Case Study - Lockyer Valley Council

About Lockyer Valley

The Lockyer Valley region is renowned as the 'food bowl' of the nation. The region boasts high value crop production, fertile soil and a high quality natural environment. Nestled at the foot of the Great Dividing Range, the Lockyer Valley is little more than an hour’s drive from Brisbane and the Gold Coast covering an area of 2272 square kilometres.

The Lockyer Valley Regional Council has a stated mission – “To be the Region of Choice for vibrant rural living”. Today over 35,000 people reside in the region, renowned for its rural landscapes, enjoying a perfect work/life balance.

Background

Lockyer Valley Regional Council (LVRC) has over 300 users. The typical user utilises Council’s administration network for email, access to Council’s property information, financials and document/information management systems to input data and to interrogate data to make informed decisions. LVRC utilises Microsoft Office as their main office productivity application and the Technology One line of business applications for Financials, Payroll, Asset and Customer Request Management to name a few.

Challenges

• Council’s IT policies were relatively old and out of date.
• Staff typically spent countless hours reviewing the policies and updating them to suit the new environment.
• Often delays in getting the updated policies adopted meant they were then already out of date.
• Council didn’t have the time or resources to manage and maintain their IT Policies appropriately.
• It was estimated that it would take a full time officer more than six months to produce a paper based IT Policy suite from scratch, and come up with something as comprehensive.

Solution

Kaon Security were engaged to assist Lockyer Valley Council. Their methodology included the following steps:

• Completion of a questionnaire
• Preparation of first draft
• Onsite review conducted over two days
• Final version delivered
• Implementation guidelines provided
• Maintenance to allow further changes over time

LVRC now have an overarching policy that then refers to procedures and standards. As a result they opted to change the naming of their policies to Standards, this was done quickly and effectively and enabled their solution to still work for them.

Benefits

“After seeing the IT Policy solution presented at a Queensland LGMA ICT event, I realised that it would be a very cost effective way to ensure our policies were updated, provide a set of guidelines for our customers, while satisfying auditors requirements”, says Graham Cray - IT Manager.

The IT Policy System project provided the following key benefits to the organisation:

• The onsite review process was excellent for identifying areas of improvement in our own existing process and procedures.
• Being able to reference the Information Standards is excellent and it achieved buy in from upper management as they can see how the policies were a reflection of a standard.
• Having a third party with in-depth experience onsite to work through the policies with key staff and management definitely legitimised the policies and procedures and allowed us to aim towards a target standard.
• Stakeholders now understand the risks and possible impact if proper IT Policies are not implemented.
• The implementation was made relatively easy as a high number of key stakeholders got involved in the process. They provided input to the development of the policies/standards which then saw them being very supportive. Without their support, policies could be potentially seen by the organisation as road blocks.

Leadership

Since the development workshops with stakeholders the draft policy standards and procedures have been communicated and made available for all LVRC staff to read and provide feedback. Once they have achieved adoption, the next challenge is to communicate and educate their IT customers on the standards and procedures. LVRC plan to do this using articles in internal newsletters, emails and training / information sessions that are entertaining, brief as possible and, most importantly, educational.

Following the initial rollout there will be regular updates plus induction for new employees and contractors so they are aware of the Standards and their responsibilities. With these initiatives it is expected IT security awareness will be visible at a relatively high level within LVRC on an ongoing basis.