Network Resource Management Policy



Similar documents
Third party Web hosting services security Policy

Information Security Policy

Managed Desktop Support Services

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Service Level Agreement (SLA) for Customer by. Cybersmart ISP. (Cloud Hosting Agreement)

How To Protect Decd Information From Harm

INFORMATION TECHNOLOGY SECURITY STANDARDS

Remote Access Policy

Merthyr Tydfil County Borough Council. Information Security Policy

1st June Internet Access Service Provider (IASP) Sub-Code for the Communications and Multimedia Industry Malaysia

NHS Commissioning Board: Information governance policy

Draft Information Technology Policy

Newcastle University Information Security Procedures Version 3

PUBLIC SERVICE ACT An Act to make provision in respect of the public service of Lesotho and for related matters. PART I - PRELIMINARY

Data Protection Act. Privacy & Security in the Information Age. April 26, Ministry of Communications, Ghana

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

ONE TO ONE LAPTOP PROGRAMME POLICY

Information Governance Strategy :

DATA PROTECTION REQUIREMENTS FOR ATTENDANCE VERIFICATION SYSTEMS (AVSs)

Information Governance Policy (incorporating IM&T Security)

(Instructor-led; 3 Days)

2015 EDUCATION PAYROLL LIMITED STATEMENT OF INTENT

Service Children s Education

ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting

REMOTE WORKING POLICY

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Guidelines Related To Electronic Communication And Use Of Secure Central Information Management Unit Office of the Prime Minister

Information Governance Strategy & Policy

ACT ON ELECTRONIC SIGNATURES AND CERTIFICATION BUSINESS Act No. 102 of May 31 of 2000

FREDERICK BREMER SCHOOL E SAFETY POLICY Date of Issue: June 2015 Ratified: For review:

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

Information Governance Framework and Strategy. November 2014

IRCA Briefing note ISO/IEC : 2011

RECORDS MANAGEMENT POLICY

NSW Government Digital Information Security Policy

Management Standards for Information Security Measures for the Central Government Computer Systems

IT Governance Charter

Act 7 National Audit Act 2008

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Accessing Personal Information on Patients and Staff:

Information Security Policies. Version 6.1

Rules for Unibz It And eurac.edu

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

University of Sunderland Business Assurance Information Security Policy

Policy Document Control Page

Act on the Supervision of Credit Institutions, Insurance Companies and Securities Trading etc. (Financial Supervision Act)

PERSONAL DATA PROTECTION CHECKLIST FOR ORGANISATIONS

Security Incident Management Policy

Encryption Policy Version 3.0

Shmeisani: Al-Hussary Street Anshasi Sq P.O. Box Amman Jordan Telephone:

iso20000templates.com

Tasmanian Government Information Security Framework

Information Security Incident Management Policy

Information Incident Management Policy

Part 1 of Schedule 1 of IFSA

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

Estate Agents Authority

Information security controls. Briefing for clients on Experian information security controls

POLICY FOR WEBSITE DEVELOPMENT, HOSTING AND MAINTENANCE Department of Information Technology GOVERNMENT OF PUNJAB

Information Governance Framework

TERMS OF USE 1. Definitions

SECURITY GUIDELINES INFORMATION SECURITY MANAGEMENT SYSTEM FOR COMPUTERISATION OF LAND RECORD

Rotherham CCG Network Security Policy V2.0

Law on the Deposit Insurance Agency (Official Gazette of the Republic of Serbia, No. 14/2015) (Unofficial Translation)

Information Circular

An Act to provide for the facilitation of the use of electronic transactions and signatures and for related matters.

NSW Government Digital Information Security Policy

Release Management PinkVerify v2.1. Mandatory Criteria

ITIL's IT Service Lifecycle - The Five New Silos of IT

Information and Compliance Management Information Management Policy

Policy Title: Information and Communication Technologies (ICT) Service Management Policy. Policy Number: P60122

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction Policy Statement Purpose...

