Volume 4:
Information Technology
For Community and Voluntary Groups
�
2
Contents
Introduction “Breaking down the Jargon”.......................................... 5
1Desktop/Server.................................................................... 6
1.1PC/Mac.................................................................... 6
1.2
The components and what they do:............................ 6
1.3Servers..................................................................... 8
2Software............................................................................ 10
2.1
Guide to buying software for your organisation........... 10
2.2
ENCLUDEit Donation Programme............................... 10
2.3
What software do you need?..................................... 11
2.4
What is a software licence?...................................... 11
2.5
Can my computers use the software I buy?................ 12
2.6
Open source, freeware and shareware....................... 13
2.7
Software Upgrades................................................... 13
3Network............................................................................. 14
3.1
What is a Local Area Network (LAN)?......................... 14
3.2
Choosing the right type of network for your business.. 14
3.3
Help installing a Local Area Network.......................... 14
3.4
TCP/IP address....................................................... 15
3.5
Small business domain names –
What types are there?.............................................. 15
3.6
Domain Name Types................................................ 15
3.7
Registering your .ie domain...................................... 16
4Peripherals......................................................................... 18
4.1
Guide to buying a printer for your small business....... 18
4.2
What will you use the printer for?.............................. 18
4.3
Device versus Cartridge?.......................................... 18
4.4
LaserJet or Inkjet?................................................... 19
4.5
Black & white or colour?........................................... 19
4.6
All in one machines?................................................ 19
4.7
Other things to consider........................................... 19
5
Data Security and Integrity................................................. 20
5.1
Business Continuity................................................. 20
5.2
Data Management................................................... 20
5.2.1Methods................................................................. 20
�3
6
7
8.
�
4
5.3
Anti-Virus & Malware................................................ 21
5.3.1Anti-Spam............................................................... 21
5.4Firewall................................................................... 22
5.5
Software Updates.................................................... 22
5.6
Wireless Security..................................................... 22
5.7
Protection against internal threats............................ 23
5.8Encryption............................................................... 23
5.9
Remote Access........................................................ 23
ICT Policies........................................................................ 25
6.1
Policy Documents.................................................... 25
6.2
Internet Usage......................................................... 25
6.3
Data Protection........................................................ 25
Administration and Procurement......................................... 27
7.1
ICT Procurement...................................................... 27
7.2
Framework Agreements and Contracts....................... 27
Useful Links....................................................................... 28
Introduction
“Breaking down the jargon”
The reality of modern working
life is that information and
communications technology is
integral to any business – and
equally to any community or
voluntary organisation. Even if you
consider yourself a technophobe
you cannot ignore the influence
and the pervasiveness of modern
technology. It is difficult to find
many organisations that do not
now use email, host a website,
or run an accounts package to
maximise business efficiency.
This guide aims to help break down
some of the jargon associated with
computer technology and give you
the tools to make some informed
choices for your ICT strategy. The
guide is a point in time reference.
Technology has a rapid rate of
change and it is therefore strongly
recommended to research the
most up to date information when
buying new ICT equipment.
�5
1. Desktop/Server
1.1 PC/Mac
�
6
Let’s first look at some of the
terms you will come across when
you buy a computer. There are two
main types of computer available
– PC which means Personal
Computer and Apple Mac (Mac).
PCs are made by hundreds of
different companies, whereas only
Apple makes the Mac. This means
that PCs are more widespread and
consequently cheaper.
Macs are no longer the specialist
computer they used to be and are
more and more compatible with PC
software but are still an expensive
second choice for most people.
If you are only familiar with using
a PC, you will find a Mac pretty
different.
When you buy a computer you
need to compare several aspects
to find the one that best suits your
requirements.
Ultimately you must decide what
you will use the computer for and
decide which functions are most
important. Do you need it to be
very fast? Will you be saving a lot
of documents?
1.2 The components
and what they do
CPU: (Central Processing Unit)
The main chip or brain in your
computer, also known as the
processor. New models are
released practically weekly so keep
an eye on the model number and
try to get the latest and greatest
depending on your budget.
Generally more important than
the model number is the speed
of the CPU which is measured in
gigahertz. The bigger the number,
the faster your computer will
perform tasks. Terms like dual
core and quad core mean there are
two or more CPUs working together
to maximise performance.
