TABLE OF CONTENTS ICT Policy.pdfeconomic development in Uganda, a large expansion of food demand is...

TABLE OF CONTENTS

FOREWORD................................................................................................................ iv

EXECUTIVE SUMMARY........................................................................................... vi

Document Version Control Information ....................................................................viii

List of Acronymns.........................................................................................................ix

1 Introduction ........................................................................................................... 1

1.1 Background......................................................................................................... 1

1.2 Objective............................................................................................................. 3

1.3 Purpose................................................................................................................ 3

1.4 Scope................................................................................................................... 3

1.5 Management Rights to Access Information........................................................ 4

1.6 Policy Management Process ............................................................................... 5

1.7 Communicating the Policy.................................................................................. 5

1.8 Policy Responsibilities........................................................................................ 5

1.9 Policy Effectivity ................................................................................................ 6

1.10 Disciplinary Actions ........................................................................................... 6

2 Acceptable Use Policy............................................................................................ 7

2.1 Policy Statement ................................................................................................ 7

2.2 Intent ................................................................................................................... 7

2.3 Purpose................................................................................................................ 7

2.4 Scope................................................................................................................... 8

3 Information Usage Policy .................................................................................... 10

3.1 Policy Statement ............................................................................................... 10

3.2 Intent ................................................................................................................. 10

3.3 Purpose of Policy .............................................................................................. 10

3.4 Scope of Policy ................................................................................................. 11

3.5 Standard Practices of the Policy ....................................................................... 11

4 Email Usage Policy.............................................................................................. 12


4.2 Intent ................................................................................................................. 12


4.4 Scope of Policy ................................................................................................. 12

5 Internet & Intranet Policy.................................................................................... 13


5.2 Intent ................................................................................................................. 13

National Agricultural Research Organization - NARO

ii


5.4 Scope of Policy ................................................................................................. 14

6 Access Codes and Password Policy ..................................................................... 15


6.2 Intent ................................................................................................................. 15


6.4 Scope of Policy ................................................................................................. 16

7 Network Access Policy......................................................................................... 17


7.2 Intent ................................................................................................................. 17


7.4 Scope of Policy ................................................................................................. 18

7.5 Standard Practices of this Policy ...................................................................... 18

8 Incident Management Policy............................................................................... 19


8.2 Intent ................................................................................................................. 19


8.4 Scope of Policy ................................................................................................. 20

8.5 Standard Practices of Policy ............................................................................. 20

9 Copyright & Software Licensing Policy .............................................................. 21


9.2 Intent ................................................................................................................. 21


9.4 Scope of Policy ................................................................................................. 22

10 Viruses, Worms and other Malware Management Policy ................................... 23


10.2 Intent ................................................................................................................. 23


10.4 Scope of Policy ................................................................................................. 23

11 ICT Infrastructure Acquisition, Retention and Disposal Policy......................... 25


11.2 Intent ................................................................................................................. 25


11.4 Scope of Policy ................................................................................................. 26

12 Backup and Storage Policy .................................................................................. 27

ICT Policy, 2009

iii


12.2 Intent ................................................................................................................. 27

12.3 Purpose of the Policy ........................................................................................ 27

12.4 Scope of the Policy ........................................................................................... 27

13 Business Continuity and Disaster Recovery Policy............................................. 29


13.2 Intent ................................................................................................................. 29

13.3 Purpose of the Policy ........................................................................................ 29

13.4 Scope of the Policy ........................................................................................... 30

14 Recommendations ............................................................................................... 31

15 Bibliography......................................................................................................... 32

16 Glossary ................................................................................................................ 33


iv

FOREWORD

Information and Communication Technologies (ICT) are now widely accepted and used

throughout NARO and the Public Agricultural Research Institutes (PARIs) as a critical tool

in their efforts to generate and adopt appropriate knowledge and information, enhance

agricultural research development, and achieve the organization’s strategic vision.

Recognizing this potential, infrastructure initiatives and development strategies incorporating

ICT are being increasingly promoted and launched across the organization. It is in this

regard that the leadership of NARO sanctioned the development of an ICT Policy to govern

this whole ICT initiative.

While the potential advantages of ICT for research are enormous, the ICT infrastructure

without the ICT policy in place may not adequately reflect the truly comprehensive and

integrated strategies for harnessing and exploiting this potential for research. Much effort

has been made by NARO to increase investment in the ICT but much less in terms of

leveraging on these investments to support the organization in meeting her organizational

strategic goals. However, just as technology and knowledge gaps need to be bridged between

entities at the Secretariat and the PARIs, the ICT skills gap within NARO also requires

critical attention.

This ICT Policy, which is published along with an ICT standards document, is designed to

provide the Directors, Management and Users at NARO and the PARIs the necessary tools,

information and knowledge to facilitate the formulation and adoption of appropriate

research and strategies. Through the examination of vital sections of the Policy, this

publication provides tangible prescriptions for the efficient and effective management and

use of the ICT infrastructure at NARO Secretariat and in the PARIs.

The debate on ICT has permanently shifted from ‘why’ ICT for research, to ‘how’

comprehensive and holistic ICT policies can unleash research potential and enhance the

employees’ capabilities to improve their research methods. This ICT Policy must be an

indispensable part of management of the ICT infrastructure in NARO.

ICT Policy, 2009

v

Since nothing is written in stone and given that our NARO continues to develop and change

its modus operandi to keep abreast of unexpected situations like changing technologies, this

policy document will undergo changes as well, and should be revised on a 3-5 year basis.

We hope this ICT Policy will positively contribute to assisting Agricultural Researchers in

embracing and utilizing ICT for agricultural development.

___________________________________

Dr Denis .T. Kyetere

Director General

National Agricultural Research Organization


vi

EXECUTIVE SUMMARY

NARO exists to guide and coordinate all agricultural research activities in the national

agricultural research system of Uganda. To achieve its mandate NARO relies on among

others its ICT systems and the integrity and availability of information processed, delivered

and stored therein. This ICT policy guides the acceptable use of ICT infrastructure including

information which store, process and deliver results to the NARO user community.

NARO information is maintained on the principles of Confidentiality, Integrity &

Availability (CIA) implying that this information should be available when required, accessed

by authorized personnel and should be trusted to be authentic while maintaining assigned

confidentiality.

The policy provides guidelines on Information usage, a key component of a research

organization. Email has become an acceptable means of official communication. Effective

email communication calls for guidelines to govern its use in the office.

NARO has benefited from the onset of the Internet for information seeking, online

applications as well as sharing pertinent information with stakeholders within and without

the organization. The Policy document also provides relevant guidelines on the use of these

services to avoid abuse by employees.

The wealth of information generated in NARO requires that it should be accessed and

shared in a controlled manner to avoid waste. This policy document provides an emphasis

on this requirement as well as the requirements for authorized users accessing accurate

information at the right time through the use of unique user identifications and passwords.

