ICT Policy
- The Information and Communications Technology (ICT) resources and services of the University shall be provided for the advancement of the University’s mission and its educational aims. ICT resources include information, technology (hardware, networks, systems software, databases and ICT facilities), applications and personnel.
- ICT Services and Strategy Committee shall review ICT opportunities, risks and issues and advise the Management Board. The broad functions of the Committee and its composition are specified in Statute XXVII-H.
- Ownership of ICT resources: To ensure appropriate protection, all major ICT resources (including information, applications and hardware, etc.) should be identified and have a nominated owner. Ownership of ICT resources supporting organizational unit processes will be assumed by appropriate user management while ownership of shared ICT resources will be with the ICT Director. Authorization for access and use of the asset is the responsibility of the owner. While responsibility for implementing security controls over these assets may be delegated, accountability remains with the owner.
- ICT Department as a custodian: ICT Department is a custodian for shared ICT resources and is responsible for implementing appropriate security controls over these resources on behalf of the owners. In particular, ICT Department is responsible for administering access controls on behalf of and upon the written authority of the owners of the assets.
- Budgets: Each organizational unit will assess its ICT requirements and priorities and submit a budget to the ICT Services & Strategy Committee for approval. ICT Director will submit ICT requirements and priorities for ICT Department and centrally owned and managed facilities such as shared servers, software, network and facilities.
- Implementation: Once budgets are approved by the Management Board, the ICT Director will liaise with respective heads of organizational units, Executive Director of Finance, the Procurement Committee and Purchasing section for the acquisition of ICT resources and implementation of ICT initiatives.
- ICT Management Committee: A committee composed of senior ICT officers will be responsible for reviewing ICT issues and advising the ICT Director. While not being exhaustive, key areas to be dealt with by the committee include; Planning of Infrastructure and related Projects, ICT Risk Management and Security, ICT Innovation for process improvement, ICT Service Delivery and Quality matters.
- The ICT Department shall ensure that ICT resources and services are made available to students, staff and approved guests at all times and to resolve any interruptions to services within the shortest time possible.
- Risk management: Owners are ultimately responsible to ensure that ICT resources under them are appropriately safeguarded and properly managed. ICT Director and owners shall carry out risk assessment at least annually and ensure appropriate security controls are implemented to safeguard ICT assets against identified risks. This includes ensuring that an effective business continuity and disaster recovery plan is implemented for all critical ICT resources.
- All users of ICT resources in the University will be required to observe the ICT regulations which are accessible here.
- Internal and external assurance will be carried out at least once annually and recommendations are taken into account in designing and/or enhancing controls for ICT resources.
- Reporting: ICT Director will report to the University Secretary and will prepare at minimum quarterly reports to the Management Board and/or its committees, such as the Academic Administration & Enhancement Committee, on the progress of ICT initiatives and issues or more frequent reports as circumstances may demand.
© 2023 Strathmore University ICT Services
CONTACT US
Central Building
support@strathmore.edu
Ext 2236, 2251, 2157, 2437
+254 703 034000/236