3.

5 ICT Policies
 Using the document I have provided you with answer these
questions:

What does an IT Policy do?

You could say that the IT Policy is divided in to two main sections, what are they?
What security issues are covered in the IT Policy?
According to this policy when will all the training take place?
Do you think training should take place at other times also and if so when?
What is a TNA?
Why are legal legislations mentioned in this policy?
In your opinion is this is a thorough ICT Policy?
What might you ad to the policy?

Highlight what you believe to be the most important parts of this

policy
 ICT policies outline how the ICT Strategy will
be put into operation

ICT policies will tend to cover:

Training
Security
Procurement

It is important that policies are reviewed

regularly to ensure that they still meet the
objectives of the organisation
 Many policies will be written into the
employees contract of employment.

It will outline these policies and by signing

the contract the employee is signing a legal
agreement to comply with the policies.

The contract of employment will be backed

up by disciplinary procedures
 What would you do if you were in charge of
writing this policy?
What would it cover?
How would you conduct the training?
When would you conduct the training?
Who monitors the training?
 An ICT Training Policy will include a
statement of who needs to be trained, what
training they need and how this training will
be delivered.
 What would you do if you were in charge of writing this policy?

What would it cover?

Who needs to be trained
Training needs for specific jobs
What type of training to be used (e-learning, in-house, external courses, guest speakers etc.)
Funding

How would you conduct the training?

Find out staff abilities (skills audit)
Weigh up in-house vs external training

When would you conduct the training?

During Inductions (When someone new starts)
When new hardware or software are introduced
When/if new legislations are introduced
New ventures within an organisation may generate training
After appraisals
As ongoing CPD

Who monitors the training

HR Department
 You have been asked to write the ICT Training
Policy

Give an overview of 8-10 aspects it will cover

1. Review the ICT skills gap for the organisation
2.
3.
4. Build in time for an employee to consolidate newly acquired skills
5.
6.
7.
8.
9.
10.
 You have been asked to write the ICT Training
Policy

Give an overview of 8-10 aspects it will cover

1. Review the ICT skills gap for the organisation
2. Review individuals training needs
3. Encourage an atmosphere of on-going ICT learning
4. Build in time for an employee to consolidate newly acquired skills
5. Ensure training individual staff benefits all by asking them to pass on
information
6. Consider training costs
7. Ensure during induction training is given
8. Take immediate steps to replace any valuable ICT skills of leaving
staff
 Covers how an organisation intends to protect its assets

Should lay down procedures that employees must follow in order to

protect its data and equipment from theft, misuse and unauthorised
access

Organisations have the responsibility to maintain security measures

so that they meet the requirements of the law

Should aim to cover the security and privacy of data

Whats the difference between security of data and privacy of data?

Security making sure the data is correct, kept confidential and safe
Privacy ensuring the data is not seen or accessed by anyone who is not
authorized to see it
 MUST
Identify potential threats to data and manage these
threats

Allocate responsibilities for data security

State what resources are needed to maintain security

Lay down staff responsibilities in the prevention of misuse

Steps that should be taken to provide protection
against viruses and physical security of computers

Lay down disciplinary procedures for breaches of security

 A security policy will tend to have the following
included:
Introduction states purpose of policy
Network Security usernames and passwords (min/max length etc.)
Data Transfer Internet usage, data encryption, firewalls
Change control and monitoring security logs
Use of Laptops- rules on usage (personal/private), storage, etc.
Backup and Recovery how backed up and recovered
 IT is then important that all staff within an
organisation are made aware of the security
policy

How can this be done?

Induction
Training
Leaflets, fliers, posters
Bulletin boards (on company intranet)
Emails
 Covers ways in which ICT hardware and
software is obtained

A centralised policy will

ensure consistency and compatibility amongst all
systems
Provide possible discounts for bulk buys
Reduce costs of all hardware and software
maintenance and support if consistent
 A timescale for replacement of hardware should
be included

Communication and consultation with all

departments is important, departments should
feel involved with the decision process so as to
be aware and to take ownership.

Consider the flexibility of the hardware and

software, can be upgraded if requirements
change or grow?
 Consistency in hardware is ideal e.g. same model
and make of laptops, desktops etc. will simplify
maintenance

Consistency in software is similar e.g. same

operating systems, generic software applications
etc. would insure a consistent look and feel, ease
maintenance, training and support.

However, certain departments may require

specialist software, communication is important
again
 May also cover disposal of unwanted or obsolete
equipment
Selling
Donating
Recycling