Meeting new corporate governance responsibilities can be a headache for large organisations across the UK. As major employers with large numbers of staff, local authorities also have to bear this pressure and prove that their teams are fully briefed on corporate policies, particularly in the face of inspection.
Adding to the list of corporate reporting is the Internet. The Audit Commission has highlighted the potential benefits of using IT as a driver for meeting corporate governance requirements to councils. This includes using such technology to streamline manual processes, data management and to deliver service information to residents. Consequently, the web has become such a powerful tool in the workplace, particularly local authorities that have seen a migration of services on line.
However, while the diversity of the web can be a major attraction to the casual user, there is a clear responsibility in the workplace to ensure that council employees are using it appropriately.
Realising that polices on Internet usage would need to be detailed and change over time in line with the rapid growth of the Internet, Wigan Metropolitan Borough Council believes it has been able to reduce the burden of corporate reporting and policy management by using the latest software. And what started as an IT project aimed at communicating the authority’s internet usage policy has now brought about a major change in the authority’s ability to meet its wider statutory requirements.
‘The Internet is now a must-have resource for completing tasks and can be a valuable resource – as a result the amount of time our staff spend online has dramatically increased in recent years,’ assistant director of Finance and IT, Peter Livesey, explains. ‘So, however, has the burden for employers to ensure that it is not being misused by employees.
‘Misuse comes in many forms: surfing inappropriate sites, spending time using it for personal activities and sharing sensitive corporate information with third parties are just a handful of examples.’
This increase in employee Internet access has resulted in the development of Acceptable Internet Usage (AIU) policies across the public sector. These impress on employees the importance of adhering to corporate policies – and the sanctions that they face in the event of breaches. However, managing the initial circulation of a new policy can be a logistical and administrative headache, especially in large organisations. Enforcing it and ensuring employee acceptance adds to the burden.
At Wigan, the staff includes more than 4,000 regular PC users, including council members and partner organizations. The council realised early on that a manual paper-based system for deploying, managing and auditing the AIU policy would not be viable.
The council looked for an electronic management system and opted for NETConsent.
‘Our priority was a system that would ensure all employees understood and accepted the authority’s Internet usage policy before they were allowed to access the Web,’ Livesey explains. ‘We also needed a record of each user’s acceptance - both to enable us to fulfill our audit requirements and to give us evidence in the case of a breach. Being able to provide evidence that an individual was aware of, and accepted the policy strengthens our case and hopefully prevents the likelihood of disputes ending in employment tribunals.’
NETconsent works by automatically presenting the user with a browser screen informing them of a change in a corporate policy, and giving him/her the opportunity to review and accept it. Depending on the privileges of each user, they can be given the option to bypass the policy and complete it later. If a user chooses to accept the policy they are required to verify their identity, digitally signing their action, by keying in their network password.
The ‘signed’ acceptance is then stored in a secure central database and the employer can then run ‘exception reports’ periodically detailing who has yet to accept the policy. Reminders and privilege restrictions can be issued accordingly.
In the case of Wigan, Livesey says the roll out of the WEBconsent module got officers thinking about a wider application of the system to meet broader compliance responsibilities.
Before implementing NETconsent for wider policy management, data storage and information management purposes, the council undertook testing to ensure broadening its activities wouldn’t expose the council to increased financial or operational risks.
Viruses, hacking and sabotage are threats faced by any organisation using the Internet and can result in financial loss, invasion of privacy or the theft of information or systems if the necessary safeguards are not in place.
‘Having satisfied our members that the authority would not be exposed to additional risks from automating its policy management processes the decision was made to implement NETconsent more widely.” Livesey says.
‘When we looked at the benefits of using the system for all of our internal policies we realised that the resource and money savings we could make was substantial. ‘
Livesey adds that implementation has had major effect on the council’s corporate governance practices. Information can be made available more quickly and ‘real-time visibility’ allows the council to track non-compliance, remedial action can be taken immediately, rather than waiting for statutory audits to be completed.
‘The software not only protects Wigan Council from the threats posed from inappropriate Internet use by members of staff, but also guards against unauthorised attacks from the outside world,’ he says. ‘It also means that existing resources can be redeployed undertaking the Council’s core activities – ensuring our residents continue to receive the highest levels of service.’
For more information:
