Sheffield park rangers must down trowels and take ICT security exams

Council IT chief introduces compulsory information security tests for all staff

Up to 9,000 employees, including park rangers and other council workers with no ready access to ICT, have to pass stringent data security tests, Sheffield City Council CIO Paul Green has revealed to Computing.

"We put everyone in the organisation through information security training that they had to pass," said Green. "I think we're the only local authority organisation who's gone anywhere near that level of detail."

"Information security is not just about technology," Green told Computing.

"There are individuals in our organisation who don't use technology. For example, park rangers; they walk around in parks, pick up USB sticks or DVDs from paper bins, and what we've had to make them aware of is that that information could be really critical.

"We've created an online e-learning programme for all of our staff to access, and for those who don't have access to e-learning, there's a paper-based test for them to do as well," explained Green.

"So 8,000 to 9,000 people in the organisation went through the programme, and if they didn't meet the minimum score to pass, they had to do it again."

Green explained how such action, which is part of the council's Information Management Programme, rolled out in 2009, is "the only way to demonstrate to the Information Commission Officer that I'm taking it seriously. Security is extremely poorly developed in local authorities, and the amount of recent fines that have been levied by the ICO shows this."