Introduction

The Information and Communications Technology and Security policy is a formal statement of the rules and guidelines applied by the Municipality which must be adhered to by people utilising and managing the ICT facilities.  This policy has been developed in line with the Electronic Communication Security Act, 68 of 2002, the South African Minimum Information Security Standards, and Control Objectives for Information Related Technology (COBIT), ISO 17799, System Administration, Networking and Security Institute (SANS) and Information Technology Infrastructure Library (ITIL).

Objective

The purpose of this document is to formalise an Information and Communications Technology (ICT) Usage and Security Policy, which provides guidelines for introducing and maintaining ICT into the Municipality in a controlled and informed manner, while addressing the key elements of control and security. Those who use the Municipalities ICT facilities are expected to do so responsibly and within normal standards of professional and personal courtesy and conduct.

The purpose of this policy is:

• To inform users and managers of their responsibilities when utilising information assets, as well as for protecting technology and information assets;

• To specify the mechanisms through which these requirements must be met

• To provide a baseline from which to acquire, configure and audit computer systems and networks in compliance with the policy;

• To minimise disruption to and misuse of the municipalities ICT infrastructure;

• To ensure that the municipalities resources are used for purposes appropriate to the business mission; and

• To define what users may or may not do on the various components of the system infrastructure.

Users are hereby informed of expected standards of conduct and the punitive measures for not adhering to them. Any attempt to violate the provisions of this policy will result in disciplinary action in line with the Municipalities disciplinary code.