REPUBLIC OF RWANDA
EASTERN PROVINCE
NGOMA DISTRICT
E-mail:
Website: www.ngoma.gov.rw
July 2015
TABLE OF CONTENTS
1. INTRODUCTION 4
1.0 Definitions 4
1.1 Purpose 6
1.2 Scope 6
Individuals Covered 7
Resources Covered 7
1.3 Duration 7
1.4 Exceptions 7
1.5 Change 8
1.6 Responsibility And Authority 8
2. ACCEPTABLE USAGE POLICY 8
2.1 Authorization 8
2.2 Privacy and Monitoring 9
3. DEFINITIONS OF UNACCEPTABLE & ACCEPTABLE USAGE 11
3.1. The general behavior in ICT and open-access areas 11
3.2. Use of E-mail 11
3.3. Internet usage 13
3.4 Password Usage 15
3.5 Requirements for system administrators 17
3.6 Mobile Devices 18
3.7 Frequency of Backups 18
3.8 Deletion of Data 18
3.9 Disposal Of Old Equipment 19
3.10 Removal of data and software 19
3.11 Software and Hardware Auditing 19
3.12 Removal Of Equipment 20
3.13 Reporting Data Security Incidents 20
3.14. Specific use of the ICT Facilities 21
4. LEGAL CONSTRAINT 22
RENEWED ICT POLICIES AND PROCEDURES
1. INTRODUCTION
Information and Communication Technology (ICT) and the Internet are widely available to staff in Ngoma District Offices. The District’s technology services offer vast, diverse and unique resources to users Providing access to:
1. Computers to process data, save data, speed up, and facilitate service delivery
2. Information and Communication Networks: providing shared network resources and applications.
3. Internet Access: providing global information and social networking
4. E-Mail: providing opportunities for electronic interpersonal communication
5. Emerging applications to be adopted as appropriate.
The District policies, regulations establish rules for behavior and communication applicable to the use of ICT networks and the Internet. Individuals are responsible for their actions while using the ICT and the Internet. The use of such technology is a privilege not a right. Inappropriate use may result in restrictions or cancellation of access rights and/or further disciplinary action.
1.0 Definitions
ICT
ICT is a convergence of microelectronics, computing (hardware and software) and telecommunications. Modern trends in micro-processors and semiconductors has enable the processing and storage of enormous amount of data while integration of fiber optics and fast Ethernet technology in networks has facilitated rapid distribution of information through communication networks.
POLICY
A policy can be defined as:
1. A guiding principle designed to influence decisions, actions, etc. Typically, a policy designates a required process or procedure within an organization.
2. It is a plan of action to guide decisions and actions. The term may apply to government, private sector organizations and groups, and individuals. The policy process includes the identification of different alternatives, such as programs or spending priorities, and choosing among them on the basis of the impact they will have. Policies in short can be understood as political, management, financial, and administrative mechanisms arranged to reach explicit goals.
Benefits of policies
i) Help save time
ii) Help prevent managerial mistakes
iii) Improve consistency of decision making
Qualities of a good policy
i) Support and be consistent with organizational strategies, objectives
ii) Practical and directly relevant to the business
iii) Be reviewed frequently and amended as needed
iv) Limit discretion of managers/employees
v) Precise, easy to understand and apply
vi) Be in writing
vii) Be applied and enforced
viii) Must involve all key personnel
AN ICT POLICY IS:
“The rules and regulations set by the organization. Policy determines the type of internal and external information resources employees can access, the kinds of programs they may install on their own computers as well as their authority for reserving network resources.
Policy is also related to network quality of service (QoS), because it can define priorities by user, workgroup or application with regard to reserving network bandwidth”
1.1 Purpose
This Acceptable Use Policy applies without exception to all users of ICT facilities of Ngoma District, from District Level to Cell Level, be the staff and a visitor with temporary access privileges.
