TABLE OF CONTENTS ICT Policy.pdfeconomic development in Uganda, a large expansion of food demand is...
Transcript of TABLE OF CONTENTS ICT Policy.pdfeconomic development in Uganda, a large expansion of food demand is...
TABLE OF CONTENTS
FOREWORD................................................................................................................ iv
EXECUTIVE SUMMARY........................................................................................... vi
Document Version Control Information ....................................................................viii
List of Acronymns.........................................................................................................ix
1 Introduction ........................................................................................................... 1
1.1 Background......................................................................................................... 1
1.2 Objective............................................................................................................. 3
1.3 Purpose................................................................................................................ 3
1.4 Scope................................................................................................................... 3
1.5 Management Rights to Access Information........................................................ 4
1.6 Policy Management Process ............................................................................... 5
1.7 Communicating the Policy.................................................................................. 5
1.8 Policy Responsibilities........................................................................................ 5
1.9 Policy Effectivity ................................................................................................ 6
1.10 Disciplinary Actions ........................................................................................... 6
2 Acceptable Use Policy............................................................................................ 7
2.1 Policy Statement ................................................................................................ 7
2.2 Intent ................................................................................................................... 7
2.3 Purpose................................................................................................................ 7
2.4 Scope................................................................................................................... 8
3 Information Usage Policy .................................................................................... 10
3.1 Policy Statement ............................................................................................... 10
3.2 Intent ................................................................................................................. 10
3.3 Purpose of Policy .............................................................................................. 10
3.4 Scope of Policy ................................................................................................. 11
3.5 Standard Practices of the Policy ....................................................................... 11
4 Email Usage Policy.............................................................................................. 12
4.1 Policy Statement ............................................................................................... 12
4.2 Intent ................................................................................................................. 12
4.3 Purpose of Policy .............................................................................................. 12
4.4 Scope of Policy ................................................................................................. 12
5 Internet & Intranet Policy.................................................................................... 13
5.1 Policy Statement ............................................................................................... 13
5.2 Intent ................................................................................................................. 13
National Agricultural Research Organization - NARO
ii
5.3 Purpose of Policy .............................................................................................. 13
5.4 Scope of Policy ................................................................................................. 14
6 Access Codes and Password Policy ..................................................................... 15
6.1 Policy Statement ............................................................................................... 15
6.2 Intent ................................................................................................................. 15
6.3 Purpose of Policy .............................................................................................. 15
6.4 Scope of Policy ................................................................................................. 16
7 Network Access Policy......................................................................................... 17
7.1 Policy Statement ............................................................................................... 17
7.2 Intent ................................................................................................................. 17
7.3 Purpose of Policy .............................................................................................. 17
7.4 Scope of Policy ................................................................................................. 18
7.5 Standard Practices of this Policy ...................................................................... 18
8 Incident Management Policy............................................................................... 19
8.1 Policy Statement ............................................................................................... 19
8.2 Intent ................................................................................................................. 19
8.3 Purpose of Policy .............................................................................................. 19
8.4 Scope of Policy ................................................................................................. 20
8.5 Standard Practices of Policy ............................................................................. 20
9 Copyright & Software Licensing Policy .............................................................. 21
9.1 Policy Statement ............................................................................................... 21
9.2 Intent ................................................................................................................. 21
9.3 Purpose of Policy .............................................................................................. 21
9.4 Scope of Policy ................................................................................................. 22
10 Viruses, Worms and other Malware Management Policy ................................... 23
10.1 Policy Statement ............................................................................................... 23
10.2 Intent ................................................................................................................. 23
10.3 Purpose of Policy .............................................................................................. 23
10.4 Scope of Policy ................................................................................................. 23
11 ICT Infrastructure Acquisition, Retention and Disposal Policy......................... 25
11.1 Policy Statement ............................................................................................... 25
11.2 Intent ................................................................................................................. 25
11.3 Purpose of Policy .............................................................................................. 25
11.4 Scope of Policy ................................................................................................. 26
12 Backup and Storage Policy .................................................................................. 27
ICT Policy, 2009
iii
12.1 Policy Statement ............................................................................................... 27
12.2 Intent ................................................................................................................. 27
12.3 Purpose of the Policy ........................................................................................ 27
12.4 Scope of the Policy ........................................................................................... 27
13 Business Continuity and Disaster Recovery Policy............................................. 29
13.1 Policy Statement ............................................................................................... 29
13.2 Intent ................................................................................................................. 29
13.3 Purpose of the Policy ........................................................................................ 29
13.4 Scope of the Policy ........................................................................................... 30
14 Recommendations ............................................................................................... 31
15 Bibliography......................................................................................................... 32
16 Glossary ................................................................................................................ 33
National Agricultural Research Organization - NARO
iv
FOREWORD
Information and Communication Technologies (ICT) are now widely accepted and used
throughout NARO and the Public Agricultural Research Institutes (PARIs) as a critical tool
in their efforts to generate and adopt appropriate knowledge and information, enhance
agricultural research development, and achieve the organization’s strategic vision.
Recognizing this potential, infrastructure initiatives and development strategies incorporating
ICT are being increasingly promoted and launched across the organization. It is in this
regard that the leadership of NARO sanctioned the development of an ICT Policy to govern
this whole ICT initiative.
While the potential advantages of ICT for research are enormous, the ICT infrastructure
without the ICT policy in place may not adequately reflect the truly comprehensive and
integrated strategies for harnessing and exploiting this potential for research. Much effort
has been made by NARO to increase investment in the ICT but much less in terms of
leveraging on these investments to support the organization in meeting her organizational
strategic goals. However, just as technology and knowledge gaps need to be bridged between
entities at the Secretariat and the PARIs, the ICT skills gap within NARO also requires
critical attention.
This ICT Policy, which is published along with an ICT standards document, is designed to
provide the Directors, Management and Users at NARO and the PARIs the necessary tools,
information and knowledge to facilitate the formulation and adoption of appropriate
research and strategies. Through the examination of vital sections of the Policy, this
publication provides tangible prescriptions for the efficient and effective management and
use of the ICT infrastructure at NARO Secretariat and in the PARIs.
The debate on ICT has permanently shifted from ‘why’ ICT for research, to ‘how’
comprehensive and holistic ICT policies can unleash research potential and enhance the
employees’ capabilities to improve their research methods. This ICT Policy must be an
indispensable part of management of the ICT infrastructure in NARO.
ICT Policy, 2009
v
Since nothing is written in stone and given that our NARO continues to develop and change
its modus operandi to keep abreast of unexpected situations like changing technologies, this
policy document will undergo changes as well, and should be revised on a 3-5 year basis.
We hope this ICT Policy will positively contribute to assisting Agricultural Researchers in
embracing and utilizing ICT for agricultural development.
___________________________________
Dr Denis .T. Kyetere
Director General
National Agricultural Research Organization
National Agricultural Research Organization - NARO
vi
EXECUTIVE SUMMARY
NARO exists to guide and coordinate all agricultural research activities in the national
agricultural research system of Uganda. To achieve its mandate NARO relies on among
others its ICT systems and the integrity and availability of information processed, delivered
and stored therein. This ICT policy guides the acceptable use of ICT infrastructure including
information which store, process and deliver results to the NARO user community.
NARO information is maintained on the principles of Confidentiality, Integrity &
Availability (CIA) implying that this information should be available when required, accessed
by authorized personnel and should be trusted to be authentic while maintaining assigned
confidentiality.
The policy provides guidelines on Information usage, a key component of a research
organization. Email has become an acceptable means of official communication. Effective
email communication calls for guidelines to govern its use in the office.
NARO has benefited from the onset of the Internet for information seeking, online
applications as well as sharing pertinent information with stakeholders within and without
the organization. The Policy document also provides relevant guidelines on the use of these
services to avoid abuse by employees.
The wealth of information generated in NARO requires that it should be accessed and
shared in a controlled manner to avoid waste. This policy document provides an emphasis
on this requirement as well as the requirements for authorized users accessing accurate
information at the right time through the use of unique user identifications and passwords.
The information obtained is often authored by various employees of NARO and therefore
the policy has a clause to govern copyrighting.
The amount of investments made by NARO to acquire ICT assets is enormous and
therefore the importance of including a standards section of the Policy to provide guidelines
on the effective means of using as well as acquiring these ICT cannot be over emphasized.
Clearly with the advent of the Policy, there will be envisaged savings on the Total Cost of
Ownership (TCO) of ICT assets in NARO. The requirement to assure the availability of
ICT Policy, 2009
vii
information services to the NARO user community is another important aspect. Business
continuity has become a norm for ICT in many organizations and indeed the policy has
derivatives to guide NARO on how best to position for disaster befalling the data.
Routine compliant audits will be conducted to make sure that this Policy is adhered to for
efficient and effective acquisition and management of ICT in the conduct and delivery of
research products and services.
On close scrutiny, it is evident that notwithstanding the fact that the Policy will generate
sufficient momentum for ICT awareness in the organization upon coming into force, the
real success of the policy will be derived from the commitment to implement it judiciously.
The implementation will require human resource commitment specifically additional skilled
ICT employee backed up by an enabling ICT structure at departmental level.
In summary, this ICT Policy creation process has been undertaken diligently to reflect the
situation analysis that is prevalent in the NARO ICT environment and it is intended that its
implementation is effected to enable the organization benefit in terms of optimum and
efficient ICT deployment to rapidly accelerate its contribution to agricultural research and
development in Uganda.
National Agricultural Research Organization - NARO
viii
DOCUMENT VERSION CONTROL INFORMATION
Document Ref: ICT Version: V1.1
Classification: Open Status: Approved
Effective from: 1 September 2009 Review Date: 1 September 2012
Approved by: NARO Councils Date:
Authorised by: Director General, NARO Date:
Issued by: Director General, NARO Date:
Change History: Replaces, ICT Policy Strategy
Document approved in 2005 Date:
Circulation: All NARO employees and third parties via website or directly
Enquiry point : Quality Assurance Directorate in conjunction with the ICT Department.
ICT Policy, 2009
ix
LIST OF ACRONYMNS
ARIS Agricultural Research Information Services
CIA Confidentiality Integrity Availability
E1 E1 is a physical layer protocol, like ethernet. It defines a 2Mbps link between
two endpoints and can be used for voice and data (minimum 4 modules per
card) or a mixture of both.
ERP Enterprise Resource Programme
FTP File Transfer Protocol
FXS FXS is a physical layer protocol that provides an interface for connecting
Analogue links for voice (maximum 4 modules per card)
HR Human Resource
ICT Information and Communication Technology
LAN Local Area Network
MIS Management Information System
NARI National Agricultural Research Institute
NARO National Agricultural Research Organization
NARS National Agricultural Research System
NAS Network Appliance Storage
OSS Open Software Standard
PARI Public Agricultural Research Institute
PC Personal Computer
PDA Personal Digital Assistant
PPM Pages Per Minute
RD1000 A backup device used for storage of data using a USB interface and has all the
generic large scale backup features
SAN Storage Area Network
SLA Service Level Agreement
TCO Total Cost of Ownership
UPS Uninterrupted Power Supply
VPN Virtual Private Network
VSAT Very Small Aperture Terminal
WAN Wide Area Network
WWW World Wide Web
National Agricultural Research Organization - NARO
x
XML eXtensible Markup Language is a widely-used computer language for creating
and designing pages on the World Wide Web, and for defining other
languages with more specialized purposes.
ZARDI Zonal Agricultural Research Development Institute
ICT Policy, 2009
1
1 Introduction
1.1 Background
Uganda is predominantly an agricultural country. Due to rapid population growth and
economic development in Uganda, a large expansion of food demand is expected.
Furthermore, the ability to meet food and development demand of the citizens becomes less
certain with the increasing constraints on essential environmental resources for food
production such as water and fertile soils. Blessed with an environment hospitable to
agriculture, however, agriculture in Uganda has nurtured high-quality, safe, and reliable
sources of food albeit with gaps in the coordination of research to guarantee sustainable
food levels.
The mission of NARO is to help find solutions for rapid national population growth and
constraints on resources through the “generation, adoption and dissemination of appropriate and
demand-driven technologies, knowledge and information through an effective, efficient, sustainable,
decentralised and well co-ordinated agricultural research system”.
The National Agriculture and Research Organization (NARO) of Uganda was established by
an act of Parliament, which was enacted on 21st November 2005 to establish “a farmer
responsive research system that generates and disseminates problem-solving, profitable and
environmentally sound technologies, knowledge and information on a sustainable basis”
with an overriding goal to address issues related to food, agriculture, and rural communities,
including to:
(a) Provide strategic direction for publicly funded agricultural research in Uganda and
act as a forum for agricultural researchers in Uganda;
(b) Coordinate and oversee, in collaboration with the Uganda National Council for
Science and Technology and other lead agencies, the development, consolidation and
implementation of agricultural research policy and national research strategies, plans
and budgets relating to publicly funded agricultural research;
(c) Set national priorities and harmonize agricultural research activities of the national
agricultural research system, constituent institutions and public agricultural research
institutes, civil society organisation, private sectors and farmer organizations and
promote delivery of quality and efficient agricultural research services;
National Agricultural Research Organization - NARO
2
(d) Advise and coordinate formulation of policy and legislative proposals, research
standards, codes of ethics, conduct and practice; and guidelines for delivery of
agricultural research services;
(e) Provide guidelines, guidance and ensure delivery of quality agricultural research by
agricultural research service providers;
(f) In collaboration with other relevant agencies, provide policy guidance to local
governments on matters relating to agricultural research;
(g) Carry out monitoring and evaluation of national agricultural research programmes,
projects and activities to ensure adherence to the set work plans, standards and
regulations;
(h) Mobilize funds for agricultural research and manage the agricultural research trust
fund including raising funds for research of national strategic interest;
(i) Coordinate and promote cooperation and collaboration between Uganda and other
countries, institutions, scientific or professional societies and other agricultural
research service providers, with regard to agricultural research, development and
technology transfer in the agricultural sector so as to optimally utilise agricultural
resources and improve production capacity of such resources;
(j) Provide leadership and advocacy for the promotion, protection and development of
agricultural research in Uganda;
(k) Make grants or provide funds to any institution or person for the advancement of
agricultural research and development on both competitive and non-competitive
basis; and
(l) Perform such other functions as are conferred on the organisation by this Act or
any other law for the purpose of promoting agricultural research and development.
