Professional Documents
Culture Documents
Information &
Communications
Technology
Strategy
2020-2025
1
ToPH ICT Strategy 2020-25
Acknowledgement of Country
Contents
Executive Summary - 4
Governance - 5
Vision - 6
Risk Management - 8
Human Resources - 11
Stakeholders - 12
Infrastructure - 17
Business Continuity - 18
3
Executive Summary
Cost Effective
Cost Effective
Reliable
ToPH ICT Strategy 2020-25
Effective governance of
applications acquisition Server blueprint
Managed server
Corporate data
operating system
clean-up
updates
Effective user
authentication
Telephone system
replacement
Mobile device
utilisation
8
Risk Management
Moderat
e
High
Table 2: ICT Risk Mitigation
Risk Likelihood Consequence Strategic Response
1. Cyberattack – loss of Possible Major • Develop cybersecurity
service posture with recognised
framework
• Effective utilisation of
firewall and anti-virus
software
• Staff education
• Effective user
authentication
• Managed migration of
Microsoft suite to cloud
• Whole of communications
network design
• Server blueprint
• On-premise DR
infrastructure
• Cloud DR
• Effective governance of
applications acquisition
• Staff education
• Effective user
authentication
• Managed migration of
Microsoft suite to cloud
• Effective governance of
applications acquisition-
Corporate data clean-up
The detailed risk assessment outlining business A distinction is made between short-term and
impact and mitigations is contained in Appendix prolonged service outages for local network
2: ICT Risk Assessment. communications, servers, internet and phone
system. Increasing the probability of uninterrupted
The most significant change to the ICT risk services is achieved by increasing the investment
profile will be driven by the continued in redundancy with automatic fail-over capability.
adoption of Software as a Service (SaaS). As In some instances this may be achievable but the
major systems are moved to SaaS the on- cost would need to be justified against the
premise server footprint will decrease. benefits.
Cybersecurity, including protection from data
theft, and disaster recovery will be The Town has not maintained a sufficient level of
provided by the system providers who are better investment in its business systems and
resourced to address these challenges. Disaster applications, specifically its core business
recovery for the residual systems and data, system. The current system, SynergySoft, is at
primarily the corporate drive, will also be in the end of life and implementation of a replacement
cloud. This trend does however increase exposure system
to the risk of disruption to internet services. The will require significant investment in business
mitigations for this will be the retention of process capability.
on-premise back-up capability and duplicated
internet connections on separate trunk routes.
Policies &
Internal Human
Operating Resources
Procedures
The governance framework for ICT is provided ICT human resources are a hybrid of Town staff,
by polices, Internal Operating Procedures (IOP) contractors and support agreements. Town staff
and agreements. currently consists of support officers and a part-
time manager. Support officers provide front-line
Polices that directly impact ICT are: user support and co-ordinate minor projects. Two
key contractual arrangements are in place, one to
• 15/003 CCTV Operations provide technical ICT leadership and support and
• 9/010 Asset Management one to monitor and maintain the CCTV network.
Support agreements are in place with software
Staff usage of ICT is guided by: and hardware vendors to provide helpdesk
support for specific products.
• HR007 Mobile Phone Usage
• HR012 Equal Employment Opportunity, Consultant support will be required for various
Bullying, Harassment and Grievance projects including the core system replacement
Handling project, Microsoft 365 migration, telephone
• Conditions of Computer / Communication system replacement, network communications
Use Agreement signed by employees review and server blueprint.
Stakeholders
Dependable
• The Town is able to continue to deliver
services and provide leadership and
assurance
• People are provided with important
information during significant community
incidents
14
Staff Regulatory Agencies
Provided with the right tools to do their job Compliance
• User devices including computers and • Compliance with statutorily imposed
mobile devices and office devices compliance obligations
• Business systems and applications • Compliance with industry imposed
• Access to on-line resources compliance obligations
• Support for the way they work including
collaboration tools and remote working Security
• Data is properly secured
User support • System and data access is appropriately
• Training and support for specific business controlled
systems and applications
• Generic technical support for hardware
and connectivity issues
Reliability
• Access to business systems and
applications and data always available
• ICT hardware always working
Vendors
Supported engagement
• Communications from tender to completion
through technology enabled channels
• Simple invoice submission and payment
Business systems and applications includes the The Town intends to engage a consultancy to
core business system, currently SynergySoft, the project manage implementation over the
Microsoft (MS) Office suite, ad hoc applications anticipated two to three year implementation
and server operating systems. This aspect of ICT timeframe. This approach is intended to provide
is due for generational change that will impact access to the appropriate resources and
the way people work and how ICT is delivered continuity of
to the organisation. This change is dependent on knowledge having regard to the difficulty the
organisational buy-in for process change and the Town has recruiting and retaining staff. Key
availability of sufficient and reliable internet challenges are anticipated to be data migration
capacity. and change management.
