WT67-3
Administration Policy:
Information Technology and Its Use
Classification:
Administration Policy
First Issued:
15 June 2004
Dates of Review:
2005, 2005, 2008, 2011, 2017, 2019
Version Number:
7.1
Objective ID:
A4678
Next Review Due:
2025
Applicable Legislation:
Copyright Act 1968 (Cth)
Related Policies or
Administration Policy Induction
Corporate Documents:
Administration Policy Correspondence
Administration Policy Disposal of Computer and Related
Equipment
Administration Policy Mobile Devices
Administration Policy Remote Access and Network
Security
Associated Forms:
Note:
Formerly Information Technology and Its Use Policy A.123
Responsible Manager:
Manager Information Services
Confirmed by General
General Manager Corporate
Date
14 February 2019
Manager:
and Compliance
Approved by Executive:
19 February 2019
Date
City of West Torrens Administration Policy Information Technology and Its Use
Table of Contents
1.
Introduction................................................................................................................. 3
2.
Purpose........................................................................................................................3
3.
Scope........................................................................................................................... 3
4.
Definitions....................................................................................................................3
5.
Policy Statement......................................................................................................... 4
Objective ID A4678
Page 2 of 11
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
City of West Torrens Administration Policy Information Technology and Its Use
Administration Policy Information Technology and Its Use
1.
Introduction
1.1
This policy describes how people who access City of West Torrens’ (CWT) systems and
information technology may use these facilities.
2.
Purpose
2.1
This policy aims to:
Maintain the performance, reliability and security of CWT’s information
communication technology (ICT) infrastructure.
Support higher productivity.
Promote the consistent and accurate use of corporate systems in order to
effectively share corporate information and knowledge.
Maintain the integrity of CWT’s corporate information and preserve CWT's
corporate memory.
3.
Scope
3.1
This policy applies to users of CWT computer equipment but does not apply to Elected
Members.
3.2
This policy covers al types of CWTowned personal computers (PCs), virtual desktops,
laptops, tablet computers, smartphones, network servers, online and electronic services
(such as the Internet) and peripheral equipment (e.g. modems, printers and USB
devices), and applies equal y to CWTbased and homebased IT equipment.
3.3
Al data on the IT network belongs to CWT and must be handled according to Council
policy, procedures and relevant legislation.
4.
Definitions
4.1
Control tools refers to software used by IT support staff to manage CWT’s IT network.
4.2
Records of
corporate significance refers to official CWT records of enduring or
informational value.
4.3
West Maps refers to the portal used to view datasets geographical y.
4.4
EDRMS refers to CWT’s electronic document and record management system
currently Objective ECM.
4.5
Email refers to electronic mail and is defined as messages sent and received
electronical y between terminals linked by telephone lines, cable, or microwave relays.
Attachments to electronic messages (including electronic attachments, transmission
history, etc.) are an integral part of electronic mail.
4.6
Executive Management Team refers to the Chief Executive Officer (CEO) and General
Managers.
4.7
External datasets refers to datasets that are acquired from other organisations such as
government departments (e.g. property boundaries that are provided by the Department
Objective ID A4678
Page 3 of 11
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
City of West Torrens Administration Policy Information Technology and Its Use
of Environment and Heritage).
4.8
GIS dataset refers to a database of discrete data linked to CWT’s geographic
information system.
4.9
Internal datasets refers to datasets that are acquired and maintained by the CWT or
consultants/contractors on behalf of CWT (e.g. stormwater network data maintained by
City Assets).
4.10
The acronym
pst refers to personal storage table and is an open file format used to
store copies of messages, calendar events and other items within Microsoft software.
4.11
A
standard operating environment (SOE) refers to the standard implementation of an
operating system and its associated software.
4.12
Confidential information refers to any information or document that CWT wishes not to
make public.
4.13
Cloud computing is the delivery of ICT services over the internet.
4.14 Software as a service (
SAAS) is defined as software that is owned, delivered and
managed remotely by one or more providers.
