Information Security

Aberdeen City Council relies heavily on information: which could be printed or written on paper; stored electronically; transmitted by post or by using electronic means; shown in films; or spoken in conversation. Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected.

Information is fundamental to the Council satisfying its corporate governance and legal obligations, the successful operation of its business processes and the delivery of its public service.

What does a manager need to do

Managers need to ensure that:

  •  They are aware of their obligations under the Management of Information Security Policy and those of the Corporate ICT Acceptable Use Policy.
  • Staff for whom they have day-to-day line management responsibility are made aware (via team briefings/meetings) of their obligations in respect of the corporate ICT Acceptable Use Policy and its obligations and any additional ones which might arise from periodically published Information Security guidance/advisories.
  • They encourage a culture of proactive incident reporting and logging with their staff.
  • They and their staff undertake appropriate Information Security awareness learning as may be required from time-to-time (in order to improve their individual knowledge and understanding of what the Information Security ‘threat’ entails, so enabling them to work more securely).
  • Their individual Head of Service and the Information Security Officer/ICT Security Team staff are advised of issues of specific concern.

Software Applications

The software applications we use to manage our electronic data play a key part in the management of our information. There are many software applications used across the Council and you will come in to contact with some of them on a regular basis as a system owner, administrator or user. These software applications are assets and they need to be managed as such to assist in realising the Council’s approved vision for our assets:-

“The Council will provide assets, working with partners, where appropriate, which support the Council in the delivery of quality services by being fit for purpose, accessible, efficient, suitable and sustainable.”

The management of these assets also links in to our IT Governance, which is concerned with the performance and risk management of our software applications and data as well as our technology infrastructure. With our technology infrastructure including the devices (e.g. servers, pcs, laptops and mobile devices) and networks our software applications run on and are accessed through, and our data is stored on and accessed through.

Clarifying, bringing consistency to and communicating the role of system owner and responsibilities associated with it, will facilitate improvements in proactively managing our software applications and this in turn will facilitate improved:

  • Information Management;
  • Asset Management; and
  • IT Governance;

to benefit the delivery of our business services and the realisation of the Council’s strategic priorities.

Your Responsibilities

  • There should be a single system owner for each software application.
  • System owners should work closely with their ICT Account Manager.
  • The system owner should understand the data that is managed within the software application they ‘own’.
  • The system owner should understand their responsibilities for the software application they ‘own’ and manage on behalf of the organisation, they should
  • Understand the functionality of their software application and the services it provides to support business functions and processes in delivering business services to customers;
  • Be aware of and understand the vendor roadmap for their software application i.e. how the vendor is developing the software application and how its functionality will change as each new  version of the application becomes available;
  • Understand how these changes in functionality will impact how the software application supports business functions and processes on an on-going basis;
  • Understand their responsibilities in working with ICT and others (e.g. system administrators, system users, Finance, Legal and Procurement) to actively manage their software application over its lifecycle and the duration of its contract; e.g.
  • Plan: for any new software application requirements to meet business needs;
  • Acquire: software applications to meet those requirements;
  • Deploy: the acquired software applications;
  • Maintain: the software application; and
  • Retire: the software application at the end of its life cycle having planned, acquired and deployed any new software application to meet any new requirements.

At present, it is essential that as an organisation, we fully understand how our software applications work in and for our business. This is equally as important as understanding how the software applications work technically in our data centre and run on our technology infrastructure.

In future, given the development of ‘Cloud’ services, it may actually become more important to understand how our software applications work in and for our business than it is to understand how they work technically and the infrastructure they run on.

Click here to return to the main Resources Hub page

Add a ‘Like’ and/or ‘Rating’ below to indicate how useful you found this page

 

(Visited 6 times, 1 visits today)
Please Rate this Page

0 Comments

%d bloggers like this: