ICT Policy
JULY 2021
CONTENTS
1. WHAT IS INFORMATION AND COMMUNICATION TECHNOLOGY?
2. AIMS
3. MANAGEMENT
4. TECHNICAL SUPPORT
5. SECURITY
6. HARDWARE
7. TELEPHONES AND RELATED SYSTEMS
8. AUDIO-VISUAL EQUIPMENT
9. SOFTWARE
10. INTERNET ACCESS
11. EMAIL
12. UNACCEPTABLE USE
13. REMOTE ACCESS
14. PERSONAL DATA
15. DATA PROTECTION
16. TRAINING
17. AWARENESS
18. MONITORING
19. BREACHES OF POLICY
1. WHAT IS INFORMATION AND COMMUNICATION TECHNOLOGY?
Information and Communication Technology (ICT) is a loose term which is used to describe a wide range of tools and techniques, usually electronic in nature, which speed up and/or aid communication.
Spilsby Town Council recognises the importance of embracing ICT in order to ensure that its customers benefit from efficient levels of service delivery.
The Council supports the government’s aim of improving electronic access to public services.
2. AIMS
The aims of this policy are to:
i) Facilitate the ongoing development of the efficient management and delivery of the Council’s services;
ii) Provide opportunities for staff to acquire and develop core ICT competencies;
iii) Ensure that the Council’s ICT systems are reviewed regularly and adjusted to meet new or changing need.
3. MANAGEMENT
The Town Clerk has overall responsibility for ICT and the implementation of this policy.
4. TECHNICAL SUPPORT
The Town Council shall appoint an independent and competent ICT support provider and will be subject to a 3-year review in order to confirm the service they provide and meet service delivery needs.
5. SECURITY
a) Individuals shall:
Be responsible for the Town Council’s user names and passwords’
Protect user credentials against misuse;
Not share or disseminate any user credentials with another person;
Only attempt to access ICT where permissions have been given;
Not misuse or alter the configuration or settings of any ICT;
Not attempt to bypass or subvert ICT security controls;
Not leave a computer system open if it is unattended;
operate a clear screen policy when you leave ICT unattended, for example by temporary ‘locking’ the computer;
Protect all CT portable media and devices at all times, in particular when transporting them outside of Council premises, by securing items within the fire proof storage within the Town Council offices.
b) All ICT media and portable devices used to process Council information shall be password protected and encrypted.
c) Staff will seek to prevent inadvertent disclosure of personal or sensitive information by avoiding being overlooked when working.
d) Take care when printing information and by carefully checking the distribution list for any material to be transmitted.
e) Staff shall securely store or destroy any printed material which contains private information, sensitive, disclosive or identifiable records or which is not for public circulation.
f) Staff and elected Members shall not introduce unofficial software, hardware, removable media or files without appropriate authorisation.
g) Staff and elected Members shall report any security incident or suspected security incident to the Council as soon as is reasonably possible.
6. HARDWARE
Computers and peripherals
The Town Council’s computer systems and computer peripherals will be subject to annual review in order to confirm that they are meeting service delivery needs.
All computers and computer peripherals will be listed and revisions/deletions will be assessed for replacement or upgrade over a maximum of a 3-year period.
7. TELEPHONES AND RELATED SYSTEMS
The Town Council currently utilises the telephone system supplied within the office leasing agreement; this practice will be subject to annual review by the Council in order to confirm that this meets service delivery needs.
Answer machines will be maintained within the Town Council office. Any information contained in outgoing messages will conform to national minimum standards with messages being clear and concise.
The Town Clerk has the discretion to engage providers of more cost- effective telephone network services. Except in exceptional circumstances, use of the telephone, related and electronic communication systems for personal use must be authorised by the Town Clerk.
There will be a duty mobile phone.
All telephone and related systems will be assessed over a 3-year period and assessed for replacement/repair where necessary.
8. AUDIO-VISUAL EQUIPMENT
The overhead projector equipment in the Council Chamber is and remains the property of Spilsby Town Council. The service and repair of such equipment of the responsibility of the town council.
9. SOFTWARE
The Town Council’s computer software will be subject to annual review in order to confirm that it is meeting service delivery needs and demand.
In order to ensure adequate maintenance and development support, the Council shall normally avoid bespoke software packages.
The Town Council approved applications are:
Word processing: Microsoft Word
Spreadsheets: Microsoft Excel
Presentations: Microsoft PowerPoint
Accounting: Scribe
Payroll: HMRC system
10. INTERNET ACCESS
The Town Council recognises that the internet is a valuable information resource with the potential to improve the delivery of its service. The Town Council will use the website provided by Lincolnshire County Council.
Access to the Internet must be approved by an authorised user – as appropriate, usually the Town Clerk or Town Clerk’s Assistant.
Access to the Internet for ‘leisure purposes’ is permitted during authorised breaktimes.