Core Business System The preferred solution will be selected
following a tender process. The Town
SynergySoft supports business processes, currently does not have a position on whether
primarily support services and some core the preferred solution is a best of breed, that
services. The vendor has discontinued system is, multiple products, or an integrated
development and are seeking to introduce a new solution, that is, most functions performed by
product. Work has commenced by the Town to a single system.
select and implement a replacement system.
It is anticipated that the new core system will be
Support services processes include: accounts SaaS. This will require adequate internet capacity
payable and receivable, cash receipts, fixed and business continuity planning will need to
asset register, general ledger, inventory, address disruptions of internet service.
procurement, rating and
rates notices, records management and trust and
reserve administration. Core services processes
include: cemetery administration, customer
relationship management, desktop mapping,
property administration and ranger services
including dog registration and infringements.
16
ToPH ICT Strategy 2020-25
Infrastructure
17
Telephony
Infrastructure
Whole of communications network design ICT
asset management place
Server blueprint Corporate
data clean-up
Warranties / maintenance agreements review
Telephone system replacement
Mobile service utilisation
Business Continuity
Documented and tested DR solution
On-premise DR infrastructure
Cloud DR
Security
Cybersecurity posture using recognised framework
Utilisation of firewall and anti-virus software
Staff education
Effective user authentication
APPENDIX 1: ICT STRATEGIC ROADMAP
Business Systems and Applications
Timefram
As-Is To-Be Bridging the Gap Actions
e (Year)
Core Business System
SynergySoft New generation of business Core system replacement Core system replacement 1-3
At end of life system successfully project project:
implemented Appoint project manager
Utilisation has not been fully
developed by Town Efficient underlying business Procure new system
processes capable and in
Some fundamental underlying Development implementation
control
business processes under- plan
developed Acquire additional human
resources as needed
Prepare business and data for
change
Implement new solution
Post-implementation support
Microsoft Office Suite
Microsoft Windows 10 OS Optimally timed migration to Managed migration of MS Windows version control: 2-3
next version Microsoft suite to cloud Monitor MS Windows
maturity and industry trend to
identify optimal migration
point
Manage migration
Microsoft Office 2016 Comprehensive utilisation of MS 365 migration: 2-3
Professional Plus suit of Microsoft cloud Assess capacity and
desktop applications reliability of internet To
P
connection H
IC
T
Str
ate
gy
20
20
20 -
Entering three year licence Assess reliability of MS365
renewal Understand production
functionality and implication
for storage, servers, DR,
security, etc
Develop implantation plan
Amend licencing agreement as
required
Manage implementation
To
P
H
IC
T
Str
ate
gy
20
20
21 -
Timefram
As-Is To-Be Bridging the Gap Actions
e (Year)
Ad hoc Applications
Substantial portfolio of ad hoc Users have access to required Effective governance of Collate database of all 2
applications that are mostly user applications applications acquisition application licencing
initiated and web based agreements
Central register of applications
Missing licencing agreement Rationalise applications based on 2
documentation Adequate stewardship of
usage
application agreements
Acquisition requires ELT
Develop IOP for acquisition and 2
approval Agreement term and price
control of applications including
Ad hoc applications include: structure matches business
minimum standards for
needs
Active Carrot agreements, business case,
Armando Efficient process to control support provision and budget and
Big Red Sky acquisition management sign- off
Carpool Clarity on the role of the ICT
Copernic function in managing
Danthonia applications
Deepfreeze
Elmo
Fixie
Hootsuite
Industrial Automation
Smartpack
InfoCouncil
Intramaps GIS
iSentia
LG HUB
Linked-in
Links Modular Solution
Mailchimp To
Mandalay P
H
Milestone IC
T
Str
ate
gy
20
20
22 -
Mozaic
Open Insight
PaperCut
Power BI
Rapid Plan
Secure Pay
Signage Live
SLIP
Smart Sheet
Smarty Grants
Spydus
Survey Monkey
