Government of Malta. Reference: GMICT X 0004-1:2014 Version: 7.0. Effective: 07 January 2014



Similar documents
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

Change Management Process

Risk Management Policy AGL Energy Limited

Internal Audit Charter and operating standards

LINCOLNSHIRE POLICE Policy Document

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

Business Continuity Management Policy

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

Training - Quality Manual

ENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

CHANGE MANAGEMENT STANDARD

FINANCIAL SERVICES FLASH REPORT

ITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer

Major capital investment in councils. Good practice checklist for project managers

BIBH Duty Statements and Governance chart reviewed and approved April BIBH Executive Governance & Management Arrangements

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

Change Management Process For [Project Name]

10 th May Dear Peter, Re: Audit Quality in Australia: A Strategic Review

Issuing of qualifications and statement of attainment Policy and Procedures Version: 3.0 Last Modified: 1 March 2015

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

The National Cyber Security Policy

ITIL Foundation Certification Course v3 Information Technology Service Management (MIE-ITIL-FDN, 3 days)

VACANCY. SENIOR MANAGER: SPECIAL PROJECTS AND STAKEHOLDER MANAGEMENT x1 3 YEAR CONTRACT (WITH A POSSIBILITY OF BEING EXTENDED TO 5 YEARS) JOB LEVEL: 5

INFRASTRUCTURE TECHNICAL LEAD

KERRY ROGERS, DIRECTOR OF CORPORATE SERVICES/COMPANY SECRETARY

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Issuing of qualifications and statement of attainment Policy and Procedures Version: 5.0 Last Modified: 12 February 2015

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN

Human Resources Policy pol-020

CDC UNIFIED PROCESS PRACTICES GUIDE

CCHIIM ICD-10 Continuing Education Requirements for AHIMA Certified Professionals (& Frequently Asked Questions for Recertification)

Financial Accountability Handbook

CCHIIM ICD-10 Continuing Education Requirements for AHIMA Certified Professionals (& Frequently Asked Questions for Recertification)

Professional Leaders/Specialists

E-Business Strategies For a Cmpany s Bard

National Australia Bank Limited Group Disclosure & External Communications Policy

Helicopter Landing Sites Planning, Implementation and Management

THE FACULTY OF LAW AND SOCIAL SCIENCES. Department of Economics and Department of Development Studies

JOB DESCRIPTION FORM

Business Plan

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager

The Whole of Government Approach: Models and Tools for EGOV Strategy & Alignment

Equal Pay Audit 2014 Summary

FINANCE SCRUTINY SUB-COMMITTEE

Chief Finance and Operations Officer IfM Education and Consultancy Services (IfM ECS)

Appendix H. Annual Risk Assessment and Audit Plan 2013/14

Johnston Public Schools Special Education Procedural Manual. IEP Overview

Information Technology Services. University of Maine System. Version December 20, 2012

Business Continuity Management Policy

Projects Director Report Guidelines. IPMA Level A

Chapter 7 Business Continuity and Risk Management

Malpractice and Maladministration Policy

Implementing an electronic document and records management system using SharePoint 7

BRISTOL CITY COUNCIL ROLE AND EMPLOYEE PROFILE: Architect (Practitioner Level) Specific Role Data Architect

IT CHANGE MANAGEMENT POLICY

Junior Medical Officer. Supervision Guideline SAMPLE ONLY

Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

NC3A SOA Techwatch Day Call for Presentations

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

Schools and Preschools Financial Management Policy

Applying Governance to Data Center Migration Projects

1 Focus Area: Water & Urbanization

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

Duty Statement Manager The Early Years at Seymour (TEYS)

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

ISMF Standard 141 Endpoint Protection. OCIO/S4.6 Government standard on cyber security

Personal Data Security Breach Management Policy

Corporate Standards for data quality and the collation of data for external presentation

CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY

Annex 01 Recommendation #1: Establishing an Empowered Community for Enforcing Community Power

G-CLOUD FRAMEWORK SERVICE DEFINITION. Solution Architecture for Cloud Service. Copyright: point6 Ltd

SERVICE DESK TEAM LEADER

Business Continuity Management Systems Foundation Training Course

Royal College of Surgeons in Ireland Faculty of Nursing and Midwifery

POSITION DESCRIPTION. Classification Higher Education Worker, Level 7. Responsible to. I.T Manager. The Position