The information obtained is often authored by various employees of NARO and therefore

the policy has a clause to govern copyrighting.

The amount of investments made by NARO to acquire ICT assets is enormous and

therefore the importance of including a standards section of the Policy to provide guidelines

on the effective means of using as well as acquiring these ICT cannot be over emphasized.

Clearly with the advent of the Policy, there will be envisaged savings on the Total Cost of

Ownership (TCO) of ICT assets in NARO. The requirement to assure the availability of

ICT Policy, 2009

vii

information services to the NARO user community is another important aspect. Business

continuity has become a norm for ICT in many organizations and indeed the policy has

derivatives to guide NARO on how best to position for disaster befalling the data.

Routine compliant audits will be conducted to make sure that this Policy is adhered to for

efficient and effective acquisition and management of ICT in the conduct and delivery of

research products and services.

On close scrutiny, it is evident that notwithstanding the fact that the Policy will generate

sufficient momentum for ICT awareness in the organization upon coming into force, the

real success of the policy will be derived from the commitment to implement it judiciously.

The implementation will require human resource commitment specifically additional skilled

ICT employee backed up by an enabling ICT structure at departmental level.

In summary, this ICT Policy creation process has been undertaken diligently to reflect the

situation analysis that is prevalent in the NARO ICT environment and it is intended that its

implementation is effected to enable the organization benefit in terms of optimum and

efficient ICT deployment to rapidly accelerate its contribution to agricultural research and

development in Uganda.


viii

DOCUMENT VERSION CONTROL INFORMATION

Document Ref: ICT Version: V1.1

Classification: Open Status: Approved

Effective from: 1 September 2009 Review Date: 1 September 2012

Approved by: NARO Councils Date:

Authorised by: Director General, NARO Date:

Issued by: Director General, NARO Date:

Change History: Replaces, ICT Policy Strategy

Document approved in 2005 Date:

Circulation: All NARO employees and third parties via website or directly

Enquiry point : Quality Assurance Directorate in conjunction with the ICT Department.

ICT Policy, 2009

ix

LIST OF ACRONYMNS

ARIS Agricultural Research Information Services

CIA Confidentiality Integrity Availability

E1 E1 is a physical layer protocol, like ethernet. It defines a 2Mbps link between

two endpoints and can be used for voice and data (minimum 4 modules per

card) or a mixture of both.

ERP Enterprise Resource Programme

FTP File Transfer Protocol

FXS FXS is a physical layer protocol that provides an interface for connecting

Analogue links for voice (maximum 4 modules per card)

HR Human Resource

ICT Information and Communication Technology

LAN Local Area Network

MIS Management Information System

NARI National Agricultural Research Institute

NARO National Agricultural Research Organization

NARS National Agricultural Research System

NAS Network Appliance Storage

OSS Open Software Standard

PARI Public Agricultural Research Institute

PC Personal Computer

PDA Personal Digital Assistant

PPM Pages Per Minute

RD1000 A backup device used for storage of data using a USB interface and has all the

generic large scale backup features

SAN Storage Area Network

SLA Service Level Agreement

TCO Total Cost of Ownership

UPS Uninterrupted Power Supply

VPN Virtual Private Network

VSAT Very Small Aperture Terminal

WAN Wide Area Network

WWW World Wide Web


x

XML eXtensible Markup Language is a widely-used computer language for creating

and designing pages on the World Wide Web, and for defining other

languages with more specialized purposes.

ZARDI Zonal Agricultural Research Development Institute

ICT Policy, 2009

1

1 Introduction

1.1 Background

Uganda is predominantly an agricultural country. Due to rapid population growth and

economic development in Uganda, a large expansion of food demand is expected.

Furthermore, the ability to meet food and development demand of the citizens becomes less

certain with the increasing constraints on essential environmental resources for food

production such as water and fertile soils. Blessed with an environment hospitable to

agriculture, however, agriculture in Uganda has nurtured high-quality, safe, and reliable

sources of food albeit with gaps in the coordination of research to guarantee sustainable

food levels.

The mission of NARO is to help find solutions for rapid national population growth and

constraints on resources through the “generation, adoption and dissemination of appropriate and

demand-driven technologies, knowledge and information through an effective, efficient, sustainable,

decentralised and well co-ordinated agricultural research system”.

The National Agriculture and Research Organization (NARO) of Uganda was established by

an act of Parliament, which was enacted on 21st November 2005 to establish “a farmer

responsive research system that generates and disseminates problem-solving, profitable and

environmentally sound technologies, knowledge and information on a sustainable basis”

with an overriding goal to address issues related to food, agriculture, and rural communities,

including to:

(a) Provide strategic direction for publicly funded agricultural research in Uganda and

act as a forum for agricultural researchers in Uganda;

(b) Coordinate and oversee, in collaboration with the Uganda National Council for

Science and Technology and other lead agencies, the development, consolidation and

implementation of agricultural research policy and national research strategies, plans

and budgets relating to publicly funded agricultural research;

(c) Set national priorities and harmonize agricultural research activities of the national

agricultural research system, constituent institutions and public agricultural research

institutes, civil society organisation, private sectors and farmer organizations and

promote delivery of quality and efficient agricultural research services;


2

(d) Advise and coordinate formulation of policy and legislative proposals, research

standards, codes of ethics, conduct and practice; and guidelines for delivery of

agricultural research services;

(e) Provide guidelines, guidance and ensure delivery of quality agricultural research by

agricultural research service providers;

(f) In collaboration with other relevant agencies, provide policy guidance to local

governments on matters relating to agricultural research;

(g) Carry out monitoring and evaluation of national agricultural research programmes,

projects and activities to ensure adherence to the set work plans, standards and

regulations;

(h) Mobilize funds for agricultural research and manage the agricultural research trust

fund including raising funds for research of national strategic interest;

(i) Coordinate and promote cooperation and collaboration between Uganda and other

countries, institutions, scientific or professional societies and other agricultural

research service providers, with regard to agricultural research, development and

technology transfer in the agricultural sector so as to optimally utilise agricultural

resources and improve production capacity of such resources;

(j) Provide leadership and advocacy for the promotion, protection and development of

agricultural research in Uganda;

(k) Make grants or provide funds to any institution or person for the advancement of

agricultural research and development on both competitive and non-competitive

basis; and

(l) Perform such other functions as are conferred on the organisation by this Act or

any other law for the purpose of promoting agricultural research and development.

NARO aims to contribute to an affluent Ugandan society in the 21st century and to

solutions of environmental problems by carrying out technology research and development.

NARO also trains agricultural managers at country-wide established PARIs, ZARDIs and

NARIs, who will lead future generations of agricultural research. Within the framework of

the mission and vision of NARO, ICT plays a pivotal role particularly in creating an ICT

technologically savvy environment for the researchers to meet their goals.