Memory: The bigger the memory,
the more space your computer
has to work things out, and so
the faster it will run. Memory
is measured in gigabytes, and
you should always get the most
memory you can afford. The
majority of computers allow
additional memory to be fitted
easily and cost-effectively post
purchase.
Hard disk: This is where your
computer stores documents and
programs. They usually have quite
a large capacity and are difficult to
fill. The latest models now use an
ultra-fast memory called flash and
the type of drives that provide this
are SSD which stands for Solid
State Drives. These drives are
more expensive than traditional
hard disks and consequently you
will need a trade-off between
speed and capacity. Traditional
hard disks now ship with at least
500gb of capacity where as an
entry level SSD might only have
16gb with the largest at 256. If
you do reach capacity it’s easy
to buy a second external hard
disc and just plug it in. Hard disk
capacity is measured in Giga
Bytes.
Operating system: This is the
software that runs your computer
– the best known one is Microsoft
Windows. Most computers come
with an operating system already
loaded. The current version of
Windows is Windows 8.
DVD or CD drive: Most are also
burners, meaning you can create
your own CDs or DVDs as well as
playing them.
USB: (Universal Serial Bus) A
really easy way to connect files
or external components to your
computer. It’s a standard plug
on many devices, including your
mouse, keyboard, printer etc. USB
uses something called plug and
play technology, which means just
that – you plug it in, and off you
go. Your computer will know you’ve
attached something and will tell
you if it needs help getting the
device to work. USB theoretically
allows you to connect well over a
hundred devices at once. To get
more ports it is possible to use
something called a USB hub which
is like your old electrical plug
double adapters.
WiFi: This is wireless network
access and is virtually standard
on new laptops. If you require a
desktop computer you may need to
buy an additional wireless adapter
in order to be able to join a
wireless network. It allows you to
connect to the internet without the
need for cables and gives you the
ability to connect in public places
where WiFi access is available.
�7
Browser: If you downloaded this
document from our website you
used a browser. The main ones
used are Microsoft Internet
Explorer, Google Chrome and
Mozilla Firefox. The Internet
Explorer browser is always
pre-loaded on a new Windows
computer.
Broadband: This is internet
access. You will pay a broadband
provider (sometimes known as an
ISP, or Internet Service Provider)
to give you internet access, which
can be delivered through your
phone line. Broadband is “always
on”, meaning you don’t have
to dial up the internet, it’s just
there. Your provider will give you
any equipment including routers,
cables and all the other help you
need to get online.
Broadband has been slow to
rollout in rural Ireland due to
infrastructural factors and your
choices may be limited by your
location. There is a new satellite
broadband provider who claims
to be able to service the whole
island, www.qsat.ie has more
information.
�
8
Download and upload: Download is
when you get something from the
internet and make a copy on your
computer. Upload is the reverse,
where you send something to the
internet.
Bandwidth: The amount of
bandwidth dictates how much
information you are allowed
to upload or download on your
broadband connection. Many
Internet Service Providers (ISPs)
will give you a monthly contractual
limit to the amount of bandwidth
you can use but generally it’s quite
hard to hit with everyday use.
1.3 Servers
A computer server can be defined
as a computer dedicated to run
one or more services in order to
facilitate the needs of multiple
users or computers on a network.
Examples of services provided
include File Server, Database
Server, Email Server, Print Server,
Network Server or Web Server.
As your ICT network grows you
will require a server to provide
secure logon to access shared
files or services called a domain
controller. This will authenticate
the user through the use of
credentials like username and
password. You will also provide a
file share service so that electronic
files can be easily shared
throughout the organisation.
Servers can be purchased online
at supplier websites such as
www.dell.ie or through resellers
for products such as HP, IBM and
Fujitsu.
Considerations would be similar
to the ones outlined above for
PC specs. CPU, Disk Capacity,
Network cards, Memory and
Software Operating systems being
the key components.
Your server will need to be
accessible and reliable, so when
purchasing servers it is important
to look for redundancy i.e. in
the event of failure that there
is a redundant fallover option.
Components to consider for
redundancy are extra hard disks to
be placed in a RAID configuration
(a method for pooling hard disks
for performance and redundancy),
Extra Network Cards and extra
power supplies.
�9
2. Software
2.1 Guide to buying
software for your
organisation
Now that you have invested in your
small business ICT infrastructure
you are going to need applications
to run on it that maximise
the return on investment. The
applications that build on your
infrastructure hardware are called
software. Buying software can
be as easy as visiting your local
computer retailer, paying some
money and getting a suite of
software. However, this is not
necessarily the most cost effective
way of making such a purchase.
Is it vital that you have the latest
version of software to run your
organisation or will older software
suffice?
�
10
Software can be expensive. Full
copies of the more popular office
software can cost a few hundred
euros and specialised design
software can cost thousands. By
buying cost effectively you will save
your small business money, while
ensuring your software remains
legal.
2.2 ENCLUDEit Donation
Programme
Your organisation may qualify
for heavily discounted software
purchases under the ENCLUDEit
Donation Programme.
The ENCLUDEit Technology
Donation Programme is a
partnership between ENCLUDE
and TechSoup, the San Franciscobased non-profit technology
capacity building organisation that
links technology donations from
leading software and hardware
manufacturers and the Irish NonGovernmental (NGO) sector.
The programme assists
organisations by making donated
software available for a very low
administrative fee, thereby helping
them to make the most of their
ICT purchases and infrastructure.
Whilst the administrative fees
vary, registered charities with
valid CHY numbers will still make
savings of between 92-96% on
typical retail prices. Receiving
technology product donations frees
up stretched NGO budgets for both
technology priorities and other
programme areas.
This programme is made possible
by generous donations from
technology product manufacturers
including Microsoft,Cisco,
Mailshell, SAP and Symantec. They
wish to help the NGO sector and
ENCLUDEit help them to do so.
Full details on eligibility criteria and
how to avail of these offers can be
found at www.encludeit.org.
2.3 What software do
you need?
The best place to start will
be to consider what software
you actually need to run your
organisation. For most small
businesses the following
software is essential:
• An operating system. For most
PCs the choice would be a
copy of Microsoft Windows
and as mentioned earlier
this is usually pre-loaded on
purchased PCs
• Office software. This
encompasses the software
you typically need to run your
organisation including a word
processor (for letters and
documents), a spreadsheet
(for financial analysis) and
an email program. Microsoft
Office is the most popular
package in use today. Google
also provides a free but less
feature rich alternative but
generally the purchase of an
Office Suite of software is a
good investment.
Other software packages that
may be of use include:
• A database package for record
keeping
• A book-keeping or accounts
package
• Presentation software
• Project management software
• Specialised design software
such as CAD or CAM products
• Desktop publishing software
for newsletters and highly
formatted documents
• Photo editing and design
software
Information on keeping your
software up to date is contained
in section 5.5, Software
Updates.
2.4 What is a software
licence?
As soon as you install your
software you will be asked to
agree to an End User Licence
Agreement or EULA. This is a
�11
contract between you and the
software vendor that sets out
the responsibilities of the vendor
and the fit for purpose nature of
the product. It is important to
read this agreement to ensure
you understand the terms and
conditions.
With software that you buy already
boxed up from a supplier there
will be a hard copy of the software
licence, probably with anti-forgery
devices such as holograms and
silver strips in the paper (like a
bank note).
This licence is your proof of
ownership and your guarantee that
the software is genuine.
In recent years software piracy has
been prevalent and the pirates
have been very effective at copying
legal software and selling copies
cheaply. This is an illegal activity
and your organisation can also be
at risk from legal action if you are
seen to be using pirated software.
Perhaps a more common violation
of software licencing is buying
a single licence product and
installing it on multiple machines
in the organisation. Again this is
an illegal activity and you should
hold a volume licence to be in
compliance.
�
12
2.5 Can my computers
use the software I buy?
This is a very valid question which
must be considered when buying
software. If you have a PC that is
more than 2 -3 years old then it
may have a problem running some
of the latest software packages.
This is due to the speed of the
PC and its ability (or lack of) to
process the more complex, newer
software. In addition, if you intend
to undertake complex design type
work such as CAD/CAM then you
will need a PC with a suitably high
specification.