Policy (Board Approved)

Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual:

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

How To Be An Itil Service Desk Manager

Information Security Incident Management Policy and Procedure

Subject: Information Technology Configuration Management Manual

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015

IT06 - Information Technology (IT) Hardware and Software Policy

DATA PROTECTION LAWS OF THE WORLD. India

CODE OF PRACTICE. Safety Management. Occupational Safety and Health Branch Labour Department CODE OF PRACTICE ON SAFETY MANAGEMENT 1

The Electronic Transactions Law Chapter I Title and Definition

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Information Security Policy

Transcription:

Office of the Prime Minister Policy document CIMU P0036:2003 Version: 1.0 Effective date: 10.12.2003 Network Resource Management Policy 1. Policy statement i) General Information and Communications Technology (ICT) resources forming part of the Malta Government Network (MAGNET) are provided for Government of Malta (Government) business use and hence are deemed to be the property of Government. Government seeks to reduce total cost of ownership, improve quality, whilst minimising security risks in support of its ICT resources forming part of the MAGNET; through automated means. Such a concept shall be termed as Network Resource Management (NRM) and shall form part of a wider Enterprise Management Architecture (EMA) Model. In support of the above concept, NRM tool(s) shall be adopted within the Public Service. They shall de facto serve as the means of providing operational support to such ICT resources. The NRM tool(s) shall be regulated by CIMU. Upon consent from CIMU, the NRM tool(s) shall be : implemented by the Agent(s); operated by the Agent(s) and/or Permanent Secretaries,subject to the parameters prescribed herein. CIMU shall consider the scope of such operations by the Permanent Secretaries on a case by case basis; based but not limited to the existing Page 1

technical skills capacity falling under the respective Permanent Secretary's responsibility; maintained by the Agent(s). In support of the above operational framework, related requests for services or incidents shall be passed through a centralised Service Call Centre, as directed by CIMU. ii) Implementation The target population for implementation of the Policy and its supporting documents are: (i) Public Service (ii) Agent(s) and (iii) Third Parties that may be contracted to implement and/or operate and/or maintain the NRM tool(s). Implementation shall be within the context of (i) defined corporate strategic design for Network Resource Management in the Public Service (ii) defined service levels (iii) the Information Security Framework (in process), (v) a defined Architecture, subject to each Public Service Entity's connectivity needs, (vi) Convention on Cyber Crime ETS No. 185 (signed by Government on 17.01.2003 but still to be ratified) and (vii) Laws of Malta and regulations by statutory bodies. Implementation shall be backed by (i) internal audits and (ii) compliance checks. iii) Policy violations Abuse or misuse in NRM in terms of the Data Protection Act, the Computer misuse provisions of the Criminal Code and this Policy and its supporting documents shall be treated as an offence. CIMU reserves the right of withdrawing its consent for any NRM activity by the Agent(s) and/or Permanent Secretaries and/or take any other appropriate measures should any breach of Policy be discovered at any point in time. 2. Purpose The objective of this Policy is to promote the use of NRM tool(s) within the Public Service 3. Who should know this Policy Knowledge of this Policy shall extend to the following: Chief Information Management Officer (CIMO) Information Management Officers (IMOs) CIMU Communications Executive Head of Agent(s) Heads of Public Service entities Users of ICT resources Permanent Secretaries Page 2

4. Scope of applicability The provisions of this document apply to the use of NRM tools within the Public Service on the ICT resources, excluding servers, that form part of the MAGNET. NRM is the lowermost layer of a wider Enterprise Management Architecture (EMA) Model for Government. This document, along with its supporting documents, is intended to specifically cover this layer of the EMA Model. However in the absence of similar documents that specifically address the other layers of this Model, this document along with its supporting documents may, where necessary, address items that fall under the other layers. Such items shall be migrated to the appropriate similar documents, once such documents are in place. 5. Definitions Agent a trusted organisation that has the mandate by Government to provide Information and Communications services. Compliance - the process performed by CIMU or an independent body to check that a service provided satisfies the criteria set in a referenced document. Computer desktop - a personal computer designed to fit comfortably on top of a desk. Computer network a network of data-processing nodes that are interconnected for the purposes of data communication. Conformance - the correspondence by a service to the criteria set in a referenced document. Design the act of formulating the Strategic Design for NRM as explained in further detail in the Standards for this Policy. Enterprise Management Architecture (EMA) Model refers to the IT Infrastructure Library (ITIL) model for IT Service Management (ITSM) as proposed for implementation of the Enterprise Management System Format - a specific pre-established arrangement or organisation of data. File header A field that precedes the main file content and describes the length of the content and/or other characteristics of the file. Implement the act of deploying the necessary backend, frontend and control systems that form an integral part of the NRM tools. Information and Communications Technology (ICT) resource any element of a computer, data communications and peripheral data processing equipment and/or software needed to perform required operations. Maintain the act of ensuring that the NRM tools deployed and in use are kept in good working order according to the design characteristics. Network Resource Management (NRM) Tool software, specific for Network Resource Management. Page 3

