3. 1. What is an ICT Policy?
2. What is the impact of legislations on these policies?
3. Name 5 legislations that relate to the use of ICT
4. If you were responsible for an orgnaisations compliance with legislations what
approach would you take to ensure that the all legal requirements are met?
5. What are the consequences of not complying with the legislations?
6. What is the purpose of the Data Protection Act (DPA)?
7. What affect would the DPA have on organisations and their policies?
8. What is the purpose of the Freedom of Information Act?
9. What affect would the Freedom of Information Act have on organisations and
their policies?
10. What is the purpose of the Computer Misuse Act?
11. What affect would the Computer Misuse Act have on organisations and their
policies?
12. What is the purpose of the Copyright, Designs and Patents Act?
13. What affect would the Copyright, Designs and Patents Act have on organisations
and their policies?
14. What is the purpose of the Health and Safety at Work Act?
15. What affect would the Health and Safety at Work Act have on organisations and
their policies?
4. ICT policies outline how the ICT Strategy will
be put into operation
5. Legislations will affect the content of ICT
Policies
E.g.
◦ The writing of the Security Policy will be affected
by the Computer Misuse Act.
◦ The Acceptable Use Policy will be affected by the
Health and Safety at Work Act
6. Data Protection Act
Freedom of Information Act
Computer Misuse Act
Copyright, Designs and Patents Act
Health and Safety at Work Act
7. Make sure that you are fully aware of the implications
of each legislation
Check how your company currently complies with
each act
Identify areas of non compliance and correct them
Update procedures to make sure that the company
continues to comply
Train staff so that they are aware of what is required
from them under each act
Build the procedures into induction training,
contracts of employment and disciplinary procedures
Check that procedures are being followed
8. Organisations can be prosecuted for not
putting appropriate procedures in place
Employees can be prosecuted for failing to
meet their responsibilities
9. The purpose of the Data Protection Act is to
control the way information is handled and to
give legal rights to people who have
information stored about them.
10. An organisation would probably hirer a data controller to take
responsibility for the companies data
The organisation would have to register with the Information
Commissioner’s office
The organisation would have to look at each of the 8 principles
of the act and put procedures in place that highlight what needs
to be done and who is responsible for doing it
E.g.
◦ The handling of customer requests to view their data – who handles it,
how are they logged, who checks response times?
11. The Freedom of Information Act gives you the right to
ask any public body for all the information they have
on any subject you choose.
Unless there’s a good reason, the
organisation must provide the information within 20
working days.
You can also ask for all the personal information they
hold on you.
http://goo.gl/1xgKh
12. The organisation must identify what
information they must release under the act
and what information is exempt
Procedures are requires to handle requests
and collect any necessary payments
13. The act makes it illegal to:
◦ Gain unauthorised access to computer material
◦ Gain unauthorised access to computer material with
intent to commit further offences
◦ Alter computer data without permission
14. Largely a matter of staff training and network security
Staff must be made aware of their rights when accessing
the network and should understand that any breach of
those rights would result in disciplinary measures.
Staff should be trained and informed about what is illegal
and what is bad practice
Access rights on the network must be considered
Security features must be utilised e.g. automatic logout if
work station not being used
15. To ensure people are rewarded for their
endeavours and to give protection to the
copyright holder if there is an infringement
16. For most organisations the biggest impact of this legislation is with
regards to software licenses
Software tools can be used to analyse what software is installed on all
workstations across a network
Any unauthorised software must be removed or licenses purchased
Steps should be put in place to ensure unauthorised software cannot be
installed
◦ E.g. disabling drives, banning internet downloads, restricting permissions to install
.exe files
Staff must understand the importance of only using authorised software
and made aware of consequences
The network audit should be regularly repeated
17. To ensure that employers provide a safe
working environment for their staff
To ensure that the employees use
workstations and equipment correctly in
accordance with the training provided by the
employer
18. Employers must:
Carry out risk assessments on all workstations
Supply suitable adjustable furniture
Train users
Provide sufficient desk space
Consider the tasks being carried out and build in adequate breaks
Provide software that has been designed to good health and safety principles
Provide a system through which employees can report health and safety issues
Review workstations regularly