Information and Communications Technology Policy addresses security issues and how to effectively apply and maintain information systems, thereby facilitating protection of critical, valuable and confidential information together with its associated systems. Most people are likely to recognise the impact and severity of the loss or theft of confidential designs for a new product. However they do not always recognise the potential risk, and consequential result, of seemingly 'innocent' activities, such as copying software or copying the corporate database onto their laptop computer or not documenting changes made to their systems. The purchase and installation of hardware and software requires those involved to consider carefully the Information Security issues involved in this process. Careful consideration of the company's business needs is paramount, as it is usually expensive to make subsequent changes. Analysis of user requirements versus the various benchmarks test results will establish the best choice of server/software to be purchased. Installation of new equipment must be properly considered and planned to avoid unnecessary disruption and to ensure that the IT & T Policy issues are adequately covered. The issue of IT consumables is looked into. These are expensive and should be properly controlled both from an expense perspective as well as an Information Security perspective. Valuable items should always be kept in a secure environment to avoid damage or loss.
To develop an Information Communication Technology policy for KPLC Retirement Benefits Scheme that introduces efficient and effective use of IT systems and in turn facilitate the smooth running of the secretariat.
To strive to provide nothing but the best means of data and telecommunications services to the secretariat as a whole.
DEFINITION OF ICT POLICY
A set of rules, regulations, procedures and plans of action for administration of equipment, resources, and services in the ICT section.
TERMS OF REFERENCE
The aim of this document is to;
i) Analyse procedures and practices that are in use currently and identify those that can be reinforced or changed. ii) Work out a time plan for the smooth transition from the use of KPLC systems and resources. iii) Review implemented policies elsewhere to facilitate broad knowledge and adapt ideas suitable to our environment.
TABLE OF CONTENTS
INFORMATION COMMUNICATION TECHNOLOGY POLICY DOCUMENT1
TABLE OF CONTENTS2
IT & T SYSTEM DESCRIPTIONS4
1.0 PROCUREMENT OF HARDWARE, PERIPHERALS & OTHER EQUIPMENT8 1.1 Purchasing and Installing Hardware8
1.2Cabling, UPS, Printers and Modems15
1.4Working off premises or using out-sourced processing18
1.5Using Secure Storage20
1.7 Telecommunications equipment25
1.8Other Hardware Issues28
1.9 Disaster Recovery Plans30
2.0 CONTROLLING ACCESS TO INFORMATION & SYSTEMS IN THE SECRETARAIT32 2.1Controlling Access to Information and Systems32
2.1.5 Controlling Access to Operating System Software38
3.0 PROCESSING INFORMATION AND DOCUMENTS46
3.2System Operations and Administration49
3.3E-mail and the World Wide Web57
3.4Telephones & Fax69
3.6Backup, Recovery and Archiving75
3.7.3 Countersigning Documents79
3.7.5 Approving Documents before dispatch80
3.7.6 Signature Verification80
3.8.4 Maintaining Customer Information Confidentiality86
4.0 PURCHASING AND MAINTAINING COMMERCIAL SOFTWARE90
4.1Purchasing and Installing Software90
4.2Software Maintenance & Upgrade92
4.3Other Software Issues94
5 COMBATING CYBER CRIME95
5.1Combating Cyber Crime95
5.1.1 Defending Against...