Trapeze Plan Manager
TreeSize Professional
Typeform
Vendorpanel
When-I-Work
Wondershare Filmora
Smartfill
Server Operating Software
Servers utilise Microsoft Server Up to date with patches Managed server operating Monitor Microsoft Server 3-4
2016 Optimally timed migration to system updates maturity and industry trend to
next version identify optimal migration
point
Manage migration
Veeam backup & recovery: Documented recovery Documented and tested DR Define Line of Business (LoB) 1-3
Protects virtual machine objectives aligned with business solution applications including the
workloads in the form of: continuity plan, including planned deployment models for
downtime and data loss the next 5 years (on-prem, IaaS,
Backup to disk
SaaS) To
Backup to tape (stored P
H
offsite) IC
T
Str
ate
gy
20
20
23 -
No defined recovery objectives Backup solution that meets Consult stakeholders on impact
Undefined risks relating to defined recovery objectives in of downtime and loss of data
downtime or data loss a supportable and cost- per LoB application
effective manner. Prepare, distribute and ratify
Back-ups potentially to the the BC Plan
cloud Determine solution for existing
tape library to enable statutory
data retention compliance
Identify and implement back-
up solution
Cisco enterprise solution: Up to date firmware Server blueprint Review existing equipment 1-2
Working well for the business Replacement plan developed and plan for replacement
Maintain platform with normal Manage migration of
lifecycle turnover equipment
To
P
H
IC
T
Str
ate
gy
20
20
24 -
Infrastructure
Timeframe
As-Is To-Be Bridging the Gap Actions
(Year)
Network Communications Infrastructure
Organic communications Planned communications Whole of communications Engage communications consultant 1
infrastructure: infrastructure that: network design to:
Enterprise grade 100Mb Accommodates changing data Review existing network
internet connection capacity requirements Assess Port Hedland internet
4G internet connections internally and via internet infrastructure
Internet enable link between Provides appropriate Forecast capacity demand for
some sites redundancy alternative SaaS scenarios
ACMA licensed link Depot – Cost effective - Phone system
Civic Monitoring performance and - Core business system
PtP link Stadium to Depot utilisation
- MS Office suite
Installing PtP link JD Hardie - Planned renewal
- Disaster recovery Identify
Depot – Civic cost effective redundancy
SIP enabled telephone opportunities
connection
Produce network design
Capacity and reliability of
Implement communications 1-2
available internet connections
infrastructure plan
unknown
Develop asset management 1-2
plan
ICT Hardware
Some parts of asset renewal are Equipment replacements ICT asset management plan Develop ICT asset 1-2
lagging: based on pre-defined management IOP
lifespans Monitor equipment 1-5
development trends To
P
H
IC
T
Str
ate
gy
20
20
25 -
Timeframe
As-Is To-Be Bridging the Gap Actions
(Year)
Substantial renewal of user Limited range of user devices Assess user needs and scan 1-5
devices identified in 2021 that best meet user needs products available
budget New telephone infrastructure Issue RFT for replacement 1
Substantial UPS renewal telephone system
identified in 2021 budget
Collate CCTV equipment age 2
Status of switches unknown profile
Telephone system
replacement critical
CCTV infrastructure mostly
standardised
On-premise main server critical to Server right-sized to evolving Server blueprint Engage consultant to model 2-3
core systems: requirement. Ability to forecast processing and storage
Refreshed in 2019 and manage storage requirements requirements with alternative
SaaS adoption scenarios
Unsure of ability to shut-
down and re-start Server room relocated to Depot Determine Depot accommodation 1
requirement
Storage not entirely in control:
Corporate drive is a mess Develop server relocation plan 2
driving storage demand Safe server shut-down and re- Implement APC Powerchute 1
Unlimited e-mail storage for start ability:
users Manually Documented and tested shut- 1
No forecast of future storage Automatically during power down and re-start procedure
demand outage
Clean and controlled storage Corporate data clean-up Develop IOP for corporate 1-2
drive data retention and
disposal
Corporate drive data clean-up 1-2
To
P
H
IC
T
Str
ate
gy
20
20
26 -
Timeframe
As-Is To-Be Bridging the Gap Actions
(Year)