ICT Policy, 2009

3

1.2 Objective

It is the intent of this policy to establish guidelines for the employees and stakeholders

acquiring, using and managing the NARO’s ICT infrastructure facilities, including computer

hardware, printers, fax machines, voice-mail, software, e-mail, Internet and intranet access,

collectively called “Information & Communication Technology”.

1.3 Purpose

This Policy aimed at fostering research development with an increased awareness of the role

and benefit of ICT technologies in the organization. All employees and stakeholders share

the ICT infrastructure facilities at NARO. These facilities are provided by NARO for the

purpose of conducting its business, despite the fact that some employee may use these

facilities, including computers, printers, e-mail and Internet access for personal use that does

not impact the normal functioning of the ICT systems. In all situations, these facilities must

be used responsibly by everyone, since misuse by even a few individuals has the potential to

negatively impact productivity, disrupt organizational business and interfere with the work or

rights of others. NARO reserves the right periodically to examine any system and other

usage and authorization history as necessary to protect its computing facilities. NARO

disclaims any responsibility for loss of data or interference with files resulting from its efforts

to maintain the privacy and security of those computing facilities or from system

malfunction or any other cause.

Therefore, all employees are expected to exercise responsible and ethical behavior when

using the organization’s Information and Communication Technology (ICT) facilities. Any

action that may expose the organization to risks of unauthorized access to data, disclosure of

information, legal liability, or potential system failure is prohibited and may result in

disciplinary action.

1.4 Scope

This policy applies to all employees as well as any third parties that would have access to the

NARO ICT infrastructure. It is the responsibility of Directors and heads of department

both at the Secretariat and PARIs to ensure that this Policy is clearly communicated,

understood and followed. This policy covers the usage of all of the organization’s ICT

resources, including, but not limited to:


4

(a) All computer-related equipment, including desktop personal computers (PCs),

Laptops, PDAs, workstations, wireless computing devices, telecomm equipment,

networks, databases, printers, servers and shared computers, and all networks and

hardware to which this equipment is connected

(b) All electronic communications equipment, including telephones, mobile phones,

radio communicators, e-mail, fax machines, wired or wireless communications

devices and services, Internet and intranet and other on-line services

(c) All software including purchased or licensed operational software applications (MIS),

NARO in-house developed applications, employee or third party/supplier-written

(off-shelf) applications, computer operating systems, firmware, and any other

software residing on organization-owned equipment

(d) All intellectual property and other data stored on organization equipment

(e) All of the above are included whether they are owned or leased by the organization

or are under the organization's possession, custody, or control

This policy also applies to all users, whether on organization property, connected from

remote via any networked connection, or using organization equipment in any location.

1.5 Management Rights to Access Information

The Shared Information, Research data and MIS systems at NARO are installed to assist

employees in the performance of their duties by facilitating operational business. Although

each employee has individual authorized access to either system or shared information, the

systems and information belong to the organization and the contents of all the systems are

accessible at all times by organization management for any operational purpose. These

systems may be subject to periodic unannounced inspections. The contents of the shared

files, research information and MIS systems properly obtained for legitimate operational

purposes, may be disclosed within the organization without the employee’s permission.

Back-up copies of this shared information and any other MIS systems on organization-

owned computer systems may be maintained and referenced for operational and legal

reasons. Therefore, the employee should not assume that information or any accessed

materials are confidential.

ICT Policy, 2009

5

1.6 Policy Management Process

This section spells out how the ICT policy for the organization will be managed specifically

to;

(a) standardize the creation, modification and distribution of this ICT policy documents

clearly outlining the NARO standards for official documents and how these should

be applied to the ICT documentation for publication to the end users

(b) detail the process to be followed for creation, development and communication of

the ICT policy documents as well as the roles and responsibilities of those involved

in the process.

As mandated by the National Agricultural Research Act, 2005, the Director General will be

responsible for the ICT policy management process and will oversee the issuance and

communication of the ICT policy document. The practical implementation of the specific

policy areas will be the responsibility of the ICT department.

It is intended that this ICT Policy shall be reviewed on a three (3) to five (5) year basis to

make sure it is up-to-date and aligned to the organizational strategic goals.

1.7 Communicating the Policy

This ICT policy document will be communicated through the following means;

(a) Posting the endorsed document on the NARO Intranet/Internet

(b) Email sent by the Director General to all employees.

(c) Published on the NARO bulletin board and notice boards

(d) Discussion forum created on the NARO website for the Policy document

(e) As a tool to be issued to new employee by HR for reading and acknowledgement of

understanding of the Policy prior to being given official access to any ICT

infrastructure of NARO

1.8 Policy Responsibilities

(a) The Director General is responsible for the overall management of the policy

including inter-alia sanctioning the recreation of the policy, updating the existing

policy as well as communicating the policy to the end users


6

(b) The Service managers including Heads of Directorates and Institutes are responsible

to indicate the need for this policy to support the day-to-day ICT operations in the

field of works.

(c) The ICT Steering Committee together with the ICT department are responsible for

ensuring the compliance of the policy into the area of their responsibility by either

adapting the policy in the secretariat and institutes’ ICT infrastructure and services or

by taking the policy document as basic guidelines for the policy to be enforced at the

Secretariat and Institutes, without contradicting one another.

(d) It is the responsibility of the ICT department to adhere to and inform of the need to

update the policy document considering that it will be of inadequate use given the

ever emerging threats, technologies, and organizational operational business needs

that keep changing over time.

1.9 Policy Effectivity

The Policy commences with immediate effect upon endorsement by the Director General.

1.10 Disciplinary Actions

Non compliance to this Policy constitutes a violation of organizational Policy. The

employee will be subject to disciplinary action by the organization, up to and including

criminal prosecution and/or termination of employment. In addition, NARO may require

restitution for any use of service which is in violation of these guidelines.

ICT Policy, 2009

7

2 Acceptable Use Policy

These are behaviours that should be upheld by all NARO employees when using

organisational ICT infrastructure. It is the responsibility of every employee to know these

guidelines, and to conduct their activities accordingly.

2.1 Policy Statement

Organizational ICT infrastructure and services shall be used in a manner that does not

compromise their functionality and intended purpose.

2.2 Intent

The intent of this policy is to outline more specifically the limits of what usage of ICT

infrastructure is generally acceptable. While it is not possible to enumerate every possible

area, it is important to be specific enough to give users enough information to make an

informed decision. The intentions for publishing an Acceptable Use Policy are not to impose

restrictions that are contrary to NARO established culture of openness, trust and integrity.

This Policy is committed to protecting employees, partners and the organization from illegal

or damaging actions by individuals, either knowingly or unknowingly.

