About Inner West Council
Inner West Council is a local government organisation in Sydney, Australia, servicing around 26 suburbs near the city centre. The Council was formed in May 2016 by the NSW State Government's amalgamation of the former Leichhardt, Marrickville and Ashfield councils.
The Inner West is a community of over 190,000 people and covers an area of 36 sq km. The area includes some of Sydney's most creative, vibrant, liveable and diverse suburbs. The Council supports the community by providing aquatic centres, libraries, local roads, street-lighting, parks, sports fields, community centres, street festivals, child care facilities and more.
The organisation has over 1500 users, with approximately 900 being onsite users and the remaining 600 offsite. Council’s core business applications cover - finance, assets, customer requests, fines, and management - along with some important secondary systems covering functions such as library operations, service desk, customer service and key management.
With the amalgamation back in 2016, the Council had three sets of policies which were so out of date that they were irrelevant in many regards. The lack of policies made it hard to enforce and govern ICT best practices. With that in mind, the Organisation needed to quickly deliver a solution that covers all aspects of ICT usage and is aligned to recognised industry standards.
The strategy of the new Organisation is to move to cloud-based computing where possible. The new SOE offers Windows 10 with an Office 365 productivity suite. Approximately 50% of the devices in use are mobile and the remaining 50% are desktop PC’s. The majority of senior management and team leaders are using the mobile device option (hybrid laptop). During the next round of equipment replacement there will most likely be a further emphasis on rolling out mobile based devices.
With the formation of the new Council, there were all manner of new responsibilities expected of ICT which caused a lot of complications. Without having a good set of policies to fall back on, it became very problematic.
The existing policies were mostly created in the late 90s to early 2000’s and had not been maintained to a point where they were current, so it was easier to just start from scratch. An attempt to put together a policy around mobile phones proved to be very labour intensive and time consuming, which was a concern as the policy was a very small part of a very big scope of ICT policies.
The ICT team were working with the outdated policies which were irrelevant and didn’t have anything they could leverage off, fall back on or use as a guide, so it was important to get something up and running fairly quickly.
“On looking at updating our policies, we realised we needed something that was comprehensive but also quick to put in place. We found that the IT Policy System from Kaon Security covered all of our ICT policy requirements, provided the flexibility we needed with the policy language and could be deployed far more quickly than trying to do the work inhouse” says Brent Pickering, ICT Support Manager at Inner West Council.
Another important aspect of the policy system that appealed to the Council was that the policies were aligned to best practice and the industry standards applicable to the organisation such ISO 27002 and PCI-DSS. With this breadth of coverage, it was then just a case of working through the policy content to customise the language to suit the organisation, and align the policies with the technology used within the Council.
“One of the most attractive things about the system is that you start with good policy wording in front of you which is aligned to industry standards. We were then are able to look at the policy wording through the organisations eyes and start adapting the language to match our requirements. This made the exercise a lot easier than starting from scratch” Brent comments.
“The onsite review process gave us the ability to work though the policies at a really fast rate. To go through the whole detailed policy system over two days was really painless, particularly when you are talking about policy which is as dull as dishwater! The work was already there, we just had to manipulate it so that it suited our organisation. We now have a complete system which we can use as leverage from an ICT point of view. We put forward an acceptable use protocol and had it approved and adopted by Council in a very short amount of time which is quite remarkable”.
“The process was a great time saving experience. For us to take something solid to council for approval was a very painless process, and I look back at it and think that the selection of the IT Policy System was absolutely the right call from our behalf.” says Brent.
Since completing the workshop and review process, the system has been released and communicated throughout the organisation and has been adopted by individual users. The policies are also now part of the Human Resources induction process. With a comprehensive set of policies in place, users are now able to understand what is regarded as acceptable use and their responsibilities when interacting with Council systems, networks and information.
For the future, Council plans are to further educate users on security awareness and the appropriate use of the organisations systems.