NARO aims to contribute to an affluent Ugandan society in the 21st century and to
solutions of environmental problems by carrying out technology research and development.
NARO also trains agricultural managers at country-wide established PARIs, ZARDIs and
NARIs, who will lead future generations of agricultural research. Within the framework of
the mission and vision of NARO, ICT plays a pivotal role particularly in creating an ICT
technologically savvy environment for the researchers to meet their goals.
ICT Policy, 2009
3
1.2 Objective
It is the intent of this policy to establish guidelines for the employees and stakeholders
acquiring, using and managing the NARO’s ICT infrastructure facilities, including computer
hardware, printers, fax machines, voice-mail, software, e-mail, Internet and intranet access,
collectively called “Information & Communication Technology”.
1.3 Purpose
This Policy aimed at fostering research development with an increased awareness of the role
and benefit of ICT technologies in the organization. All employees and stakeholders share
the ICT infrastructure facilities at NARO. These facilities are provided by NARO for the
purpose of conducting its business, despite the fact that some employee may use these
facilities, including computers, printers, e-mail and Internet access for personal use that does
not impact the normal functioning of the ICT systems. In all situations, these facilities must
be used responsibly by everyone, since misuse by even a few individuals has the potential to
negatively impact productivity, disrupt organizational business and interfere with the work or
rights of others. NARO reserves the right periodically to examine any system and other
usage and authorization history as necessary to protect its computing facilities. NARO
disclaims any responsibility for loss of data or interference with files resulting from its efforts
to maintain the privacy and security of those computing facilities or from system
malfunction or any other cause.
Therefore, all employees are expected to exercise responsible and ethical behavior when
using the organization’s Information and Communication Technology (ICT) facilities. Any
action that may expose the organization to risks of unauthorized access to data, disclosure of
information, legal liability, or potential system failure is prohibited and may result in
disciplinary action.
1.4 Scope
This policy applies to all employees as well as any third parties that would have access to the
NARO ICT infrastructure. It is the responsibility of Directors and heads of department
both at the Secretariat and PARIs to ensure that this Policy is clearly communicated,
understood and followed. This policy covers the usage of all of the organization’s ICT
resources, including, but not limited to:
National Agricultural Research Organization - NARO
4
(a) All computer-related equipment, including desktop personal computers (PCs),
Laptops, PDAs, workstations, wireless computing devices, telecomm equipment,
networks, databases, printers, servers and shared computers, and all networks and
hardware to which this equipment is connected
(b) All electronic communications equipment, including telephones, mobile phones,
radio communicators, e-mail, fax machines, wired or wireless communications
devices and services, Internet and intranet and other on-line services
(c) All software including purchased or licensed operational software applications (MIS),
NARO in-house developed applications, employee or third party/supplier-written
(off-shelf) applications, computer operating systems, firmware, and any other
software residing on organization-owned equipment
(d) All intellectual property and other data stored on organization equipment
(e) All of the above are included whether they are owned or leased by the organization
or are under the organization's possession, custody, or control
This policy also applies to all users, whether on organization property, connected from
remote via any networked connection, or using organization equipment in any location.
1.5 Management Rights to Access Information
The Shared Information, Research data and MIS systems at NARO are installed to assist
employees in the performance of their duties by facilitating operational business. Although
each employee has individual authorized access to either system or shared information, the
systems and information belong to the organization and the contents of all the systems are
accessible at all times by organization management for any operational purpose. These
systems may be subject to periodic unannounced inspections. The contents of the shared
files, research information and MIS systems properly obtained for legitimate operational
purposes, may be disclosed within the organization without the employee’s permission.
Back-up copies of this shared information and any other MIS systems on organization-
owned computer systems may be maintained and referenced for operational and legal
reasons. Therefore, the employee should not assume that information or any accessed
materials are confidential.
ICT Policy, 2009
5
1.6 Policy Management Process
This section spells out how the ICT policy for the organization will be managed specifically
to;
(a) standardize the creation, modification and distribution of this ICT policy documents
clearly outlining the NARO standards for official documents and how these should
be applied to the ICT documentation for publication to the end users
(b) detail the process to be followed for creation, development and communication of
the ICT policy documents as well as the roles and responsibilities of those involved
in the process.
As mandated by the National Agricultural Research Act, 2005, the Director General will be
responsible for the ICT policy management process and will oversee the issuance and
communication of the ICT policy document. The practical implementation of the specific
policy areas will be the responsibility of the ICT department.
It is intended that this ICT Policy shall be reviewed on a three (3) to five (5) year basis to
make sure it is up-to-date and aligned to the organizational strategic goals.
1.7 Communicating the Policy
This ICT policy document will be communicated through the following means;
(a) Posting the endorsed document on the NARO Intranet/Internet
(b) Email sent by the Director General to all employees.
(c) Published on the NARO bulletin board and notice boards
(d) Discussion forum created on the NARO website for the Policy document
(e) As a tool to be issued to new employee by HR for reading and acknowledgement of
understanding of the Policy prior to being given official access to any ICT
infrastructure of NARO
1.8 Policy Responsibilities
(a) The Director General is responsible for the overall management of the policy
including inter-alia sanctioning the recreation of the policy, updating the existing
policy as well as communicating the policy to the end users
National Agricultural Research Organization - NARO
6
(b) The Service managers including Heads of Directorates and Institutes are responsible
to indicate the need for this policy to support the day-to-day ICT operations in the
field of works.
(c) The ICT Steering Committee together with the ICT department are responsible for
ensuring the compliance of the policy into the area of their responsibility by either
adapting the policy in the secretariat and institutes’ ICT infrastructure and services or
by taking the policy document as basic guidelines for the policy to be enforced at the
Secretariat and Institutes, without contradicting one another.
(d) It is the responsibility of the ICT department to adhere to and inform of the need to
update the policy document considering that it will be of inadequate use given the
ever emerging threats, technologies, and organizational operational business needs
that keep changing over time.
1.9 Policy Effectivity
The Policy commences with immediate effect upon endorsement by the Director General.
1.10 Disciplinary Actions
Non compliance to this Policy constitutes a violation of organizational Policy. The
employee will be subject to disciplinary action by the organization, up to and including
criminal prosecution and/or termination of employment. In addition, NARO may require
restitution for any use of service which is in violation of these guidelines.
ICT Policy, 2009
7
2 Acceptable Use Policy
These are behaviours that should be upheld by all NARO employees when using
organisational ICT infrastructure. It is the responsibility of every employee to know these
guidelines, and to conduct their activities accordingly.
2.1 Policy Statement
Organizational ICT infrastructure and services shall be used in a manner that does not
compromise their functionality and intended purpose.