2.3 Purpose

The purpose of this policy is to outline the generally acceptable use of ICT infrastructure at

NARO. These guidelines are in place to protect the employee and NARO. Inappropriate

use exposes NARO to risks including virus attacks, compromise of network systems and

services, and legal issues. This policy is as specific enough as to allow disciplinary action to

be taken whenever necessary, without becoming overly specific, mindful not to dilute the

intent and impact of higher level specific policy areas, in this case, email, Internet, passwords

and office productivity areas.


8

2.4 Scope

The acceptable use policy is not intended to enumerate every possible avenue of acceptable

or forbidden activity. Rather, it is intended to provide guidance to the average user so that

they can intelligently judge the consequences of their actions. This policy applies to NARO

employees and third parties. This policy also applies to all equipment that is owned or leased

by NARO. This policy covers the common areas of interface between employees and ICT

infrastructure including email, Internet, passwords and office productivity tools.

2.4.1 Email Service

(a) Postings by employees from a NARO email address to newsgroups should contain a

disclaimer stating that the opinions expressed are strictly their own and not

necessarily those of NARO, unless posting is in the course of operational business

duties.

(b) Employees must use extreme caution when opening e-mail attachments received

from unknown senders, as they may contain viruses, e-mail bombs, Trojan horse

code, or spams.

(c) Transmitting chain emails or material that is in violation of sexual harassment laws is

not permitted.

(d) Employees are prohibited from unauthorized access to other employee email

messages

(e) All official email communication should be conducted on NARO email and not

world wide general emails like yahoo, hotmail or gmail

2.4.2 Internet Service

(c) Employees are responsible for exercising good judgment regarding the

reasonableness of personal use of the Internet. If in doubt of the action to be taken

contact your supervisor.

(d) Using the Internet for excessive personal investment activity is not permitted

(e) Excessive and non-productive personal use such as playing games, or browsing

pornography content is not permitted

(f) Employees must not use NARO’s Internet facilities to knowingly disable or overload

any computer system or network

ICT Policy, 2009

9

2.4.3 Passwords

(a) Employees should not share passwords.

(b) Employees should not write passwords down and store them anywhere in office.

2.4.4 Office Productivity Tools

(a) Employees are responsible for the workstations (laptops/desktops) that they have

been assigned.

(b) All workstations used by any employee that are connected to the NARO network

whether owned by the employee or NARO, shall be continually executing approved

virus-scanning software with a current virus database.

(c) Installation or distribution of pirated (including non-licensed software) on to the

NARO network is not permitted

(d) The use of licensed open source software as an alternative to closed source software

is permitted upon authorisation by the ICT steering committee

(e) Users are required to report to the ICT Department any condition that might result

in the loss of backup data integrity, confidentiality or availability for any reason.


10

3 Information Usage Policy

NARO is a research entity in which information is an invaluable resource and sharing of

which is paramount. This section elaborates on the Policy that should be adhered to during

storage, maintenance and distribution of information.


Organizational information hosted on ICT infrastructure shall be secured and only shared for

the benefit of the organization.

3.2 Intent

It is the intent of this policy to establish standard practices and guidelines for the

responsible, safe, and productive use of all the information stored on the NARO ICT

infrastructure, and to ensure the protection of this NARO’s valuable information.

3.3 Purpose of Policy

This policy describes NARO’s guidelines with regard to access to and sharing of information

that is stored on the NARO ICT infrastructure. The organization respects the individual

privacy of its employees. However, employee privacy does not extend to the employee's

work-related conduct or to the use of organization-provided equipment or supplies.

Employees should be aware that the following guidelines may affect their privacy in the

workplace.

Therefore, all employees who generate or install information on the ICT infrastructure must

get clearance from the ICT department. Any action that may expose the organization to

risks of installing unauthorized information on the NARO infrastructure or applications that

have not been adequately sanctioned through the ICT may result in disciplinary action up to

and including termination of employment and/or criminal prosecution.

ICT Policy, 2009

11

3.4 Scope of Policy

This policy applies to all NARO employees countrywide and third parties. It is the

responsibility of all directorates and operating units to ensure that this policy is clearly

communicated, understood and followed.

This policy area applies to the usage of information that has been generated within the

organization as well as information that has been availed to the organization from other

sources for instance ARIS.

3.5 Standard Practices of the Policy

(a) It is the responsibility of the employee to store organisational information in the

network shared storage locations for easy access by stakeholders as well as

centralised backup.

(b) It is the responsibility of the employee to keep an updated copy(ies) in their

possession in the shared locaton.

(c) The user is responsible for safe guarding their private data.


12

4 Email Usage Policy

Email has increasingly become a core medium of communication in NARO especially for

exchange of information amongst researchers within and outside the organization. It is

therefore prudent to institute a policy to manage the proper use of organizational email so as

to ensure that official email is used primarily for the conducting of organizational business

and not used in any illegal, offensive or unethical manner.


Organizational email shall be used by all employees for official communication.

4.2 Intent


responsible, safe, and productive use of the electronic mail (e-mail), and to ensure the

protection of Organization’s information and ICT infrastructure.


This policy describes NARO’s guidelines with regard to access to and disclosure of

electronic mail messages sent or received by NARO employees through use of the NARO e-

mail systems. While the organization respects the individual privacy of its employees,

however, employee privacy does not extend to the employee's work-related conduct with

respect to use of email. Employees should be aware that the following guidelines may affect

their privacy while communicating with non-organizational email systems.

4.4 Scope of Policy

This policy applies to all NARO employees and third parties. It also covers the usage of

NARO email resources, including, but not limited to:

(a) Access to NARO email on the local area network (LAN)

(b) Access to NARO email on the intranet/internet (web mail)

(c) Access to NARO email on the wide area network (WAN)

(d) Access to NARO email remotely using proprietary utilities

ICT Policy, 2009

13

5 Internet & Intranet Policy

The Internet and Intranet is a vital tool for accessing global information as a source of

research data and collaboration amongst the local and global research partners. Publications

on the Internet act as a medium for quick and wide dissemination of research findings

normally available free of charge or on subscription basis for instance Journals. The Internet

has enabled NARO to reach far wider audiences by hosting her information on the internet.


The Internet and Intranet shall be used by authorised employees of the organization to conduct

official business and professional networking.

5.2 Intent


responsible, safe, and productive use of the Internet and Intranet, and to ensure the

protection of NARO, its information and communication technology infrastructure.


Certain NARO employees can be authorized access to the Internet for the operational

purposes of communicating, sending messages and exchanging work-related information

with external companies. The most common usages of the Internet are for e-mail, FTP file

exchanges, and world-wide web browsing, access to literature, agricultural research

information, databases and online applications.

All employees share the Internet facilities at NARO. These facilities are provided to

employees for the purpose of access to information that facilitates or contributes to

individual and institutional development. However, these facilities must be used responsibly

by everyone, since misuse by even a few individuals has the potential to negatively impact

productivity, disrupt organizational business and interfere with the work or rights of others.

