INFORMATION TECHNOLOGY POLICY

dhsps&l

Department:

Human Settlements, Public Safety & Liaison

North West Provincial Government

REPUBLIC OF SOUTH AFRICA



Old CCP Building

Industrial site Mafikeng

PRIVATE BAG X 2145

DIRECTORATE: SUPPLY CHAIN Tel : 018 3882119

E-Mail:

MMABATHO

2735

MANAGEMENT josyscho@nwpg.gov.za









INFORMATION AND COMMMUNICATIONS

TECHNOLOGY POLICY









INFORMATION AND COMMMUNICATIONS 1

TECHNOLOGY POLICY

AUTHOR FAUSTINA HAGAN :Deputy

Director, ICT

AUTHORISED BY MRS JOSY SCHOLTZ : The

Director, Supply Chain

Management

ELECTRONIC FILE ICT POLICY

VERSION 1

REVIEW PERIOD YEARLY

EFFECTIVE DATE 01ST JULY 2011









INFORMATION AND COMMMUNICATIONS 2

TECHNOLOGY POLICY

TABLE OF CONTENTS



DEFINITIONS 6



1.INTRODUCTION 7



2.PURPOSE 7



3.SCOPE 7



4. LEGISLATIVE FRAMEWORK 7



5. FUNCTIONS OF IT SECTION WITHIN THE DEPARTMENT 8



6. BACKUPS 8



6.1. Aim 8



6.2. Information backup 8



6.3. Backup of the HSS server 9





7. SERVER ROOM REQUIREMENTS 9



7.1. Aim 9



7.2. General Guidelines 9



7.3. Access 10





8. THE USE OF IT EQUIPMENTS 10



8.1. Conditions for using IT equipments 10





9.PASSWORD AND INFORMATION SECURITY 11



9.1. Passwords 11



9.2. Information Security 11



9.2.1. Removable Media 12









INFORMATION AND COMMMUNICATIONS 3

TECHNOLOGY POLICY

10. SOFTWARE REGULATIONS 12



11. SERVICE CALL PROCEDURES 13



12. PROCUREMENT OF IT EQUIPMENTS/SOFTWARE 15



13. POOL IT EQUIPMENTS 16



13.1. Aim 16



13.2. Responsibility and Accountability of User on borrowed items 16





14. DISPOSAL OF IT EQUIPMENTS 16



15.INTERNET AND ELECTRONIC MAIL SERVICE ACCESS 18



15.1. Procedure for accessing Email and Internet at DHSPS&L 18



15.2. User Accounts 18



15.3.Unacceptable Use 19



15.4. Rules for network, email and internet usage 20



15.5. Abuse of Privileges 20



15.6. Security 20



15.7.Privacy Issues 21





16. ROLES AND RESPONSIBILITIES 21



16.1. Central IT 21



16.2. Provincial Government Information Technology Officers Council (PGITOC) 21



16.3. Departmental IT Manager 21



16.4. Security Manager 21



16.5. Asset Manager 22





17. SAFEGUARDING OF IT EQUIPMENTS 22



18. ANTI-VIRUS CONTROL 23







INFORMATION AND COMMMUNICATIONS 4

TECHNOLOGY POLICY

19. LAPTOPS 23



19.1 General Guidelines 23



19.2 Criteria for Selection 24



19.3. Approval process and requirements 24



19.4. Responsibility 25



19.5. Theft or Loss 25



19.6. Upgrades and Troubleshooting 26



19.7.Virus, Hacking, and Security Protection 26





20. DATA CARDS AND CELL PHONE CONNECTION 26



21. RESIGNATION/TRANSFERS/SUSPENSIONS 26



22. RELATED POLICIES 27



23. DISCIPLINARY ACTION 27



24. INFORMATION TECHNOLOGY POLICY DECLARATION FORM 28









INFORMATION AND COMMMUNICATIONS 5

TECHNOLOGY POLICY

Definitions

DHSPS&L- Department of Human Settlements, Public Safety and Liaison



IT – Information Technology



PGitoc- Provincial Government Information Technology Officers Council



Remedy- Program used to assign IT calls to technicians



Network – A Group of two or more computer systems linked together for the purpose sharing resources



Backup – Copying of files/data to a secondary medium for recovery after data loss



Hardware – Physical component of the Computer



Software- Programs loaded on the computer



Password – A secret series of characters that enables a user to access a file, a computer or a program



E-mail – Short for Electronic mail is the transmission of messages over communications network



Internet – A global network of interconnected computers enabling users to share information

along multiple channels



Technical Report – Form identifying IT technician‟s recommendations for inspected IT equipment



User Account – An account identified by a user name and password that is created to manage access to IT

Resources



Portable Computer – A computer designed to be moved from one place to the other



Data - The representation of facts, concepts, or instruction in a normalized manner suitable for the communication,

interpretation or processing by human or by automatic means.