5.
Policy Statement
5.1
Unacceptable Material
5.1.1
Consistent with the
Code of Conduct for Council Employees, users must not
create, transmit, disseminate or retain offensive material including, but not
limited to:
pornography
defamatory items
items of a discriminatory nature
material considered offensive or inappropriate by the CEO
material that has been il egal y obtained
material that may breach the provisions of the
Privacy Act 1988 (Cth).
5.1.2
Breaches of this policy requirement wil result in action being taken under
CWT’s
Managing Performance, Misconduct and Inappropriate Behaviour.
5.2
Privacy and Access
5.2.1
Responsible officers may, at their discretion, access, remove or retain any
information on CWT’s computer network.
5.2.2
Users should be aware that al email and web browsing is automatical y
recorded on a CWT server and is subject to random monitoring.
5.2.3
CWT must cooperate with lawful requests from the police, Ombudsman, those
lodging freedom of information applications or discovery orders or from any
other person or body duly authorised to investigate breaches of the law. CWT
may disclose information to these parties in relation to an individual’s use of
CWT’s IT network.
5.2.4
CWT wil not disclose personal information about individual usage of the
computer network to a third party unless a responsible officer:
Objective ID A4678
Page 4 of 11
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
City of West Torrens Administration Policy Information Technology and Its Use
has reason to suspect that unlawful activity has been, is being, or may be
engaged in, and disclosure of the information is a necessary part of an
investigation or as part of reporting a matter of concern to relevant
persons or authorities; or
is required or specifical y permitted by or under law to provide information
to an authority or person that is duly authorised to request it; or
is compel ed through a court order to disclose the information to a
specified recipient; or
is otherwise required or specifical y permitted by law to disclose the
information.
5.3
Data Storage
5.3.1
Al information of corporate significance is to be stored or registered on
nominated network drives or in CWT’s EDRMS for security reasons and the
protection of information assets.
5.3.2
Information of corporate significance must not be stored on a PC’s hard drive
(C:drive) as such locations are impractical to protect. The IT Unit is not
responsible for data stored on any local hard drive, whether of corporate or
personal significance.
5.3.3
Large noncorporate files, including photographs, videos/movies or music, must
not be stored on network drives.
5.3.4
The use of USB drives must be approved by an employee’s manager or the
Manager Information Services. Software wil be used to manage connections
via USB ports and ensure corporate data is encrypted.
5.3.5
The access restricted I:drive has a limit of 100MB of storage al ocated for each
employee and must not be used to store corporately significant information.
5.3.6
Consideration on an individual basis wil be given to users with specific need for
a higher storage limit.
5.3.7
Network drives provided for corporate use may have limits imposed subject to
resource availability.
5.3.8
The temporary network drive provided for corporate use, currently the T:drive, is
used for sharing information and is not backed up. Information on the temporary
drive should be a copy, but not the only copy of information.
5.3.9
Individual desktop profiles are to be limited to 50MB in order to prevent any
adverse impact on the time to log on, back up and recover processes, and to
discourage the storage of nonprofile information on the desktop.
5.4
Email Use
5.4.1
Personal email must be kept to an absolute minimum.
5.4.2
To preserve internet connection bandwidth, size restrictions are used for
incoming and outgoing Internet mail. Email messages greater than 20MB wil be
blocked by the system, but in cases of justified business need, this wil be
increased on an individual basis.
5.4.3
Confidentiality requirements must be observed.
Objective ID A4678
Page 5 of 11
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
City of West Torrens Administration Policy Information Technology and Its Use
5.4.4
The email system must not be used as a document storage system. Documents
which need to be kept must be stored in the corporate EDRMS.
5.4.5
Each user is responsible for managing email sent and received at his/her email
address. This includes managing the size of their mailboxes.
5.4.6
Under the direction of the CEO, the IT Unit wil set limits for the size of
mailboxes. Users are required to manage their electronic information storage
system so as to comply with these limits. The IT Unit wil advise users in
advance of any changes to folder size limits, and wil al ow adequate time for
users to delete or move files to a more appropriate storage location.
