Académique Documents
Professionnel Documents
Culture Documents
Prepared by:
IT
DEPARTMENT
1. Brief
Policy Name
General Policy for IT Services
Policy effective date
Policy Owner
IT
Prepared By
IT
1st May 2016
2. Document Type
Type
Description
Protected
This is a policy manual document of general
guidelines for IT Department.
IT
Page 1 of 11
Version date:
Prepared by:
IT
DEPARTMENT
4. Table of Contents
1. Brief..............................................................................................................................1
2. Document Type...............................................................................................................1
3. Distribution and Approval.................................................................................................1
4. Table of Contents............................................................................................................2
5. Objective.......................................................................................................................4
6. Scope............................................................................................................................4
7. Audience........................................................................................................................4
8. Compliance....................................................................................................................4
9. Description of Policy:.......................................................................................................4
9.1
Availing IT Service & facilities........................................................................................4
9.2
Workstation policy.......................................................................................................4
9.3
Softwares/Applications Usage in BL Workstations............................................................5
9.4
File Server Access Policy...............................................................................................5
9.4.1
File Share:...............................................................................................................5
9.4.2
Implementation guideline..........................................................................................5
9.4.3
Storage Limit:..........................................................................................................5
9.4.4
Backup and restoration.............................................................................................5
9.4.5
Rules of storing files in the file server..........................................................................6
9.5
Indesore Sweater Policy:..............................................................................................6
9.6
Password Policy:..........................................................................................................7
9.7
User Profile Modification:..............................................................................................7
9.8
Viruses:.....................................................................................................................7
9.9
Internet Access: Access to internet is solely for business purposes....................................7
9.10
Workstation Data......................................................................................................8
9.11
IT Asset Management Policy:.....................................................................................8
9.11.1
Equipment custody:...............................................................................................8
9.11.2
Laptop Desktop Disbursement.................................................................................8
9.11.3
Lost / Damage Case/Robbery of IT Assets:...............................................................8
9.11.4
IT Asset Replacement:...........................................................................................9
9.11.5
IT Asset Movement/Handover/Handling....................................................................9
9.12
Printer Access:.........................................................................................................9
9.13
Wireless Access:.......................................................................................................9
10. SFTP (Secure File transfer protocol).................................................................................10
11. User Access Management...............................................................................................10
12. System (OS, Application, Database) Access Control...........................................................10
13. Physical Access Control..................................................................................................10
14. System Administration Standards....................................................................................10
15. Miscellaneous:..............................................................................................................10
17.5.1
List of Authorized Softwares/Applications/Services.................................................11
16
Actions for Non-Compliance.....................................................................................12
17. Records........................................................................................................................12
18. Roles and Responsibilities...............................................................................................12
18.1
Indesore Sweater management is responsible for:......................................................12
18.2
IT is responsible for:...............................................................................................12
18.3
HR is responsible for:..............................................................................................12
18.4
Employee is responsible for:....................................................................................12
IT
Page 2 of 11
Version date:
Prepared by:
IT
DEPARTMENT
5. Objective
The purpose of this policy is to set the guidelines and instructions for Indesore end-users using IT
Services in office Environment. To ensure a controlled IT environment with efficient and optimized IT
Services, high level clauses are added here in different IT areas.
6. Scope
Scope of this policy is limited to IT Services, Applications and IT Infrastructure provided by Indesore IT
Department for employees.
7. Audience
This policy is applicable to Indesore Employees as well as vendors/3rd parties/Outsourced working in
Indesore premises and using IT services, applications provided by Indesore IT department.
8. Compliance
Failure to adhere this policy or violation of this policy may lead to interruptions in business area which
depends on IT services. Exception of the policy is allowed only based on proper justifications as well as
considering minimal level of documented threats and if and only if it were positive for business.
Exception shall allow also only based on necessary approval process.
9. Description of Policy:
9.1 Availing IT Service& facilities
All kinds of IT facilities and services are provided to the employees to serve the business
purpose only.
Employee has to follow right tools defined by IT to avail IT Services (Emails and Forms etc.).
Forms for asset related issue and email for general IT Services.