Integrity- Knowing that the information is accurate and up-to-date and has not been deliberately or inadvertently modified

from a previously approved version. Assurance that information is authentic and complete. Ensuring that information can be

relied upon to be sufficiently accurate for the purpose. The integrity of data is not only whether the data is „correct‟, but

whether it can be trusted and relied upon.



Security - All standards, processes, procedures and systems used to safeguard the Department information as defined.



Laptop/Notebook – A Portable Computer that can be carried by hand

Desktop- Personal Computer that is office based

Virus – Program harmful to the computer

IS- Information System

ICT- Information and Communications Technology

SCM- Supply Chain Management

MISS- Minimum Information Security Standards

CENTRAL IT- Centralised Information Technology services situated in the Department of Finance

HSS – Housing subsidy System









INFORMATION AND COMMMUNICATIONS 6

TECHNOLOGY POLICY

SITA- State Information Technology Agency









1. Introduction

People, hardware, software, telecommunications, facilities and data form an Information and Communications

Technology system that is highly effective and productive. All ICT systems entail the creation of a condition to

protect computer hardware, software, and data against incidental and/or deliberate unauthorized changes,

destruction, disposal, removal and disclosure. Securing the integrity, confidentiality and availability of the

computers and technology systems of DHSPS&L against threats such as sabotage, unauthorized intrusions,

malicious misuse or inadvertent compromise is of paramount importance for the operational effectiveness of all

activities of DHSPS&L.



2. Purpose

The purpose of the ICT Policy is to ensure the effective protection and proper usage of the computer systems

and its peripherals within the Department of Human settlements, Public Safety and Liaison. Each employee of

DHSPS&L is responsible for the security and protection of electronic information resources over which he or she

has control. Resources to be protected include but are not limited to networks, computers, software, removable

media and data. The physical and logical integrity of these resources must be protected against threats such as

sabotage, unauthorized intrusions, malicious misuse or inadvertent compromise.



3. Scope

All employees granted access to the department‟s ICT facilities will be provided with a written copy of this policy

and must sign the attached policy declaration form. Opting not to sign will be seen as not being in need of these

facilities, and therefore all access rights will be terminated.



All employees receiving IT service, contractors and service providers delivering IT service to the Department are

to abide by this policy.









4. Legislative Framework

This policy is underpinned by SA Laws, international norms and standards, and best practices.

The framework includes the following:



 State Information Technology Agency Act (Act no. 88 of 1998)

 Electronic Communications and Transactions Act( Act no. 25 of 2002)

 SACSA/090/1(4) “Communication Security in the RSA”.

 Protection of Information Act (Act no. 84 of 1982).

 Constitution of the Republic of South Africa (no. 106 of 1996)

 Copyright Act (Act no. 98 of 1978)

 Electronic Communications and Transactions Act (no. 25 of 2002)

 Communication –related information Act (Act no. 70 of 2002)

 National Strategic Intelligence Act (Act no. 39 of 1994).









INFORMATION AND COMMMUNICATIONS 7

TECHNOLOGY POLICY

 Provincial Asset management framework

 National Archives of SA Act (Act no. 43 of 1996).

 Minimum Information Security Standards (MISS).

 Public Service Act (Act no. 103 of 1994).

 Public Finance Management Act (no. 1 of 1999)

 Control objectives for Information and related technology (COBIT)

 Information Technology Infrastructure Library ( ITIL)

 ISO 17799

 Promotion of Access to Information Act(no. 2 of 2000)









5. Functions of IT Section within the Department

The Information Technology section within DHSPS&L shall be responsible for the following:





 Provision of Desktop support to all users within the Department.

 Maintenance of all IT infrastructures within the Department.

 Liaise with Central IT within the Department of Finance to provide efficient and effective network

connectivity for the Department.

 Liaise with central IT to introduce standards, processes, and procedures to minimize risks and impact on

business continuity.



 Rendering assistance and advice to departmental managers and officials for the procurement of quality

and cost effective ICT systems and equipments.









6. Backups

6.1. Aim

To outline the minimum procedure and requirements that shall be implemented to backup user‟s

information and also the HSS database. This will assist users and database administrators to restore

information after data loss.





6.2. Information backup

• By default, Central IT has allocated 250mb of disk space for backup on ifolder server done

automatically on a daily basis.



• It is the responsibility of the IT section to install ifolder on all departmental computers.



• Users who need ifolder should contact IT technicians for installation.









INFORMATION AND COMMMUNICATIONS 8

TECHNOLOGY POLICY

• Music, pictures and personal information will not be backed up by the ifolder server.



• Users of laptops should ensure that laptops are connected to the network on regular basis in order

for ifolder to be backed up.



• Where the need arises, the IT section shall provide officials with external backup hard drives for the

storage of work related information.









6.3. Backup of the HSS server

 Backups of the HSS database shall be done daily on the Server via an automated process

available in the operating software.

 Access to backups must be done in writing, signed and approved by the head of the Department

 Log files to be maintained on server confirming backup.

 Bi-weekly backups of HSS database and log files be done on DVD disks on Tuesdays and

Thursdays

 Backups to be collected weekly on Fridays by IT and handed over to MISS section.



 A register for the maintenance and management of backups to be maintained

Register will include the following:

 Identification of Backup (HSS_YYYY/MM/DD).

 Name of official who made the backup, Signature and Date,

 verification of backup(Name of Official, Signature and Date),

 Random / Scheduled testing and restore of selected backup (Name of Official,

Signature and Date, comment = successful or not),

 handover of backup to IT (Name of Official, Signature and Date),

 Hand over from IT to MISS section (Name of Official, Signature and Date).

 Provision for Monthly Sign off of Register By Accounting Officer or

delegated Official

 Testing of backups will be done monthly by HSS administrators.

 Backup shall be stored in a secured place by the MISS manager.







7. Server Room Requirements

7.1. Aim

To establish rules and procedures for the HSS server room.



7.2. General Guidelines

 No eating, drinking or smoking is allowed in the server room.

 The server room must be kept locked at all times by HSS administrator.

 The server shall be kept in a rack (habitat) with safe security measures.







INFORMATION AND COMMMUNICATIONS 9

TECHNOLOGY POLICY

 The room shall have an air-condition.

 The server shall be connected to a UPS to allow for backups in case of power outage.

 The room shall have separate, dedicated power panels for both the computer and A/C

system.



7.3. Access

Access to the server room is restricted. Only the following individuals will be allowed access to

the server room. All other employees or visitors should be escorted by at least one of these

employees:

 IT manager and technicians

 HSS Database administrators

 Backup operators

 MISS/Security manager



Access Control Register

Established access control register shall be kept by HSS server administrators. The register shall

entail the following:

 The date and time of access

 Name and directorate of official entering the server room

 Reason for visiting the server room

 Signature of the official visiting the server room

 Time out









8. The Use of IT Equipments

8.1. Conditions for using IT equipments



 A user shall use only those IT equipments for which he/she is authorized.

 The use of all IT equipments/facilities within DHSPS&L is for the purpose of work-related administration

and activities.

 IT Equipments may not be used for other projects, games, „hobby computing‟, private commercial or

private consulting work.

 Equipments must only be attached to the provincial network by authorized technicians.

 Users must not abuse by using computing equipments to send obscene , offensive, fraudulent,

threatening or unnecessarily repetitive messages







8.2. Persons authorized to use the Department’s computing resources are:









INFORMATION AND COMMMUNICATIONS 10

TECHNOLOGY POLICY

 Staff employed by DHSPS&L.

 Persons having special authorization from the head of the Department.

 IT technicians or consultants from the Department of Finance, SITA, or PGITOC.









9. Password and Information Security

9.1. Passwords

 Passwords must not be divulged to any other person.

 Users must avoid using guessable passwords such as 12345 or names of animals. All users must

change default password of email and computers.

 Users are required to change email and user account passwords at least once in a quarter to ensure

added security.

 New passwords must not be a simple change of the old password. E.g. adding a number at the end.

 Every reasonable precaution must be taken to ensure that passwords, accounts and data are

adequately secured.

 No attempt should be made to find out another user‟s password, or to gain access to another user‟s

account.

 Never write usernames and passwords on keyboards, walls, monitors, post-it note, table or material.

A memorised password is not prone to accidental disclosure.