Software packages will have
minimum requirements information
printed on the box, or if you are
downloading, it will be available on
the website. Check this information
against your PC spec to ensure
your device is compatible with the
software you hope to run on it.
One of the main things to look for
is whether it is 32bit or 64bit. The
terms 32-bit and 64-bit refer to the
way a computer’s processor (also
called a CPU), handles information.
The 64-bit version of Windows
handles large amounts of random
access memory (RAM) more
effectively than a 32-bit system.
2.6 Open source,
freeware and shareware
It is possible to obtain some
software free of charge or at very
low cost. Open source software
is openly developed and shared
in the public domain. Developers
throughout the world contribute
to developing the software on
the basis that no one owns
the work and it is always made
freely available to others. This
development work is primarily
focused on the more technical side
of computing, but there is some
open source organisation software
that may be of interest.
As always be very careful about
what you download and who you
download from. Not all freeware or
shareware is of good quality and
indeed some of it may damage
your PC or carry out inappropriate
actions such as logging your key
strokes which will compromise
your PC security. See our guide on
PC security in Section 6 for details
on malware and viruses.
You also need to consider the
compatibility issues of using nonmainstream software. If you are
sent a file in one popular format
and you do not have the correct
software loaded you may not be
able to read the data. Likewise
you may end up sending out files
in non-universal formats which can
cause unnecessary complications
for the recipient.
2.7 Software Upgrades
Software manufacturers are
constantly adding new features
and functionality to their products.
This means that every 18 months
or so there will be a new release of
the next version of a product. The
process of moving up to this next
version is called upgrading.
The cost of this upgrade is often
a lot less than if you bought the
new product off the shelf, and you
may find yourself saving 40 – 70%
of the full retail price. Although
software manufacturers will always
like you to upgrade to the latest
version of the software there may
be little or no business benefit in
doing so. It is perfectly acceptable
to be running “older” software
as long as you are still getting
business benefit and it is still fit
for purpose.
Issues may arise when the
software is a certain number of
years old as you may find the
manufacturer has withdrawn
support for the product. At this
point it would be good practice to
invest in an upgrade as you may
run into compatibility and security
related issues. �13
3. Network
3.1 What is a Local
Area Network (LAN)?
A Local Area Network is a
computer network which connects
devices, typically in a small area,
such as a single building or office.
A LAN will connect several PCs
together and also enable users
to share other equipment such
as laser printers. A LAN will also
enable your employees to share
applications, files, databases and
Internet connections.
3.2 Choosing the right
type of network for your
business
�
14
If you run an organisation with
only a few workstations, then
you may be tempted to set up
a less expensive peer-to-peer
(P2P) network employing a
simple unmanaged switch which
is connected to all the client
computers which have network
interface cards (NIC) installed.
As your organisation grows so
will the need for collaboration
and improved access to files. In
this case, a central document
repository is essential, where all
users access a single computer
(server) where their documents are
stored.
This server should be regularly
backed-up to protect any sensitive
and mission critical data. Please
refer to section 5 for more
information on data management.
At this point you may want to set
up a domain controlled network.
This is a more structured and
manageable infrastructure where
all the devices added to the
domain are centrally authenticated
and secured. It facilitates the
management of users and
computers that connect to your
network and gives administrators
the tools necessary to control
access, security and more
advanced functions like group
policies. Group policies can
standardise various windows
functions such as mapped drives,
internet security and windows
updates. The most popular
business domain type is Microsoft
Active Directory.
3.3 Help installing a
Local Area Network
If you don’t have the in-house
expertise to install a LAN for your
organisation, it is best advised
to hire a technical expert to
implement the right solution for
your company.
As well as the initial installation
you should also include on-going
support to provide assistance if
anything goes wrong.
3.4 TCP/IP address
In basic terms it is the address
by which your machine will be
identified on the internet. TCP/
IP stands for transmission control
protocol/internet protocol. IP has
the task of delivering packets of
data from the source host to the
destination host solely based on
these addresses.
3.5 Small business
domain names – What
types are there?
If you are thinking of establishing a
web presence for your organisation
one of your first tasks will be to
choose a suitable domain name
for your venture. With dozens of
domain name types available
these days you must decide
which are the right ones for your
organisation?