Admin privilege will not be provided to the employee workstation considering the computer
security and network threat, virus infection and their adverse consequence in system.
However based on business requirement it could be provided on proper justifications, very high
business impact as well as considering minimal level of documented risks. If IT support can
attend the business needs then such kind of request will not be entertained.
Approval Process Workflow for Admin Rights:
Requester->Dept. HoD->IT Support
Requester->Dept. HoD->Mangment>IT Support
End-users having Administrative privilege on local PC are not authorized to perform below
activities:
o Install/reinstall software other than
o Reset the local Administrator account
the business related ones mentioned
password.
in Authorized list
o Uninstall existing installed software
o Uninstall/disable Antivirus software.
by IT Support
o Disjoin PC from domain.
o Disable Windows Firewall.
o Create/modify/delete
local
user
o User should not set any BIOS
accounts and other user accounts.
password to his/her workstation, unless
explicitly authorized.
IT
Page 3 of 11
Version date:
Prepared by:
IT
DEPARTMENT
Departmental File Shares: Each department can request file shares for group of employees to
access. All users in the group must have a Indesore System User Account to access a
departmental file share. Request for creating Departmental File Shares must be approved by the
department head. Departmental head will determine who should get access to all the files, as
well as the type of access. The access options are "read-only," or "modify."
Common File stores: There is a common folder named as miscalleneous, which is used for
storing files needed to be shared between teams/departments, and is not possible in
departmental folders. All Indesore permanent employees are entitled to access and store data
on file server, with access rights depending on their roles and responsibilities, and as per
business needs.
9.4.2 Implementation guideline
a. Controlling Access Rights to Folders
For access issue workflow is requestor-HoD->IT Department
All Indesore permanent employees are entitled to access and store data on file
server, with access rights depending on their roles and responsibilities, and as per
business needs.
b. New Folder Creation: For folder creation in a file server (miscalleneous: drive) needs to be
done through IT Department
9.4.3 Storage Limit:
Personal File Shares in miscalleneous folder : 512 MB for excess requirement requester has
to send special reqiust to IT department.
A full backup is taken on weekly basis. File server data backup retention period is 21 days.
GENERAL POLICY FOR IT SERVICES V1.0
IT
Page 4 of 11
Version date:
Prepared by:
IT
DEPARTMENT
Data older than 21 days cannot be restored. Lost or deleted files & folders can be restored
on request by users.
Files/folders which created and eventually deleted in between the daily backup, cannot be
restored.
User will be allowed to access to files and folders in file server according to the job
responsibility after getting the approval from supervisor and/or departmental head.
Disk space limit will be set for each division folder will be set by IT department considering
departments nature of activity.
A warning message will be sent to user when his home folder size reaches 75% of limit.
After reaching 100%, the user will not be able to store files anymore until he/she does own
housekeeping.
Following File formats are strictly prohibited to be stored even in compressed format
(rar/zip) in file server unless the files are related to company business.
o Movie and media files (*.mp4, *.mkv, *.avi, *.mpg, *.flv, *.mp3, *.wav, *.wma, *.VOB
etc); Personal Photos/images (*.jpg, *.jpeg, etc), iPhone/android applications (*.ipa,
*.apk, etc); Computer Games , Executable files (*.exe, *.vbs, *.bat, etc.) , Database
files (*.mdb, *.accdb, etc.)
Users are discouraged to run any kind of executable files from file server.
As per IT Ethics policy, storing of inappropriate files is prohibited including those which are
sexually harassing or offensive to others on the ground of race, religion or gender.
File server will be scanned regularly for data housekeeping disk maintenance and virus scan
purposes. If any files are found that are not related to company business, these will be
quarantined after informing the owner, for a period of 21 days, after which it will be
permanently deleted if no valid request for restore is placed.
If any user continuously stores invalid file types which are not related to company business,
his /her user account will be temporarily disabled after sending five warning messages. If
the same incident reoccurs by the same user, it will be escalated to the concerned HOD.
For temporary mailing lists created for the purpose of cross functional projects the content
of information should be of a specific nature and only members are allowed to send
messages to such groups. Furthermore, temporary mailing lists will be permanently deleted
once their reason for existence ends.