 Passwords may not be saved in an electronic document unless the documents are encrypted and the

user ensures that the encryption key cannot be accessed.

 Password must not be sent via emails.

 Users may use screen saver passwords to prevent unauthorised access when the user moves away

from the computer.





9.2. Information Security

Regardless of the prevailing level of security, users must not:







INFORMATION AND COMMMUNICATIONS 11

TECHNOLOGY POLICY

 Attempt to examine, disclose, copy, rename, delete or modify another person‟s information or

data without written authorization by the head of the Department.





 Recover deleted information belonging to the Department.





 Access any information/data or software except that which belongs to, or has been provided for

the use of that user.









9.2.1. Removable Media

 Sensitive /Confidential information should not be stored on removable media(i.e. CDs, DVDs, USB

disks, external hard drives) and users must consider the risks to confidentiality of the device being

stolen or read prior to putting any information on the device.

 Users must ensure that they keep removable computer media secure. Removable media housing

confidential data should not be left unattended and should not be shared with individuals not

authorised to access the information contained thereon.

 Any loss or theft of removable media containing confidential/sensitive information must be treated

as security breach and reported immediately to MISS section.

 Removable media should only be used as temporary data store, for a minimum possible duration

and should not replace network storage.

 Business related information stored on removable media such as USB flash drives and memory cards

should be cleared as soon as it is not essential to keep the information of the removable media.









10. Software Regulations



 Only legally obtained software authorized for usage from the Central IT of the Department of Finance

shall be used on all computers/ peripherals. The Department will not be liable for any breaches made by

users.









INFORMATION AND COMMMUNICATIONS 12

TECHNOLOGY POLICY

 No unauthorized software may be used on any computer equipments belonging to DHSPS&L.





 Software provided for use by technicians must not be copied from computers.

 Users must not install own software or change configuration settings without the prior consent of the

ICT manager.









11. Service call procedures



 If a user experience a problem with their computer, a call must be logged through helpdesk situated at

central IT on (018) 3881111.The reference number will be assigned to the ICT manager or assistant

who will assign a technician to assist the user.





 Alternatively, users can contact the ICT section of the Department directly on any of the following

numbers:

 0183882423

 0183882228

 0183882472

 0183882955



 The ICT manager shall ensure that calls logged will be resolved in a maximum of two working days. The

following diagram is a basic structure of the central IT helpdesk procedure:









INFORMATION AND COMMMUNICATIONS 13

TECHNOLOGY POLICY

User phones Helpdesk operator gathers

Finance I.T. user and fault information

Helpdesk and logs a service call









Can call be

Yes resolved over

Helpdesk assists or

support technician the phone?

takes call









No





Service call gets

allocated to IT

manager









IT manager

assigns call

to relevant

technician









Service call

Call closed on resolved

remedy

system









Help desk procedure





INFORMATION AND COMMMUNICATIONS 14

TECHNOLOGY POLICY

12. Procurement of IT Equipments/Software



All IT equipments/Software are purchased through Supply chain Management (SCM) Directorate. All requests

should be written to the Director SCM for approval. The ICT section is responsible for determining the need and

providing the system requirements for the required equipment/Software. Where equipment needs replacement,

an IT technical report form should be filled and returned to asset section in supply chain unit.





A minimum of three quotations must be obtained from suppliers on the SITA contract. A motivation should be

attached in exceptional cases where three quotations cannot be obtained.





After the items are procured, they are received by IT technician who then verifies the system specification and

ensures that the necessary software is installed onto the system. The equipment is returned to asset section

where it is bar-coded and then delivered to the relevant user. The user must complete an asset allocation form

which must be filed by the asset manager.





In the case of persons with disabilities in need of specialized software, the IT manager shall liaise with central IT

to provide specialized software for the employee.









INFORMATION AND COMMMUNICATIONS 15

TECHNOLOGY POLICY

13. Pool IT equipments





13.1. Aim



To describe the procedures to be followed by users when borrowing pool IT equipments such as laptops,

projectors, storage media (e.g. External Hard drives) for work related purposes.





Purpose of pool IT equipments

• For Departmental presentations.

• For short term use in the case where users have lost their laptops or computers.

• For users not permanently assigned laptops but have a lot of work load for a short period of time (e.g.

over the weekend).









