IT POLICY FOR COMPANIES
The Company’s computers, servers, printers, scanners, copiers, and all information contained or generated from this equipment, as well as Internet access, e-mail access, software, are collectively known as IT resources.
The Company’s I.T. Department’s intentions for publishing this IT Corporate Policy is for the protection of the practice, its employees and partners from illegal or damaging actions by individuals either knowingly or unknowingly.
The purpose of this policy is to outline the proper and acceptable use of all I.T. resources at the organization. The rules are in place to protect company, and its employees. Inappropriate use of the IT resources exposes of the firm to risks such as virus attacks, loss of valuable information, and legal issues.
This policy applies to employees, contractors, consultants, temporaries, and other workers of the organization, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased and I.T. services that are provided by the firm.
GENERAL USE AND OWNERSHIP
All information and data that personnel / computer users create on the company’s systems (which includes the desktop PCs) remain the property of the company. This includes information stored in e-mails, documents, drawings and other files. Due to the need to protect the company’s IT systems, confidentiality of information stored on it cannot be guaranteed.
Employees are responsible for exercising good judgement in the personal use of the company’s IT resources. If in doubt, users are advised to consult their Team Leader or the IT Manager.
ACCEPTABLE USE POLICY
IT resources are expected to be used for work-related activities only. Under no circumstances is an employee of the organization authorised to engage in any illegal activity (such as sending unsolicited e-mails offering any product or service) whilst utilising the company’s IT resources.
INFORMATION SECURITY POLICIES
Following security policies are must followed by each emoplyes of the organization
a) Connecting laptops, portable hard drives, USB or Flash Drives. Connecting any device into the network which may introduce malware requires the prior approval of the IT Department. Malware (short for “malicious software”) is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware (programs that gathers information about a computer user without permission).
b) Files storage media from outside source. Any media received from an outside source i.e. hard disks, CD ROMs, USB drives, from suppliers etc., should be scanned by IT before being used internally by staff.
c) User Accounts and Passwords. Employees are given network user accounts to access network resources (files, printers, Internet, email). This network user account represents the user’s identity in the organization’s network. It is the user’s responsibility to ensure that nobody except the IT department would know their login name and password.
d) Activities that introduce or expand the risk of virus infection. Network Logs and Accountability. As network user accounts represent the identity of the users, any activity which is logged under the said user account will be deemed the activity of the user to whom the account was assigned to.
e) Visiting websites of unacceptable content. Pornographic websites, pirated software websites and other similar websites are the most common source of virus infection. Users are not allowed to visit such websites to avoid the risk of legal exposure to the employees and the company.
f) Downloading files from the Internet. Unless the source of the files are from known reputable sources, downloading of files from the Internet are strongly advised against. If a file is downloaded from the Internet, it is the user’s responsibility to run a virus-scan on the file prior to opening it. Please consult the Company’s IT department on instructions on how to do this.
g) Installing unauthorized software. Company’s IT Department is the only one allowed to install programs on computers. Only work-related programs are allowed to be installed on the company’s computers.
h) Opening emails with potential harmful content. Any emails which are not from a familiar source and in particular have an attachment should not be opened without first individually scanning with the virus checker and if in further doubt, the email should be reported to the IT Manager.
i) NOT reporting a possible virus infection. It is the user’s responsibility to inform the IT department if he or she feels that her computer may have been infected by a computer virus either because it is showing symptoms of infection (very slow, web browser being automatically redirected to a website, antivirus being disabled, etc) or because of an incident which may have caused the computer to be infected (user accidentally opened a suspiciously-looking email, user clicked on a link which downloaded and executed a file, a browser pop-up keeps opening, etc).
NETWORK ACTIVITY POLICIES
Users are advised against any activity that may lead to the degradation of network speed due to over utilisation. This includes, but is not limited to, playing of music files not stored in the local computer, listening to Internet radio, viewing streaming video over the Internet, downloading non-work related files, etc.
