ting
Softw
are
Serv
ers
utili
se M
icro
soft
Serv
er
2016
Up
to d
ate
with
pat
ches
O
ptim
ally
tim
ed m
igra
tion
tone
xt v
ersi
on
Man
aged
ser
ver
oper
atin
g sy
stem
upd
ates
Mon
itor M
icro
soft
Serv
erm
atur
ity a
nd in
dust
ry tr
end
to id
entif
y op
timal
mig
ratio
npo
int
M
anag
e m
igra
tion
3-4
Veea
m b
acku
p &
reco
very
: Pr
otec
ts v
irtua
l mac
hine
w
orkl
oads
in th
e fo
rm o
f:
Bac
kup
to d
isk
B
acku
p to
tape
(st
ored
offs
ite)
Doc
umen
ted
reco
very
obje
ctiv
es a
ligne
d w
ithbu
sine
ss c
ontin
uity
pla
n,in
clud
ing
dow
ntim
e an
d da
talo
ss
Doc
umen
ted
and
test
ed D
R
solu
tion
Def
ine
Line
of B
usin
ess
(LoB
)ap
plic
atio
ns in
clud
ing
the
plan
ned
depl
oym
ent m
odel
sfo
r the
nex
t 5 y
ears
(on
-pre
m,
IaaS
, Saa
S)
1-3
ToPH ICT Strategy 2020-25
23
No
defin
ed re
cove
ry o
bjec
tives
U
ndef
ined
ris
ks r
elat
ing
to
dow
ntim
e or
dat
a lo
ss
Bac
kup
solu
tion
that
mee
tsde
fined
rec
over
y ob
ject
ives
in a
sup
porta
ble
and
cost
-ef
fect
ive
man
ner.
Bac
k-up
s po
tent
ially
to th
ecl
oud
Con
sult
stak
ehol
ders
on
impa
ct o
f dow
ntim
e an
d lo
ssof
dat
a pe
r Lo
B a
pplic
atio
n P
repa
re, d
istri
bute
and
ratif
yth
e B
C P
lan
Det
erm
ine
solu
tion
for
exis
ting
tape
libr
ary
to e
nabl
est
atut
ory
data
rete
ntio
nco
mpl
ianc
e I
dent
ify a
nd im
plem
ent b
ack-
up s
olut
ion
Cis
co e
nter
pris
e so
lutio
n: W
orki
ng w
ell f
or th
e bu
sine
ss M
aint
ain
plat
form
with
nor
mal
lifec
ycle
turn
over
Up
to d
ate
firm
war
e R
epla
cem
ent p
lan
deve
lope
dSe
rver
blu
eprin
t R
evie
w e
xist
ing
equi
pmen
tan
d pl
an fo
r rep
lace
men
t M
anag
e m
igra
tion
ofeq
uipm
ent
1-2
ToPH ICT Strategy 2020-25
24
Infr
astr
uctu
re As-
Is
To-B
e B
ridg
ing
the
Gap
A
ctio
ns
Tim
efra
me
(Yea
r)
Net
wor
k C
omm
unic
atio
ns In
fras
truc
ture
Org
anic
com
mun
icat
ions
in
fras
truct
ure:
Ente
rpris
e gr
ade
100M
bin
tern
et c
onne
ctio
n
4G in
tern
et c
onne
ctio
ns
Inte
rnet
ena
ble
link
betw
een
som
e si
tes
A
CM
A li
cens
ed li
nk D
epot
–C
ivic
Pt
P lin
k St
adiu
m to
Dep
ot
Inst
allin
g Pt
P lin
k JD
Har
die
-D
epot
– C
ivic
SI
P en
able
d te
leph
one
conn
ectio
nC
apac
ity a
nd re
liabi
lity
of
avai
labl
e in
tern
et c
onne
ctio
ns
unkn
own
Plan
ned
com
mun
icat
ions
in
fras
truct
ure
that
:
Acc
omm
odat
es c
hang
ing
data
cap
acity
requ
irem
ents
inte
rnal
ly a
nd v
ia in
tern
et
Prov
ides
app
ropr
iate
redu
ndan
cy
Cos
t effe
ctiv
eM
onito
ring
perfo
rman
ce a
nd
utili
satio
n Pl
anne
d re
new
al
Who
le o
f com
mun
icat
ions
ne
twor
k de
sign
En
gage
com
mun
icat
ions
co
nsul
tant
to:
Rev
iew
exi
stin
g ne
twor
k A
sses
s Po
rt H
edla
nd in
tern
et
infr
astru
ctur
e Fo
reca
st c
apac
ity d
eman
d fo
r al
tern
ativ
e Sa
aS s
cena
rios
-Ph
one
syst
em-
Cor
e bu
sine
ss s
yste
m-
MS
Offi
ce s
uite
-D
isas
ter r
ecov
ery
Iden
tify
cost
effe
ctiv
e re
dund
ancy
opp
ortu
nitie
s Pr
oduc
e ne
twor
k de
sign
1
Impl
emen
t com
mun
icat
ions
in
fras
truct
ure
plan
1-
2
Dev
elop
ass
et m
anag
emen
t pl
an
1-2
ICT
Har
dwar
e
Som
e pa
rts
of a
sset
rene
wal
ar
e la
ggin
g:
Equ
ipm
ent r
epla
cem
ents
base
d on
pre
-def
ined
lifes
pans
ICT
asse
t man
agem
