Information Technology General Use and Practices Policy

Policy statement

The Information Technology and Services department (I.T.S.) supplies programs and systems, maintenance and support of information technology (IT) resources to aid the Town of Oakville (town) in delivering programs and services to facilitate the business of the town in an ethical and lawful manner.

Purpose

The purpose of this policy is to provide a context for procedures that outline standards and best practices to:

1. Establish and setup guidelines.
2. Ensure appropriate use of information technology resources.
3. Establish the town’s expectation on acceptable uses of information and technology resources.
4. Provide auditable standards and recognized practices by which questions of acceptable information technology resources use may be measured.
5. Identify applicable legislation, regulations and procedures.
6. Guide alignment of the business direction of the town and current technologies, industry standards, best practices and procedures through regular review by I.T.S. management staff.
7. Provide guidelines for ethical use and continuous services.
8. To safeguard the systems, sensitive information and employees from unwanted attacks.

Scope

1. The I.T.S. department will provide services in line with recognized industry best practices, in accordance with established standards and procedures in an ethical and lawful manner.
2. The I.T.S. department is responsible for business technology governance, including configuration and installation as well as assisting town departments in selection and training. Purchase of all technologies will follow the approved purchasing policies and guidelines.
3. The I.T.S. Director and supporting management team will review underlying procedures annually to ensure they are in line with the business direction and are on par with current technologies and industry standards and best practices. 
4. All procedures will be developed in accordance with standards, legislation, and regulations while in-line with auditable and recognized practices.
5. Procedures will be developed to guide the I.T.S. department and town staff (and affiliates) to ensure continuous services, that systems and technology will be used in a responsible and ethical manner, in order to safeguard the systems, sensitive information and employees from unwanted attacks.

This policy applies to any person that is provided access to town owned information technology resources including; members of council, members of boards and committees, all town employees as well as volunteers, students, interns, agents, contractors, consultants, and third parties, or any other individuals who interact with the public or other third parties.

Use of the town’s information technology resources that contravenes policies and/or procedures may result in disciplinary action up to and including dismissal from employment, seeking restitution, commencement of civil action, criminal prosecution or a combination thereof.

Definitions

Information technology resources include (but are not limited to):

• Town provided networks (both wired and wireless) that allow access to and supply access to the Internet.
• Portico and town intranets.
• Shared network drives and files.
• Email accounts, shared access, calendars and contacts.
• Desktop and laptop computers or other forms of data processing devices.
• Cell phones, land line phones, voicemail, handheld smart phone technologies.
• Programs, software and applications.
• Audio-visual communication equipment and devices.
• Portable media and storage devices.
• POS and pin pad terminals.

PCI or PCI-DSS: Payment Card Industry Data Security Standard is a set of requirements for any business that stores, processes or transmits payment cardholder information. The framework is intended to secure the payment environment and cardholder information in a set of common-sense steps that mirror best security practices.