Therefore, all employees are expected to exercise responsible and ethical behavior when

using the organization’s Internet and Intranet facilities.


14

5.4 Scope of Policy

This policy applies to all NARO employees and third parties. Also pertaining to this policy

is the usage of the organization’s entire Internet infrastructure whether owned or leased by

the organization or are under the organization's possession, custody, or control. These

include, but not limited to:

(a) All electronic communications equipment, wired or wireless communications devices

and services that provide Internet and Intranet capabilities plus other on-line services

(b) All desktop, laptop and PDA platforms that are utilized by the employee to access

the internet/intranet

(c) All downloaded materials from the Internet/Intranet


All users, whether within NARO Secretariat or PARI, connected from remote via any

networked connection, or using organizational equipment in any other location including

access through mobile telephony must adhere to this policy.

ICT Policy, 2009

15

6 Access Codes and Password Policy

The organization maintains ICT infrastructure primarily to facilitate its employees carry out

their day-to-day activities. As part of the effort to safeguard the infrastructure as well as the

individual information generated within NARO, access codes and passwords provide an

appropriate method to limit access to only authorized users.


Access to organizational ICT systems shall require formal authorization and the use of secure

access code (username) and password.

6.2 Intent


responsible, safe, and productive access to the NARO ICT infrastructure systems (through

assigned usernames/login identification), as well as ensuring that the passwords, which are

used as an entry point to access resources, are adequately protected to minimize

unauthorized access.


The purpose of this policy is to establish the rules for the access and use of the ICT

infrastructure. This includes issues of access codes and passwords for information systems

control, as well as those of connectivity to other networks such as the Internet and extranets.

Regarding Issues of allowed (or denied) access to Web browsing, remote terminal access to

the system, file transfers, and e-mail, there is need for each of these systems to have access

controls as well as corresponding passwords.

All employees who have access to the NARO ICT infrastructure have an access code

(username) and password which will be governed by a set of rules which amongst others

includes the following;

(a) Avoid weak or poor passwords.

(b) Passwords should never be written down or stored on-line without encryption.

(c) Do not share passwords with anyone.

(d) If a colleague demands for a password, refer the colleague to the ICT department.


16

These access codes and passwords are confidential and must be used responsibly by

everyone, since the user is held personally responsible for the safety of these credentials.

6.4 Scope of Policy

This policy applies to all NARO and third parties and will be applied in the following areas;

(a) All access codes and passwords used to access the corporate email &

Internet/Intranet

(b) All access codes and passwords used to access the desktop, laptop and PDA

platforms that are used by the employees

(c) All access codes and passwords used to access the LAN/WAN

(d) All access codes and passwords used to access the MIS Applications

All employees connected to the NARO ICT infrastructure remotely via any networked

connection, or using organizational equipment in any other location including access

through mobile telephony must adhere to this policy.

ICT Policy, 2009

17

7 Network Access Policy

The organization’s network infrastructure is provided as a central utility for all information

resource users. It is important that the infrastructure, which includes cabling and the

associated 'active equipment', continues to develop with sufficient flexibility to meet

organizational demands while at the same time remaining capable of exploiting anticipated

developments in high speed networking technology to allow the future provision of

enhanced user services.


Logical and Physical access to organizational Network Services and Environment shall be

restricted.

7.2 Intent

It is intended to provide guidelines to secure both the logical and physical access to the

Network infrastructure.


The purpose of this policy is to establish the rules for the access and use of the ICT

infrastructure – specifically the network infrastructure. This includes issues of access codes

and passwords for information systems control on the local network, as well as those of

connectivity to other networks such as the Internet and extranets. This policy will also

provide guidelines on physical access to any part of the network. The guidelines in place will

not only maintain the functionality and security of the network but ensure compliance with

established standards.


18

7.4 Scope of Policy

This policy applies to all NARO network environments at the Secretariat and the PARIs.

Specifically the policy will govern the following network areas;

(a) Physical controls to secure entry to network areas housing critical or sensitive

network equipment

(b) Logical controls to the network with secure logon designed to minimize the

opportunity for unauthorized access.

(c) Third party access controls to the network which applies to equipment that does not

belong to NARO being used by Third partys and employees to ensure all third

parties are logged onto the network with appropriate access levels

(d) Access controls for connection to external networks by NARO employees to assure

that connections to external networks and systems have documented and approved

System Security Policies

(e) Access controls for portable media specifically the appropriate authentication levels

(2-tier) for wireless access and the need to undertake individual backup of email and

research data.

7.5 Standard Practices of this Policy

(a) All accounts should be logged out at the end of the day. Security is only as good as a

user's password. If a user has left his or her account logged in, then the client has

exposed his or her personal workspace to anyone with physical access to his or her

computer.

(b) Laptops and computers not issued by NARO and not containing the standard

system configuration are strictly forbidden from connecting to the Secretariat LAN

until cleaned, configured and authorized by ICT help desk of the ICT Department.

This is to ensure that no systems having electronic viruses or other security issues

can harm the network computing environment. Users who have visitors who need

network access are requested to contact ICT Help Desk so that the appropriate

safety measures may be taken before connecting the foreign computer into the

network.

(c) All network access software shall be installed by ICT Department staff. This ensures

proper functionality, integration, security, support and compliance with licensing.

(d) All maintenance periods are to be observed by all network users. Usage of the

network during these periods will not be possible. Extended maintenance periods

will be announced at least 24 hours beforehand.

ICT Policy, 2009

19

8 Incident Management Policy

Any unplanned interruption to an ICT service or reduction in the quality of service will

create an incident that may affect the normal operation of employees of NARO who

increasingly rely on ICT for their day-to-day activities. The effect is even greater when the

interruption lasts longer than expected. For effective technical support, it is necessary to

record and respond to incidents reported to ICT by employees as quickly as possible,

thereby satisfying their support requests.


All incidents and problems arising out of the use of NARO ICT facilities shall be managed

through the ICT helpdesk or department.

8.2 Intent

It is the intent of this policy to provide guidelines for the establishment of standard practices

and guidelines for the handling of incidents that may arise from the employees related to the

support, maintenance and planning of the ICT infrastructure.


The purpose of this policy is to require that specific individuals in the ICT department are

designated to manage the incident life cycle for incidents arising out of the use of ICT

infrastructure. The incident life cycle is to involve the progression of an incident through the

occurrence of the incident, detection of the incident, diagnosis of the cause of failure, repair

of the failed component or service and restoration of the service to the employee. In

addition to normal contingency plans, the procedures that the ICT department will develop

will include ways to document an investigation, ways to determine how to prevent the

problem's recurrence, ways to report the incident to management and third parties, and ways

to protect logs and audit trails should they be needed for disciplinary or prosecution

purposes.