2.2 Intent
The intent of this policy is to outline more specifically the limits of what usage of ICT
infrastructure is generally acceptable. While it is not possible to enumerate every possible
area, it is important to be specific enough to give users enough information to make an
informed decision. The intentions for publishing an Acceptable Use Policy are not to impose
restrictions that are contrary to NARO established culture of openness, trust and integrity.
This Policy is committed to protecting employees, partners and the organization from illegal
or damaging actions by individuals, either knowingly or unknowingly.
2.3 Purpose
The purpose of this policy is to outline the generally acceptable use of ICT infrastructure at
NARO. These guidelines are in place to protect the employee and NARO. Inappropriate
use exposes NARO to risks including virus attacks, compromise of network systems and
services, and legal issues. This policy is as specific enough as to allow disciplinary action to
be taken whenever necessary, without becoming overly specific, mindful not to dilute the
intent and impact of higher level specific policy areas, in this case, email, Internet, passwords
and office productivity areas.
National Agricultural Research Organization - NARO
8
2.4 Scope
The acceptable use policy is not intended to enumerate every possible avenue of acceptable
or forbidden activity. Rather, it is intended to provide guidance to the average user so that
they can intelligently judge the consequences of their actions. This policy applies to NARO
employees and third parties. This policy also applies to all equipment that is owned or leased
by NARO. This policy covers the common areas of interface between employees and ICT
infrastructure including email, Internet, passwords and office productivity tools.
2.4.1 Email Service
(a) Postings by employees from a NARO email address to newsgroups should contain a
disclaimer stating that the opinions expressed are strictly their own and not
necessarily those of NARO, unless posting is in the course of operational business
duties.
(b) Employees must use extreme caution when opening e-mail attachments received
from unknown senders, as they may contain viruses, e-mail bombs, Trojan horse
code, or spams.
(c) Transmitting chain emails or material that is in violation of sexual harassment laws is
not permitted.
(d) Employees are prohibited from unauthorized access to other employee email
messages
(e) All official email communication should be conducted on NARO email and not
world wide general emails like yahoo, hotmail or gmail
2.4.2 Internet Service
(c) Employees are responsible for exercising good judgment regarding the
reasonableness of personal use of the Internet. If in doubt of the action to be taken
contact your supervisor.
(d) Using the Internet for excessive personal investment activity is not permitted
(e) Excessive and non-productive personal use such as playing games, or browsing
pornography content is not permitted
(f) Employees must not use NARO’s Internet facilities to knowingly disable or overload
any computer system or network
ICT Policy, 2009
9
2.4.3 Passwords
(a) Employees should not share passwords.
(b) Employees should not write passwords down and store them anywhere in office.
2.4.4 Office Productivity Tools
(a) Employees are responsible for the workstations (laptops/desktops) that they have
been assigned.
(b) All workstations used by any employee that are connected to the NARO network
whether owned by the employee or NARO, shall be continually executing approved
virus-scanning software with a current virus database.
(c) Installation or distribution of pirated (including non-licensed software) on to the
NARO network is not permitted
(d) The use of licensed open source software as an alternative to closed source software
is permitted upon authorisation by the ICT steering committee
(e) Users are required to report to the ICT Department any condition that might result
in the loss of backup data integrity, confidentiality or availability for any reason.
National Agricultural Research Organization - NARO
10
3 Information Usage Policy
NARO is a research entity in which information is an invaluable resource and sharing of
which is paramount. This section elaborates on the Policy that should be adhered to during
storage, maintenance and distribution of information.
3.1 Policy Statement
Organizational information hosted on ICT infrastructure shall be secured and only shared for
the benefit of the organization.
3.2 Intent
It is the intent of this policy to establish standard practices and guidelines for the
responsible, safe, and productive use of all the information stored on the NARO ICT
infrastructure, and to ensure the protection of this NARO’s valuable information.
3.3 Purpose of Policy
This policy describes NARO’s guidelines with regard to access to and sharing of information
that is stored on the NARO ICT infrastructure. The organization respects the individual
privacy of its employees. However, employee privacy does not extend to the employee's
work-related conduct or to the use of organization-provided equipment or supplies.
Employees should be aware that the following guidelines may affect their privacy in the
workplace.
Therefore, all employees who generate or install information on the ICT infrastructure must
get clearance from the ICT department. Any action that may expose the organization to
risks of installing unauthorized information on the NARO infrastructure or applications that
have not been adequately sanctioned through the ICT may result in disciplinary action up to
and including termination of employment and/or criminal prosecution.
ICT Policy, 2009
11
3.4 Scope of Policy
This policy applies to all NARO employees countrywide and third parties. It is the
responsibility of all directorates and operating units to ensure that this policy is clearly
communicated, understood and followed.
This policy area applies to the usage of information that has been generated within the
organization as well as information that has been availed to the organization from other
sources for instance ARIS.
3.5 Standard Practices of the Policy
(a) It is the responsibility of the employee to store organisational information in the
network shared storage locations for easy access by stakeholders as well as
centralised backup.
(b) It is the responsibility of the employee to keep an updated copy(ies) in their
possession in the shared locaton.
(c) The user is responsible for safe guarding their private data.
National Agricultural Research Organization - NARO
12
4 Email Usage Policy
Email has increasingly become a core medium of communication in NARO especially for
exchange of information amongst researchers within and outside the organization. It is
therefore prudent to institute a policy to manage the proper use of organizational email so as
to ensure that official email is used primarily for the conducting of organizational business
and not used in any illegal, offensive or unethical manner.
4.1 Policy Statement
Organizational email shall be used by all employees for official communication.
4.2 Intent
It is the intent of this policy to establish standard practices and guidelines for the
responsible, safe, and productive use of the electronic mail (e-mail), and to ensure the
protection of Organization’s information and ICT infrastructure.
4.3 Purpose of Policy
This policy describes NARO’s guidelines with regard to access to and disclosure of
electronic mail messages sent or received by NARO employees through use of the NARO e-
mail systems. While the organization respects the individual privacy of its employees,
however, employee privacy does not extend to the employee's work-related conduct with
respect to use of email. Employees should be aware that the following guidelines may affect
their privacy while communicating with non-organizational email systems.
4.4 Scope of Policy
This policy applies to all NARO employees and third parties. It also covers the usage of
NARO email resources, including, but not limited to:
(a) Access to NARO email on the local area network (LAN)
(b) Access to NARO email on the intranet/internet (web mail)
(c) Access to NARO email on the wide area network (WAN)
(d) Access to NARO email remotely using proprietary utilities
ICT Policy, 2009
13
5 Internet & Intranet Policy
The Internet and Intranet is a vital tool for accessing global information as a source of
research data and collaboration amongst the local and global research partners. Publications
on the Internet act as a medium for quick and wide dissemination of research findings
normally available free of charge or on subscription basis for instance Journals. The Internet
has enabled NARO to reach far wider audiences by hosting her information on the internet.
5.1 Policy Statement
The Internet and Intranet shall be used by authorised employees of the organization to conduct
official business and professional networking.
5.2 Intent
It is the intent of this policy to establish standard practices and guidelines for the
responsible, safe, and productive use of the Internet and Intranet, and to ensure the
protection of NARO, its information and communication technology infrastructure.
