Case Study - Trinity College

About Trinity College

Founded in 1872 as the first college of the University of Melbourne, Trinity College provides a diverse range of academic programs for more than 1,800 talented students from across Australia and around the world. Since then, Trinity has had a distinguished history of helping to prepare exceptional young people to become outstanding community members.

The College has three major divisions - a welcoming and inclusive residential college, a pathways school for international students wishing to access the University of Melbourne, and a theological school that offers courses accredited by the University of Divinity.

Background

The organisation has approximately 200 employees consisting of a diverse range of roles such as kitchen staff, grounds maintenance workers, teachers, HR, common HR, finance, technology, OH & S, and facilities management personnel. Staff members are provided with managed devices and phones, and the organisation utilises various cloud services including Microsoft 365, OneDrive, SharePoint, and Teams for communication. These tools provide the employees with easy access to a range of resources, enabling them to work efficiently from anywhere.

Challenges

The college’s existing policies were outdated and needed a major overhaul. Initially written between 2011 - 2014, they did not reflect the organisation's current technology landscape which had evolved significantly since that time. Despite recognising the need for updated policies, the organisation lacked a dedicated policy writer and had no structured approach to maintaining the existing policies. A recent security and risk audit highlighted the need for updated policies that would mitigate risks in key areas of IT operations.

“It wasn’t just a matter of going through the existing policies and making them current, my concern was - what was missing? Where’s the gap? Whilst anyone can be a writer, the real challenge lay in identifying the knowledge and content required to create policies that effectively addressed the organisation's needs.” comments Jonathan Mack, Director Information Technology.

When looking to undertaking a complete policy rewrite, Jonathan considered updating the policies internally or hiring a policy writer. Each option had its own set of challenges, including costs, the need for specialised expertise, and the time required to create comprehensive and effective policies.

Solution

“Looking at the available options, someone advised me that there was a different way you can do it and directed me to Kaon Security’s Policy Management as a Service (PMaaS) offering. This as-a-service model appealed to me because we can maintain currency and there’s no need to bring someone in every three years to rewrite them.” Says Jonathan.

The Premium version includes:

• 25 key policies – for user, manager and technical roles
• On screen policy acceptance for all users
• User compliance reporting and activity logging
• Third party contractor licensing
• Ability to send policy review reminders
• Export policies to Word for offline reference
• Audit requirement details and compliance index
• Process and Procedures section
• Forms, Logs and Guidelines content.

Benefits

By utilising PMaaS the organisation was able to access a comprehensive suite of policies that were then customised to the college. Kaon Security started the delivery process by providing Trinity with access to a lightly customised first draft of the premium version. The stakeholders were asked to review this draft content in advance of a policy workshop facilitated by Kaon, where the content was then discussed. Following the workshop, Kaon incorporated all the agreed changes and created a final version of PMaaS that is customised to suit the organisations requirements.

Jonathan comments “Having the Kaon policy experts walk us through the process was extremely helpful and allowed us to create policies that were relevant to our current IT environment. The policies are aligned with best practices and relevant standards, ensuring that they are comprehensive and effective.”

“Maintaining policies can be a challenging and time-consuming task. By utilising this as-a-service model we are able to ensure that our policies remain up-to-date and aligned with the latest standards and best practices. This helped us to tighten the risk environment and provided clear guidelines for IT operations, ultimately enhancing the organisation's overall performance.”

Leadership

Jonathan is working closely with the communications team to develop a launch plan which would ensure that staff know how to access the content and understand what was expected of them. The polices are also incorporated into the onboarding process for new employees, who will receive a thorough HR and IT induction that includes training on how to access and utilise the policies.