DRAFT
1st Draft
Ciidanka Ilaalada Xeebaha Somaliland Hargeisa / / Somaliland coast GuardHargeisa
PROCEDURE: Use of Information Technology (IT)Equipment and Services
PURPOSE: The purpose of this standard procedure for the use of Information Technology is to set out the activities which all staff will undertake in order to safeguard the equipment and services provided and the associated data or information.
Draft Date:
- 4 December 2015
Executive Approval Date: / Forms:
Document Owner: / Notes:
1. Application.
1.1. These regulations apply to all IT equipment and services which belong to or are provided by the SLCG, whether used within SLCG property or elsewhere.
1.2. These regulations apply to all staff of the SLCG and anyone else using IT equipment and services belonging to the SLCG. People who are not SLCG staff members are not permitted to use IT equipment and services belonging to the until they have been properly authorised to do so by [the Head of IT] and have read and agreed to abide by these regulations.
1.3. These regulations apply equally to any private IT equipment which may be brought into the SLCG or used for purposes of SLCG work. Such use of private IT equipment requires the prior authorisation of the [Head of IT] and must be properly protected against virusesor other malware and not pose a threat to or damage the integrity or security of SLCG IT equipment, systems, data or information.
1.4. All SLCG staff and all users of SLCG IT equipment and services, or users of private IT equipment brought into the MoD and used for the purposes of SLCG work, are to sign a certificate stating that they have read and agreed to abide by these regulations. This is to be repeated annually and a record maintained by [the Head of IT].
2. Care of Equipment and Services.
2.1. Hardware.
2.1.1. Users are responsible for the physical care of all SLCG IT equipment which they use, including its cleanliness and protection from dust and damp. Users are not to move or reconnect equipment, except for laptops and other portable items, without authorisation from [the Head of IT]. Users are not to connect new equipment or hardware without authorisation from [the Head of IT]. Any concerns with the state or performance of hardware are to be reported immediately to [the Head of IT].
2.1.2. SLCG IT equipment is always to be secured in a locked office when not in use. Laptop computers and any individual hard drives, which are more easily removed, are to be secure in a locked cabinet when not in use. Anyone who takes aSLCG laptop out of the SLCG for official purposes is to carry an document signed by [the Head of IT] specifically authorising him to do so and making him responsible for the care and security of the laptop and its ancillaries until he returns it to the SLCG.
2.1.3. IT equipment is valuable and attractive. It will therefore be checked every month for presence and serviceability by [the Head of IT], in addition to the annual checks required under normal asset management.
2.2. Software. Users are to ensure that they do not permit any virus or other malicious software to be introduced to or transmitted on SLCG IT equipment and services. Users are not permitted to connect or download any new software without authorisation from [the Head of IT]. Any suspected occurrences of viruses or other malicious software are to be reported immediately to [the Head of IT].
2.3. Data.
2.3.1. Users are to ensure that they do not allow unauthorised access, transmission or loss of data, particularly where that data affects national security or the privacy of personnel. Users are to ensure that they do not corrupt or disrupt data belonging to other users, nor access that data without proper authority from the owner.
2.3.2. Users shall treat as confidential any information which may become available to them through the use of SLCG IT equipment and services and which is not clearly intended for unrestricted dissemination. Such information shall not be copied, modified, disseminated or used, either in whole or in part, without appropriate authority.
2.3.3. Particular care is to be taken over the holding and use of data relating to individuals, which may only be used for the purposes for which it obtained with the consent of the individual concerned. E.g. the staff in the Personnel Department may hold and use data on staff members for functions related to employment, pay etc. Other staff may not access this data and such data is not to be used for other purposes.
2.3.4. Users are responsible for organising their own data in compliance with any instructions given by [the Head of IT]. Users are responsible for managing their own data, in particular the weeding of material which is no longer required and the archiving of data which should be retained.
3. Use of IT Equipment and Services.
3.1. SLCG IT equipment and services are provided only for purposes connected with the work of the SLCG and are not to be used for any other purpose, in particular not for any private, entertainment, commercial or unlawful activity.
3.2. SLCG IT equipment and services are not to be used for the creation, transmission, storage, downloading or display of any offensive, obscene, indecent, menacing, harassing or defamatory images, data or other material.
3.3. SLCG IT equipment and services are not to be used the creation or transmission of or access to material which infringes a copyright, moral right, trade mark, licence or other intellectual property right;
3.4. SLCG IT equipment and services are not to be used for the sending of any email or message which does not correctly identify the sender or computer from which it was sent or which attempts to disguise its origin.
3.5. SLCG IT equipment and services are not to be used to gain, or to attempt to gain, unauthorised access to any facility or service within or outside the MoD or to attempt to disrupt or damage such a facility or service. SLCG IT equipment and services are not to be usedto permit unauthorised personnel access to SLCG IT services or data.
3.6. SLCG IT equipment and services are not to be used for the transmission of emails and other messages to an excessive number of recipients or of emails and messages which are intended to encourage the propagation of further copies.
3.7. Use of file-sharing technology and participation in distributed file-sharing networks may be subject to additional regulation and restriction in order to prevent excessive use of SLCG resources, or the use of those resources for purposes unconnected with the SLCG.
4. Passwords.Any password, authorisation code, etc. given to a user will be for his or her use only, and must be kept secure and not disclosed to or used by any other person. Exceptions may be made for accounts set up specifically to carry out collective functions, but authorisation for this must be given by [the Head of IT].
5. Control.
5.1. The SLCG has the right to exercise control over the use of IT equipment and services, including monitoring and examining the content of users’ data and email, where necessary in connection with properly authorised investigations into suspected breaches of these regulations.
5.2. The SLCG may prevent access to IT equipment and services to any person or item which may pose a threat or which is not compliant with these regulations.
6. Reporting.Any difficulties with or errors in the application of these regulations is to be reported immediately to the [Head of IT].
Certificate: Use of Information Technology (IT) Equipment and Services.This is to confirm that I have read and agree to comply with the Somaliland Coast Guard,procedure for the use of information technology equipment and services.
Name: Cabdisalaam Maxamed Cabaas
Date: 22/2/2016 / Signature:
1
DRAFT