13.2. Responsibility and Accountability of User on borrowed items



The user should inform the IT manager or IT technicians at least a day before the equipment is needed. The

user must fill his/her details in the IT records book. The equipment borrowed should be returned as soon as the

user has completed with the project or at the latest, a day after the project is completed. The equipment

remains the responsibility of the user until it is returned. It is the responsibility of the user to test the equipment

with the IT technician before it leaves the office.

IT equipments shall not be borrowed for more than 5 working days without obtaining a written permission from

the ICT manager. The borrowed equipment must be returned in a good condition. The ICT manager shall ensure

that no confidential departmental data reside on pool laptops.









14. Disposal of IT Equipments

All IT equipments (e.g. desktop computers, printers, laptops) within the department may be maintained on a 3 -

year replacement cycle if the budget allows. The IT staff within the Department may upgrade operating systems

and /or application software during this period.









INFORMATION AND COMMMUNICATIONS 16

TECHNOLOGY POLICY

In the case of computers being disposed of permanently, IT technicians are required to produce technical report

form before normal disposal procedure can be followed disposal by the disposal committee.



The IT manager shall ensure that all departmental information is removed from the laptop and it is fully

formatted before disposal.









INFORMATION AND COMMMUNICATIONS 17

TECHNOLOGY POLICY

15. Internet and Electronic mail service access



15.1. Procedure for accessing Email and Internet at DHSPS&L





 IT technicians of Department of DHSPS&L shall ensure that the email and internet access form

is completed for all employees requiring email and internet service.



 This form is then submitted to central IT where email account is created.



 A call is logged by central IT helpdesk for user account to be activated.



 IT technicians are responsible for installation of GroupWise on the user‟s pc.



 IT technicians shall ensure that the default user password is changed.





15.2. User Accounts

1) Personal Accounts will be permitted for Electronic-Mail services and / or Internet access services

from official computers, laptops, networks and/or communication services that must employ

appropriate levels of security mechanisms consistent with the systems and information at risk

and the security policies of the NWPG. Such mechanisms include the application of User

authentication and encryption. Accountability and responsibility for the use of such services and

/ or access will vest with the User applying for / requesting such access and/or service and shall

be subject for re-evaluation at least every twelve months.

2) Group Accounts will only be permitted for Electronic-Mail services from official computers,

networks and/or communication services, and therefore must employ appropriate levels of

security mechanisms consistent with the systems and information at risk and the security

policies of the NWPG. Such mechanisms entail the application of User authentication and

encryption. Accountability and responsibility for the use of this service will vest with the User

applying for / requesting such a service and shall only be used under strict supervision by the

User or an authorised representative and subject for re-evaluation at least every twelve months.









INFORMATION AND COMMMUNICATIONS 18

TECHNOLOGY POLICY

15.3. Unacceptable Use



Unacceptable and forbidden User behaviour with respect to access to the Internet and the use of

Electronic-Mail services encompass, but are not limited to:







 Email and Internet User Accounts are for the exclusive use of the person to whom they are allocated

and must not be used by anyone else.

 Violating the conditions of the Public Service Code of Conduct relating to all statutory and other

regulatory prescripts; relationships with public; relationships amongst employees; performance of

duties and personal conduct, having a direct influence on the execution of this policy, as prescribed

forth in the Public Service Regulations, 2002.

 Using profane, obscene, pornographic or other graphic pictures, which may be offensive and / or

defamatory to others.

 Using the Internet to search, access, disseminate, store and retrieve information that is racist,

violent, offensive, sexually explicit (sexually explicit content includes e.g. Cartoons, Text Messages

as well as Photographs).

 No User shall engage in/respond to - activities such as political/religious statements, cursing and foul

language as well as statements viewed as harassing or discriminative based on race, colour, creed,

age, sex, physical disability and/or sexual orientation.

 Forward personal communication without the author‟s prior consent.

 Copying commercial software in violation of copyright laws.

 Allow his or her User account and / or User password to be used by another person unless

authorised to do so.

 Distribute political Party and Campaign information.

 Distribute material for commercial purposes.

 Transmitting or receiving any data from unauthorised Peer to Peer networks.

 Engage in any activity that could compromise the security of the North-West Provincial

Government‟s host computer.

 Accessing “Internet Restricted Sites” without official permission Electronic mailing to groups of

people for unofficial purposes (as such, sending large volumes of unsolicited e-mail) is prohibited.









INFORMATION AND COMMMUNICATIONS 19

TECHNOLOGY POLICY

 Forwarding proprietary Government information through the Internet or via Electronic–Mail service,

unless duly authorised. Such information should be encrypted if transmitted over the Internet or via

Electronic-Mail services.