ent p
lan
Dev
elop
ICT
asse
t m
anag
emen
t IO
P 1-
2
Mon
itor e
quip
men
t de
velo
pmen
t tre
nds
1-5
ToPH ICT Strategy 2020-25
25
As-
Is
To-B
e B
ridg
ing
the
Gap
A
ctio
ns
Tim
efra
me
(Yea
r)
Su
bsta
ntia
l ren
ewal
of u
ser
devi
ces
iden
tifie
d in
202
1bu
dget
Su
bsta
ntia
l UPS
rene
wal
iden
tifie
d in
202
1 bu
dget
St
atus
of s
witc
hes
unkn
own
Tele
phon
e sy
stem
repl
acem
ent c
ritic
al
CC
TV in
fras
truc
ture
mos
tlyst
anda
rdis
ed
Lim
ited
rang
e of
use
r de
vice
sth
at b
est m
eet u
ser n
eeds
New
tele
phon
e in
frast
ruct
ure
Ass
ess
user
nee
ds a
nd s
can
prod
ucts
ava
ilabl
e 1-
5
Issu
e R
FT fo
r rep
lace
men
t te
leph
one
syst
em
1
Col
late
CC
TV e
quip
men
t age
pr
ofile
2
On-
prem
ise
mai
n se
rver
crit
ical
to
cor
e sy
stem
s:
R
efre
shed
in 2
019
U
nsur
e of
abi
lity
to s
hut-
dow
n an
d re
-sta
rtSt
orag
e no
t ent
irely
in c
ontr
ol:
C
orpo
rate
driv
e is
a m
ess
driv
ing
stor
age
dem
and
U
nlim
ited
e-m
ail s
tora
ge fo
rus
ers
N
o fo
reca
st o
f fut
ure
stor
age
dem
and
Serv
er r
ight
-siz
ed to
evo
lvin
g re
quire
men
t. A
bilit
y to
fore
cast
an
d m
anag
e st
orag
e re
quire
men
ts
Serv
er b
luep
rint
Enga
ge c
onsu
ltant
to m
odel
pr
oces
sing
and
sto
rage
re
quire
men
ts w
ith a
ltern
ativ
e Sa
aS a
dopt
ion
scen
ario
s
2-3
Serv
er r
oom
relo
cate
d to
Dep
ot
Det
erm
ine
Dep
ot
acco
mm
odat
ion
requ
irem
ent
1
Dev
elop
ser
ver r
eloc
atio
n pl
an
2 Sa
fe s
erve
r shu
t-do
wn
and
re-
star
t abi
lity:
M
anua
lly A
utom
atic
ally
dur
ing
pow
erou
tage
Impl
emen
t APC
Pow
erch
ute
1
Doc
umen
ted
and
test
ed s
hut-
dow
n an
d re
-sta
rt pr
oced
ure
1
Cle
an a
nd c
ontro
lled
stor
age
Cor
pora
te d
ata
clea
n-up
D
evel
op IO
P fo
r co
rpor
ate
driv
e da
ta r
eten
tion
and
disp
osal
1-2
Cor
pora
te d
rive
data
cle
an-u
p 1-
2
ToPH ICT Strategy 2020-25
26
As-
Is
To-B
e B
ridg
ing
the
Gap
A
ctio
ns
Tim
efra
me
(Yea
r)
Sign
ifica
nt e
xpen
ditu
re o
n ha
rdw
are
war
rant
ies
/ m
aint
enan
ce a
gree
men
ts
Opt
imal
use
of w
arra
ntie
s /
mai
nten
ance
agr
eem
ents
W
arra
ntie
s / m
aint
enan
ce
agre
emen
ts re
view
D
evel
op IC
T w
arra
ntie
s /
mai
nten
ance
agr
eem
ent
posi
tion
pape
r:
Iden
tify
war
rant
ies
curr
ently
in p
lace
and
revi
ewag
reem
ents
R
evie
w r
elev
ant c
onsu
mer
legi
slat
ion
C
anva
ss v
iew
s fr
om o
ther
orga
nisa
tions
3
Tele
phon
y
Tele
phon
e sy
stem
and
des
ktop
ha
ndse
ts u
rgen
tly n
eed
repl
acin
g
New
pho
ne s
yste
m a
nd
hand
sets
:
Syst
em is
com
patib
le w
ithfu
ture
offi
ce te
chno
logi
es th
atm
ay b
e ad
opte
d
Ade
quat
e re
dund
ancy
topr
ovid
e in
tern
al c
allin
gca
pabi
lity
in e
vent
of i
nter
net
outa
ge
Tele
phon
e sy
stem
rep
lace
men
t Pr
ocur
e re
plac
emen
t pho
ne
syst
em a
nd h
ands
ets
1
Tele
phon
e co
mm
unic
atio
ns is
in
tern
et b
ased
Pass
ive
mes
sagi
ng to
co
mm
unity
via
soc
ial m
edia
Targ
eted
pus
h m
essa
ging
via
text
mes
sagi
ngM
obile
dev
ice
utili
satio
n A
sses
s co
mm
unity
(and
sta
ff)
appe
tite
for r
ecei
ving
text
no
tific
atio
ns a
nd n
atur
e of
m
essa
ge
3-4
Tow
n ow
ns a
col
lect
ion
of
mob
ile p
hone
s of
diff
eren
t C
ost e
ffect
ive
prov
isio
n of
m
obile
pho
nes