Administration of mailing lists
Every mailing list must have an owner. For organizational mailing lists, this is the head of unit.
For other mailing lists, this is the person authorized by departmental head, and it is usually the
GENERAL POLICY FOR IT SERVICES V1.0
IT
Page 5 of 11
Version date:
Prepared by:
IT
DEPARTMENT
project manager. It is the responsibility of the owner to maintain the mailing list. Creation and
changes are done by IT based on approval from the owner of the list.
Etiquettes
When using the corporate email system it is strictly prohibited:
Forward, print or copy any emails or attachments which are INTERNAL or
CONFIDENTIAL to any external party or which areCONFIDENTIAL internally
without acquiring permission from department head(s).
To transmit large volume documents to vast number of respondents overloading
the mail system;
e-mail account password is strongly prohibited to share& administrative
action will be imposed, if found.
The sending of inappropriate messages should be prohibited including those
which are sexually harassing or offensive in nature to others on the grounds of
race, religion or gender.
Users should not send implied or explicit messages which criticize other
individuals or organizations.
Users should not open emails or attached files without ensuring that the content
appears genuine.
Users are allowed to store email data in the mail server. After every two months
IT department Check the available space and detele the old emails discussing
with users .
E-mail items (Older than 6 month) from users primary mailbox will be
offloaded to the Personal Archive by IT department , while the archive emails remain transparent to users.
9.6 Password Policy:
All desktops and laptops should be password protected by user of the
equipment.
Password should not be shared with anyone other than IT Admin..
Account will be locked after 5 consecutive unsuccessful attempts to login.
Users need to inform IT admin if he changes the password.
9.7 User Profile Modification:
Any changes of Employees profile (display name, contact no, department, designation etc),
notification mail come from HR to IT Support Team. Then Support Team will take necessary
action.
9.8 Viruses:
It is the responsibility of the individual to ensure that any imported executable software code
or data is free of destructive codes, such as virus before using it in Indesore network. IT
Support can provide assistance to ensure safety of such files.
9.9 Internet Access: Access to internet is solely for business purposes.
Permanent:All Indesore permanent employees will be eligible for internet access with
valid business justifications.
Guest:Guest will be given internet access only for temporary basis upon approval from
management.
By default, Internet access is limited to browsing some specific sites for all employees.
E.g. YouTube, facebook, linkedin, video streaming, and sites with malicious contents are
blocked for all.
Any exception will be allowed for business purpose only and approval flow will be like
below: User->User Dept. HoD->Management
IT
Page 6 of 11
Version date:
Prepared by:
9.10
IT
DEPARTMENT
Workstation Data
9.11
Employee are encouraged to keep critical business data in file servers which is backup
enabled.
Indesore will not maintain any backup for data kept in workstation & Employee is fully
responsible for the data kept in workstations.
During any change of workstation or sharing, employee is responsible for data transfer. If
they face any technical problem, IT Support will guide them.
Computer programs, electronic mail, voice and electronic files are presumed to be private
and confidential unless they have explicitly been made available to other authorized
individuals. Their contents may be accessed only by authorized personnel for compelling
business and/or security reasons and only with the approval of the Departmental Head.
IT will format all data and submit the asset to inventory once IT Asset is permanently
handed over to IT Support Officers/Engineers during replacement and resign case. To
comply with information security, IT will not keep any data from end user device or will not
provide any data to resigned user.
For any official data requirement from the asset of resigned user, email notification has to
be sent by Line manager of resigned employee or HR before handing over the asset to IT
Support Officer.
9.11.1Equipment custody:
Employeewill receive IT equipment (Notebook, Desktop, Printer, Pen drive, Adapter, etc.)
against designated request.
User should not change/replace any IT equipment between each other without IT Support
concern.
Users must not move or remove any computing hardware or associated media without
prior agreement and authorization from IT Support.
9.11.2Laptop Desktop Disbursement
Indesore Employee:
For business purpose, Indesore employee can get primary laptop or desktop based on the
necessary approval and job description that matches with workstations
If the job descriptions do not contain any mobility and job is desk based, employee will get
desktop be provided accordingly from employee department
IT will provide workable/functional laptop/desktop to employee which can be used or new
based on stock and condition of the laptop/desktops.