5.4.7
Email must be opened daily by the user or user’s delegate.
5.4.8
Each user is responsible for registering personal y addressed emails in the
corporate EDRMS, if they are of corporate significance.
5.4.9
Once trained in the use of the corporate EDRMS, it is the responsibility of each
user to register incoming and outgoing corporate emails at the desktop. (If
untrained, users may refer corporately significant information to the IMU for
capture).
5.4.10 A high standard of email correspondence is to be maintained in accordance
with the
Administration Policy Correspondence.
5.4.11 Users must use appropriate language, style and subject matter in emails.
5.4.12 Emails sent, received or stored must be available for review by an authorised
representative of the State Government (State Records, Ombudsman SA,
Independent Commissioner Against Corruption, Court of Law).
5.4.13 Email content must be identified clearly in the title of a message.
5.4.14 To ensure mailboxes do not impact on the system, the Manager Information
Services in conjunction with the IT Unit wil set and maintain restrictions on the
size of email folders as fol ows:
Mailboxes wil have a size limitation of 200MB
Once the mailbox reaches 160MB a warning message wil be received
asking for unwanted items to be deleted.
At 200MB the sending of emails wil be restricted, although receiving
emails wil be unaffected.
5.4.15 Consideration on an individual basis wil be given to users with specific need for
a higher storage limit, with increases to be approved by the Manager
Information Services.
5.4.16 By adhering to the fol owing, as a minimum requirement, users can assist in
reducing unnecessary email traffic:
Read then delete email messages not required as records.
Store emails required for personal records in 'personal folder(s)'.
Check and delete items in the 'deleted' items folders at least weekly.
Check and delete insignificant items in the 'sent' items folder at least
weekly.
Address email messages only to those who need to know.
Limit the use of the 'Al Staff' address to necessary notifications only.
Leave, sickness and RDO notifications need only be forwarded on a
Objective ID A4678
Page 6 of 11
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
City of West Torrens Administration Policy Information Technology and Its Use
'needs to know' basis (e.g. the cal centre and your department).
5.4.17 The use of PST files to manage mailbox sizes is the responsibility of the user.
5.4.18 Each user should appoint a trusted delegate to their Outlook email system to
ensure al emails can be accessed and actioned in the event of absence.
5.4.19 A workstation logged on and unattended is vulnerable to abuse of email and
confidentiality. Users must use discretion when leaving a workstation logged on
when absent from the desk for long periods.
5.4.20 Each user is responsible for logging out of his/her computer at the close of each
working day.
5.4.21 Personal items for sale, tickets for sale, Xlotto results and items unrelated to
work such as internet audio/visuals must not be sent to email groups, but may
be posted on the Intranet.
5.4.22 The rules for emails and signature blocks are outlined in the
Administration
Policy Correspondence.
5.5
Internet Use
5.5.1
Access to or transmission of unacceptable material is not permitted (refer
section 5.1 'Unacceptable Material').
5.5.2
Access to the Internet is primarily for business use however limited personal
use is al owed. Management reserves the right to block websites or access at
its discretion.
5.5.3
Access to social websites for personal use may be provided for a limited period
each day. Management may block this access at its discretion.
5.5.4
Corporate email addresses are not to be used in association with social
websites or personal use unless for business related matters.
5.5.5
Use of CWT’s IT infrastructure to generate or support an income for individuals
is not permitted.
5.5.6
Users must not represent personal opinions as those of the Council or CWT, or
reveal confidential or sensitive information unless authorised to do so.
5.5.7
Users must not download software unless authorised and in doing so must
fol ow the 'Approval and Instal ation' guidelines in section 5.7.
5.5.8
CWT uses software to monitor internet access and bandwidth usage. Use of the
internet implies knowledge and acceptance that this occurs.
5.5.9
The IT Unit may restrict or remove staff access to the internet if usage interferes
with or compromises CWT’s ability to conduct its internet based business.