that
mee
ts u
ser
need
s
Inve
stig
ate
impl
icat
ion
and
feas
ibili
ty o
f brin
g yo
ur o
wn
optio
n
2-3
ToPH ICT Strategy 2020-25
27
As-
Is
To-B
e B
ridg
ing
the
Gap
A
ctio
ns
Tim
efra
me
(Yea
r)
mod
els
and
ages
, som
e of
w
hich
are
unu
sed
Form
alis
e m
obile
pho
ne
elig
ibili
ty c
riter
ia
1-2
ToPH ICT Strategy 2020-25
28
Bus
ines
s C
ontin
uity
As-
Is
To-B
e B
ridg
ing
the
Gap
A
ctio
ns
Tim
efra
me
(Yea
r)
Dis
aste
r R
ecov
ery
(DR
) bac
k-up
site
at D
epot
Cre
ates
add
ition
al s
yste
mad
min
istr
atio
n ef
fort
C
over
s cr
itica
l sys
tem
s on
ly
Cur
rent
ly r
elie
s on
7 d
ayba
ck-u
p ta
pe
Evol
ving
to tw
ice
daily
repl
icat
ion
U
ntes
ted
Doc
umen
ted
and
test
ed D
R
solu
tion
Doc
umen
ted
and
test
ed D
R
solu
tion
Com
plet
e do
cum
enta
tion
and
test
Dep
ot D
R s
olut
ion
Con
tinue
d ad
optio
n of
Saa
S
1
Sim
plifi
ed o
n-pr
emis
e D
R
infr
astru
ctur
e O
n-pr
emis
e D
R in
frast
ruct
ure
Con
tinue
d m
igra
tion
to S
aaS
for v
ario
us a
pplic
atio
ns
3-4
Min
imum
ICT
capa
city
in e
vent
of
inte
rnet
out
age
Det
erm
ine
busi
ness
sys
tem
s an
d ap
plic
atio
ns th
at c
an b
e m
ade
avai
labl
e fro
m o
n-pr
emis
e se
rver
dur
ing
inte
rnet
ou
tage
Ensu
re re
quire
d on
-pre
mis
e se
rver
and
sto
rage
cap
acity
in
plac
e
2-4
1
Mai
nstre
am c
loud
bas
ed D
R
solu
tion
Clo
ud D
R
Inve
stig
ate
clou
d D
R s
olut
ion
in c
onte
xt o
f sof
twar
e sy
stem
an
d ap
plic
atio
n re
new
als
and
repl
acem
ent
1-3
Prov
en c
apac
ity fo
r sta
ff to
w
ork
off-s
ite a
nd c
omm
unic
ate
effe
ctiv
ely
Cur
rent
rem
ote
wor
king
pla
n an
d in
stru
ctio
ns
Doc
umen
ted
and
test
ed D
R
solu
tion
Dev
elop
IOP
for
wor
king
re
mot
ely
1-2
ToPH ICT Strategy 2020-25
29
Sec
urity
As-
Is
To-B
e B
ridg
ing
the
Gap
A
ctio
ns
Tim
efra
me
(Yea
r)
No
form
al c
yber
secu
rity
plan
Fo
rmal
cyb
erse
curit
y pl
an
Cyb
erse
curit
y po
stur
e us
ing
reco
gnis
ed fr
amew
ork
Enga
ge c
yber
secu
rity
cons
ulta
nt
1
Con
duct
cyb
erse
curit
y au
dit
1
Dev
elop
and
impl
emen
t cyb
er
secu
rity
plan
1
Inst
all s
oftw
are
secu
rity
upda
tes
as th
ey b
ecom
e av
aila
ble
1-5
Lim
ited
unde
rsta
ndin
g of
cy
bers
ecur
ity
Ann
ual p
enet
ratio
n te
stin
g C
ondu
ct a
nnua
l pen
etra
tion
test
s 1-
5
Fire
wal
l sec
urity
(Son
icW
all)
Rep
ortin
g on
sec
urity
bre
ach
atte
mpt
s U
tilis
atio
n of
fire
wal
l and
ant
i-vi
rus
softw
are
Impl
emen
t fire
wal
l rep
ortin
g fu
nctio
nalit
y 1
Reg
ular
ly u
pdat
ed a
nit-
viru
s so
ftwar
e (E
SET)
U
p to
dat
e se
curit
y so
ftwar
e En
sure
tim
ely
inst
alla
tion
of
secu
rity
upda
tes
1-5
Cos
t effe
ctiv
e se
curit
y so
ftwar
e R
evie
w fi
rew
all a
nd a
nti-v
irus
solu
tions
2-
3
Reg
ular
sta
ff aw
aren
ess
via
Frid
ay F
acts
In
form
ed a
nd v
igila
nt s
taff
Staf
f edu
catio
n C
ontin
ue F
riday
Fac
ts
info
rmat
ion
shar
ing
1-5
Incl
ude
info
rmat
ion
in o
n-lin
e in
duct
ion
2-3
Aut
omat
ed p
assw
ord
rene
wal
En
forc
ed m
inim
um p
assw
ord
stan
dard
s Ef
fect
ive
user
aut
hent
icat
ion
Purc
hase
pas
swor
d so
ftwar
e 1
Two
fact
or a
uthe
ntic
atio
n In
vest
igat
e tw
o fa
ctor
au
then
ticat
ion
2-3
ToPH ICT Strategy 2020-25
30
APPENDIX 2: ICT DETAILED RISK ASSESSMENT