3.6 Domain Name Types
The following are some key domain
name types:
• ie – Ireland’s standard domain
name suffix
• com – short for ‘commercial’
this is the most popular domain
suffix on earth
• org – used by global non-profit
organisations
• net – short for ‘network’
• org.uk – used by UK non-profit or
charitable organisations
• plc.uk – for use by UK public
limited companies
• info – a new domain suffix, short
for information provider
• me.uk – individual domain name
suffix
• ltd.uk – for use by UK limited
companies of the same name
• biz – a shortened version of
business
• tv – originally the suffix for the
Polynesian island of Tuvalu
but now frequently used by
television broadcasters
• eu – European Union suffix
• mobi – For sites delivering
services to mobile devices
In addition to these domain name
types, a multitude of newer ones
have appeared over the past few
years – including country-specific
suffixes (e.g. “.co” – Colombia,
�15
and “.at” – Austria), which provide
a unique domain name type for the
country in question.
The most important domain types
for small businesses in Ireland
are .ie (for obvious reasons),
followed by .com – the original,
and most commonly recognised
suffix. Although many of the
newer domain names may appear
‘clever’, most end users want to
be able to trust a website. The
.ie domain, in particular, has
been proven to provide some
reassurance to web visitors, in
contrast to more niche domains,
such as .mobi.
3.7 Registering your .ie
domain
The IEDR is an independent not-forprofit organisation that manages
the .ie country code Top Level
Domain (ccTLD) namespace in
the public interest of the Irish and
global Internet communities. The
IEDR strongly recommends that
you use a listed IE Registrar for
your domain name application.
Registrars provide competitive
rates for registration and hosting
services.
�
16
Please note that your Registrar
is responsible for providing all
the support you will need for your
application. When you choose
to apply through a listed IE
Registrar, they will give you all the
information and assistance you
need in registering your domain
name and are your primary point of
contact for any queries relating to
your domain.
• A list of all Registrars can be
found at https://www.iedr.ie/
list-of-registrars/
• To check an existing .ie domain
or to check for availability of a
new .ie domain please access
the.ie WHOIS service at http://
www.iedr.ie
Ideally, you should secure the
top two domains (.com and .ie)
simultaneously. Obtaining the
.net and .org names is also
recommended to protect your
business identity. These are next
in line of the most commonly
registered domain name type.
New variants are invented all the
time, once you’ve secured the
most important ones, it is then
up to you if you want to buy up all
possible variants of your domain
name identity. Be aware that each
different domain you buy will cost
extra, so decide whether it’s worth
buying the less common suffixes.
Don’t forget that you will also be
liable for the costs of renewing
your domain names every few
years. �17
4. Peripherals
4.1 Guide to buying a
printer for your small
business
Printer options for your office or
home office are so plentiful and
inexpensive that you may feel
there is no need to research your
options. However, because there
are so many different types of
printer and because the associated
hidden costs can be significant,
it is important to understand the
implications of each before you
buy.
Printers follow a loss leader
business model. You buy the
printer for less than it costs
to manufacture, and then pay
a relatively high price for ink
cartridges or toner. Over the
lifetime of a printer this generates
more profit for the manufacturer
than just selling you a printer
alone. This is why you need to
think wisely about your purchase.
4.2 What will you use
the printer for?
�
18
Do you just need to print a Word
document or email now and
again, or will you be printing
off hundreds of sheets a day?
This is important to work out in
advance. Even modern printers
are delicate pieces of machinery
and a small laser printer designed
for the domestic market may not
cope with five hours of non-stop
printing every day. Make sure the
printer you choose is up to the job.
Generally the more printing you
do, the more robust a printer you
should choose. Also, check if your
chosen printer can take envelopes
or larger sizes of paper if needed.
4.3 Device versus
Cartridge?
Research the cost of a new
cartridge before buying the printer
and find out how many sheets it
will print on average. From those
figures you can work out the
estimated cost per page. It can
make a lot of sense to spend
more on the printer up front to
reduce the cost of cartridges over
time. Remember that some printer
cartridges can also be refilled
which will make them cheaper but
may result in a degradation of the
print quality.