CDC UNIFIED PROCESS PRACTICES GUIDE

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

Duration of job. Context and environment: (e.g. dept description, region description, organogram)

Introducing the en.lighten partnership

dotafrica Launch Strategy : Operational Briefing Proposed by the ZA Central Registry Prepared by Domain Name Services (Pty) Ltd 18 February 2013

STANDARDISATION IN E-ARCHIVING

Sources of Federal Government and Employee Information

Interactive Catchment Plan Project Brief. Background to the organisation. How will we achieve this? What is a rivers trust?

Loss Share Data Specifications Change Management Plan

RE: Operational Standards for the Cancer Waiting Times Commitments

Information Governance (IG) Toolkit Change Request Process

Newborn Blood Spot Failsafe Solution (NBSFS) Operational Level Agreements. Part B: Child Health Record Department (CHRD) Users

Job Profile Data & Reporting Analyst (Grant Fund)

UNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE

Information paper Reference Data Management Service

JOB DESCRIPTION. Job Title: Business Intelligence Developer. Job Holder: Date: April 2016

CMS Eligibility Requirements Checklist for MSSP ACO Participation

Succession management in the Queensland Public Service

Environment Protection Authority

Finance, Performance and Risk Committee 2014/2015

17 Construction environmental management plan (CEMP)

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM

Transcription:

Gvernment f Malta Reference: GMICT X 0004-1:2014 Versin: 7.0 Effective: 07 January 2014 This dcument is part f the http://ictplicies.gv.mt Underlined terms are defined in the Vcabulary. Purpse The purpse f the fr the Gvernment f Malta is t regulate the intrductin and use f technlgy within the Public Sectr. Scpe and Applicability This dcument fcuses n the Gvernment f Malta s functin and its prcesses. The MITA Statute states that: It shall be a purpse f the Agency t... deliver and manage the executin f all prgrammes related t the implementatin f infrmatin technlgy and related systems in Gvernment with the aim f enhancing public service delivery. (Statement 3(1b)) Amngst such prgrammes being managed by MITA is the deplyment f an effective ICT Gvernance fr the adptin and use f infrmatin technlgy acrss the Public Sectr, cnsisting f Gvernment ICT Plicies (knwn as ). 1. Crprate Gvernance Effective crprate gvernance is intended t uphld a number f cmmn principles, including: Transparency f infrmatin and internal prcedures Accessibility f infrmatin, based n the premise that infrmatin that is nt easily accessible is n infrmatin at all Authenticity f infrmatin which calls fr the need t prtect integrity f infrmatin (infrmatin management) Third party audit t verify cmpliance t rules and practices Directrs respnsibility and accuntability t ensure legal cmpliance with the mandatry crprate gvernance framewrk Infrmatin technlgy enablement whereby technlgical tls, prcesses and practices are recgnized as reliable surces fr gd crprate gvernance. Since ICT permeates practically all aspects f business, the generatin and sustainability f infrmatin requires gvernance frm an ICT perspective. 2. ICT gvernance has been defined as: Page 1 f 11

