Access and Security Control Policy

Policy Purpose

To establish access and security controls that maximize access to resources by the public and staff users, in support of Hamilton Public Library core values of “intellectual freedom”; while securing the availability, integrity and confidentiality of systems, information and resources by restricting rights only to individuals or entities that have successfully completed the necessary identification, authentication and authorization procedures and by having adequate controls in place.  

Key Points Summary

  • HPL will provision required permissions to its users to access HPL systems and resources. 

  • HPL will ensure availability, integrity and confidentiality of the system and resources.  

  • HPL will review the access list on pre-defined durations.  

  • HPL will ensure network security, end point security, physical and data security and access by having necessary controls in place.  

  • HPL will enforce the access and security control policy to all involved parties.  

Definitions

Access Control: Is the process that limits and controls access to resources of a computer system.  

Library Board: In this policy refers to the members of the Hamilton Public Library Board. 

Employees: In this policy is referred to staff, volunteers, co-op or school internships, etc.  

End Point Security: Is a security system managed centrally and agent installed on all end user devices to protect them like antivirus agent, antispam filter etc. 

External Organizations: Including consultants, vendors and contractors that require access to systems or networks to complete library business or third-party agencies that may have agreements with the library to provide services and systems. 

Library Members: Are the public/users or library patrons who have or don’t have library cards. 

Users: In this policy is defined as any user whether public, staff, volunteers, Library Board members or external organizations that uses HPL systems to access service or perform any business activity. 

Policy Details

Library Members 
Library members are provided with access privileges to library technology resources (including web, networks, applications, and devices) based on the following principles:  

  • Open Access: granting open unrestricted access to IT resources for users to consume digital services and to support intellectual freedom and discovery.  

  • Secure Availability: balancing open access with availability, and security of technology resources to ensure that digital services are protected against disruption, privacy breaches, and are accessible to all library users in a secure manner.  

Library members are governed by the Technology and Internet Use Policy and Customer Code of Conduct while accessing HPL technology resources and services. 

Library Board and Employees 
While carrying out library business, the Library Board, employees including volunteers, and external organizations are provided with access privileges to systems and technology (including web, networks, systems, applications and devices) based on the following principles:  

  • Need to know: They will be granted access to systems that are necessary to fulfill their library roles and responsibilities. 

  • Least privilege: They will be provided with the minimum privileges necessary to fulfill their roles and responsibilities.  

User Education and Transparency
Educating employees and library members on effective use of systems and ways to protect information and systems will be a priority.  

Library members can challenge restriction to access. The process to challenge restrictions to access will be communicated on the Library website. Staff will investigate and document complaints. An annual report will be prepared updating the Library Board on access and security issues, including reports on complaints.   

Scope
This policy applies to library members, who may directly or indirectly require access to IT systems, networks, or information while using library services. 

This policy applies to the Library Board, employees of the library including volunteers, and external organizations that may directly or indirectly require to gain access to library IT resources or systems.  

This policy applies to all Hamilton Public Library provided or supported systems, infrastructure, data and services, unless noted otherwise, including: 

  • Locations: all HPL locations including central, branches and other mobile locations. 

  • Technology: IT systems, or applications that store, process or transmit information. All network and computer hardware, virtualized environment, storage, software and applications, staff mobile devices, and telecommunication systems.  

  • Processes: all processes that support, operations, environments and services. All automated and manual procedures for the controls. 

  • Interfaces: all interfaces within the environments and to external entities. 

  • Data: all data including transaction streams, files, data files, repositories, databases, tables, inputs and outputs used by a system. 

  • Security Credentials: all user accounts, all tokens, all security credentials including all user IDs, functional IDs, machine IDs, admin, root, and super user type accounts. 

Publish Date

March 2022