The objectives of this policy are:
· Protection of intellectual proprietary owned by District
· Protection of data integrity and confidentiality
· Prevention of unlawful conduct
· Minimize the District’s exposure to liability
· Prevention of downtime, loss of mission-critical data, or productivity loss
· To define “acceptable use” of IT resources to corporate employees and contractors, and to hold them accountable for the acceptable use of District resources
1.2 Scope
This policy covers users’ activities while using any computing facilities owned by Ngoma District wherever those facilities may be located.
It covers users’ activities while using any other computing facilities used on the District, including personally owned PCs (Personnel computer).
It covers users of Ngoma District facilities who have connected over the internet or via dial-up from outside of District to access Ngoma District resources.
Individuals Covered
In this policy, “users” are those who access, use, or handle the District’s IT resources. They include, but are not limited to: training in service, staffs, subcontractors, visitors, visiting staff, and contract support personnel, media representatives, guest speakers, and non-District entities or individuals who are granted access.
Resources Covered
This policy applies to all District IT resources, whether individually controlled, shared, stand-alone, or networked. It applies to all Hardware and software such as computers, photocopiers, printers, communication Devices, and all other electronic facilities owned, leased, operated, or provided by the District or otherwise connected to District IT resources.
All users will be deemed to be familiar with and bound by this Acceptable Use of technology resources policy (AUP), copies of which are on the District Website, District notice board, in all common workrooms, in all departmental offices.
1.3 Duration
These internal rules are constituted for unspecified duration, but this should be updated and communicated to district staffs every year.
1.4 Exceptions
There are no exceptions to this policy.
1.5 Change
This policy is maintained by the ICT/MIS Office. Requests to change the policy should be made to the Mayor. All changes will need to be approved by District Management team and ICT/MIS Officer.
1.6 Responsibility And Authority
It is the responsibility of the District executive authority to execute and monitor the effectiveness of this policy, and to administrate corrective action when it is deemed necessary or warranted.
This policy applies to all staff, administration agents and others, referred to as users throughout this policy, while accessing, using, or handling the District of Ngoma's information technology resources. In this policy, "users" include but are not limited to subcontractors, visitors, and contract support personnel, media representatives, guest speakers, and non-district entities granted access. All "users" are required to be familiar with and comply with this policy.
2. ACCEPTABLE USAGE POLICY
2.1 Authorization
In order to use the ICT Facilities of the District a person must first be properly registered to use such services. Use of District ICT facilities will be deemed to be acceptance of the terms and conditions of this policy.
It is expected that all users will adhere to the District password policy and guidelines, data protection policies in addition to all relevant District regulatory and legal requirements.
2.2 Privacy and Monitoring
The District recognizes that individuals may conduct personal use of email and the Internet in intranet outlook. However this must be kept to a minimum and be compliant with the various District and legislative requirements. If there is any doubt, please take the conservative approach and assume that it is not complaint to the District procedures and guidelines.
The District reserves the right to revoke such permission if, in the judgment of the District, these facilities are abused.
The District reserves the right for appropriately authorized staff to examine any data including personal data held on District systems or, when operationally necessary, for example to give access to a private account to a line manager.
Certain staff within the District have been authorized to examine files, emails (office emails), data within individual accounts and network traffic, but will only do so when operationally necessary.
The District reserves the right to monitor email, telephone (Closed Usergroup) and any other electronically mediated communications, whether stored or in transit, in line with the relevant regulatory and legislative rules/laws.
Reasons for such monitoring include the need to:
· Investigate or detect unauthorized use of the District’s telecommunications systems and ensure compliance with this policy or other District policies;
· Ensure operational effectiveness of services (e.g. to detect viruses or other threats to the systems);
· Prevent a breach of the law or investigate a suspected breach of the law, the District’s policies and contracts;
· Monitor standards and ensure effective quality control.
District staff that have access to personal data are responsible for ensuring that such data is not made available to unauthorized individuals and that the security of all systems used to access and manage this data is not compromised.