Operate - the act of using the facilities on offer by the NRM tools deployed, normally via a special user interface. Outsourcing the act of hiring an outside source for acquiring services and an alternative delivery mechanism or resourcing alternative. Public Service entity a Government Ministry or Department. Regulate - refers to the setting of the strategic direction for Enterprise Management Architecture (that includes NRM) within the Public Service. It also implies the need to ensure that the necessary governance mechanisms are in place and are functioning well. Service Level Agreement (SLA) - a contractual obligation between parties, which stipulates and commits the service provider to a required level of service. Third Party someone other than the principals directly involved in a transaction or agreement. 6. Roles and responsibilities For the purpose of this Policy, the following roles and responsibilities have been identified: Role Responsibility 1. Chief Information Management Officer (CIMO) i. To maintain this Policy and its supporting documents. ii. To audit for compliance. iii. To regulate the use of NRM tools within the Public Service. iv. To identify Agent(s) v. To manage Service Level Agreement(s) (SLA) established with the Agent(s). 2. CIMU Communications Executive i. To publish and promote this Policy and its supporting documents. Page 4

3. Head of Agent i. To establish, endorse, and maintain a corporate strategic design for NRM within the Public Service. ii. To operate NRM tools in confomance to this Policy and its supporting documents. iii. To implement NRM tools in confomance to this Policy and its supporting documents. iv. To maintain NRM tools in conformance to this Policy and its supporting documents. v. To assume responsibility for any outsourcing of the related activities to Third Parties. vi. To establish, conform to and maintain related Service Level Agreement (SLA) with CIMU. vii. To participate in and/or contribute to any compliance checks as conducted by CIMU. 4. Head of Public Service Entity i. To adopt NRM, within the Public Service entity according to this Policy and its supporting documents. ii. To ensure conformance of the Public Service entity according to this Policy and its supporting documents. Page 5

5. Permanent Secretary i. To engage the IMO to operate NRM tool (s) within Public Service entity in conformance to this Policy and its supporting documents. ii. To present a business case to CIMU, clearly indicating present technical skills capability to be able to operate the NRM tool(s) within Public Service entity(s) for which he/she is responsible; should he/she request consent from CIMU to undertake this activity, within the parameters prescribed herein. iii. To establish, conform to and maintain a Quality Charter for operations of the NRM tool(s) within Public Service entity (s) for which he/she is responsible; should he/she be granted consent to undertake this activity, within the parameters prescribed herein. iv. To participate in and/or contribute to any compliance checks as conducted by CIMU. 6. Users of ICT resources 7. IMO i. To conform to this Policy and its supporting documents. i. To operate NRM tool(s) within Public Service entity in conformance to this Policy and its supporting documents, upon being delegated authority from the respective Permanent Secretary ii. To assist the Permanent Secretary and the Head of the Public Service Entity, subject to this Policy and its supporting documents. 7. Supporting Documents In support of this Policy, the following Standard and Directives shall be issued: 01.CIMU S0036:2003 02.CIMU D0036:2003 Network Resource Management Standard Network Resource Management Directive Page 6

8. References 01. Information Security Framework (in preparation) 02.CIMU P 0016:2003 03.CIMU P 0015:2002 04.CIMU P 0011:2002 05.CIMU P 0010:2002 06.CIMU S 0001: 2003 07.CIMU S 0002: 2003 Information Security Policy Password Policy Connectivity to MAGNET Policy Electronic mail and Internet Services Policy Office Automation Hardware Standards Office Automation Software Standards 08.Computer Misuse Handbook for the Public Service 08.Desktop Support Services Handbook 09.Data Protection Act- Chapter 440 http://www.justice.gov.mt 010.Article 337 of the Criminal Code Chapter 09 http://www.justice.gov.mt 011.Convention on Cyber Crime ETS No. 185 http://conventions.coe.int 012.Code of Ethics for Employees in the Public Sector - Cabinet Office Office of the Prime Minister Malta October 1994 9. Modification history Version Date Changes 1.0 10.12.2003 Release Page 7

10. Maintenance and review cycle Maintenance and review of this policy is set for six months after the initial release as indicated in the effective date. Subsequent maintenance to this policy shall be based on a twelve month cycle. Signature and stamp Joseph R Grima Permanent Secretary, Office of the Prime Minister Page 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information