Network Resource Management Policy

Transcription

1 Office of the Prime Minister Policy document CIMU P0036:2003 Version: 1.0 Effective date: Network Resource Management Policy 1. Policy statement i) General Information and Communications Technology (ICT) resources forming part of the Malta Government Network (MAGNET) are provided for Government of Malta (Government) business use and hence are deemed to be the property of Government. Government seeks to reduce total cost of ownership, improve quality, whilst minimising security risks in support of its ICT resources forming part of the MAGNET; through automated means. Such a concept shall be termed as Network Resource Management (NRM) and shall form part of a wider Enterprise Management Architecture (EMA) Model. In support of the above concept, NRM tool(s) shall be adopted within the Public Service. They shall de facto serve as the means of providing operational support to such ICT resources. The NRM tool(s) shall be regulated by CIMU. Upon consent from CIMU, the NRM tool(s) shall be : implemented by the Agent(s); operated by the Agent(s) and/or Permanent Secretaries,subject to the parameters prescribed herein. CIMU shall consider the scope of such operations by the Permanent Secretaries on a case by case basis; based but not limited to the existing Page 1

2 technical skills capacity falling under the respective Permanent Secretary's responsibility; maintained by the Agent(s). In support of the above operational framework, related requests for services or incidents shall be passed through a centralised Service Call Centre, as directed by CIMU. ii) Implementation The target population for implementation of the Policy and its supporting documents are: (i) Public Service (ii) Agent(s) and (iii) Third Parties that may be contracted to implement and/or operate and/or maintain the NRM tool(s). Implementation shall be within the context of (i) defined corporate strategic design for Network Resource Management in the Public Service (ii) defined service levels (iii) the Information Security Framework (in process), (v) a defined Architecture, subject to each Public Service Entity's connectivity needs, (vi) Convention on Cyber Crime ETS No. 185 (signed by Government on but still to be ratified) and (vii) Laws of Malta and regulations by statutory bodies. Implementation shall be backed by (i) internal audits and (ii) compliance checks. iii) Policy violations Abuse or misuse in NRM in terms of the Data Protection Act, the Computer misuse provisions of the Criminal Code and this Policy and its supporting documents shall be treated as an offence. CIMU reserves the right of withdrawing its consent for any NRM activity by the Agent(s) and/or Permanent Secretaries and/or take any other appropriate measures should any breach of Policy be discovered at any point in time. 2. Purpose The objective of this Policy is to promote the use of NRM tool(s) within the Public Service 3. Who should know this Policy Knowledge of this Policy shall extend to the following: Chief Information Management Officer (CIMO) Information Management Officers (IMOs) CIMU Communications Executive Head of Agent(s) Heads of Public Service entities Users of ICT resources Permanent Secretaries Page 2

3 4. Scope of applicability The provisions of this document apply to the use of NRM tools within the Public Service on the ICT resources, excluding servers, that form part of the MAGNET. NRM is the lowermost layer of a wider Enterprise Management Architecture (EMA) Model for Government. This document, along with its supporting documents, is intended to specifically cover this layer of the EMA Model. However in the absence of similar documents that specifically address the other layers of this Model, this document along with its supporting documents may, where necessary, address items that fall under the other layers. Such items shall be migrated to the appropriate similar documents, once such documents are in place. 5. Definitions Agent a trusted organisation that has the mandate by Government to provide Information and Communications services. Compliance - the process performed by CIMU or an independent body to check that a service provided satisfies the criteria set in a referenced document. Computer desktop - a personal computer designed to fit comfortably on top of a desk. Computer network a network of data-processing nodes that are interconnected for the purposes of data communication. Conformance - the correspondence by a service to the criteria set in a referenced document. Design the act of formulating the Strategic Design for NRM as explained in further detail in the Standards for this Policy. Enterprise Management Architecture (EMA) Model refers to the IT Infrastructure Library (ITIL) model for IT Service Management (ITSM) as proposed for implementation of the Enterprise Management System Format - a specific pre-established arrangement or organisation of data. File header A field that precedes the main file content and describes the length of the content and/or other characteristics of the file. Implement the act of deploying the necessary backend, frontend and control systems that form an integral part of the NRM tools. Information and Communications Technology (ICT) resource any element of a computer, data communications and peripheral data processing equipment and/or software needed to perform required operations. Maintain the act of ensuring that the NRM tools deployed and in use are kept in good working order according to the design characteristics. Network Resource Management (NRM) Tool software, specific for Network Resource Management. Page 3

