1. What is an ICT Policy?2. What is the impact of legislations on these policies?3. Name 5 legislations that relate to the use of ICT4. If you were responsible for an orgnaisations compliance with legislations what approach would you take to ensure that the all legal requirements are met?5. What are the consequences of not complying with the legislations?6. What is the purpose of the Data Protection Act (DPA)?7. What affect would the DPA have on organisations and their policies?8. What is the purpose of the Freedom of Information Act?9. What affect would the Freedom of Information Act have on organisations and their policies?10. What is the purpose of the Computer Misuse Act?11. What affect would the Computer Misuse Act have on organisations and their policies?12. What is the purpose of the Copyright, Designs and Patents Act?13. What affect would the Copyright, Designs and Patents Act have on organisations and their policies?14. What is the purpose of the Health and Safety at Work Act?15. What affect would the Health and Safety at Work Act have on organisations and their policies?
ICT policies outline how the ICT Strategy will be put into operation
Legislations will affect the content of ICT Policies E.g. ◦ The writing of the Security Policy will be affected by the Computer Misuse Act. ◦ The Acceptable Use Policy will be affected by the Health and Safety at Work Act
Data Protection Act Freedom of Information Act Computer Misuse Act Copyright, Designs and Patents Act Health and Safety at Work Act
Make sure that you are fully aware of the implications of each legislation Check how your company currently complies with each act Identify areas of non compliance and correct them Update procedures to make sure that the company continues to comply Train staff so that they are aware of what is required from them under each act Build the procedures into induction training, contracts of employment and disciplinary procedures Check that procedures are being followed
Organisations can be prosecuted for not putting appropriate procedures in place Employees can be prosecuted for failing to meet their responsibilities
The purpose of the Data Protection Act is to control the way information is handled and to give legal rights to people who have information stored about them.
An organisation would probably hirer a data controller to take responsibility for the companies data The organisation would have to register with the Information Commissioner’s office The organisation would have to look at each of the 8 principles of the act and put procedures in place that highlight what needs to be done and who is responsible for doing it E.g. ◦ The handling of customer requests to view their data – who handles it, how are they logged, who checks response times?
The Freedom of Information Act gives you the right to ask any public body for all the information they have on any subject you choose. Unless there’s a good reason, the organisation must provide the information within 20 working days. You can also ask for all the personal information they hold on you.http://goo.gl/1xgKh
The organisation must identify what information they must release under the act and what information is exempt Procedures are requires to handle requests and collect any necessary payments
The act makes it illegal to: ◦ Gain unauthorised access to computer material ◦ Gain unauthorised access to computer material with intent to commit further offences ◦ Alter computer data without permission
Largely a matter of staff training and network security Staff must be made aware of their rights when accessing the network and should understand that any breach of those rights would result in disciplinary measures. Staff should be trained and informed about what is illegal and what is bad practice Access rights on the network must be considered Security features must be utilised e.g. automatic logout if work station not being used
To ensure people are rewarded for their endeavours and to give protection to the copyright holder if there is an infringement
For most organisations the biggest impact of this legislation is with regards to software licenses Software tools can be used to analyse what software is installed on all workstations across a network Any unauthorised software must be removed or licenses purchased Steps should be put in place to ensure unauthorised software cannot be installed ◦ E.g. disabling drives, banning internet downloads, restricting permissions to install .exe files Staff must understand the importance of only using authorised software and made aware of consequences The network audit should be regularly repeated
To ensure that employers provide a safe working environment for their staff To ensure that the employees use workstations and equipment correctly in accordance with the training provided by the employer
Employers must: Carry out risk assessments on all workstations Supply suitable adjustable furniture Train users Provide sufficient desk space Consider the tasks being carried out and build in adequate breaks Provide software that has been designed to good health and safety principles Provide a system through which employees can report health and safety issues Review workstations regularly