 Contravene any laws of the Republic of South Africa through the use of Internet access and

Electronic-Mail services.









15.4. Rules for network, email and internet usage

Users must abide by network, internet and Email etiquette rules. These rules include, but are not limited

to the following:

 Be polite.

 Use appropriate language.

 To refrain from revealing personal particulars about themselves or other Users to anyone

else on the Internet.

 To refrain from revealing credit, credit checking accounts or identification numbers across

the internet.

 Not to disrupt the use of the Government network.

 Not to attempt to gain illegal access to system programs or computer equipment.

 Use good judgment when using Internet access and creating Electronic-Mail.

 Use all appropriate precautionary measures to detect viruses and if necessary, prevent its

spread.

 Refrain from downloading games, screen savers from the internet.

 Refrain from visiting obscene sites (e.g. pornographic websites).





15.5. Abuse of Privileges

Inappropriate use of email and internet will result in limitation or cancellation of User privileges and

possible further recommendations for disciplinary actions against the User.





15.6. Security

Security problems identified must be reported to the ICT manager then to the Internet Network

Administrator in the Directorate: Information Technology, Department of Finance. The User is to refrain

from demonstrating such problems to others.









INFORMATION AND COMMMUNICATIONS 20

TECHNOLOGY POLICY

15.7. Privacy Issues

 All Electronic-Mail messages transmitted or received via the NWPG infrastructure, be they for official or

private purposes, are considered to be part of the official business records of the NWPG, and as such

are subject to review or scrutiny by properly authorised officials. Any person who uses the NWPG

infrastructure shall, by so doing, renounce and surrender any rights to privacy with regards to the

content of Electronic- Mail messages.





 To try as much to avoid using Electronic-Mail as a form of communication with legal counsel when

seeking advice or transmitting information concerning matters in litigation or disputes which are likely to

result in litigation. The user must exercise caution and care when transferring any form of personal

confidential information in any form through Internet access and Electronic-Mail services.





16. Roles and Responsibilities

16.1. Central IT

 Responsible for the creation of email and internet account.

 Provide router and network configurations.

 Provide Wide Area network support where necessary to the Department.

 Provide support for all computer systems. E.g. Persal, walker, BAS.





16.2. Provincial Government Information Technology Officers Council (PGITOC)

 Owner of the Internet and Electronic-Mail Use Policy.

 Responsible for ensuring ICT governance for provincial Departments.





16.3. Departmental IT Manager



 Is responsible for the day-today maintenance of electronic systems.

 Shall provide information system/technology advise to users where needed.

 Shall ensure that all precautionary measures are taken to keep systems virus free.

 Shall ensure the availability of ICT policy for the Department.

 Shall ensure that all ICT equipments are purchased from suppliers on SITA contract.

 Shall provide ICT needs analysis for the Department as and when required.









16.4. Security Manager



 The security Risk Manager is responsible for ensuring IT security (both logical and physical).







INFORMATION AND COMMMUNICATIONS 21

TECHNOLOGY POLICY

 The security Risk Manager is responsible for formulation of internal control and security

(both logical and physical) procedures and policies.

 Details regarding the specific responsibilities of the Security Risk Manager are contained in

the Information Security Policy.

 Shall liaise with the Information technology systems manager to ensure that back-ups are

stored in a secure off-site environment.



16.5. Asset Manager



 The asset Manager is responsible for formulation of asset management policies and guidelines.

 Keep and maintain Departmental asset register.

 Verify fixed IT equipments with IT manager before acquisition.

 Receiving, Coding of and distribution of IT equipments.

 Taking stock of Departmental IT equipments.

 Disposal of redundant, obsolete and unserviceable IT equipments.









17. Safeguarding of IT Equipments

Aim

To describe the preventive, detection and corrective control measures that shall be implemented to ensure that

computers are not exposed to espionage/sabotage and/or actions endangering security.







 All members of staff are responsible for the proper usage of the IT equipment they use.

 Problems with the equipment should be reported to the ICT section in accordance with established

helpdesk procedures.

 Users should ensure that their computers are fully shut down and turned off at the end of the day.

 Portable computers should be locked or kept in a locked cupboard when left unattended for any

significant period of time.

 Where IT equipments are required by service providers for repairs, it shall be the responsibility of

the service provider to ensure the secure operation of the equipment.



 Only contractors on SITA contract shall be approached for the repair or modification of computers.