and als as: the bard's ability t direct and cntrl the enterprise's use f IT resurces in line with strategic gals. (CObIT, 2010) addressing the definitin and implementatin f prcesses, structures and relatinal mechanisms 1 in the rganisatin that enable bth business and IT prfessinals t execute their respnsibilities in supprt f business-it alignment and the creatin f business value frm IT enabled business investments. (Van Grembergen and De Haes, 2009) The latter definitin extends the simpler CObIT definitin and fr the purpses f this ICT Gvernance in a Public Sectr cntext is adapted as fllws: ICT gvernance addresses the definitin and implementatin f prcesses, structures and relatinal mechanisms within the public sectr, that enable its prfessinals t execute their respnsibilities in supprt f the alignment f Gvernment business and Infrmatin and Cmmunicatins Technlgy (ICT) strategies and bjectives as well as the creatin f value frm ICT enabled investments. 3. Basis fr the This is based upn applicable adaptatins the Cntrl Objectives fr Infrmatin and related Technlgy (CObIT) framewrk. Reference t this framewrk shall facilitate a shared, cmmn understanding amng all stakehlders invlved. CObIT was develped by the IT Gvernance Institute (an ISACA research institute) which prvides a hlistic set f cntrl bjectives, prcesses, measures and best practices fr infrmatin technlgy management. It has emerged ut f anther framewrk develped by the Cmmittee f Spnsring Organisatins (COSO), which fcuses n internal and financial cntrls. The develpment f CObIT versins 3 and 4 had seen its increased alignment t ther internatinally recgnised standards and best practices such as Infrmatin Technlgy Infrastructure Library (ITIL), ISO 27001 and PRjects IN Cntrlled Envirnments (PRINCE2). In fact, in rganisatins where these last-mentined standards and framewrks are already implemented, it is recmmended that they are used in cnjunctin with CObIT. The latest versin f CObIT (versin 5) builds upn versin 4.1 and integrates int it the IT Gvernance Institute s wn Val IT 2.0 and Risk IT framewrks, and als aligns itself mre fully t the ISO/IEC 38500 dmains. CObIT has als evlved frm an audit framewrk in 1996 int a framewrk fr the gvernance and management f enterprise IT in 2012 that presents plicies as a fundamental factr fr influencing prper gvernance and management ver IT. CObIT 5 is based upn seven enablers as supprt tls fr the implementatin f gvernance and management f enterprise IT, ne f which is Principles, Plicies and s. Gd Practices, Gals and metrics, Stakehlders and Life Cycle are the fur enabler dimensins f a plicy framewrk. 4. Gd Practices 4.1 The delineatin f and Gvernance COBIT 5 delineates between management and gvernance. Gvernance ensures that stakehlder needs, cnditins and ptins are evaluated t determine balanced, agreed-n bjectives t be achieved, setting directin thrugh priritisatin and decisin making; and 1 Relatinal mechanisms refer, amngst thers, t plicies and prcedures Page 2 f 11

mnitring perfrmance and cmpliance against agreed n directin and bjectives 2 On the ther hand, management plans, builds, runs and mnitrs activities in alignment with directin set by the gvernance bdy t achieve the enterprise bjectives. 4.2 dcumentatin dcumentatin is rganised in the fllwing cntent types: dcumentatin type Scpe (in terms f the delineatin) Definitin Gvernance A directin, line, manifest, principle r stance f a strategic nature stating the fficial intentin f Gvernment. A lucid, vendr-neutral statement abut Gvernment's intentins in the Infrmatin and Cmmunicatins Technlgy (ICT) field. Statements intended t regulate Public Sectr behaviur with respect t the adptin and use f ICT in Gvernment. GMICT Specificatin / Standard A specificatin r cnfiguratin required fr ICT related prducts, services r peratins. GMICT Directive Instructins related t the implementatin f Plicies and Standards. GMICT Prcedure An fficial (and authrised) way f ding smething. This is nrmally expressed as a wrkflw. GMICT Frm Specifies varius items f infrmatin required, usually as part f a Prcedure. Table 1 4.3 Radmap The Radmap (GMICT X 0004-2) that accmpanies this utlines published and intended GMICT plicy activity ver a three year perid and which is updated every six mnths. Frm a COBIT perspective, the Radmap, reflects the management, and specifically the planning aspect f plicy. 5. Gals 5.1 Underlying Principles The fllwing principles fr the functin are drawn frm the Natinal ICT Strategy as reflected in the MITA Strategic Plan 2009-2012: Transfrmatin-driven apprach t allw fr mre value and lwer cst fr Gvernment Mnitring f emerging trends within the infrmatin sciety fields 2 www.isaca.rg/cobit/dcuments/cobit5-intrductin.ppt Page 3 f 11