5.5.10 Employees are not to access, download or print information which could cause
potential distress, embarrassment or harassment to any other staff member.
5.5.11 Employees must not al ow external parties to use their equipment to access
CWT IT facilities or infrastructure unless prior approval is obtained from the
Manager Information Services.
Objective ID A4678
Page 7 of 11
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
City of West Torrens Administration Policy Information Technology and Its Use
5.5.12 Not al information on the Internet is in the public domain or freely available for
use without proper regard to rules of copyright. Much of the information is
subject to copyright protection under the
Copyright Act 1968.
'Use' includes downloading, reproducing, transmitting or in any way duplicating
al or part of any information (text, graphics, videos, cartoons, images or music)
which is not in the public domain.
5.5.13 Users should not assume that they can reproduce, print, transmit or download
al material to which they have access. Users have rights to use material
consistently with the technology or the rights of the owner of the material.
Material reproduced outside permitted uses or without the permission of the
owner may be unlawful and may result in legal action against the user and the
Council.
5.6
IT Network Environment
5.6.1
A Standard Operating Environment (SOE) is used as a key method of reducing
support costs and maintaining system security, and is approved by the CEO.
5.6.2
Al hardware and software must be compatible with the SOE. Individual
variations from the SOE are not permitted unless approved by the CEO.
5.6.3
Changes to the SOE may require upgrades of existing hardware and/or
software to new versions or alternative products. These changes wil be
implemented CWT wide if required, after consultation with the CEO.
5.7
Approval and Installation of Computer Hardware and Software
5.7.1
The General Manager Corporate and Compliance is authorised to approve the
purchase and instal ation of hardware and software in conjunction with the IT
Unit and Manager Information Services. Purchasing advantages, network
compatibility, network consistency, security, latency, maintenance, and system
capacity requirements wil be assessed, prior to approval to purchase being
given by the General Manager. Funding for additional support and ongoing
maintenance needs to be included in the IT Unit budget.
5.7.2
Instal ation must be undertaken by the IT Unit, or vendor/resel er after approval
from the Manager Information Services.
5.7.3
Al software must be virus scanned by supplier/instal er or IT Unit before
instal ation.
5.7.4
Special backup procedures need to be in place prior to instal ation if required.
5.8
Licences
5.8.1
Al software must be registered, licensed and cleared with the IT Unit before
instal ation.
5.8.2
The IT Unit wil store al licenses and maintain a software/license register.
5.8.3
The purchase of software is the responsibility of the IT Unit.
5.9
Corporate Data
5.9.1
Prior to col ecting and/or storing large blocks of corporate data, staff must
discuss their requirements with the IT Unit to ensure that the data is stored in a
Objective ID A4678
Page 8 of 11
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
City of West Torrens Administration Policy Information Technology and Its Use
way that is compatible with Council’s IT systems and business requirements.
5.9.2
Devices remotely connected to CWT's IT infrastructure or information systems
are to be secured as advised by the IT Unit to maintain the security of CWT's
information.
5.10
Replacement Program for IT Equipment
5.10.1 CWT’s IT equipment replacement cycle wil nominal y be 3 years, or as
appropriate to work requirements.
5.10.2 When necessary IT equipment may be relocated to suit different business
purposes across CWT.
5.10.3 Al equipment must be purchased with onsite warranties.
5.11
Network Security and Access
5.11.1 Written authorisation from a manager is required before access to the CWT
network is al owed or changed. For security reasons, access wil not be granted
on the basis of a verbal request.
5.11.2 Al corporate information, which is drafted, processed, or stored on either
CWT’s IT network or equipment provided by CWT for home use, remains the
property of CWT. Users may be subject to disciplinary and/or legal action if
CWT information is purposeful y deleted, corrupted, or inappropriately
transferred to a third party.
5.11.3 Remote control tools are used to support a user's active session and part of the
SOE. The IT Unit wil inform users before accessing a desktop remotely.