5.3 Purpose of Policy
Certain NARO employees can be authorized access to the Internet for the operational
purposes of communicating, sending messages and exchanging work-related information
with external companies. The most common usages of the Internet are for e-mail, FTP file
exchanges, and world-wide web browsing, access to literature, agricultural research
information, databases and online applications.
All employees share the Internet facilities at NARO. These facilities are provided to
employees for the purpose of access to information that facilitates or contributes to
individual and institutional development. However, these facilities must be used responsibly
by everyone, since misuse by even a few individuals has the potential to negatively impact
productivity, disrupt organizational business and interfere with the work or rights of others.
Therefore, all employees are expected to exercise responsible and ethical behavior when
using the organization’s Internet and Intranet facilities.
National Agricultural Research Organization - NARO
14
5.4 Scope of Policy
This policy applies to all NARO employees and third parties. Also pertaining to this policy
is the usage of the organization’s entire Internet infrastructure whether owned or leased by
the organization or are under the organization's possession, custody, or control. These
include, but not limited to:
(a) All electronic communications equipment, wired or wireless communications devices
and services that provide Internet and Intranet capabilities plus other on-line services
(b) All desktop, laptop and PDA platforms that are utilized by the employee to access
the internet/intranet
(c) All downloaded materials from the Internet/Intranet
(d) All intellectual property and other data stored on organization equipment
All users, whether within NARO Secretariat or PARI, connected from remote via any
networked connection, or using organizational equipment in any other location including
access through mobile telephony must adhere to this policy.
ICT Policy, 2009
15
6 Access Codes and Password Policy
The organization maintains ICT infrastructure primarily to facilitate its employees carry out
their day-to-day activities. As part of the effort to safeguard the infrastructure as well as the
individual information generated within NARO, access codes and passwords provide an
appropriate method to limit access to only authorized users.
6.1 Policy Statement
Access to organizational ICT systems shall require formal authorization and the use of secure
access code (username) and password.
6.2 Intent
It is the intent of this policy to establish standard practices and guidelines for the
responsible, safe, and productive access to the NARO ICT infrastructure systems (through
assigned usernames/login identification), as well as ensuring that the passwords, which are
used as an entry point to access resources, are adequately protected to minimize
unauthorized access.
6.3 Purpose of Policy
The purpose of this policy is to establish the rules for the access and use of the ICT
infrastructure. This includes issues of access codes and passwords for information systems
control, as well as those of connectivity to other networks such as the Internet and extranets.
Regarding Issues of allowed (or denied) access to Web browsing, remote terminal access to
the system, file transfers, and e-mail, there is need for each of these systems to have access
controls as well as corresponding passwords.
All employees who have access to the NARO ICT infrastructure have an access code
(username) and password which will be governed by a set of rules which amongst others
includes the following;
(a) Avoid weak or poor passwords.
(b) Passwords should never be written down or stored on-line without encryption.
(c) Do not share passwords with anyone.
(d) If a colleague demands for a password, refer the colleague to the ICT department.
National Agricultural Research Organization - NARO
16
These access codes and passwords are confidential and must be used responsibly by
everyone, since the user is held personally responsible for the safety of these credentials.
6.4 Scope of Policy
This policy applies to all NARO and third parties and will be applied in the following areas;
(a) All access codes and passwords used to access the corporate email &
Internet/Intranet
(b) All access codes and passwords used to access the desktop, laptop and PDA
platforms that are used by the employees
(c) All access codes and passwords used to access the LAN/WAN
(d) All access codes and passwords used to access the MIS Applications
All employees connected to the NARO ICT infrastructure remotely via any networked
connection, or using organizational equipment in any other location including access
through mobile telephony must adhere to this policy.
ICT Policy, 2009
17
7 Network Access Policy
The organization’s network infrastructure is provided as a central utility for all information
resource users. It is important that the infrastructure, which includes cabling and the
associated 'active equipment', continues to develop with sufficient flexibility to meet
organizational demands while at the same time remaining capable of exploiting anticipated
developments in high speed networking technology to allow the future provision of
enhanced user services.
7.1 Policy Statement
Logical and Physical access to organizational Network Services and Environment shall be
restricted.
7.2 Intent
It is intended to provide guidelines to secure both the logical and physical access to the
Network infrastructure.
7.3 Purpose of Policy
The purpose of this policy is to establish the rules for the access and use of the ICT
infrastructure – specifically the network infrastructure. This includes issues of access codes
and passwords for information systems control on the local network, as well as those of
connectivity to other networks such as the Internet and extranets. This policy will also
provide guidelines on physical access to any part of the network. The guidelines in place will
not only maintain the functionality and security of the network but ensure compliance with
established standards.
National Agricultural Research Organization - NARO
18
7.4 Scope of Policy
This policy applies to all NARO network environments at the Secretariat and the PARIs.
Specifically the policy will govern the following network areas;
(a) Physical controls to secure entry to network areas housing critical or sensitive
network equipment
(b) Logical controls to the network with secure logon designed to minimize the
opportunity for unauthorized access.
(c) Third party access controls to the network which applies to equipment that does not
belong to NARO being used by Third partys and employees to ensure all third
parties are logged onto the network with appropriate access levels
(d) Access controls for connection to external networks by NARO employees to assure
that connections to external networks and systems have documented and approved
System Security Policies
(e) Access controls for portable media specifically the appropriate authentication levels
(2-tier) for wireless access and the need to undertake individual backup of email and
research data.
7.5 Standard Practices of this Policy
(a) All accounts should be logged out at the end of the day. Security is only as good as a
user's password. If a user has left his or her account logged in, then the client has
exposed his or her personal workspace to anyone with physical access to his or her
computer.
(b) Laptops and computers not issued by NARO and not containing the standard
system configuration are strictly forbidden from connecting to the Secretariat LAN
until cleaned, configured and authorized by ICT help desk of the ICT Department.
This is to ensure that no systems having electronic viruses or other security issues
can harm the network computing environment. Users who have visitors who need
network access are requested to contact ICT Help Desk so that the appropriate
safety measures may be taken before connecting the foreign computer into the
network.
(c) All network access software shall be installed by ICT Department staff. This ensures
proper functionality, integration, security, support and compliance with licensing.
(d) All maintenance periods are to be observed by all network users. Usage of the
network during these periods will not be possible. Extended maintenance periods
will be announced at least 24 hours beforehand.
ICT Policy, 2009
19
8 Incident Management Policy
Any unplanned interruption to an ICT service or reduction in the quality of service will
create an incident that may affect the normal operation of employees of NARO who
increasingly rely on ICT for their day-to-day activities. The effect is even greater when the
interruption lasts longer than expected. For effective technical support, it is necessary to
record and respond to incidents reported to ICT by employees as quickly as possible,
thereby satisfying their support requests.
8.1 Policy Statement
All incidents and problems arising out of the use of NARO ICT facilities shall be managed
through the ICT helpdesk or department.
8.2 Intent
It is the intent of this policy to provide guidelines for the establishment of standard practices
and guidelines for the handling of incidents that may arise from the employees related to the
support, maintenance and planning of the ICT infrastructure.