Cntinuus imprvement in plicy management Independence frm peratinal functins that may impair bjectivity in plicy management Risk averse apprach with respect t Gvernment security interests Open standards and technlgy apprach Clse cllabratin with ther aspects f ICT gvernance, which include, but are nt limited t, Business, Infrmatin Security gvernance, Data gvernance and Cmpliance Cmmunicatin and invlvement f all stakehlders cncerned. 5.2 Terms f Reference Fllwing the underlying principles, the fllwing Terms f Reference are drawn fr the functin: 1. T identify new requirements and t recmmend apprpriate GMICT develpment t the Chief Technlgy Officer. 2. T act as the pint f reference with respect t interpretatin f published GMICT. 3. T versee the develpment f drafted by its primary plicy cntributr and be respnsible fr its review, leading t publicatin. 4. T fster further cllabratin with all stakehlders, including but nt limited t the Office f the CIOs, the Security Gvernance functin, the Data Gvernance functin and the Cmpliance functin. 5. T induce awareness f established amng the stakehlders cncerned. 6. Stakehlders The key stakehlders fr are: MITA (the Agent) that frmulates the principles n behalf f Gvernment, based upn Gvernment s technlgy directin and legislatin the Public Sectr that implements these principles. Page 4 f 11

Lifecycle Lifecycle Stakehlders (MITA & Public Sectr) (CTO) Cntributr functin External prcess/ dcument PHASE 1 - Plan (Plan Radmap) Including but nt limited t: (i) Existing GMICT (ii) MITA Strategic Plan (iii) Relevant Gvernment publicatins (iv) Relevant EU publicatins (v) Feedback frm Cmpliance (vi) Mandates Prvide feedback fr Radmap review Authrise Radmap Scheduled Radmap update Radmap update Publish Radmap D Fig. 3 Official Dcumentatin Radmap Schedule plicy wrk based n Published Radmap B Fig. 2, 3 Draft/Update Template Required cntent received? Escalatin Prcedure (Fig. 6) Vet plicy cntent PHASE 2 - Plan and Organise (Plan Cntent) It is the prergative f the Chief Technlgy Officer (CTO) t decide whether a draft plicy shuld be subject t external review r nt. Fr External Review? E Fig. 2 Further revisins required? Issue Draft fr Review A Fig. 2 Figure 1 Page 5 f 11

Lifecycle Stakehlders (MITA & Public Sectr) (CTO) Cntributr functin External prcess/ dcument PHASE 3 - Plan and Organise (Plan Cntent) leading t Delivery and Supprt ( implementatin upn publicatin) Feedback is t be prvided within timeframes as established by the functin. The Chief Technlgy Officer (CTO) shall be the first reference pint fr authrisatin. The CTO may refer the t the Chief Executive Officer (CEO) fr apprval, particularly in cases where a is deemed f critical imprtance. Prvide feedback E Authrise Cntribute t updates accrdingly A Changes Required? Majr changes required? Update plicy draft accrdingly Authrised? Finalise and Publish B PHASE 4 - Mnitr & Evaluate (Check implementatin) Includes but may nt be limited t Exemptin Trend Analysis Includes but is nt limited t nging feedback frm CIOs and MITA stakehlders C Cmpliance Audits Gauge plicy implementatin Feedback Figure 2 Page 6 f 11

Lifecycle Stakehlders (MITA & Public Sectr) (CTO) Cntributr functin External prcess/ dcument C Fig. 2 i.e. is this a new plicy nt factred in the radmap r a plicy that is included in the radmap but that needs t be repriritised in the radmap? Determine where changes need t be applied As planned in Radmap? B Mandate Frm Fill in Mandate frm Review mandate request Decide n Mandate Updates Necessary? Clarificatins Required? Escalate? May be required if the necessary updates are nt given accrdingly Escalatin Prcedure (Fig. 4) Authrised? PHASE 5 - Mnitr & Evaluate (Act) Infrm the requestr accrdingly D Figure 3 Page 7 f 11

Lifecycle: Escalatin Prcedure Stakehlders (MITA & Public Sectr) (CTO) Cntributr functin External prcess/ dcument Apart frm GMICT (drafting r update), may include GMICT Mandate fr further clarificatin Generally 2 weeks are allwed Take actin accrdingly Escalatin Prcedure Start Request (in writing) the required actin frm the Primary cntributr Required update received? N If this is nt the first reminder, escalate t Cntributr s Line fr pssible repriritisatin f tasks Initial grace perid? N Secnd grace perid? Y N Escalate t CTO, advising clsure f pending GMICT dcumentatin prcess Y Y Clse prcess? N Send a reminder (in writing) t the Cntributr Y Infrm Primary plicy cntributr accrdingly re. clsure Strike ff pending dcumentatin frm Register Escalatin Prcedure Clsure Figure 4 Page 8 f 11

