LVRC IT Policy Strategy Presented by: Graham Cray, Manager Information Services, LVRC Date: 14 th November 2014

Event Floods in 2011 highlighted major issues with IT Investments

Change Massive amount of investment in ICT 2009/10 FY $450k Operating / $350k Capital Last FY $720k Operating / $2M plus carry over of $1.1M Massive amount of Change for the whole organization Three restructures in last three years Total budget 2009/10 = ~$84.7M Total budget 2013/14 = ~$114.3M ~350 employed at LVRC prior to 2011 events ~400 employed at LVRC last FY plus bucket loads of contractors. ~330 employed at LVRC now after recent downsizing.

Change Major ICT Projects included: Technology One implementation, replacing Practical Fibre between Gatton assets Windows 7 and Office 2010 upgrade Servers and SAN's for Technology One Now Infocouncil Upgrade IT Strategy Development Archive Manager Implementation Exchange Upgrade Firewall replacement Reverse Proxy Implementation Website Upgrade Wireless

Challenge ICT was seen as a roadblock Not resourced to partner with the business Team Morale Lack of acknowledgement of efforts No respect for Policy, process or procedures

Policy Challenge included a lack of robust policies Battle to keep policies up to date and relevant Policies disregarded Constant change Policy written to suit a scenario Current policies written in 2008 Rewritten in 2012 but not adopted

Review Not on my radar Prompted to review after seeing KAON Security presentation at LGMA Qld ICT Village. Reviewed policies and discovered the situation as described previously

Process Needed assistance. Not something we could do effectively and timely in house. Approached KAON and three other LG providers KAON chosen as the successful supplier Contributing reasons for choosing KAON Cost compared to competitors Cheaper then doing it ourselves Third party improves support Referenced standards Explanations Three focus areas (User, Mgr & Tech) Forms and templates Ongoing support

Implementation Completed Questionnaire Draft Policies provided Some references to Victoria Records Office Steering Committee wrong name Computers for Councillors Workshop with key staff Develop an exceptions register Change policies to standards Develop notifications for new users Establish control mechanisms for Social Media Implement AD logging for 90 days Establish a Software Asset Management system

Implementation Changes to template Positive feedback Final draft received Made available for all staff in Draft format Communicated Newsletters Meetings Intranet Any chance

Implementation Developed Exceptions Spreadsheet Planned to adopt June/July but still waiting on approval

Implementation Next steps Lobby for approval of the policy Once approved commence communication campaign Posters s Intranet Information Sessions Every user to read, sign and acknowledge standard Inductions Lobby Management Test & Confirm Repeat

Learnings It still takes time Would have put more effort in to keep the momentum Involve the IT Team in the process more

Questions?