4.4 LaserJet or
Inkjet?
Laser printing costs have
become more competitive in
recent years so businesses
should look at it first. Inkjet
may well be cheaper and
perfectly suitable for a
home but there is a more
professional finish to a laser
print job.
4.5 Black & white or
colour?
Full colour printing is now cheaper
and easier than in the past but
can still be relatively expensive.
The cost of colour laser printer
cartridges is prohibitive. Most
businesses get by just fine with
a black and white printer. If you
only do a little colour printing but
do it regularly, it might be more
cost effective to get two printers;
one for black and white and one
for colour. It may be worthwhile
exploring the option to outsource
your colour printing.
4.6 All in one machines?
There are a lot of multifunction
machines on the market that allow
you to print, fax and photocopy
with one machine. These are a
great idea in principle and they are
very handy for a small office but
you should ask yourself how often
you actually need to photocopy or
fax. There are always trade-offs
when you add more functionality to
a single device. If it’s really just a
printer you need then you should
get yourself a dedicated printer.
4.7 Other things to
consider
Speed - It’s worth knowing the
speed a document will print,
especially if you print in large
volumes. Most modern laser-jet
printers are fast enough that you
don’t need to worry too much
about it.
Resolution – resolution is
measured in DPI which stands for
dots per inch. The higher the DPI
the better the quality of print.
Connectivity - The majority of
printers are now connected via
USB cable but WI FI and Bluetooth
wireless connectivity are now
commonplace especially on home
or small office-style desk-jets.
�19
5. Data Security and Integrity
5.1 Business Continuity
Business continuity refers to
those activities performed daily
to maintain service, consistency,
and recoverability. These activities
include many daily actions such
as project management, system
backups, change control and help
desk.
The fundamentals of business
continuity are the standards,
supporting policies, guidelines,
and procedures needed to ensure
business can continue without
stoppage, irrespective of adverse
circumstances or events.
5.2 Data Management
�
20
For most not for profit
organisations the most important
asset that they hold is their data.
With that in mind a key function
should be the protection and
management of that data.
The most important element
of good data management is
ensuring that all of your data
is backed up so in the event of
disaster or more likely human
error you have a recovery option.
Backups should be performed in a
schedule depending on a number
of factors including the rate of data
change and the available storage
resources. Schedules can vary
from hourly, to nightly to weekly but
a good rule of thumb is to perform
incremental backups (only backs
up changes) nightly and a full
backup weekly or at least monthly.
This full backup can then be
archived and marked as a record
of data for that particular month.
5.2.1 Methods
Third party software is available to
help with your backup scheduling
and ease the administration of
backing up multiple systems.
Reputable companies like
Symantec, CA and Acronis have
tried and trusted packages that
are available at reasonable rates.
There are many other freeware
and low cost options available on
the internet but these should be
investigated and trialled before
entrusting your vital data recovery
to them.
Backups were traditionally sent
to a tape device so that they
can be taken offsite to ensure
another level of disaster recovery
and this is still a preferred
option. However, the reduction
in the price of hard disk and the
increased performance of disk to
disk backups means that a mix
of the two technologies is now
the standard. The third option in
addition to tape and disk backup
is backup to the cloud. This is
an alternative to taking tapes
off site in that you backup your
data to the internet where it is
securely stored by a 3rd party.
This is an increasingly attractive
option and will become the norm
but current costs for hosting are
prohibitive depending on the size
of your data requirement. Microsoft
and Amazon are just two of the
companies with backup to cloud
offerings.
5.3 Anti-Virus &
Malware
Anti-Virus is software traditionally
used to protect from viruses but
has evolved to encompass all
aspects of what is now termed
Malware meaning malicious,
hostile or intrusive software.
Most anti-virus software works on
a subscription basis with annual
renewals entitling you to download
the latest protection. Companies
that dominate the market are
Macafee, Sophos and Norton.
A popular alternative for smaller
companies (less than 30
employees) is AVG which is a free
anti-virus package that offers
basic protection without the bells
and whistles of a centralised
management console.
5.3.1Anti-Spam
Spam is the annoying unsolicited
email that fills up our mailboxes.
There are various anti-spam
techniques to deal with the
problem.