8.3 Purpose of Policy
The purpose of this policy is to require that specific individuals in the ICT department are
designated to manage the incident life cycle for incidents arising out of the use of ICT
infrastructure. The incident life cycle is to involve the progression of an incident through the
occurrence of the incident, detection of the incident, diagnosis of the cause of failure, repair
of the failed component or service and restoration of the service to the employee. In
addition to normal contingency plans, the procedures that the ICT department will develop
will include ways to document an investigation, ways to determine how to prevent the
problem's recurrence, ways to report the incident to management and third parties, and ways
to protect logs and audit trails should they be needed for disciplinary or prosecution
purposes.
Furthermore, a systematic and formal change control process will increase the percentage of
time the systems are available for processing operational and business transactions.
National Agricultural Research Organization - NARO
20
8.4 Scope of Policy
This policy will entail the establishment of an ICT helpdesk at the Secretariat with a full time
employee to manage the incidents reported. The incidents arise from the Secretariat as well
as the PARIs. The ICT department employee will record incidents reported containing
details of the incidents involving any component or service failure of an ICT infrastructure
or any aspects of the ICT service as well as make follow ups with providing an appropriate
response within a timeframe that will be determined by metrics that are to be established
based on the nature of problem reported.
8.5 Standard Practices of Policy
1. Ordinarily an ICT helpdesk is established at the Secretariat with a hotline for access will
receive and log all incidents then escalate the incidents to the respective technical ICT staff
to resolve.
2. Business processes within the ICT function are clearly identified with Process Ownership
and Process Managers.
3. Incident management tools are enforced through a combination of technical and
traditional management mechanisms with tools that are appropriate within the context of
asset valuation, risk assessment, cost justification, and resources available being selected for
each situation.
4. Change control processes are in place to monitor process and system changes and also to
force the preparation of documentation which will be important for problem resolution and
contingency planning purposes.
5. Change control procedures are in place, outlining what elements contained in the
procedures, requirement to be followed, and a description of disciplinary actions to be taken
should violations occur.
ICT Policy, 2009
21
9 Copyright & Software Licensing Policy
NARO as a research based organization respects the ideal of copyrighting information
authored by various stakeholders. The emergence of advanced computer systems such as the
internet presents a challenge whereby information may be downloaded and shared without
permission from the authors. Employees shall not download and share information as well
software which may or may not be freely available on the Internet.
9.1 Policy Statement
Only authorized licensed copies of software shall be used on organizational systems.
Unauthorized copying or distribution of copyrighted software shall not be permitted.
9.2 Intent
It is the intent of this policy to ensure that only licensed and authorized copies of software
are used on organization equipment and property, and in conducting any organizational
business.
It is also intended to minimize the copying and distribution of research material without the
consent of the author.
9.3 Purpose of Policy
The overall purpose of this policy is to ensure that the agreements for all computer software
licensed from third parties are periodically reviewed for compliance and that original
information distributed within the organization give due credence to the author. The
Internet has allowed many software companies to use new means of distributing software
and information without official authorization or recognition of the owner’s efforts in
development of the piece. Many organizations allow the downloading of trial versions of
their products, sometimes limited versions (“crippleware”) or versions that only operate for
a limited period of time. This policy will provide guidelines for the proper acquisition of
copyrighted software as well as obtaining licensed software to avoid a violation of software
and information licenses. If such violations are discovered, they put an organization at severe
risk of penalties or loss of reputation. The fulfillment of a security audit also requires that the
guidelines are provided to the employees.
National Agricultural Research Organization - NARO
22
9.4 Scope of Policy
All information shared or downloaded at the Secretariat and the PARIs needs to be checked
for copyright as well as license compliance. This policy covers issues such as the copying,
distribution, and use of software for business purposes, as well as when software should be
installed, and by whom, including whether users are allowed to install their own software.
Specifically it includes;
(a) All computer-related equipment, including desktop personal computers (PCs),
portable PCs, terminals, workstations, PDAs, wireless computing devices, telecomm
equipment, networks, databases, printers, servers and shared computers, and all
networks and hardware to which this equipment is connected
(b) All electronic communications equipment, including telephones, pagers, radio
communicators, voice-mail, e-mail, fax machines, PDAs, wired or wireless
communications devices and services, Internet and intranet and other on-line
services
(c) All software including purchased or licensed business software applications,
organization-written applications (in-house), employee or third party/supplier-
written applications (off-shelf), computer operating systems, firmware, and any other
software residing on Company-owned equipment
(d) All intellectual property and other data stored on organization equipment
(e) All of the above are included whether they are owned or leased by the organization
or are under the company's possession, custody, or control
(f) This policy also applies to all users, whether on organization property, connected
from remote via any networked connection, or using organization equipment in any
location
ICT Policy, 2009
23
10 Viruses, Worms and other Malware Management Policy
The proliferation of various systems in NARO as well as the knowledge that the employees
have acquired in the ICT technologies enables the permeation of viruses and other malware
into the NARO network through several means for instance email, internet downloads,
sharing of information from unprotected sources on flash disks. The risk presented by these
viruses range from simple inconveniences in your workspace environment to a total system
crash of an employee’s computer.
10.1 Policy Statement
All employees using ICT systems shall be aware of the dangers of viruses, worms and
malware and shall ensure that such are not allowed into the system.
10.2 Intent
It is the intention of this Policy to increase awareness of the dangers of viruses, worms and
other malware as well as prevent the escalation of the same on the NARO network.
10.3 Purpose of Policy
The number of employees connected to the NARO network both at secretariat and the
PARIs has steadily increased over the years. This has enabled the volume and category of
data hosted on the NARO systems to expand exponentially to the extent that it is a primary
challenge to keep track of the various sources of information. This factor has led to data
infected by viruses or unchecked for viruses to be stored and shared within the Network.
The purpose of this policy is to provide guidelines to minimize the impact of Viruses and
other malware on the NARO ICT environment
The virus incidents registered so far have been due partly to the increased but inherent
insecurity of the Internet, and partly as a result of the incorrect use of ICT systems by
NARO employee.
10.4 Scope of Policy
This policy applies to Servers, Desktops, Laptops and employees using various media to
exchange information within the NARO network environment both at the Secretariat and
National Agricultural Research Organization - NARO
24
the PARIs. It also includes Notebooks that are used by employees at home then returning to
use them in office, probably without regular update of the antivirus.
ICT Policy, 2009
25
11 ICT Infrastructure Acquisition, Retention and Disposal Policy
NARO invests heavily in ICT infrastructure acquisition and maintenance. The rapid
advancement of Technology coupled with the ever increasing ICT resources demand by the
employees of NARO implies ICT infrastructure standards not aligned to current
organizational operational requirements leading to regular resource commitments for ICT
infrastructure upgrades. This renders obsolete the existing infrastructure calling for a
streamlined approach for the management of the acquisition and disposal process. The
overall process for the acquisition, retention and disposal constitutes the ‘Life Cycle of ICT
assets’.
11.1 Policy Statement
The ICT department shall be mandated to manage the life cycle of ICT assets
11.2 Intent
It is the intention of this policy to guide the management of the life cycle (acquisition,
retention, maintenance and disposal) of ICT assets in the organization.