Access for personal reasons is permitted in certain circumstances, however it is the responsibility of the ‘user’ to ensure no illegal or prohibited sites are accessed; should this happen by error a report should be immediately submitted to the Town Clerk/Chairman of the Council.
11. EMAIL
The Council recognises that email is an increasingly popular, speedy and cost-effective method for communication and data transfer.
The Council requires that the Town Council office, Franklin Hall, Halton Road, Spilsby has the capability of sending/receiving email messages and data.
Members of staff, elected members and authorised users shall ensure:
a) E-mail use must be lawful and inoffensive – and be approved by an authorised user, normally the Town Clerk.
b) They do not send personal or sensitive data over public networks such as the Internet unless an approved method of protection or encryption has been applied to it.
c) They check that the recipients of e-mail messages are correct so that personal, or sensitive information is not accidentally released into the public domain.
d) That personally owned email accounts are not used to conduct Council business.
e) Personal use of the Internet shall be reasonable, proportionate and occasional and shall not interfere with the performance of your role or the performance of the system.
f) They do not use Town Council e-mail address(es) to send personal emails unless the item is marked as ‘personal’ and the sender clearly identifies that such communication.
12. UNACCEPTABLE USE
Members of staff and authorised users shall ensure:
a) Any security incident or suspected security incident is reported to the Council as soon as is reasonably possible.
b) They do not send personal or sensitive data over public networks such as the Internet unless an approved method of protection or encryption has been applied to it.
c) They check that the recipients of e-mail messages are correct so that personal, or sensitive information is not accidentally released into the public domain.
d) Personally owned e-mail accounts shall not be used to conduct Council business.
e) They do not communicate information via an ICT system knowing it or suspecting it to be unacceptable within the context and purpose for which it is being communicated.
f) They do not process or access racist, sexist, defamatory, offensive, illegal or otherwise inappropriate material.
g) They do not carry out illegal, fraudulent or malicious activities.
h) They do not store process or displaying offensive or obscene material, such as pornography or hate literature.
i) They do not annoy or harass another individual, for instance by sending chain letters, uninvited e-mail of a personal nature or by using lewd or offensive language.
j) They do not break copyright.
13. REMOTE ACCESS
The Town Council recognises that staff may need to work from remote locations from time to time. To address this issue, provision for remote access is available. Log on and password information will be issued to staff members.
Staff members shall report any security incident or suspected security incident to the Town Clerk and the Council as soon as is reasonably possible.
14. PERSONAL DATA
Any member of staff processing personal data must comply with the eight enforceable principles of good practice (Data Protection Act 2018 and the General Data Protection Regulations 2018).
These stipulate that data must be:
a) Fairly and lawfully presented;
b) Processed for limited purposes;
c) Adequate, relevant and not excessive;
d) Accurate;
e) Not kept longer than necessary;
f) Processed in accordance with the data subject’s rights;
g) Secure;
h) Not transferred to countries without adequate protection.
15. DATA PROTECTION
a) Confidentiality
Passwords are to be used to restrict access to personal and/or confidential data. If there is any doubt about whether access to certain data should be restricted, guidance should be sought from the Town Council.
b) Viruses
All computers used to send/receive e-mails or to access the Internet must have recognised anti-virus software installed – such as Norton anti-virus or McAfee.
No disk, drive or memory stick from any external source shall be opened until it has been checked for viruses.
c) Back-ups
At the end of each working week, as least one back-up shall be taken of all current data files and stored in a fire proof container.
No data shall be stored in any internet storage areas (i.e., Cloud, Drive HQ, Drop Box, Spied Oak, Conclusions)
16. TRAINING
The Council recognises that training staff using new technology products is essential. Therefore:
a) All users of IT office productivity facilities (such as work processing and spreadsheets) shall be given appropriate training.
b) Adequate training in the use of specialised or bespoke software packages will be given to all uses of that software.
c) Training will be given to users of any new software as part of the implementation programme.
17. AWARENESS
Individuals shall make themselves aware of, and comply with, requirements and legislation regarding information security and data protection along with any other legal, statutory or contractual obligations identified by the Town Council.
18. MONITORING
The Town Council reserves the right to monitor or record all communication systems including e-mail, electronic messaging and internet use. Records of activity may be used by the organisation for the following purposes.
a) Quality assurance
b) Conduct
c) Discipline
d) Performance
e) Capability and/or criminal proceedings and any other purpose compliant with the regulatory and legislation framework in force and useful to support the Council’s business.
19. BREACHES OF POLICY
All Council employees have a contractual responsibility to be aware of and conform to the Council’s values, rules, policies and procedures. Breaches of policy may lead to disciplinary proceedings.
Individuals who fail to comply with the Councils policies and who are not Council employees may have their access to Council information and ICT revoked and such action could have impacts on contracts with third party organisations.