CASE STUDY CHIEF INFORMATION OFFICER GROUP

Similar documents
Digital Health Cyber Security Centre

Information Security BYOD Procedure

April Appendix 3. IA System Security. Sida 1 (8)

POWER AND WATER CORPORATION POLICY MANAGEMENT OF EXTERNAL SERVICE PROVIDERS

INFORMATION TECHNOLOGY SECURITY POLICY

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS

IN THE FRAME. Computacenter Public Sector Frameworks FRAMEWORK

SCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E

Introduction to SURE

RESPONSE TO 2016 DEFENCE WHITE PAPER APRIL 2016

This policy also applies to personal information about you that the Federation collects from any other third party.

Marketing Law in Canada Has Changed... Are You Ready?

A Strategy for the Implementation of IPv6 in Australian Government Agencies

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

Responsible Officer Approved by

NDIS Quality and Safeguards Commission. Incident Management System Guidance

DATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:

PS 176 Removable Media Policy

Managing Jurisdictional Risks for Public Cloud Services

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Canada Life Cyber Security Statement 2018

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?

CLOUDVPS SERVICE LEVEL AGREEMENT CLASSIC VPS

Cyber security tips and self-assessment for business

Defence services. Independent systems and technology advice that delivers real value. Systems and Engineering Technology

Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )

The Role of the Data Protection Officer

MNsure Privacy Program Strategic Plan FY

Bristol t e Exeter t e

JUSTICE SUB-COMMITTEE ON POLICING AGENDA. 2nd Meeting, 2014 (Session 4) Thursday 20 February 2014

Communication and Usage of Internet and Policy

2.1 The type of personal information that auda collects about you depends on the type of dealings you have with us. For example, if you:

Protecting information across government

Legal Issues in Data Management: A Practical Approach

Capabilities Statement. CITEC 317 Edward Street Brisbane, QLD

ADMA Briefing Summary March

University of Liverpool

Position Description For ICT Systems Officer Information, Technology and Communication Department Hobart

Information Security Controls Policy

Government data matching and the Privacy Act 1988 (Cth)

CABINET PLANNING SYSTEM PROCUREMENT

Information Security Data Classification Procedure

CONVERGENCE & NEW MEDIA

Report to the Business Administration Committee

Eco Web Hosting Security and Data Processing Agreement

General Data Protection Regulation

TransLink Video Surveillance & Audio Recording Privacy Statement

Application Decommissioning in Digital Transformation

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

CIOG Program Update and Technology Directions

Cyber Attack: Is Your Business at Risk?

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Effective security is a team effort involving the participation and support of everyone who handles Company information and information systems.

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients.

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

ICT Systems Administrative Password Procedure

ASD CERTIFICATION REPORT

CYBER RISK MANAGEMENT

Project Management Pre-Implementation Project status reporting Post Implementation Assessment Phase Solidify Project Scope

Data Centers & Technology:

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

Prohire Software Systems Limited ("Prohire")

Version 1/2018. GDPR Processor Security Controls

ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles

Nine Steps to Smart Security for Small Businesses

The University of British Columbia Board of Governors

Campus IT Modernization OPERATIONAL CONTINUITY FLEXIBLE TECHNOLOGY MODERNIZED SYSTEMS

Canada s Anti-Spam Law ( CASL ): It s the Law on July 1, 2014 questions for directors to ask

Implementation Status & Results Africa West Africa Regional Communications Infrastructure Program (P116273)

Data Privacy and Cybersecurity

VOCATIONAL QUALIFICATIONS ENTRY CODES 2017/18. ocr.org.uk

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

Todmorden High School Job Description

SSC Transformation Initiative Fairness Monitoring Services

Information Security Controls Policy

NCQA and HIPAA. The Fifth National HIPAA Summit. A match made in? Sharon King Donohue, JD General Counsel, Chief Privacy Officer November 1, 2002

LCU Privacy Breach Response Plan

Job Description. ICT Systems Administrator

Accelerating Cloud Adoption

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

NDIS: Registering as a Service Provider

OUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE

As set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above.

Proactively released by the Minister of Internal Affairs

Networking Session - A trusted cloud ecosystem How to help SMEs innovate in the Cloud

Policy. Business Resilience MB2010.P.119

SCHOOL SUPPLIERS. What schools should be asking!

