ICT Policy (Draft)
HAGWORTHINGHAM PARISH COUNCIL
INFORMATION AND COMMUNICATION
TECHNOLOGY POLICY
1. What is Information and Communication Technology?
Information and Communication Technology (ICT) is a loose term which is used to describe a wide range of tools and techniques, usually electronic in nature, which speed up and/or aid communication.
Hagworthingham Parish Council recognises the importance of embracing ICT to ensure that its users benefit from efficient levels of service delivery.
The Council supports the Government’s aim of improving electronic access to public services.
2. Aims
The aims of this policy are to:
i) facilitate the ongoing development of the efficient management and
delivery of the Council’s services.
ii) provide opportunities for staff to acquire and develop core ICT competencies.
iii) ensure that the Council’s ICT systems are reviewed regularly and adjusted to meet new or changing need.
3. Management
The Clerk has overall responsibility for ICT and the implementation of this policy.
4. Technical Support
The Council shall appoint an independent and competent ICT support provider (currently SCIS, Lincoln) and will be subject to a 3-year review to confirm the service they provide meets service delivery needs.
5. Security
a) Individuals shall:
• be responsible for the Council's usernames and passwords.
• protect user credentials against misuse.
• not share or disseminate any user credentials with another person.
• only attempt to access ICT where permissions have been given.
• not misuse or alter the configuration or settings of any ICT.
• not attempt to bypass or subvert ICT security controls.
• protect all ICT portable media and devices at all times, in particular when transporting them.
b) All ICT media and portable devices used to process Council information shall be password protected.
c) The Clerk will take care when printing information and shall carefully check the distribution list for any material to be transmitted.
d) The Clerk shall securely store or destroy any printed material which contains private information, sensitive, disclosive or identifiable records or that which is not for public circulation.
e) Staff and elected Members shall not introduce unofficial software, hardware, removable media, or files onto Council equipment without appropriate authorisation.
f) Staff and elected Members shall report any security incident or suspected security incident to the Council as soon as is reasonably possible.
6. Hardware
Computers and peripherals
All computers and computer peripherals will be listed, and will be assessed for replacement or upgrade as necessary.
7. Telephones and related systems
There is no foreseeable requirement to issue the Clerk with a mobile phone.
8. Software
The Council’s computer software will be subject to ad hoc review to confirm that it is meeting service delivery needs and demand.
The Town Council approved applications are:
• word processing: Microsoft Word
• spreadsheets: Microsoft Excel
9. Internet access
The Town Council recognises that the Internet is a valuable information resource with the potential to improve the delivery of its services.
The Council has its own web site and aims to deliver its services within the spirit of the Government’s ‘E-Government Strategy’.
• Whilst accessing the internet using Council equipment is the responsibility of the ‘user’ to ensure no illegal or prohibited sites are accessed; should this happen by error a report should be immediately submitted to the Chairman of the Council.
10. e-mail
The Council recognises that email is an increasingly popular, speedy, and cost-effective method for communication and data transfer.
The Clerk and elected Members shall ensure:
• E-mail use must be lawful and inoffensive
• they do not send personal or sensitive data over public networks such as the Internet unless an approved method of protection or encryption has been applied to it.
• they check that the recipients of e-mail messages are correct so that personal, or sensitive information is not accidentally released into the public domain.
• that personally owned email accounts are not used to conduct Council business.
• they do not use Town Council e-mail address(es) to send personal emails unless the item is marked as ‘personal’ and the sender clearly identifies that as such communication.
11. Unacceptable Use
The Clerk and elected Members shall ensure:
• any security incident or suspected security incident is reported to the Council as soon as is reasonably possible.
• they do not communicate information via an ICT system knowing it or suspecting it to be unacceptable within the context and purpose for which it is being communicated.
• they do not process or access racist, sexist, defamatory, offensive, illegal, or otherwise inappropriate material.
• they do not carry out illegal, fraudulent, or malicious activities.
• they do not store, process or displaying offensive or obscene material, such as pornography or hate literature.
• they do not annoy or harass another individual, for instance by sending chain letters, uninvited e-mail of a personal nature or by using lewd or offensive language.
• they do not break copyright.
12. Personal Data
The Clerk, when processing personal data, must comply with the eight enforceable principles of good practice (Data Protection Act 2018) and General Data Protection Regulations (GDPR) 2018.
These stipulate that data must be:
a) fairly and lawfully processed.
b) processed for limited purposes.
c) adequate, relevant, and not excessive.
d) accurate.
e) not kept longer than necessary.
f) processed in accordance with the data subject’s rights.
g) secure.
h) not transferred to countries without adequate protection.
13. Data Protection
a) Confidentiality
Passwords are to be used to restrict access to personal and/or confidential data.
b) Viruses
No disk, drive or memory stick from any external source shall be opened until it has been checked for viruses.
c) Back-ups
Regular back-ups shall be taken of files stored on Council IT equipment.
No data shall be stored in any internet storage areas (i.e. Cloud, Drive HQ, Drop Box)
14. Training
The Council recognises that training staff using new technology products is essential. Therefore:
a) all users of IT office productivity facilities (such as word processing and spreadsheets) shall be offered appropriate training.
b) adequate training in the use of specialised or bespoke software packages will be given to all users of that software.
c) training will be given to users of any new software as part of the implementation programme.
15. Awareness
Individuals shall make themselves aware of, and comply with, requirements and legislation regarding information security and data protection along with any other legal, statutory, or contractual obligations identified by the Council.
16. Monitoring
The Council reserves the right to monitor or record all communication systems including email, electronic messaging, and internet use. Records of activity may be used by the organisation for the following purposes
• quality assurance
• conduct
• discipline
• performance
• capability and/or criminal proceedings and any other purpose compliant with the regulatory and legislation framework in force and useful to support the Council's activities.
17. Breaches of Policy
All employees have a contractual responsibility to be aware of and conform to the Council’s values, rules, policies, and procedures. Breaches of policy may lead to disciplinary proceedings.