Information Technology General Use and Practices Policy

Related procedures

A-ISS-001-001 Information Technology General Use and Practices Procedure
A-ISS-001-003 Equipment and System Access Requests Procedure
A-ISS-001-004 User Security Settings and System Configurations Procedure

Policy statement

The Information Systems department (I.S.) supplies programs and systems, maintenance and support of information technology resources (IT) to aid the Town of Oakville (town) in delivering programs and services to facilitate the business of the town in an ethical and lawful manner.

Purpose

The purpose of this policy is to provide a context for procedures that outline standards and best practices to:

1. Establish and setup guidelines.
2. Ensure appropriate use of information technology resources.
3. Establish the town’s expectation on acceptable uses of information and technology resources.
4. Provide auditable standards and recognized practices by which questions of acceptable information technology resources use may be measured.
5. Identify applicable legislation, regulations and procedures.
6. Guide alignment of the business direction of the town and current technologies, industry standards, best practices and procedures through regular review by I.S. management staff.
7. Provide guidelines for ethical use and continuous services.
8. To safeguard the systems, sensitive information and employees from unwanted attacks.

Scope

1. The I.S. department will provide services in line with recognized industry best practices, in accordance with established standards and procedures in an ethical and lawful manner.
2. The I.S. department is responsible for selection, configuration, installation and training of hardware and software business technologies based on business requirements and needs. Purchase of all technologies will follow the approved purchasing policies and guidelines.
3. The I.S. Director and supporting management team will review underlying procedures annually to ensure they are in line with the business direction and are on par with current technologies and industry standards and best practices.
4. Changes to any programs, the service, technologies or other tactical plans will be reviewed by an established I.S. Steering Committee that will determine the direction of information technology plans, projects, service levels, objectives, aims and goals.
5. All procedures will be developed in accordance with standards, legislation, and regulations while in-line with auditable and recognized practices.
6. Procedures will be developed to guide the I.S. department and town staff (and affiliates) to ensure continuous services, that systems and technology will be used in a responsible and ethical manner, in order to safeguard the systems, sensitive information and employees from unwanted attacks.

This policy applies to any person that is provided access to town owned information technology resources including; town employees, elected officials, employees, contractors, consultants, volunteers, students and interns (Users).

Use of the town’s information technology resources that contravenes policies and/or procedures may result in disciplinary action up to and including dismissal from employment, seeking restitution, commencement of civil action, criminal prosecution or a combination thereof.

COBIT Framework Objectives:

PO 4.3 – IT Steering Committee
PO 6 –    Communicate Management Aims and Directions
PO 6.3 – IT Policies Management
PO 6.4 – Policy, Standards and Procedures Rollout
PO 6.5 – Communication of IT Objectives and Direction

Definitions

Information technology resources include (but not limited to):

• Town provided networks (both wired and wireless) that allow access to and supply access to the Internet.
• Portico and town intranets.
• Shared network drives and files.
• Email accounts, shared access, calendars and contacts.
• Desktop and laptop computers or other forms of data processing devices.
• Cell phones, land line phones, voicemail, handheld smart phone technologies.
• Programs, software and applications.
• Audio-visual communication equipment and devices.
• Portable media and storage devices.
• POS and pin pad terminals.

COBIT: Control Objectives for Information and related Technology is a recognized and accepted practice to document and identify control objectives, activities functions, stakeholders, dependencies, and the processes that are the efforts of enterprise ‘IT’ functions as it relates to itself and other areas of the business. The framework can ensure that an Information Technology department is operating responsibly, effectively and is auditable in its operation.

PCI or PCI-DSS: Payment Card Industry Data Security Standard is a set of requirements for any business that stores, processes or transmits payment cardholder information. The framework is intended to secure the payment environment and cardholder information in a set of common-sense steps that mirror best security practices.