Anti-Spam software usually
analyses key words or monitors
email addresses to block mail from
being delivered. The issues are
that it can often pick up mails that
are legitimate and block them from
delivery so the quarantine location
for blocked mails must also be
monitored.
Some of the products used by
organisations include Spam Titan
and Kaspersky which operate at
the gateway level or some built in
functions of the e-mail application
like Microsoft Exchange. Gmail
also has built in spam filtering.
�21
5.4 Firewall
5.6 Wireless Security
A firewall is a set of rules that
restrict access to your PC from the
internet. As the name suggests
it tries to build a security wall
between potential hackers and
your device. Windows comes with
its own built in firewall application
but there are other hardware and
software solutions available which
will help to control access to your
network at the gateway layer.
Sharing high speed broadband
around your organisation is
relatively easy now due to the
availability of relatively cheap
wireless routers. Most routers
are set up to work straight out
of the box meaning that anyone
can potentially connect to them.
This poses a potential security
threat as someone with a laptop
or mobile device outside your
office premises could access your
internet connection or maybe even
access your network.
When setting up a router
you should add a level of
authentication. This means
setting a password that each
person requires to login. WEP is
the most basic security but this
can be broken relatively easily
and we therefore recommend the
selection of the more secure WPA
encryption. Many routers will allow
a further level of security whereby
only devices that it knows will be
allowed to access the network.
This is done by keeping a record
of the MAC address of the devices
to be granted network access all
network cards will have this unique
identifier. All of these configuration
options should be discussed
and explored with your Network
provider.
5.5 Software
Updates
�
22
One of the best ways to keep
your computer safe is to
ensure your software is always
fully up-to-date. As potential
vulnerabilities are discovered
in programs, the software
manufacturers release fixes
or patches for download. If
you don’t have the latest
fixes, you are leaving yourself
open to security threats. You
should ensure every piece of
software you are running is
set to automatically update,
especially your operating
system (i.e. Windows). If you
feel that downloading patches
is slowing your computer then
you can set the updates to be
performed at night.
5.7 Protection against
internal threats
Anybody that has access to your
ICT systems is a potential threat
whether by accidently deleting
files or records or something
more malicious. On that basis it is
important to secure your network
through authentication so that you
can identify and audit usernames
and the actions carried out by
those users during their logged
on sessions. It is also a good
idea to grant access on a minimal
privilege basis, i.e. ensure that
each user only has the access
levels that they need to carry out
their day to day duties. If they
need access to additional files or
folders they can request it from
the IT administrator provided it
is accompanied by permission
from the relevant business owner.
This is especially important with
regard to personal data concerning
employees, employment & scheme
participants, board members,
volunteers and clients/users. The
granting of access to electronic
data and hard copy files must
be continuously monitored and
managed, that is, access levels
should be removed when staff
transfer or move from a particular
unit.
5.8 Encryption
Encryption is a means of
safeguarding sensitive personal
information stored on laptops
or mobile devices from loss or
theft. Email messages in transit
are automatically encrypted.
There are administration
overheads associated with this
type of solution as issues such
as changing passwords can be
complicated. Its use is recommend
if you feel the information
carried on mobile devices could
compromise the organisation if put
in the wrong hands.
5.9 Remote Access
Allowing external users, partners
or employees remote access to ICT
systems has become an essential
part of providing a modern
ICT service in the business
environment. In Irish community
and voluntary organisations, this
access could justifiably extend
to board members, volunteers,
work placements and interns.
With this increased availability of
your network comes an increased
security risk. The safest and most
secure method of allowing remote
access is through a virtual private
network or VPN.
The VPN connection across the
�23
Internet is technically a wide area
network (WAN) link between the
sites but appears to the user as
�
24
a private network link—hence the
term “virtual
6. ICT Policies
6.1 Policy Documents
It is a good idea for your board
to adopt policies to ensure the
prudent use of ICT facilities
in pursuit of the charitable/
other non-profit purposes for
which your organisation was
established. Organisations
and employers of all sizes
have experienced instances of
staff and other users using the
work ICT facilities and internet
for personal purposes or even
personal gain, or for illegal or
unethical purposes. Even with
very good technology levels and
security strategies you may still
be open to this kind of abuse of
systems, so it is imperative that
employees and other systems
users are required to adhere
to a set of standards. At a
minimum you should have an
Internet Usage Policy document
that must be signed by all
employees and other users. In
addition a general ICT Usage
Policy covering email, instant
messaging, printing, security etc.
is recommended.