When a computer has been repaired, the hardware shall correspond with the configuration that was

initially approved.









INFORMATION AND COMMMUNICATIONS 22

TECHNOLOGY POLICY

18. Anti-virus control



 It is the responsibility of Central IT to ensure the implementation of an effective virus security

strategy.

 It is the responsibility of the IT section of DHSPS&L to ensure that the latest version of antivirus

software is installed on all computers.

 Remote users and users of portable computers should ensure that computers are plugged into

Departments network at least twice a week for antivirus updates.

 Staff members are responsible for scanning all media (e.g. memory sticks, CDs, external hard

drives) before use. Assistance can be requested from an IT technician where necessary.

 On detection of a virus, the staff member should notify the ICT section for assistance immediately.

 Staff should not attempt to disable or interfere with the virus scanning software.









19. LAPTOPS

19.1 General Guidelines

The guidelines for distribution and use of laptops are:



 Business Use Only

 A decision to provide a laptop will be based upon a documented need, approval by the Director, SCM

and available Departmental funding.

 A laptop is intended for use for work related purposes as a productivity tool, and for research and

communication. It is not intended as a replacement for any computers that may be owned personally.

Use of the laptop should be within the standards of good judgment and common sense. The laptop will

enable employees to perform urgent tasks while they are away from office premises.

 Laptops must be used for work related activities only. Officials should therefore not allow any third party

(such as friends, relatives etc.) to use the laptop.









 Software









INFORMATION AND COMMMUNICATIONS 23

TECHNOLOGY POLICY

To the extent possible, IT technicians shall install the same software (Office Suite, email and internet,

etc.) on laptops as installed on department‟s desktops. Technicians will only install supported software

and no unlicensed software will be installed under any conditions.









19.2 Criteria for Selection

Only Full time permanent employees or fixed term contract employees of the department are eligible for

consideration for laptops. Efforts will be made to allocate laptops to users based upon job

responsibilities, demonstrated need, and approval from the Director, SCM.



In general, the following groups within the department will be considered first depending on the

availability of budget



 The MEC, HOD, Chief Directors and Directors

 Managers (from level 11 upwards) are also eligible for consideration of laptops

 Employees who travel frequently and/or not based in the office

 Employees with a daily workload that need to the completed after working hours

 Nature of employee‟s work









19.3. Approval process and requirements

 The employee will need to apply for a laptop or any ICT equipment stating the reason(s) he/she is

requesting a laptop, and what software and hardware needs they have. The letter must be signed by

his/her manager and submitted to the Director, Supply Chain Management. While criteria are indicated

above, it is the responsibility of each manager to determine whether requests are in the interest of the

Department.

 The IT manager will assist in verifying if there is a need for the request before final approval by the

Director, SCM.

 All orders for laptops (as for any technology equipment or software) must be processed through Supply

Chain directorate. The laptop configuration, model, and brand should be on the SITA contract and

approved by the ICT Manager.

 Ownership of the laptop will reside with the Department and the laptop must be returned when

employment ends.

 The SCM section is responsible for the purchase of additional peripherals such as mouse, docking station

and batteries.

 Only one computer (desktop or laptop) will be provided by the Department for an employee. Computers

beyond this require the approval of the Director, SCM.

 Tablet Notebooks shall only be purchased for the MEC, HOD and chief directors if the budget allows.

 Officials in need of tablet notebooks should write a motivation for the approval of the HOD.









INFORMATION AND COMMMUNICATIONS 24

TECHNOLOGY POLICY

19.4. Responsibility

It is the responsibility of every employee in possession of a departmental laptop to take precautions to

prevent damage to or loss/theft of laptop computers in their care. The employee will be responsible for

costs to repair or replace the laptop if the damage or loss (as determined by the loss control committee)

is due to negligence or intentional misconduct.



Employees are therefore advised to leave their laptops with the IT or asset section when going to places

where security of laptop is at risk. Failure to do so will result in the employee bearing the cost should

the laptop be damaged or stolen.



By receiving the laptop you accept responsibility for safeguarding it while it is signed out to you. The

following precautions should be noted:



 The IT technicians will assign a lock for every laptop. It is the responsibility of the user to lock

the laptop with a key or password. In the absence of a lock, store your laptop in a locked

drawer or cabinet when leaving your workspace.



 Laptops should not be left in the office after working hours or when the user is on leave.

Necessary arrangements should be made with the IT or asset manager for the safeguarding

of the laptop where there is a need.