5.11.4 Managers must advise IT staff in writing when an employee is either leaving
CWT or taking extended leave, in order for access to the IT network to be
terminated on an employee’s final working day. When an individual leaves CWT
their I:drive content wil be retained for no longer than 30 days.
5.11.5 Passwords are not to be shared by users.
5.11.6 Multiple layers of security are applied around and within the IT network which
occasional y result in business traffic being blocked by the protection
mechanisms in place. The onus is on the user to fol ow up with IT if they believe
legitimate correspondence has been blocked.
5.11.7 Laptops or other computer devices not owned or managed by CWT are not
permitted to connect to CWT's corporate IT network without prior approval by
the IT Unit.
Objective ID A4678
Page 9 of 11
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
City of West Torrens Administration Policy Information Technology and Its Use
5.12
Equipment Used at Home
5.12.1 IT equipment provided by CWT for homeuse, including PCs (al types), tablet
computers, laptops, modems and peripheral equipment, must be:
Recorded in order for CWT’s insurance cover to apply.
Signed for by the user on receipt of materials (details to include but not
limited to serial and model numbers, specifications and insurance details)
Used in a suitable area/manner for such equipment (sturdy desk, clean
area, dry area, wel lit, safely cabled and ergonomical y set up). Users
should consult their Manager or the IT Unit for advice on any of the above
requirements.
5.12.2 Users wil be held responsible for damage to equipment (physical or caused by
misuse).
5.12.3 Home based or transportable computer devices must be returned to CWT if the
employment arrangement changes or is discontinued. CWT retains the right to
have its computer equipment returned at any time.
5.13
Network Protection
5.13.1 The IT Unit wil instal and maintain software required to protect CWT IT
equipment and network services from network infiltration. Users must not
disable or modify this software.
5.13.2 Users are required to take al precautions when accessing local drives, network
drives, removable drives, email and the Internet. Users must comply with any
requests from the IT Unit to delete emails or avoid particular websites which are
deemed to be a risk.
5.13.3 The IT Unit may shut down any systems in order to prevent, contain or repair
any virus or security threats or outbreaks.
5.14
Approval and Installation of GIS Datasets
5.14.1 GIS
datasets are purchased or created, updated and maintained by the CWT
and contractors/consultants on its behalf.
5.14.2 The General Manager Corporate and Compliance is authorised to approve the
purchase, creation, update and maintenance of GIS datasets.
5.14.3 The manager requesting the purchase, creation or update of a GIS must
document his/her business requirements to the Manager Information Services,
who wil forward the request together with his comments and recommendations
to the General Manager Corporate and Compliance. The relevant Executive
Management Team member wil be consulted as necessary prior to a decision
being made.
5.15
Approval and use of Cloud solutions
5.15.1 Cloudbased solutions are accessed via the internet when computer systems,
including data, are located outside the Council's ICT infrastructure.
5.15.2 Cloud and SAAS solutions are typical y used when there is no internal
alternative or they provide benefits greater than an internal solution.
Objective ID A4678
Page 10 of 11
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
City of West Torrens Administration Policy Information Technology and Its Use
Characteristics of SAAS solutions currently in use by our business are that they:
Are simple niche functions
Have little integration with our other business applications
Involve low technical and reputational risk
Are low cost
5.15.3 The General Manager Corporate and Compliance is authorised to approve the
use of cloud solutions. Technology and business considerations are to be
assessed by the Manager Information Services prior to approval to use a cloud
solution being given by the General Manager Corporate and Compliance. The
technical and business considerations include, but are not limited to:
Financial impact e.g. upfront, ongoing and on exit costs
Technology impact e.g. technical fit, integration, support, latency &
bandwidth
Business benefits e.g. functionality, business continuity, mobility
Supplier arrangements e.g. try before you buy, coping with changes, exit
strategy
Records management
Exit strategy
Documentation to mitigate when key staff are no longer available
Data security and privacy.
Objective ID A4678
Page 11 of 11
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