Furthermore, a systematic and formal change control process will increase the percentage of

time the systems are available for processing operational and business transactions.


20

8.4 Scope of Policy

This policy will entail the establishment of an ICT helpdesk at the Secretariat with a full time

employee to manage the incidents reported. The incidents arise from the Secretariat as well

as the PARIs. The ICT department employee will record incidents reported containing

details of the incidents involving any component or service failure of an ICT infrastructure

or any aspects of the ICT service as well as make follow ups with providing an appropriate

response within a timeframe that will be determined by metrics that are to be established

based on the nature of problem reported.

8.5 Standard Practices of Policy

1. Ordinarily an ICT helpdesk is established at the Secretariat with a hotline for access will

receive and log all incidents then escalate the incidents to the respective technical ICT staff

to resolve.

2. Business processes within the ICT function are clearly identified with Process Ownership

and Process Managers.

3. Incident management tools are enforced through a combination of technical and

traditional management mechanisms with tools that are appropriate within the context of

asset valuation, risk assessment, cost justification, and resources available being selected for

each situation.

4. Change control processes are in place to monitor process and system changes and also to

force the preparation of documentation which will be important for problem resolution and

contingency planning purposes.

5. Change control procedures are in place, outlining what elements contained in the

procedures, requirement to be followed, and a description of disciplinary actions to be taken

should violations occur.

ICT Policy, 2009

21

9 Copyright & Software Licensing Policy

NARO as a research based organization respects the ideal of copyrighting information

authored by various stakeholders. The emergence of advanced computer systems such as the

internet presents a challenge whereby information may be downloaded and shared without

permission from the authors. Employees shall not download and share information as well

software which may or may not be freely available on the Internet.


Only authorized licensed copies of software shall be used on organizational systems.

Unauthorized copying or distribution of copyrighted software shall not be permitted.

9.2 Intent

It is the intent of this policy to ensure that only licensed and authorized copies of software

are used on organization equipment and property, and in conducting any organizational

business.

It is also intended to minimize the copying and distribution of research material without the

consent of the author.


The overall purpose of this policy is to ensure that the agreements for all computer software

licensed from third parties are periodically reviewed for compliance and that original

information distributed within the organization give due credence to the author. The

Internet has allowed many software companies to use new means of distributing software

and information without official authorization or recognition of the owner’s efforts in

development of the piece. Many organizations allow the downloading of trial versions of

their products, sometimes limited versions (“crippleware”) or versions that only operate for

a limited period of time. This policy will provide guidelines for the proper acquisition of

copyrighted software as well as obtaining licensed software to avoid a violation of software

and information licenses. If such violations are discovered, they put an organization at severe

risk of penalties or loss of reputation. The fulfillment of a security audit also requires that the

guidelines are provided to the employees.


22

9.4 Scope of Policy

All information shared or downloaded at the Secretariat and the PARIs needs to be checked

for copyright as well as license compliance. This policy covers issues such as the copying,

distribution, and use of software for business purposes, as well as when software should be

installed, and by whom, including whether users are allowed to install their own software.

Specifically it includes;

(a) All computer-related equipment, including desktop personal computers (PCs),

portable PCs, terminals, workstations, PDAs, wireless computing devices, telecomm

equipment, networks, databases, printers, servers and shared computers, and all

networks and hardware to which this equipment is connected

(b) All electronic communications equipment, including telephones, pagers, radio

communicators, voice-mail, e-mail, fax machines, PDAs, wired or wireless

communications devices and services, Internet and intranet and other on-line

services

(c) All software including purchased or licensed business software applications,

organization-written applications (in-house), employee or third party/supplier-

written applications (off-shelf), computer operating systems, firmware, and any other

software residing on Company-owned equipment


(e) All of the above are included whether they are owned or leased by the organization

or are under the company's possession, custody, or control

(f) This policy also applies to all users, whether on organization property, connected

from remote via any networked connection, or using organization equipment in any

location

ICT Policy, 2009

23

10 Viruses, Worms and other Malware Management Policy

The proliferation of various systems in NARO as well as the knowledge that the employees

have acquired in the ICT technologies enables the permeation of viruses and other malware

into the NARO network through several means for instance email, internet downloads,

sharing of information from unprotected sources on flash disks. The risk presented by these

viruses range from simple inconveniences in your workspace environment to a total system

crash of an employee’s computer.


All employees using ICT systems shall be aware of the dangers of viruses, worms and

malware and shall ensure that such are not allowed into the system.

10.2 Intent

It is the intention of this Policy to increase awareness of the dangers of viruses, worms and

other malware as well as prevent the escalation of the same on the NARO network.


The number of employees connected to the NARO network both at secretariat and the

PARIs has steadily increased over the years. This has enabled the volume and category of

data hosted on the NARO systems to expand exponentially to the extent that it is a primary

challenge to keep track of the various sources of information. This factor has led to data

infected by viruses or unchecked for viruses to be stored and shared within the Network.

The purpose of this policy is to provide guidelines to minimize the impact of Viruses and

other malware on the NARO ICT environment

The virus incidents registered so far have been due partly to the increased but inherent

insecurity of the Internet, and partly as a result of the incorrect use of ICT systems by

NARO employee.

10.4 Scope of Policy

This policy applies to Servers, Desktops, Laptops and employees using various media to

exchange information within the NARO network environment both at the Secretariat and


24

the PARIs. It also includes Notebooks that are used by employees at home then returning to

use them in office, probably without regular update of the antivirus.

ICT Policy, 2009

25

11 ICT Infrastructure Acquisition, Retention and Disposal Policy

NARO invests heavily in ICT infrastructure acquisition and maintenance. The rapid

advancement of Technology coupled with the ever increasing ICT resources demand by the

employees of NARO implies ICT infrastructure standards not aligned to current

organizational operational requirements leading to regular resource commitments for ICT

infrastructure upgrades. This renders obsolete the existing infrastructure calling for a

streamlined approach for the management of the acquisition and disposal process. The

overall process for the acquisition, retention and disposal constitutes the ‘Life Cycle of ICT

assets’.


The ICT department shall be mandated to manage the life cycle of ICT assets

11.2 Intent

It is the intention of this policy to guide the management of the life cycle (acquisition,

retention, maintenance and disposal) of ICT assets in the organization.


This Policy provides guidelines that ensure that the ICT equipment are acquired to be

available to employees in a timely and cost effective manner including a revolving stock that

takes care of emergency situations for instance a system crush.

This Policy also seeks to streamline process of sanctioning the equipment acquisition,

maintenance, transfer and disposal so as to improve transparency and accountability of ICT

assets management.

The Policy shall check on the maintenance of established infrastructure standards which is a

key component in reduction of ICT service and support costs.