 If you have a private office, close and lock the door if you leave during the day.



 If you take your laptop home, be sure to lock all doors when you go out. If you have a home

security system, be sure it is on when you leave.



 If you are staying in a hotel, lock your laptop in a safe if your room has one. If no safe is

available, lock your laptop in a suitcase when you go out.



 Keep laptop in your sight when going through airport checkpoints.



 If you are travelling by car, lock your laptop in the trunk when you park.



 Do not use the computer in locations that might increase likelihood of damage or theft.



 Keep food and drinks away from the computer.









19.5. Theft or Loss

 If the laptop or any ICT equipment is lost or stolen, it must be reported to the Local Police

within 48 hours. A copy of the police report, statement or case number must be sent to MISS

section and IT manager within 48 hours of the discovery of the loss. Failure to secure and

submit a police report shall result in personal liability for replacement cost. The equipment will

only be replaced after the loss control committee has taken a decision and it has been approved

by the head of the Department. The user may be borrowed a pool computer while awaiting the

approval by the head of the Department.









INFORMATION AND COMMMUNICATIONS 25

TECHNOLOGY POLICY

19.6. Upgrades and Troubleshooting



 Should a laptop require hardware upgrade (e.g. memory, peripheral, or hard disk), software

installation, or have problems, the computer will need to be brought to the ICT section. IT staff

are not responsible to fix any hardware/software problems outside of work premises except in

cases where permission is granted by the ICT manager.



19.7. Virus, Hacking, and Security Protection

 To ensure that virus protection and other security patches are current, laptops must be

connected to the Department‟s network on a regular basis and users must take responsibility for

ensuring that security updates take place on laptops in their care. In the case of a significant

security alert, users may be contacted by e-mail and/or telephonically, to bring in their laptops

to the ICT section to ensure that proper security is enabled on the laptop.









20. Data Cards and Cell Phone Connection

The Departmental Officials who qualify for the usage of data cards as provided for in this policy are the

following:

 Directors and above



 Any other official recommended by the relevant programme manager and approved by the head

of Department.



The following should be adhered to:



 Users who wish to have access to 3G data cards should do so with approval from the Head of the

Department. Only users with laptops will be allowed access to obtain 3G data cards.



 Users who wish to connect data cards or cell phones to their laptops are requested to seek advice from

ICT manager for proper installation and usage.



 Users are not allowed to connect cell phones or 3G cards not approved by the Head of the Department

to the Departments‟ computers. IT technicians will only provide support on 3G cards approved by the

Head of the Department and users are requested to provide proof of approval.









21. Resignation/Transfers/Suspensions

 Officials in possession of a laptop, data card, cell phone, external hard drives, memory sticks or any

portable IT equipment are expected to return the equipment to the ICT or asset section on the last day

of employment. Under no circumstance should a person delete work related information stored on a

laptop, desktop or hard drive before leaving the department.







INFORMATION AND COMMMUNICATIONS 26

TECHNOLOGY POLICY

22. Related Policies



 Supply Chain management Policy

 Cell Phone Policy

 Security Policy

 Loss Control Policy

 Movable Fixed Asset Policy









23. DISCIPLINARY ACTION

Non compliance with the IT policy may result in disciplinary action which may include, but are not limited to:



 Re-training

 Verbal and written warnings

 Termination of contracts in the case of contractors or consultants delivering ICT services to the

Department

 Dismissal

 Suspension

 Loss of Departments‟ information and assets resources access privileges

 Liability for the cost of repair or replacement of the equipment





Any disciplinary action taken in terms of non compliance with this policy and its associated directives will be in

accordance with the disciplinary code/directive of the Department.









INFORMATION AND COMMMUNICATIONS 27

TECHNOLOGY POLICY

24. INFORMATION TECHNOLOGY POLICY DECLARATION FORM







I, _____________________________________, have read the Departmental IT policy and I fully understand

the terms and conditions and agree to abide by it.







I understand that any violation of this policy may lead to me being liable for the cost of damage or theft of any

ICT equipment in my possession. I therefore undertake to take proper care of any Departmental ICT equipment,

software or peripheral allocated to me.









__________________________ ______________________

Signature of User Date









__________________________

IT Unit staff member as Witness









INFORMATION AND COMMMUNICATIONS 28

TECHNOLOGY POLICY

INFORMATION AND COMMMUNICATIONS 29

TECHNOLOGY POLICY