4 Operate - the act of using the facilities on offer by the NRM tools deployed, normally via a special user interface. Outsourcing the act of hiring an outside source for acquiring services and an alternative delivery mechanism or resourcing alternative. Public Service entity a Government Ministry or Department. Regulate - refers to the setting of the strategic direction for Enterprise Management Architecture (that includes NRM) within the Public Service. It also implies the need to ensure that the necessary governance mechanisms are in place and are functioning well. Service Level Agreement (SLA) - a contractual obligation between parties, which stipulates and commits the service provider to a required level of service. Third Party someone other than the principals directly involved in a transaction or agreement. 6. Roles and responsibilities For the purpose of this Policy, the following roles and responsibilities have been identified: Role Responsibility 1. Chief Information Management Officer (CIMO) i. To maintain this Policy and its supporting documents. ii. To audit for compliance. iii. To regulate the use of NRM tools within the Public Service. iv. To identify Agent(s) v. To manage Service Level Agreement(s) (SLA) established with the Agent(s). 2. CIMU Communications Executive i. To publish and promote this Policy and its supporting documents. Page 4

5 3. Head of Agent i. To establish, endorse, and maintain a corporate strategic design for NRM within the Public Service. ii. To operate NRM tools in confomance to this Policy and its supporting documents. iii. To implement NRM tools in confomance to this Policy and its supporting documents. iv. To maintain NRM tools in conformance to this Policy and its supporting documents. v. To assume responsibility for any outsourcing of the related activities to Third Parties. vi. To establish, conform to and maintain related Service Level Agreement (SLA) with CIMU. vii. To participate in and/or contribute to any compliance checks as conducted by CIMU. 4. Head of Public Service Entity i. To adopt NRM, within the Public Service entity according to this Policy and its supporting documents. ii. To ensure conformance of the Public Service entity according to this Policy and its supporting documents. Page 5

6 5. Permanent Secretary i. To engage the IMO to operate NRM tool (s) within Public Service entity in conformance to this Policy and its supporting documents. ii. To present a business case to CIMU, clearly indicating present technical skills capability to be able to operate the NRM tool(s) within Public Service entity(s) for which he/she is responsible; should he/she request consent from CIMU to undertake this activity, within the parameters prescribed herein. iii. To establish, conform to and maintain a Quality Charter for operations of the NRM tool(s) within Public Service entity (s) for which he/she is responsible; should he/she be granted consent to undertake this activity, within the parameters prescribed herein. iv. To participate in and/or contribute to any compliance checks as conducted by CIMU. 6. Users of ICT resources 7. IMO i. To conform to this Policy and its supporting documents. i. To operate NRM tool(s) within Public Service entity in conformance to this Policy and its supporting documents, upon being delegated authority from the respective Permanent Secretary ii. To assist the Permanent Secretary and the Head of the Public Service Entity, subject to this Policy and its supporting documents. 7. Supporting Documents In support of this Policy, the following Standard and Directives shall be issued: 01.CIMU S0036: CIMU D0036:2003 Network Resource Management Standard Network Resource Management Directive Page 6

7 8. References 01. Information Security Framework (in preparation) 02.CIMU P 0016: CIMU P 0015: CIMU P 0011: CIMU P 0010: CIMU S 0001: CIMU S 0002: 2003 Information Security Policy Password Policy Connectivity to MAGNET Policy Electronic mail and Internet Services Policy Office Automation Hardware Standards Office Automation Software Standards 08.Computer Misuse Handbook for the Public Service 08.Desktop Support Services Handbook 09.Data Protection Act- Chapter Article 337 of the Criminal Code Chapter Convention on Cyber Crime ETS No Code of Ethics for Employees in the Public Sector - Cabinet Office Office of the Prime Minister Malta October Modification history Version Date Changes Release Page 7

8 10. Maintenance and review cycle Maintenance and review of this policy is set for six months after the initial release as indicated in the effective date. Subsequent maintenance to this policy shall be based on a twelve month cycle. Signature and stamp Joseph R Grima Permanent Secretary, Office of the Prime Minister Page 8