E-MAIL COMMUNICATION POLICIES
Following email communication polices need to follow by each users
a) It is strongly encouraged that emails should only be used for work-related correspondence, and that for personal communication, third party external email services (such as gmail, yahoo mail, msn mail and hotmail) should be used.
b) For all emails that are sent and received through the company’s servers, a copy is automatically archived and is visible to part of the admin team for appropriate processing as per the company’s document management policies.
c) To limit wastage of resources due to the processing of all incoming/outgoing email as per corporate document management procedures, users are required to put “[DP]” or “(DP)” or “dp” on the subject line of all Non-Business related emails. This means “Don’t Process”, and will assist in identifying the proper course of tagging or archiving of the email. Examples of these emails are internal email printer notifications, email correspondences not related to any specific project, email chatter regarding company-sponsored events, internal bulletins or advisories, etc.
INTERNET BROWSING POLICIES
Following internet browsing polices need to follow by each users
a) Access to the Internet is limited to obtaining information data which is helpful or needed by the business. It is a privilege granted by the company, and is not a right.
b) Access to the Internet is limited only to members of the management team, and to individuals whose work responsibilities require it. Staff may also be given access provided that approval has been given by management.
c) Internet browsing for personal use or leisure is allowed only during non-office hours. Please consult with the IT Department for information on the latest work/non-work hours.
Following Software Polices need to follow by each user
a) Installation of pirated software is not allowed, as is the storage of such in the company’s computers and other IT storage equipment.
b) Only members of the IT department are allowed to install software on computers. Users may be allowed to install programs by themselves, but only upon obtaining the approval of the IT department.
ACCEPTABLE CONTENT POLICIES
The download and storage of any material which exposes the company to legal risk is strictly prohibited. These materials include, but are not limited to pornographic materials, pirated software, unauthorised copies of copyrighted materials (ripped videos and music files), harmful programs (email spamming programs, virus-infected files, etc).
OTHER IT RESOURCES POLICIES
The Company’s IT resources require a certain amount of investment, and hence care should be given in their use and allocation. If there is a need for a user to have a certain software, IT equipment (laptop, hard drives, CD burner etc.), or access to a service provided by the IT department (Internet browsing, access to a specific website), then a formal request has to be made by filling the appropriate form, and approval is given either by the employee’s manager and/or the Managing Partner depending on the cost involved.
SUPPORT SERVICES POLICY
• Helpdesk Support Calls Prioritization. Helpdesk calls (or requests for IT support), are responded to based on priorities. The priority by which a helpdesk support call is measured by the IT Department is identified by the following metrics
• Importance/Scope. Will it cause drastic disruption to the business processes, will it affect a large or small group of users, will it affect an individual, and will resolution result in better productivity?
• Urgency. How soon will the negative effects occur if the issue is unresolved? Please ensure that you inform the IT department of the levels of these criteria when requesting helpdesk support, especially if the issue is critical and very urgent.
• Personal/Non-work related. Requests for non-work-related support are done at the availability of any IT department staff only (e.g. synchronizing PDAs or mobile phones to Outlook), and only at their sole discretion.
• Schedules and Support Availability during Out-Of-Office Hours. Where critical work is being undertaken during non-business hours, involving the use of IT Resources (Internet, Printers, and Plotters), users are advised to inform the IT Department at the earliest possible time.
I.T. MAINTENANCE ACTIVITIES
As part of preventive and corrective maintenance activities, the IT Department may require to restart servers or to temporarily cut off connections either to the internet, to the email or to the network drives.In most cases, these service interruptions are scheduled after office hours to minimize the effect on the user’s productivity. If a user is leaving the office, and have left a FTP/web download or upload operation on-going or are uploading/downloading files to the F: drive, it is the user’s responsibility to inform the IT department, so that they are aware of the user’s requirements (of continued internet / email / network connection) and can adjust accordingly.