The Corporation of the Town of Oakville · Policy A-ISS-001

Information Technology General Use and Practices

Policy Number:
A-ISS-001
Section:
Administration
Sub-Section:
Information Systems + Solutions
Author:
Information Systems + Solutions Department
Authority:
Council
Effective Date:
2006 Jul 04
Review by Date:
2017
Replaces:
02-01-21, 02-01-01, 02-01-02, 02-01-03, 02-01-04, 02-01-05
Last Modified:
2012 Apr 16, Formerly 'General Use of Information Technology Resources'

Policy Statement

The Information Systems + Solutions department (IS+S) supplies programs and systems, maintenance and support of information technology resources (IT) to aid the Town of Oakville in delivering programs and services to facilitate the business of the town in an ethical and lawful manner.

Purpose

The purpose of this policy is to provide a context for procedures that outline standards and best practices to:

  1. Establish and setup guidelines.
  2. Ensure appropriate use of information technology resources.
  3. Establish the town’s expectation on acceptable uses of information and technology resources.
  4. Provide auditable standards and recognized practices by which questions of acceptable information technology resources use may be measured.
  5. Identify applicable legislation, regulations and procedures.
  6. Guide alignment of the business direction of the town and current technologies, industry standards, best practices and procedures through regular review by IS+S management staff.
  7. Provide guidelines for ethical use and continuous services.
  8. To safeguard the systems, sensitive information and employees from unwanted attacks.

Scope

  1. The IS+S department will provide services in line with recognized industry best practices, in accordance with established standards and procedures in an ethical and lawful manner.
  2. The IS+S department is responsible for selection, configuration, installation and training of hardware and software business technologies based on business requirements and needs. Purchase of all technologies will follow the approved purchasing policies and guidelines.
  3. The IS+S Director and supporting management team will review underlying procedures annually to ensure they are in line with the business direction and are on par with current technologies and industry standards and best practices.
  4. Changes to any programs, the service, technologies or other tactical plans will be reviewed by an established IS+S Steering Committee that will determine the direction of information technology plans, projects, service levels, objectives, aims and goals.
  5. All procedures will be developed in accordance with standards, legislation, and regulations while in-line with auditable and recognized practices.
  6. Procedures will be developed to guide the IS+S department and town staff (and affiliates) to ensure continuous services, that systems and technology will be used in a responsible and ethical manner, in order to safeguard the systems, sensitive information and employees from unwanted attacks.

This policy applies to any person that is provided access to town owned information technology resources including; town employees, elected officials, employees, contractors, consultants, volunteers, students and interns (Users).

Use of the town’s information technology resources that contravenes policies and/or procedures may result in disciplinary action up to and including dismissal from employment, seeking restitution, commencement of civil action, criminal prosecution or a combination thereof.

COBIT Framework Objectives:

PO 4.3 – IT Steering Committee
PO 6 –    Communicate Management Aims and Directions
PO 6.3 – IT Policies Management
PO 6.4 – Policy, Standards and Procedures Rollout
PO 6.5 – Communication of IT Objectives and Direction

Definitions

Information technology resources include (but not limited to):

COBIT - Control Objectives for Information and related Technology is a recognized and accepted practice to document and identify control objectives, activities functions, stakeholders, dependencies, and the processes that are the efforts of enterprise ‘IT’ functions as it relates to itself and other areas of the business. The framework can ensure that an Information Technology department is operating responsibly, effectively and is auditable in its operation.

PCI or PCI-DSS - Payment Card Industry Data Security Standard is a set of requirements for any business that stores, processes or transmits payment cardholder information. The framework is intended to secure the payment environment and cardholder information in a set of common-sense steps that mirror best security practices.