11.3 Purpose of Policy
This Policy provides guidelines that ensure that the ICT equipment are acquired to be
available to employees in a timely and cost effective manner including a revolving stock that
takes care of emergency situations for instance a system crush.
This Policy also seeks to streamline process of sanctioning the equipment acquisition,
maintenance, transfer and disposal so as to improve transparency and accountability of ICT
assets management.
The Policy shall check on the maintenance of established infrastructure standards which is a
key component in reduction of ICT service and support costs.
National Agricultural Research Organization - NARO
26
11.4 Scope of Policy
This policy applies to all ICT assets of NARO at the Secretariat and the PARIs. It includes
both the tangible (e.g. Servers) as well as intangible assets (e.g. software licences). Specifically
this includes;
(a) Establishment of procedures for originating ICT infrastructure acquisition
(b) Establishment of procedures for ICT infrastructure receipt upon delivery
(c) Establishment of Procedures for the deployment of the ICT infrastructure within the
organization for the intended purpose
(d) Establishment of Procedures for the regular maintenance of ICT infrastructure
including change management process for upgrades/downgrades of both hardware
and software.
(e) Establishment of procedures for the dispoal of obsolete ICT infrastructure
ICT Policy, 2009
27
12 Backup and Storage Policy
Electronic backups are an organizational requirement to enable the recovery of data and
applications in the case of events such as natural disasters, system disk drive failures,
espionage, data entry errors, or system operations errors. A storage area network is utilised
to isolate your backed up data to a location external to your network environment systems
such as off-site.
12.1 Policy Statement
The organizational data shall be backed up and securely stored to assure integrity on recovery
whenever there is an interruption in system services.
12.2 Intent
It is the intention of this Policy to provide guidelines for enabling the backup of organization
data as well as its restoration once an interruption in system services is anticipated or
experienced.
12.3 Purpose of the Policy
The purpose of this policy is to establish the rules for the backup and storage of electronic
information. Specifically this policy sets out to;
(a) safeguard the information assets of NARO
(b) prevent the loss of data in the case of an accidental deletion or corruption of data,
system failure, or disaster.
(c) permit timely restoration of information and business processes, should such events
occur.
(d) manage and secure backup and restoration processes and the media employed in the
process.
12.4 Scope of the Policy
This policy applies to all servers in the ICT Data Center, Telephone billing systems,
Management Information systems spread throughout the organization plus applicable
Network Attached Storage (NAS) that is used to keep data away from the working
environmental areas (off-site). All data will be backed up as follows;
National Agricultural Research Organization - NARO
28
The frequency and extent of backups must be in accordance with the importance of the
information and the acceptable risk as determined by the data owner.
(a) Information Resources backup and recovery process for each system must be
documented and periodically reviewed.
(b) Offsite backup storage for NARO must be cleared to handle the highest level of
information stored.
(c) Physical access controls implemented at offsite backup storage locations shall meet
or exceed the physical access controls of the source systems. Additionally backup
media must be protected in accordance with the highest sensitivity level of
information stored.
(d) A process must be implemented to verify the success of the NARO electronic
information backup.
Backups must be periodically tested to ensure that they are recoverable.
(a) If offsite backup storage is done by third party, Signature cards held by the third
party for access to NARO backup media must be reviewed annually or when an
authorized individual leaves NARO.
(b) Procedures for backup and restore of information between NARO and the offsite
backup storage location must be reviewed at least annually.
(c) Backup tapes must have at a minimum the following identifying criteria that can be
readily identified by labels and/or a bar-coding system: System name, Creation Date,
Sensitivity Classification [Based on applicable electronic record retention
regulations], Name of data custodian and the NARO Contact Information
(d) A back-up log should be generated as part of each back-up routine, including date
and time of the back-up, data backed up, any error occurred.
(e) A procedure should be put in place for the retirement and disposal of the backup
media
(f) In the unlikely event of accidental deletion or corruption of data and information,
requests for restoration of information will be made to the ICT department within
the first 12 hours
(g) All servers will be regularly backed up using incremental backup daily (Mon-Fri) and
data stored onsite as well as a full backup weekly (Sat.) and data located off-site.
ICT Policy, 2009
29
13 Business Continuity and Disaster Recovery Policy
Disasters happen in many ways and can disrupt or even completely destroy your
organization. Depending upon where you are located, disasters may be natural occurrences
such as earthquakes, floods or storms. But, in a typical NARO environment, disasters may
also result from random events including fires, power outages or surges, hardware failures
and software/firmware errors, as well as human-caused events such as disgruntled
employees or people with malicious intent looking to put your organizational data at risk.
NARO plans to minimise the risk arising out of these issues using the policy guideline
below.
13.1 Policy Statement
The organizational ICT mission critical services and data shall be available to enable the
organization survive or recover from any level of disaster.
13.2 Intent
It is the intention of this Policy to provide guidelines for enabling the recovery of data,
applications and mission critical ICT services in the case of events such as natural disasters
as well as random events including but not limited to fires and system malfunctioning.
13.3 Purpose of the Policy
The purpose of this policy is to ensure the Confidentiality, Integrity and Availability of the
NARO information infrastructure as per agreed service levels.
Confidentiality stemming from the requirement that data should only be accessed by
authorized people avoiding disgruntled or malicious outage of systems; Integrity ensuring
that data and services are only modified by authorized personnel while considering all
possible causes of modification for instance software and hardware failure, environmental
events and human intervention; while availability, which is determined by the reliability,
maintainability and serviceability of the ICT infrastructure, ensuring that all the mission
critical data and services are available according to the appropriately agreed service level
targets.
National Agricultural Research Organization - NARO
30
This Policy is aimed at reducing the risks to business continuity to acceptable levels as well as
enabling to restore the organizational ICT processes in case of a system breakdown.
13.4 Scope of the Policy
All mission critical data and services at the Secretariat and the PARIs will be the subject of
this policy and shall mandate procedures to be put in place for the following;
(a) Identification of all the mission critical data and services to be protected.
(b) Specifying how current the files contained in the mission critical data shall be.
(c) Specifying how quickly the organization will need to recover the lost or damaged
files so as to restore mission critical services for business continuity.
(d) Specifying what level of risk the organization is willing to take in enabling the
business continuity processes to come into effect considering a trade off between
risks and costs.
(e) Determination of the desired time within which business processes should be
recovered and the minimum ICT employee assets and services required within this
time.
(f) The technology chosen to provide business continuity and disaster recovery solution
for instance available off-site or appliance based hot-site backup.
ICT Policy, 2009
31
14 Recommendations
The absence of an ICT Policy in NARO left a large void in its ability to leverage on its ICT
infrastructure to enhance research development in fulfilment of its strategic vision.
This Policy document is indeed a result of a pragmatic situation assessment and resultant
analysis of the threats, opportunities and strengths of the NARO ICT infrastructure which
has culminated into the following recommendations;
(a) Establish a departmental-level ICT structure at the Secretariat with at least three core
positions primarily for the enforcement of the ICT Policy as well as improved
support.