26

11.4 Scope of Policy

This policy applies to all ICT assets of NARO at the Secretariat and the PARIs. It includes

both the tangible (e.g. Servers) as well as intangible assets (e.g. software licences). Specifically

this includes;

(a) Establishment of procedures for originating ICT infrastructure acquisition

(b) Establishment of procedures for ICT infrastructure receipt upon delivery

(c) Establishment of Procedures for the deployment of the ICT infrastructure within the

organization for the intended purpose

(d) Establishment of Procedures for the regular maintenance of ICT infrastructure

including change management process for upgrades/downgrades of both hardware

and software.

(e) Establishment of procedures for the dispoal of obsolete ICT infrastructure

ICT Policy, 2009

27

12 Backup and Storage Policy

Electronic backups are an organizational requirement to enable the recovery of data and

applications in the case of events such as natural disasters, system disk drive failures,

espionage, data entry errors, or system operations errors. A storage area network is utilised

to isolate your backed up data to a location external to your network environment systems

such as off-site.


The organizational data shall be backed up and securely stored to assure integrity on recovery

whenever there is an interruption in system services.

12.2 Intent

It is the intention of this Policy to provide guidelines for enabling the backup of organization

data as well as its restoration once an interruption in system services is anticipated or

experienced.

12.3 Purpose of the Policy

The purpose of this policy is to establish the rules for the backup and storage of electronic

information. Specifically this policy sets out to;

(a) safeguard the information assets of NARO

(b) prevent the loss of data in the case of an accidental deletion or corruption of data,

system failure, or disaster.

(c) permit timely restoration of information and business processes, should such events

occur.

(d) manage and secure backup and restoration processes and the media employed in the

process.

12.4 Scope of the Policy

This policy applies to all servers in the ICT Data Center, Telephone billing systems,

Management Information systems spread throughout the organization plus applicable

Network Attached Storage (NAS) that is used to keep data away from the working

environmental areas (off-site). All data will be backed up as follows;


28

The frequency and extent of backups must be in accordance with the importance of the

information and the acceptable risk as determined by the data owner.

(a) Information Resources backup and recovery process for each system must be

documented and periodically reviewed.

(b) Offsite backup storage for NARO must be cleared to handle the highest level of

information stored.

(c) Physical access controls implemented at offsite backup storage locations shall meet

or exceed the physical access controls of the source systems. Additionally backup

media must be protected in accordance with the highest sensitivity level of

information stored.

(d) A process must be implemented to verify the success of the NARO electronic

information backup.

Backups must be periodically tested to ensure that they are recoverable.

(a) If offsite backup storage is done by third party, Signature cards held by the third

party for access to NARO backup media must be reviewed annually or when an

authorized individual leaves NARO.

(b) Procedures for backup and restore of information between NARO and the offsite

backup storage location must be reviewed at least annually.

(c) Backup tapes must have at a minimum the following identifying criteria that can be

readily identified by labels and/or a bar-coding system: System name, Creation Date,

Sensitivity Classification [Based on applicable electronic record retention

regulations], Name of data custodian and the NARO Contact Information

(d) A back-up log should be generated as part of each back-up routine, including date

and time of the back-up, data backed up, any error occurred.

(e) A procedure should be put in place for the retirement and disposal of the backup

media

(f) In the unlikely event of accidental deletion or corruption of data and information,

requests for restoration of information will be made to the ICT department within

the first 12 hours

(g) All servers will be regularly backed up using incremental backup daily (Mon-Fri) and

data stored onsite as well as a full backup weekly (Sat.) and data located off-site.

ICT Policy, 2009

29

13 Business Continuity and Disaster Recovery Policy

Disasters happen in many ways and can disrupt or even completely destroy your

organization. Depending upon where you are located, disasters may be natural occurrences

such as earthquakes, floods or storms. But, in a typical NARO environment, disasters may

also result from random events including fires, power outages or surges, hardware failures

and software/firmware errors, as well as human-caused events such as disgruntled

employees or people with malicious intent looking to put your organizational data at risk.

NARO plans to minimise the risk arising out of these issues using the policy guideline

below.


The organizational ICT mission critical services and data shall be available to enable the

organization survive or recover from any level of disaster.

13.2 Intent

It is the intention of this Policy to provide guidelines for enabling the recovery of data,

applications and mission critical ICT services in the case of events such as natural disasters

as well as random events including but not limited to fires and system malfunctioning.

13.3 Purpose of the Policy

The purpose of this policy is to ensure the Confidentiality, Integrity and Availability of the

NARO information infrastructure as per agreed service levels.

Confidentiality stemming from the requirement that data should only be accessed by

authorized people avoiding disgruntled or malicious outage of systems; Integrity ensuring

that data and services are only modified by authorized personnel while considering all

possible causes of modification for instance software and hardware failure, environmental

events and human intervention; while availability, which is determined by the reliability,

maintainability and serviceability of the ICT infrastructure, ensuring that all the mission

critical data and services are available according to the appropriately agreed service level

targets.


30

This Policy is aimed at reducing the risks to business continuity to acceptable levels as well as

enabling to restore the organizational ICT processes in case of a system breakdown.

13.4 Scope of the Policy

All mission critical data and services at the Secretariat and the PARIs will be the subject of

this policy and shall mandate procedures to be put in place for the following;

(a) Identification of all the mission critical data and services to be protected.

(b) Specifying how current the files contained in the mission critical data shall be.

(c) Specifying how quickly the organization will need to recover the lost or damaged

files so as to restore mission critical services for business continuity.

(d) Specifying what level of risk the organization is willing to take in enabling the

business continuity processes to come into effect considering a trade off between

risks and costs.

(e) Determination of the desired time within which business processes should be

recovered and the minimum ICT employee assets and services required within this

time.

(f) The technology chosen to provide business continuity and disaster recovery solution

for instance available off-site or appliance based hot-site backup.

ICT Policy, 2009

31

14 Recommendations

The absence of an ICT Policy in NARO left a large void in its ability to leverage on its ICT

infrastructure to enhance research development in fulfilment of its strategic vision.

This Policy document is indeed a result of a pragmatic situation assessment and resultant

analysis of the threats, opportunities and strengths of the NARO ICT infrastructure which

has culminated into the following recommendations;

(a) Establish a departmental-level ICT structure at the Secretariat with at least three core

positions primarily for the enforcement of the ICT Policy as well as improved

support.

(b) Each PARI requires at least one core ICT position or designated ICT focal point

(c) The ICT steering committee concept needs to be upheld at the Secretariat and the

idea replicated at the PARIs mainly to develop & maintain policy guidelines.

(d) The structure to be established at secretariat should provide for a dedicated ICT

helpdesk to improve ICT incident/problem management and technical support

(e) There should be a deliberate effort to commit resources to standardise ICT

infrastructure both at the Secretariat and PARIs so as to benefit from bulk purchases

as well as reduce support costs.

(f) There is need to develop an ICT training plan both for the ICT technical employees

as well as the end users.

(g) There is a need to clearly delineate process owners and process managers for the

various business processes including but not limited to Management Information

Systems, Back-end services management as well as Equipment acquisition and

Maintenance services.

(h) Following the adoption of this Policy, there is an immediate need to develop

Procedures and Guidelines to operationalize this Policy and associated developed

standards.

(i) NARO should establish a NARO-wide official client-server email system for official

communication accessible by all types of connectivity currently available


32

15 Bibliography

[1] IT Infrastructure library Service Management Forum Book; Terms, Acronyms and

Abbreviations; ISBN 0-9524706-5-9, IT Service Management Forum Ltd; 2001

[2] National Agricultural Research Act, Acts Supplement to The Uganda Gazette No. 74

Volume XCVIII dated 21st November, 2005.

[3] NARO AT A GLANCE, Past, Present and Future © 2008 Published by National

Agricultural Research Organization.

[4] The National Agricultural Research Policy, 2003.

[5] The Uganda National ICT Policy draft © 2009.

[6] National Agricultural Research organization Website, http://www.naro.go.ug:13.07.2009

[7] Wikipedia Website, http://www.Wikipedia.org: 01.08.2009

[8] ICT Glossary Website, http://www.ict4lf.org/en_glosssay.htm: 01.08.2009

[9] Business Data Communications and Networking 9th Edition © 2007 Fitz Gerald Dennis

[10] Business Research methods 2nd Edition © 2007 Allan Bryman and Emma Bell

ICT Policy, 2009

33

16 Glossary

2-tier An architecture where by the application logic is partitioned between the

client and the server such that the server is responsible for the data and the

client for the application and presentation.

Availability Ability of an ICT service or hardware to perform its agreed function when

required.

Closed Source

Software

Used to describe Software that is provided by a Vendor usually without the

original Source Code used to create it as the Vendor controls its modification.

Confidentiality An ICT security principle that requires that data should only be accessed by

authorized people

Copyright Refers to software/applications whose author has a right to reproduce but

non-authors are restricted to reporduce unless by authorisation of the author.

Crash A term describing what happens to hardware or software when it suddenly

fails to work properly.

Data Center A facility used to house computer systems and associated components, such

as telecommunications and storage systems. It generally includes redundant or

backup power supplies, redundant data communications connections,

environmental controls (e.g., air conditioning, fire suppression) and security

devices.

Email Contraction of Electronic Mail. A system for creating, sending and receiving

messages via the Internet.

Employee All of the individuals employed by the organization including full time, part

time, temporary and contract employess.

End-user The final user of a piece of Software or Hardware, i.e. the individual person

for whom the product is created, as distinct from the people who create and

produce the product.

Extranet Using the Internet to provide access to information intended for a selected

set of users, not the public at large. Usually done by requiring a password to

access a selected set of websites.

Firewall A firewall is a software package that sits between your computer and your

Internet connection, keeping an eye on the traffic going to and fro.

Firmware A set of software instructions set permanently or semi-permanently into Read

Only Memory (ROM).

Generic Software

/ Generic

This term normally refers to general-purpose software applications that are

not designed for use in a specific subject area, e.g. a word-processor (e.g.


34

Application: Word), spreadsheet package (e.g. Excel), presentation software (e.g.

PowerPoint) or database package (e.g. Access).

Hardware The physical elements of a computer system - the bits you can see, touch,

drop, kick or fall over. Contrasted with Software.

ICT Helpdesk A point of contact for users to log incidents.

ICT

Infrastructure

The term is used to describe all of the components employed in the delivery

of ICT services to users, including the computing and telecommunication

software, hardware, people and documentation.

Install A verb used to describe the process of installing or setting up a computer

program or suite of computer programs on the computer's hard disk for first-

time use. Programs are normally supplied on CD-ROM or DVD, but they

may also be downloaded from the Web, either free of charge or on payment

of a fee.

Integrity A security principle that ensures data and application items are only modified

by authorized personell and activities.

Interface An interface in computer jargon is a connection between two systems.

Internet The Internet, or simply "the Net", is a computer network connecting millions

of computers all over the world. It provides communications to the

organizations.

Intranet A private network inside a company or an organisation and used over its

LAN (Local Area Network). A sort of local Internet. Contrasted with

Internet, which is publicly available.

License

Management

The process for the management of software licenses for ICT software

throughout their lifecycle.

Life Cycle of ICT

Assets

The various stages in the life of an ICT infrastructure including the

acquisition, retention/maintenance upto disposal.

Maintainability A measure of how quickly and effectively a ICT service can be restored to

normal working after a failure.

Office

Productivity Tool

Any hardware or software at an employee's disposal for performing their day-

today duties.

Off-Shelf

Application

AN application that ahs been acquired for the organization thorugh purchase

from a vendor (not developed in-house)

Off-Site Backup Copying data to an external source outside the normal network environment

to protect against loss of intergrity or availability of the original.

Open Source

Software

Used to describe Software that is provided free of charge, along with the

original Source Code used to create it so that anyone modify it to improve it

ICT Policy, 2009

35

and work in ways that reflect their own preferences.

Peopleware Refers to technical and business skill sets, training oortfolio, documentations

and services provided bto NARO by the ICT Department

Reliability A measure of how long an ICT infrastructure and service can perform its

agreed function without interruption.

Remote

Terminal

Ability to access services thorugh this terminal without necessarily being

located on the local area network

Serviceability The ability of a third party vendor or supplier to meet the terms of their

contract

Signature Cards Identification cards that are used to access cointent of a backup especially for

off-site backup

SLA An agreement between the ICT service provider and NARO describing the

ICT service, documenting service level targets and specifying the

responsibilities of the Provider and Customer.

Software The opposite to Hardware. A generic term describing all kinds of computer

programs, applications and operating systems. Software is not tangible, being

a set of instructions written in a Programming Language comprising a set of

instructions that the computer executes.

Third Party Any non-NARO employee e.g. contractor, vendor, researcher who has

authorised access to NARO ICT infrastructure.

TCO Total Cost of Ownership is a methodology used to mke investment decisions.

TCO assessess the full lifecycle of ICT infrastructure and not just the initial

cost or purchase priceThe sum total of expenses incurred to acquire, retain

and dispose an ICT infrastructure item.

User profile The level of access assigned to a user to be able to access any of the ICT

services

Web mail An employee accesses office email through the internet

Workstation Refers to a type of computer used for applications that demand a reasonable

amount of computing power such as PC, monitor, laptop, printer etc

TABLE OF CONTENTS ICT Policy.pdfeconomic development in Uganda, a large expansion of food demand is...

Documents

Transcript of TABLE OF CONTENTS ICT Policy.pdfeconomic development in Uganda, a large expansion of food demand is...