Case Study

Review and update ICT Policies

Client Details
  • Regional Council
The Challenge(s)
  • Outdated ICT policies that are not suitable for the current ICT environments
  • Policies need to be written in a consistent and easy to understand way so that all staff can follow them
  • Time constraints, needed to provide core policies within a short timeframe
  • Lack of a Cyber Security strategy or risk assessment methodology
The Solution
  • Review current ICT Policies and identify requirements to revise and update them in alignment with the NSW State government guidelines
  • Draft Risk Management Policy, Cyber Security Policy and other related policies while taking into consideration the state and capabilities of current systems.
  • Workshop policies with stakeholders and ensure that there is a clear understanding of the responsibilities and inherent tasks that need to be carried out to meet the policy requirements.
  • Finalise and present policies to council for approval.
  • Propose a program of works and solution requirements that need to be added to the ICT Strategic Plan.
What did we learn?
  • The key lesson learned is to keep the policies as effective and practical as possible buy keep them simple to follow by all staff.
  • Internal discussions and review of the ICT Policies should be carried out as part of the councils Security Awareness training.