6.1 Authrisatin The management lifecycle essentially calls fr management invlvement particularly during the plicy authrisatin prcess. dcumentatin shall therefre be authrised at the apprpriate management level within MITA, based upn criteria as indicated in Table 2, belw. Ptential Criteria Acrnym Meaning f Acrnym Further explanatin STR Strategic Imprtance f the t the Public Sectr Implies the significance f the plicy upn: the public, sciety, natinal interest, any ther matter which carries significant sensitivity t Gvernment interests e.g. security, Gvernment plicy OPR Degree f change expected t peratinal business practices in the Public Sectr (including MITA) thrugh intrductin f the Implies the degree f change required in current wrk practices / prcesses fr cnfrmance t the Table 2 7.2.3 Cmpliance Any dcument carries an Effective Date, which refers t the date frm when the prvisins f the particular dcument start t apply. Hwever, it is als understd that there may be instances when it is nt pssible fr the prvisins f a GMICT plicy dcument t be implemented with immediate effect as frm the Effective Date. Therefre, the functin addresses such a pssibility in tw ways, prir t dcument publicatin, specifically during the drafting and the review stages: (i) (ii) The template includes an ptinal Sectin related t Cmpliance. This Sectin is expected t prvide parameter(s) f applicability, transitin requirement(s) and crrespnding date(s) by which part r all f a dcument is expected t be cmplied with. The Transitin requirements are nt expected t be highly specific, particularly where varius implementatin scenaris are knwn t exist within the cntext under cnsideratin. Hwever they shuld at least be expected t utline the cmmn high level requirements expected acrss all f the varius ptential scenaris. The review prcess f draft dcuments is inherently expected t prvide first-hand feedback frm its effected stakehlders. The feedback is Page 9 f 11

mainly expected t fcus n the validity f the principles underlying statements as well as any ptential issues f enfrcement f the prpsed dcument. It shuld therefre serve as a mechanism fr assessing the impact f the and fr any cmpliance parameters r timelines t be established prir t the s publicatin. Please refer t the Cmpliance (GMICT X 0018). 7. References 1. Calder, A (2008), ISO/IEC 38500, The IT gvernance standard, IT Gvernance Publishing, UK, p. 19 2. Carill, J. (2013) IT based n COBIT 5, Gvernance and f Enterprise IT, ISACA Jurnal p.24 3. IT Gvernance Institute (2007), COBIT 4.1, www.itgi.rg 4. Lallana, E. (2010), ICT fr Develpment plicy, prcess and gvernance, Briefing te 2, United Natins Asian and Pacific Training Centre fr ICT fr Develpment, January 2010 5. MITA Strategic Plan 2009-2010 6. Pye, G. and Warren,M.J. (2006), Striking a balance between ethics and ICT Gvernance, Australasian Jurnal f Infrmatin Systems, 13, 2, 201-207 7. Queensland Gvernment - Department f Educatin and Training(2009), Summary,Versin 1.1, Trim 2009/95440 8. Mir, S.T.W. (2008), The Calder-Mir IT Gvernance Overview, Versin 2.0, July 2008 9. Zilkwski, R. and Clark, E. (2005), Standards f : The need fr strnger epistemlgical fundatins in shifting sands, The Asia Pacific Jurnal f Public Administratin, 26,1, 77-90 Mdificatin Histry Versin Effective Date Changes 1.0 08/11/2010 Initial Release 2.0 18/11/2010 Secnd Release 3.0 23/11/2010 Third Release - based n update t Lifecycle 4.0 13/06/2011 5.0 16/04/2012 Additin f the Lifecycle: Escalatin prcedure 6.0 06/12/2012 Additin f Scpe f Suite (Sectin 7.2) 7.0 07/01/2014 Simplificatin f general cntent and update f Lifecycle Issuing Authrity This dcument has been issued with the authrity f the Malta Infrmatin Technlgy Agency. Page 10 f 11

Cntact Infrmatin Gvernment ICT Plicies, Directives, Standards and assciated publicatins can be fund at http://ictplicies.gv.mt. Any suggestins, queries r requests fr clarificatin regarding Gvernment ICT Plicies, Directives and Standards may be frwarded t ictplicies@gv.mt. Page 11 f 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information