SPECIAL OPERATION SO

Google Cloud & the General Data Protection Regulation (GDPR)

Gatekeeper Public Key Infrastructure Framework. Information Security Registered Assessors Program Guide

Contents. Navigating your way to the cloud

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Schedule document N4MDM. PUBLIC Node4 limited 31/11/2018. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

SCHEDULE DOCUMENT N4MDM PUBLIC NODE4 LIMITED 13/07/2017. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

INFORMATION SECURITY AND RISK POLICY

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley

Transcription:

CASE STUDY Project description The Chief Information Officer Group is responsible for ensuring that Defence has a dependable, secure and integrated ICT environment that supports Defence business and military operations. The Chief Information Officer Group delivers a complex range of commercial, government, specialist military and bespoke applications. These systems operate across geographically dispersed, fixed, deployable and mobile networks. The work performed by Proximity included: Software licensing Proximity reviewed and negotiated dozens of software licences and maintenance agreements (for both new procurements and extensions). These included mission critical, multi-million dollar contracts and low-value transactional end user licence agreements. Proximity advised on contracts for: > Traditional desktop applications > Thin-client streamed applications > Enterprise server software > Cloud software as a service. The process regularly included conducting liability risk assessments (to determine liability and insurance levels and to inform the delegate s procurement risk decisions), advising on the Commonwealth Procurement Rules and other procurement policy, advising on internal delegate approval documentation and advising on commercial arrangements (including KPIs, guarantees, step-in rights and milestone payments). ICT projects Proximity provided advice in relation to the Department s next generation desktop project. This included advice on legal issues associated with transitioning software applications from a traditional thick-client deployment to a virtualised thin-client deployment, and the associated issues including software application pricing models and licence restrictions. Given the large number of software 1

applications to be transitioned, Proximity designed a legal process to enable the efficient review of licences including a traffic light system that could be used by the executive and the technical team to obtain a quick picture of the licence issues to be managed to ensure compliance. Proximity also provided advice to: > The Centralised Processing project in relation to the provisions to be included in contracts that may be novated to the Commonwealth > An emerging big data project in relation to its procurement strategy > A major employee information system project on its Privacy Impact Assessment. Satellite Proximity provided advice on the upgrade of deployable satellite terminals. The contract was based on the SourceIT template and included the supply of equipment, installation and training. Proximity assisted with the procurement of satellite service from Inmarsat including both legacy services and next generation services (including anchoring and backhaul) under both dial-on-demand and leased service arrangement. The contract was under the Australian Government Telecommunications Agreement (AGTA) framework. Other Proximity provided legal advice and technical writing to develop a new policy regarding the use of ICT resources by employees. The policy needed to allow for reasonable personal use of ICT resources by employees while ensuring that the use was appropriate for a professional workplace. Relevant legislation that was considered included the Privacy Act, Telecommunications Interception and Access Act and the Archives Act. Proximity drafted data protection arrangements and non-disclosure agreements for the disclose of sensitive information, provided advice on intellectual property management and drafted a template product trial agreement. Proximity provided legal and commercial advice on a broad range of other issues including contract termination, RFT cancellation, data centre leases, security breaches and the PGPA Act. In addition to providing legal and commercial advice, Proximity was also the lead negotiator for a number of projects and agreements. 2

Client Involvement Approach Date Key Personnel Lessons and Achievements Department of Defence Chief Information Officer Group (public sector) Proximity was engaged as part of the outposted legal team. Proximity played a fundamental part in the team and was the lead for significant elements of the work. Sean King assisted the Chief Information Officer Group for more than12 months. The Chief Information Officer Group had not previously had such direct access to legal assistance. Sean played a major role in developing the in-house legal team, including by training and mentoring in-house staff through sharing his knowledge of ICT law. When the outposted team commenced at CIOG there was an overwhelming amount of work. Proximity s approach was to prioritise projects based on risk and value and direct resources to the areas of greatest need. Proximity also helped to develop systems and processes to allow the work to be completed more efficiently. This included developing template agreements, developing EULA review request sheets to ensure that all of the necessary information was collated before sending for legal review and presenting sessions on the role of the legal team. November 2013 to July 2015 Sean King The assistance resulted in the following achievements: The first major software as a service procurement to be undertaken by the Chief Information Officer Group The licensing out of an in-house developed software application to third parties (unique for an organisation that is typically a consumer rather than a distributor) A successful compliance program in relation to the use of open source software Negotiating more favourable deals for a wide range of software applications (including office productivity, editing, storage, anti-virus, backup, printing, database and military specific) Training staff on software licences including the pricing models such as enterprise, device, processor, instance, user and output. 3

Referee Significance Felicity Stewart Director DIGAA Previously Special Counsel (CIOG) felicity.stweart@defence.gov.au The Chief Information Officer Group plays a huge role in enabling Defence to achieve its objectives. This role is only expanding in a world where access to information and technology will increasingly be the deciding factor in military success. The role was particularly significant given that the Chief Information Officer Group was undertaking one of its most ambitious reform agendas, with many large projects being undertaken simultaneously in order to modernise Defence s ICT environment. The role was also significant because Defence was building its first outposted legal team to deliver assistance to the Chief Information Officer Group. 4

Contact us Sean King Director Proximity Canberra M 0408 167 542 P (02) 6126 5950 E sean.king@proximity.com.au W proximity.com.au James Dunn Director Proximity Canberra M 0407 888 894 P (02) 6126 5950 E james.dunn@proximity.com.au W proximity.com.au 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback