System Security

Policy

Category: Information Technology
Subject: System Security
Division: Finance and Corporate Operations
Policy Number: CA.54.01.116
Effective Date: January 4, 2016

POLICY STATEMENT

1. It is the policy of Wellington-Dufferin-Guelph Public Health (WDGPH) that the security of server and host computer systems is maintained. This is done through the use of:

  • User identification and authentication controls;
  • User connection access; and
  • User run or execute low authority for applications.

2. Only Information Technology (IT) Technical Support may install or update any system software, application software, or hardware.

3. For personal systems that are connected to a network:

  • IT Technical Support must approve all hardware as well as system and application software to be installed or upgraded; and
  • User identification and authentication controls to the personal computer must be implemented.

The purpose of this policy is to ensure that:

  • All users operating a networked personal system or connected to an enterprise server or host system can be identified and are authorized to do work on these systems; and
  • Ensure that only authorized, security-vetted, and fully licensed applications and system software is installed on enterprise IT systems.

RESPONSIBILITY

Managers will:

  • Inform the IT Department regarding their employee status and employee responsibilities that require specific system authority.

IT Department will:

  • Control user identifiers and authority levels associated with each user;
  • Plan, test, and investigate all system hardware and system and standard application software for security controls and exposures;
  • Ensure that all system and application software installed on personal and network system is authorized and licensed; and
  • Maintain awareness of patches and newly discovered vulnerabilities in software and systems, and to ensure that critical patches are installed on all affect equipment/systems.

This policy applies to all WDGPH employees with responsibilities in the IT Department.

REFERENCES AND RELATED FORMS, POLICIES AND PROCEDURES

Corresponding Procedure: N/A

CONTACT FOR INQUIRIES

Manager, Operations and IT

APPROVED BY

Director, Finance and Corporate Operations