MEETING OF COUNCIL - Town of Cambridge
MEETING OF COUNCIL - Town of Cambridge
MEETING OF COUNCIL - Town of Cambridge
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>COUNCIL</strong> MINUTES<br />
TUESDAY 27 NOVEMBER 2012<br />
• Information stored on the servers are properly backed up on an hourly basis to<br />
ensure full data protection;<br />
• Antivirus s<strong>of</strong>tware is active and current;<br />
• Internet user access is regularly monitored and website activity reported to<br />
management<br />
• Staff passwords are regularly changed;<br />
• Proper policies are in place regarding password security;<br />
• Information processed via the Retail Management System, Booking System and<br />
WageEasy payroll system at the golf course is being protected and backed up<br />
through Clublinks;<br />
• Out centres are aware <strong>of</strong> saving and storing operational and sensitive data on the<br />
main server drives to ensure backup via the <strong>Town</strong>'s main servers. No instances <strong>of</strong><br />
such data being stored on local or "C" hard drives were found.<br />
However, it was recommended that the <strong>Town</strong>’s existing processes be improved by<br />
incorporating the following:<br />
1. Staff access control procedures:<br />
The process for ensuring authorised persons only continue to have access to the<br />
<strong>Town</strong>’s network and key systems requires improvement. Adequate processes to be<br />
put in place to ensure staff who no longer require access due to terminations, have<br />
their access levels altered, suspended or removed on a timely basis.<br />
Management Comment<br />
In response to the finding, the existing procedure has been revised. A form was in<br />
place and administered by HR, which has now been amended and is required to be<br />
completed for access to the <strong>Town</strong>s I.T. network or systems by new employees or<br />
contractors, staff changing positions or roles, staff requiring suspension, due to leave<br />
arrangements and staff terminating. Permanent users are authorised by managers to<br />
access remotely for up to 12 months whilst casual users are authorised for limited<br />
periods.<br />
2. External Users Access and Remote Access to the Network:<br />
The <strong>Town</strong>'s main business system supplier (Technology One) has administrator level<br />
access and remote access to the <strong>Town</strong>’s network on a full time basis. This means that<br />
the Technology One operators have full 24/7 access to the <strong>Town</strong>’s financial data on a<br />
continuous basis and also access to process financial data. We have recommended<br />
that the <strong>Town</strong> investigate whether this access level is appropriate and ensure approval<br />
processes over such access is better monitored and controlled.<br />
H:\CEO\GOV\<strong>COUNCIL</strong> MINUTES\12 MINUTES\NOVEMBER 2012\D AU.DOCX 208