Risk 1. Cyberattack – loss of serviceLikelihood Possible Consequence Major
Impact Mitigation Denial of server based services, all
systems become unavailable Up to date firewall and anti-virus protection Monitor incursion attempts at firewall DR site to reinstate critical processes if not
impacted Tape back-up to restore data from Increase use of SaaS provides access to
vendor’s protection and DR
Risk 2. Prolonged loss of local network communicationsLikelihood Unlikely Consequence Major
Impact Mitigation Server based business systems and
applications and data not available fromCivic servers
Loss of e-mail between sites Loss of internet access for most sites Loss of CCTV service
Redundant communication links betweencritical sites
Depot operate from DR servers Internet access point at Depot (future
state) CCTV has three servers and independent
communications links that operateindependently. Footage loss limited tofailed link
Risk 3. Prolonged server outageLikelihood Unlikely Consequence Major
Impact Mitigation Server based business systems and
applications and data not available fromCivic servers
Loss of e-mail between sites Loss of internet access for most sites Loss of CCTV service
Replicated DR server at Depot for criticalsystems
Ability to physically rearrange serversbetween sites and reconfigure virtualservers
Tape back-up of critical data every 7 daysand entire system every 30 days
Libraries, Stadium, JD Hardie and Landfillcustomer systems SaaS
CCTV system has three parts, eachhosted on a separate server
ToPH ICT Strategy 2020-25
31
Risk 4. Prolonged loss of internet communicationsLikelihood Rare / Unlikely Consequence Moderate / Major
Impact Mitigation Unable to make external phone calls Loss of SaaS business systems and
applications Loss of access to other internet based
resources
Enterprise grade internet connection Internet access point at Depot (future state)
Risk 5. Obsolete business system or applicationLikelihood Likely Consequence Moderate
Impact Mitigation Unavailability of system support to pursue
enhancements or remediate issues Missed opportunities for process
improvement and efficiency gains Staff frustration from working with an
inadequate system
ICT strategy and asset management planto holistically guide ICT investment andrenewals Maintain awareness of business systems
and applications development
Risk 6. Under investment in ICTLikelihood Likely Consequence Moderate
Impact Mitigation Increased risk of equipment failure as it
ages Increased difficulty maintaining equipment
as it ages Reduced reliability of lower quality
equipment Growing bow wave of catch-up investment
required Legacy hardware has higher on-going
cost compared to newer hardware Systems software and business systems
and applications become unsupported Missed opportunities for business process
improvements that are enabled by newdevices or systems and applications
Missed opportunities for improved deliveryof community services
Staff disenfranchised by below-par ICTtools
Implement ICT strategy and assetmanagement plan Select equipment of suitable quality to