(b) Each PARI requires at least one core ICT position or designated ICT focal point
(c) The ICT steering committee concept needs to be upheld at the Secretariat and the
idea replicated at the PARIs mainly to develop & maintain policy guidelines.
(d) The structure to be established at secretariat should provide for a dedicated ICT
helpdesk to improve ICT incident/problem management and technical support
(e) There should be a deliberate effort to commit resources to standardise ICT
infrastructure both at the Secretariat and PARIs so as to benefit from bulk purchases
as well as reduce support costs.
(f) There is need to develop an ICT training plan both for the ICT technical employees
as well as the end users.
(g) There is a need to clearly delineate process owners and process managers for the
various business processes including but not limited to Management Information
Systems, Back-end services management as well as Equipment acquisition and
Maintenance services.
(h) Following the adoption of this Policy, there is an immediate need to develop
Procedures and Guidelines to operationalize this Policy and associated developed
standards.
(i) NARO should establish a NARO-wide official client-server email system for official
communication accessible by all types of connectivity currently available
National Agricultural Research Organization - NARO
32
15 Bibliography
[1] IT Infrastructure library Service Management Forum Book; Terms, Acronyms and
Abbreviations; ISBN 0-9524706-5-9, IT Service Management Forum Ltd; 2001
[2] National Agricultural Research Act, Acts Supplement to The Uganda Gazette No. 74
Volume XCVIII dated 21st November, 2005.
[3] NARO AT A GLANCE, Past, Present and Future © 2008 Published by National
Agricultural Research Organization.
[4] The National Agricultural Research Policy, 2003.
[5] The Uganda National ICT Policy draft © 2009.
[6] National Agricultural Research organization Website, http://www.naro.go.ug:13.07.2009
[7] Wikipedia Website, http://www.Wikipedia.org: 01.08.2009
[8] ICT Glossary Website, http://www.ict4lf.org/en_glosssay.htm: 01.08.2009
[9] Business Data Communications and Networking 9th Edition © 2007 Fitz Gerald Dennis
[10] Business Research methods 2nd Edition © 2007 Allan Bryman and Emma Bell
ICT Policy, 2009
33
16 Glossary
2-tier An architecture where by the application logic is partitioned between the
client and the server such that the server is responsible for the data and the
client for the application and presentation.
Availability Ability of an ICT service or hardware to perform its agreed function when
required.
Closed Source
Software
Used to describe Software that is provided by a Vendor usually without the
original Source Code used to create it as the Vendor controls its modification.
Confidentiality An ICT security principle that requires that data should only be accessed by
authorized people
Copyright Refers to software/applications whose author has a right to reproduce but
non-authors are restricted to reporduce unless by authorisation of the author.
Crash A term describing what happens to hardware or software when it suddenly
fails to work properly.
Data Center A facility used to house computer systems and associated components, such
as telecommunications and storage systems. It generally includes redundant or
backup power supplies, redundant data communications connections,
environmental controls (e.g., air conditioning, fire suppression) and security
devices.
Email Contraction of Electronic Mail. A system for creating, sending and receiving
messages via the Internet.
Employee All of the individuals employed by the organization including full time, part
time, temporary and contract employess.
End-user The final user of a piece of Software or Hardware, i.e. the individual person
for whom the product is created, as distinct from the people who create and
produce the product.
Extranet Using the Internet to provide access to information intended for a selected
set of users, not the public at large. Usually done by requiring a password to
access a selected set of websites.
Firewall A firewall is a software package that sits between your computer and your
Internet connection, keeping an eye on the traffic going to and fro.
Firmware A set of software instructions set permanently or semi-permanently into Read
Only Memory (ROM).
Generic Software
/ Generic
This term normally refers to general-purpose software applications that are
not designed for use in a specific subject area, e.g. a word-processor (e.g.
National Agricultural Research Organization - NARO
34
Application: Word), spreadsheet package (e.g. Excel), presentation software (e.g.
PowerPoint) or database package (e.g. Access).
Hardware The physical elements of a computer system - the bits you can see, touch,
drop, kick or fall over. Contrasted with Software.
ICT Helpdesk A point of contact for users to log incidents.
ICT
Infrastructure
The term is used to describe all of the components employed in the delivery
of ICT services to users, including the computing and telecommunication
software, hardware, people and documentation.
Install A verb used to describe the process of installing or setting up a computer
program or suite of computer programs on the computer's hard disk for first-
time use. Programs are normally supplied on CD-ROM or DVD, but they
may also be downloaded from the Web, either free of charge or on payment
of a fee.
Integrity A security principle that ensures data and application items are only modified
by authorized personell and activities.
Interface An interface in computer jargon is a connection between two systems.
Internet The Internet, or simply "the Net", is a computer network connecting millions
of computers all over the world. It provides communications to the
organizations.
Intranet A private network inside a company or an organisation and used over its
LAN (Local Area Network). A sort of local Internet. Contrasted with
Internet, which is publicly available.
License
Management
The process for the management of software licenses for ICT software
throughout their lifecycle.
Life Cycle of ICT
Assets
The various stages in the life of an ICT infrastructure including the
acquisition, retention/maintenance upto disposal.
Maintainability A measure of how quickly and effectively a ICT service can be restored to
normal working after a failure.
Office
Productivity Tool
Any hardware or software at an employee's disposal for performing their day-
today duties.
Off-Shelf
Application
AN application that ahs been acquired for the organization thorugh purchase
from a vendor (not developed in-house)
Off-Site Backup Copying data to an external source outside the normal network environment
to protect against loss of intergrity or availability of the original.
Open Source
Software
Used to describe Software that is provided free of charge, along with the
original Source Code used to create it so that anyone modify it to improve it
ICT Policy, 2009
35
and work in ways that reflect their own preferences.
Peopleware Refers to technical and business skill sets, training oortfolio, documentations
and services provided bto NARO by the ICT Department
Reliability A measure of how long an ICT infrastructure and service can perform its
agreed function without interruption.
Remote
Terminal
Ability to access services thorugh this terminal without necessarily being
located on the local area network
Serviceability The ability of a third party vendor or supplier to meet the terms of their
contract
Signature Cards Identification cards that are used to access cointent of a backup especially for
off-site backup
SLA An agreement between the ICT service provider and NARO describing the
ICT service, documenting service level targets and specifying the
responsibilities of the Provider and Customer.
Software The opposite to Hardware. A generic term describing all kinds of computer
programs, applications and operating systems. Software is not tangible, being
a set of instructions written in a Programming Language comprising a set of
instructions that the computer executes.
Third Party Any non-NARO employee e.g. contractor, vendor, researcher who has
authorised access to NARO ICT infrastructure.
TCO Total Cost of Ownership is a methodology used to mke investment decisions.
TCO assessess the full lifecycle of ICT infrastructure and not just the initial
cost or purchase priceThe sum total of expenses incurred to acquire, retain
and dispose an ICT infrastructure item.
User profile The level of access assigned to a user to be able to access any of the ICT
services
Web mail An employee accesses office email through the internet
Workstation Refers to a type of computer used for applications that demand a reasonable
amount of computing power such as PC, monitor, laptop, printer etc