ICT Policy and Procedures

The policy sets out the authorised use of East Dunbartonshire Council’s ICT facilities by employees, Elected Members, pupils and members of the public.

Failure to comply with the policy could result in access to ICT facilities being suspended or withdrawn completely.

Employees may also face disciplinary action.

• Section 1 Relates to employees and Elected Members use of Council ICT facilities
• Section 2 Relates to members of the public using ICT in Council Buildings such as libraries and community centres
• Section 3 Relates to pupils using Council computers in Schools
• Section 4 Use of the Internet by Young Children in Early Years Settings
• Section 5 Contains a Parent / Carer’s Guide to the Safe Use of Internet and Email.

Read the full Acceptable Use Policy for East Dunbartonshire Council’s ICT Facilities.

Read the Mobile Devices Policy.

Why access to some websites is denied

For reasons of Internet and network security, access to some websites is denied via the Councils Internet facility.

East Dunbartonshire Council provides access to the Internet primarily for business or educational use and although access to most of the web is available, certain categories of site are blocked for reasons of security, reputational and inappropriate content.

Full details of the policy and restrictions on Internet browsing can be found in the Acceptable Use Policy.

How to get a website unblocked

If you have a business requirement to have a website unblocked, please fill in an online change request form giving full details of the site's URL, the business reason why it is required,  the person or people who require access to the site and for how long the access should remain in place.

The website will then be viewed by the ICT Information Security Officer, who will determine whether the site complies with East Dunbartonshire Council Acceptable Use Policy and if so it will be made available to the specific user(s)

Request to have a website blocked

If you have a business requirement to have a website blocked, perhaps due to unacceptable content or subject matter, please fill in an online change request form giving full details of the site's URL, the business reason why you feel it should be blocked, whether it should be blocked for everyone or just a specific group, for example a school may wish to block sites from pupils although teaching staff may have a business need to use the site.

The website will then be viewed by the ICT Information Security Officer, who will determine whether the site complies with East Dunbartonshire Council Acceptable Use Policy and if it does not then the site will be blocked for everyone or, if defined, only a specific group of users will be denied access to the site.

The Council’s Internet, email and instant message facilities are provided for the purposes of the Council’s business; however, the Council accepts that employees and Elected Members may occasionally want to use them for their own personal purposes.

This is permitted on condition that all the rules set out below are complied with. Employees and Elected Members must be aware that, if they choose to make use of the Council’s ICT facilities for personal correspondence or web browsing, they can have no reasonable expectation of privacy because the Council may need to monitor communications and Internet usage for the reasons given in the Council's Acceptable Use Policy.

Personal use of Internet, email and instant messaging, in common with the use of the Council’s other ICT facilities:

• Must take place outwith working hours i.e. before or after work, during lunch or other breaks
• Must not interfere with the performance of Council duties
• Must not take priority over work responsibilities
• Must not cause unwarranted expense or any liability to be incurred by the Council
• Should not have a negative impact on the Council in any way;
• Must be lawful and comply with this policy
• Users must not sign up to receive mailings from companies or organisations unrelated to the Council’s business
• Users must not make personal purchases and use their Council email address
• Under no circumstances may the Council’s facilities be used in connection with the operation or management of any business other than that of the Council.

While Internet browsing, emails and instant messages in Lotus Notes can be deleted from the ‘live’ system, browsing history, emails and chat transcripts will have been copied (perhaps many times) onto the backup tapes and in that form may be retained.

By making personal use of the Council’s facilities for Internet browsing, sending and receiving email and instant messages employees and Elected Members signify their agreement to abide by the conditions imposed for their use, and signify their consent to the Council monitoring their personal Internet browsing, email and chat transcripts in accordance with the Council's Acceptable Use Policy.

This document aims to outline the procedures in place to effectively respond to and investigate any major ICT incidents that may occur.

A major incident will be any unplanned ICT service outage that is either defined in the major incident procedure or which may either cause, or have the potential to cause an impact on business critical services or systems or be an incident that has significant impact on reputation, legal compliance, regulation or security of the council.

A full copy of the major incident process document can be found below.

ICT Major Incident Process.

Mobile devices such as Laptop and Tablet computers or Blackberries offer a portable and convenient mobile working solution and provide obvious business benefits to users, however, the mobile nature of these devices increases the risk of loss or theft of the device and any data it contains

In order to help manage the risks involved, we have produced a number of do’s and don’ts of ICT security best practice for SMART working to complement the full Information Security policies which are also available on the Council’s Intranet (Hub).

Select the link to the Information Security – Smart Working Guidance

If you have any questions regarding ICT security, then please contact the ICT Service Desk on:

Internal 6018888 or External 0141 578 8888

E-mail: it.serviceline@eastdunbarton.gov.uk

General Use

Do:

• Report any lost or stolen laptops or encrypted USB Keys immediately to your line manager and the ICT Service Desk 
• Use a complex password using upper and lower case and at least one non-alpha numeric password e.g. Random245&*
• Keep all your passwords secret 
• Take care when entering your password, like using your pin at the ATM 
• Lock your laptop when leaving your desk, press windows key + L to quickly lock your laptop
• Save your documents to the network drive
• Report any virus warnings immediately to the service desk.

Don’t: 

• Connect to the network if you think there is a virus on your laptop
• Write your password down 
• Use passwords that are easy to guess, e.g. family or pets names
• Install or update software and/or hardware without consulting ICT.

When in the office

Do: 

• Ensure you are saving documents to the network drives (and not the laptop drives or windows desktop)
• Check you have selected log on to Novell before logging on
• Be aware of staff around you before working on confidential information.

Don’t:

• Allow anyone else to use your log on account for any reason.

When working out of the office

Do: 

• Move any work completed off-line to the network drive at your earliest  convenience
• Be aware of your surroundings if working on anything that may be confidential.

Don’t: 

• Allow family and friends to use your laptop
• Leave your laptop unattended in public places 
• Accept any requests for remote access unless from EDC ICT Support
• Connect to unknown or unsecured Wi-Fi networks 
• Leave your laptop powered on if you are not using it.

This document and the Incident Review Data Sheet (Appendix A) should be used to determine the procedure to follow, timescales, responsibilities and information required in order to report and record a lost or stolen ICT device belonging to East Dunbartonshire Council.

ICT define a device as any item that can hold electronic data such as but not exclusively a mobile phone, Blackberry, USB Flash Drive, Memory Cards, Laptop, Tablet or PC.

View the full ICT theft or loss procedure document.

The document below aims to outline the procedures in place to ensure that all ICT equipment is disposed of in a safe, secure and ethical manner adhering to government waste disposal, data protection and destruction standards as well as any other legal requirements.

View the full ICT Disposal Policy document.