The District has the right to access the personal account after the staff member leaves for operational reasons and for the continuing delivery of services. Users of ICT Facilities should be aware that the District conducts random monitoring of communications, regardless of whether the use is business or personal.
Monitoring may involve:
ü Examining the number and frequency of emails;
ü Viewing sent or received e- mails from a particular mailbox or stored on any server;
ü Examining logs of ICT facility usage.
ü Internet sites visited and information downloaded. Where abuse is suspected (especially criminal activity and/or gross misconduct), the District may conduct a more detailed investigation involving further monitoring and examination of stored data (including employee-deleted data) held on servers/disks/drives or other historical/archived data.
Where disclosure of information is requested by the police (or another law enforcement authority) the request where possible will be handled by the District’s ICT/MIS Officer or other relevant person.
3. DEFINITIONS OF UNACCEPTABLE & ACCEPTABLE USAGE
· The District ICT facilities must not be provided to individual consumers or organizations outside the District except where such services support the mission of the District or are in the commercial interest of the District and permission has been granted by district management.
· The District adopts a policy of cooperation with copyright holders and law enforcement bodies, and may suspend or remove content published online while investigating claims from such bodies.
· The District will from time to time act to suspend or remove content from websites which expose the District’s reputation or brand.
· Any misuse of the District network resources may be seen as a breach of the District Disciplinary Code and lead to disciplinary action.
Unacceptable use of District computers and network resources may be summarized as:
3.1. The general behavior in ICT and open-access areas
Ø You must not consume food or drink in the vicinity of ICT equipment as it may damage the equipment and encourages vermin.
Ø Excessive noise (talking, loud music) that may interfere with other users is prohibited.
3.2. Use of E-mail
This policy applies to users and has been established to provide guidelines for the acceptable use of the email service.
Ø The District provides electronic mail services (“email”) to support the staff and partners to communicate and achieve administrative mission of the District
Ø Email is a critical means of communication at the District and many official District communications are transmitted between staff and other government institutions and agencies.
Ø Staff email: All official District email communication to District staff will be delivered to their District account and should not be automatically forwarded to external email accounts.
o Email is not a secure method of communication and staff should not send or forward confidential, personal or sensitive business information to non-District email accounts.
Ø Users of the District ICT facilities shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the District or any unit of the District unless appropriately authorized (explicitly or implicitly) to do so. While it is permissible to indicate one's affiliation with the District, unless it is clear from the context that the author is not representing the District, an explicit disclaimer must be included. An appropriate disclaimer may take the form: "These statements are my own, not those of the District of Ngoma."
Ø Users of District ICT facilities must not send email on behalf of another person, or impersonate another user when sending email, except when authorized by that person to do so.
Ø In general, the District cannot and does not wish to be the arbiter of the contents of electronic communications. Neither can the District, in general, protect users from receiving electronic communications they might find offensive.
E-mail must never be used in the following ways within the District:
Ø Sending E-mail messages for personal aims
Ø Sending E-mail messages to somebody that has offensive or extreme political opinions
Ø Sending E-mail messages to somebody who is dealing with pornographic products
Ø Sending E-mail letters of a chain letter character
Ø Forwarding E-mail letters as those mentioned above
Ø The email service must not be used to send emails that are intimidating or harassing. Disciplinary action will be taken against any user who sends threatening, intimidating or threatening emails.
Ø The email service must not be used to inappropriately distribute works protected by Intellectual Property Rights belonging to others.
3.3. Internet usage
Internet is to be used for collecting information concerning the employee’s line of work, which means that the use of the internet should be strictly professional. The Internet should be used with common sense and good judgments by all the employees within the District
The Internet must never be used in the following ways within the District:
· To download music, films, software or images to the District’s computers. However exceptions may be made when images are needed on behalf of the profession. Under these circumstances, there must always be an acknowledgement from the System and Network Administrator.
· To visit sites whose contents are against the District’s ethic rules. This may be sites of racist, pornographic or politically extreme contents. It may also be sites containing a form of illegal information.