match pre-defined lifespan Understand current software suite and
remain abreast of developments in thoseareas
Risk 7. Over investment in ICTLikelihood Unlikely Consequence Minor
ToPH ICT Strategy 2020-25
32
Impact Mitigation Higher acquisition cost of over-specified
hardware Higher on-going maintenance costs Higher on-going training costs Increased likelihood of underutilisation of
ICT assets Inefficient use of Town funds
Implement ICT strategy and assetmanagement plan Select equipment of suitable quality to
match pre-defined lifespan Review change management implications
for new business systems and applicationacquisitions Wait for technologies to be proven Centrally co-ordinate ICT investment
Risk 8. Data theftLikelihood Possible Consequence Moderate
Impact Mitigation Confidential data may be used for harmful
purposes Non-compliance with various obligations Damage to Town’s reputation
Password protection Up to date firewall and anti-virus protection Monitor incursion attempts at firewall
Risk 9. Prolonged telephone system outageLikelihood Possible Consequence Moderate
Impact Mitigation Loss of telephony internally and
externally System is obsolete increasing likelihood
of delayed return to service
Maintenance support arrangement inplace for telephone system Some spare handsets held Replace system Utilise existing after hours call centre to
manage incoming calls Utilise mobile phones
ToPH ICT Strategy 2020-25
33
Risk 10. Staff turnoverLikelihood Almost certain Consequence Moderate
Impact Mitigation ICT support staff: Loss of system and network knowledge Loss of key contractor and vendor
relationships Staff: Loss of business system and
applications use knowledge Advocate for software applications they
are familiar with Loss of knowledge regarding data
storage Derails ICT project implementations
Utilisation of external contractors who alsomaintain intimate system and networkknowledge Documentation of ICT processes Utilise business systems and applications
that are common in local government Retain vanilla software configurations IOP for applications software acquisition
and management Disciplined approach to data management Utilise external consultants on ICT
implementations
ToPH ICT Strategy 2020-25
34
APPENDIX 3: RISK MATRIX
Measures of Likelihood
Level Likelihood Description Frequency
5 Almost Certain
The event is expected to occur in most circumstances
More than once per year
4 Likely The event will probably occur in most circumstances
At least once per year
3 Possible The event should occur at some time At least once in 3 years
2 Unlikely The event could occur at some time At least once in 10 years
1 Rare The event may only occur in exceptional circumstances
Less than once in 15 years
Risk Matrix Consequence
Likelihood
Insignificant Minor Moderate Major Catastrophic
1 2 3 4 5
Almost Certain 5 5 10 15 20 25
Likely 4 4 8 12 16 20
Possible 3 3 6 9 12 15
Unlikely 2 2 4 6 8 10
Rare 1 1 2 3 4 5
1-4 Low 5-9 Moderate 10-16 High 17-25 Extreme
ToPH ICT Strategy 2020-25
35
13 McGregor StreetPort Hedland 6721
08 9158 [email protected]
www.porthedland.wa.gov.au
ToPH ICT Strategy 2020-25