6.2 Internet Usage
As previously mentioned an
internet usage policy should be
put in place to ensure that all
employees are made aware of
what the internet should and
should not be used for during work
hours.
Alongside this policy you should
consider the option of using
monitoring and blocking software
to help enforce the policy.
These software packages can
block inappropriate sites, limit
the hours that the internet is
available for and produce usage
reports with regard to time spent
online and most visited sites.
Examples of such software would
be WebMarshall, Guardian and
WebTitan.
6.3 Data Protection
Data protection is fundamentally
about people’s right to privacy.
Individuals can access and correct
data about themselves. If you
keep information about people
(staff, volunteers, users or clients,
board members, work placement
participants, etc) you must comply
�25
with data protection principles.
In essence, you are a data
controller if you can answer YES to
the following question:
• Do you keep or process any
information about living people?
• Retain it no longer than is
necessary for the specified
purpose or purposes
• Give a copy of his/her personal
data to any individual, on
request.
Types of Data Controller
These provisions are binding
on every data controller. Any
failure to observe them would
be a breach of the Act. The data
protection commissioner provides
comprehensive guidelines at
http://dataprotection.ie.
Data controllers can be either
individuals or “legal persons”
such as companies, government
departments and voluntary
organisations. Examples of
cases where the data controller
is an individual include; general
practitioners, pharmacists,
politicians and sole traders, where
these individuals keep personal
information about their patients,
clients, constituents etc.
There are eight main rules that a
data controller must comply with:
�
26
• Obtain and process the
information fairly
• Keep it only for one or more
specified and lawful purposes
• Process it only in ways
compatible with the purposes
for which it was given to you
initially
• Keep it safe and secure • Keep it accurate and up-to-date
• Ensure that it is adequate,
relevant and not excessive
7. Administration and
Procurement
7.1 ICT Procurement
The Department of Public
Expenditure & Reform has
developed procurement
arrangements in the areas of ICT,
telecoms, and data networking
on behalf of non-commercial
public sector bodies including
bodies funded by the public
sector. The purpose is to leverage
volumes and secure benefits
from economies of scale. These
arrangements deliver value for
money, provide goods and services
under public service terms and
conditions, and reduce the
complexity, cost and time spent on
procurement processes.
Detailed information can be found
on http://ictprocurement.gov.ie/.
establish the terms governing
contracts to be awarded during
a given period, in particular with
regard to price.
Frameworks are generally
established after a
competitive tendering
process and may be used
for supplies, works or
services.
Comprehensive detail on
frameworks and contracts
can be found at
http://www.procurement.ie
7.2 Framework
Agreements and
Contracts
A framework agreement is defined
as an agreement between one
or more contracting authorities
and one or more suppliers. The
purpose of the agreement is to
�27
8. Useful Links
• Pobal, www.pobal.ie
• Data Protection Commissioner, www.dataprotection.ie
• Virus Protection www.avg.com ; www.macafee.com; www.norton.
com
• Hardware Vendors www.dabs.ie; www.dell.ie; www.komplett.ie ; www.
elara.ie
• Website Cookie information http://www.irishtimes.com/newspaper/
finance/2012/0305/1224312777027.html
• Good Practice http://ncte.ie/GoodPractice/
• ICT Procurement http://ictprocurement.gov.ie/; http://www.
procurement.ie
• Software for Charity, Educational or Community Group http://
encludeit.org/
• Create an IT Security Policy http://www.enterprise-ireland.com/
ebusinesssite/guides/internal_security/internal_security_index.asp
• Internet and Email Policy Usage Policy for Staff http://
humanresources.about.com/od/policiesandsamples1/a/email_policy.
htm
http://www.gfi.com/internet-monitoring-software/sample-internetusage-policy
Templates and further supporting documentation are available on
www.pobal.ie
Published by Pobal, Dublin, 2013
�
28