Significant expenditure on Optimal use of warranties / Warranties / maintenance Develop ICT warranties / 3
hardware warranties / maintenance agreements agreements review maintenance agreement
maintenance agreements position paper:
Identify warranties currently
in place and review
agreements
Review relevant consumer
legislation
Canvass views from other
organisations
Telephony
Telephone system and desktop New phone system and Telephone system replacement Procure replacement phone system 1
handsets urgently need replacing handsets: and handsets
System is compatible with
Telephone communications is future office technologies that
internet based may be adopted
Adequate redundancy to
provide internal calling
capability in event of internet
outage
Passive messaging to Targeted push messaging via Mobile device utilisation Assess community (and staff) 3-4
community via social media text messaging appetite for receiving text
notifications and nature of
message
Town owns a collection of Cost effective provision of mobile Investigate implication and 2-3
mobile phones of different phones that meets user needs feasibility of bring your own
option To
P
H
IC
T
Str
ate
gy
20
20
27 -
Timeframe
As-Is To-Be Bridging the Gap Actions
(Year)
models and ages, some of Formalise mobile phone 1-2
which are unused eligibility criteria
To
P
H
IC
T
Str
ate
gy
20
20
28 -
Business Continuity
Timefram
As-Is To-Be Bridging the Gap Actions
e (Year)
Disaster Recovery (DR) back- Documented and tested DR Documented and tested DR Complete documentation and 1
up site at Depot solution solution test Depot DR solution
Creates additional system Continued adoption of SaaS
administration effort
Simplified on-premise DR On-premise DR infrastructure Continued migration to SaaS 3-4
Covers critical systems only infrastructure for various applications
Currently relies on 7 day Minimum ICT capacity in event of Determine business systems and 2-4
back-up tape internet outage applications that can be made
Evolving to twice daily available from on- premise
replication server during internet outage
Untested
Ensure required on-premise 1
server and storage capacity in
place
Mainstream cloud based DR Cloud DR Investigate cloud DR solution in 1-3
solution context of software system and
application renewals and
replacement
Proven capacity for staff to work Current remote working plan Documented and tested DR Develop IOP for working 1-2
off-site and communicate and instructions solution remotely
effectively
To
P
H
IC
T
Str
ate
gy
20
20
29 -
Security
Timeframe
As-Is To-Be Bridging the Gap Actions
(Year)
No formal cybersecurity plan Formal cybersecurity plan Cybersecurity posture using Engage cybersecurity 1
recognised framework consultant
Conduct cybersecurity audit 1
Develop and implement cyber 1
security plan
Install software security 1-5
updates as they become
available
Limited understanding of Annual penetration testing Conduct annual penetration 1-5
cybersecurity tests
Firewall security (SonicWall) Reporting on security breach Utilisation of firewall and anti- Implement firewall reporting 1
attempts virus software functionality
Regularly updated anit-virus Up to date security software Ensure timely installation of 1-5
software (ESET) security updates
Cost effective security software Review firewall and anti-virus 2-3
solutions
Regular staff awareness via Informed and vigilant staff Staff education Continue Friday Facts 1-5
Friday Facts information sharing
Include information in on-line 2-3
induction
Automated password renewal Enforced minimum password Effective user authentication Purchase password software 1
standards
Two factor authentication Investigate two factor 2-3
authentication
To
P
H
IC
T
Str
ate
gy
20
20
30 -
ToPH ICT Strategy 2020-25
31
Risk 4. Prolonged loss of internet communications
Likelihood Rare / Unlikely
Consequence Moderate / Major
Impact Mitigation
Unable to make external phone calls Enterprise grade internet connection
Loss of SaaS business systems and Internet access point at Depot (future state)
applications
Loss of access to other internet based
resources
Risk Matrix
Consequence Insignificant Minor Moderate Major Catastrophi c
Likelihood
1 2 3 4 5
Almost
5 5 10 15 20 25
Certain
Likely 4 4 8 12 16 20
Possible 3 3 6 9 12 15
Unlikely 2 2 4 6 8 10
Rare 1 1 2 3 4 5
13 McGregor Street
Port Hedland 6721
08 9158 9300
council@porthedland.wa.gov.au
www.porthedland.wa.gov.au