9.11.3Lost / Damage Case/Robbery of IT Assets:
Employee needs to file a GD/FIR for lost case/robbery at the nearest police station and
email to IT and HR department.
IT Support Engineer will deliver the anotherequipment following IT Equipment Request
Process
For IT Accessories, IT can declare penalty if employee negligence found in
damage/lost/robbery cases except the issues which are normal during long time usage.
Penalty will be replacement/repair cost of same equipment. HR will finalize the decission
on this.
Generally, Laptop, Desktop will be replaced during 4.5 years usage & For the Executive
Laptop(Director & above) in 3 years based on the budget approval & budget expercise
calendar;
IT
Page 7 of 11
Version date:
Prepared by:
IT
DEPARTMENT
The life of Laptop/desktop is considered as 5 years. After 5 years the performance of the
equipment is reviewed and replacement is done if requires.
In case of faulty Laptops, Desktops, Printers, projectors, scanners, IT will replace those if
necessary business functions are totally unstable or interrupted;
There is no replacement plan for IT Accessories (mouse, keyboard, scanneretc.) and
printer consumables, spare parts which will be replaced only in faulty cases or consumed
fully.
Replaced IT Assets can be re-issued to, Intern or other business purpose in Indesore
premises;
Replaced IT Assets can be used for CSR or can be Auctioned or can be sold or given to
employee based on the necessary approval.
9.12
Default printer access for all employees will be in Black & White printer only.
Permanent color printer access shall be given only to the users those has valid business
requirement with necessary approval from Head of the department.Temporary color printer
access shall be given upon valid justification checked and monitored by IT Support
For the users those have color printer access, shall not give black&white printing in color
printer if there available black&white printer.
Users should only print necessary documents to avoid paper and ink waste, and
unnecessary wear and tear of the printers. User should utilize the printer and paper for
official purposes only.
After giving the print command, user should collect the printed documents immediately.
Access control standards for information systems are approved by management and
incorporate the need to balance restrictions to prevent unauthorized access against the
need to provide unhindered access to meet business needs;
IT
Page 8 of 11
Version date:
Prepared by:
IT
DEPARTMENT
Access to all systems are authorized by the owner of the system and such access,
including the appropriate access rights (or privileges), must be recorded in an Access
Control List;
There are procedures which guide and control user registration, de-registration and
periodic follow-up; The selection of passwords, their use and management as a primary
means to control access to systems are to strictly adhere to best practice guidelines;
Regular review of user access rights will be done;
Physical access to high security areas is controlled with strong identification and
authentication techniques to ensure that only authorized personnel are allowed to access.
To protect the Office/Factory buildings and its assets to ensure they are kept free from
intrusion, vandalism, damage or disruption.
The CCTV system will be operated 24 hours each day, every day of the year. The ICT
Department will check and confirm the efficiency of the system on a daily basis and in
particular that the equipment is properly recording and that cameras are functional.
All surveillance records shall be stored in a secure centralized location for a period of 2
months and will then promptly be erased or written over.
Access to the CCTV will be strictly limited to the members of staff approved by the
Management.
Copies of downloads may only be viewed by authorised person.
IT department reserves the right to monitor the system in its entirety to ensure system
stability and security.
IT department shall also provide ample warning to all employees of the office when
maintenance will occur. Computer Services shall not schedule any kind of outage for the
system unless absolutely necessary and then, only after regular business hours.
IT department shall provide at least one batterybacked telephone per building. In the
event of a power failure, these telephones will still be available for calls.
IT
Page 9 of 11
Version date:
Prepared by:
IT
DEPARTMENT
IT
Page 10 of 11
Version date:
Prepared by:
IT
DEPARTMENT
Use a damp, soft, lint-free cloth to clean the computers exterior. Avoid getting moisture in any
openings.
Do not spray liquid directly on the computer.
Dont use aerosol sprays, solvents, or abrasives.
Dampen a clean, soft, lint-free cloth or paper with water only and wipe the screen.
Keep your computer away from sources of liquids, such as drinks, washbasins, bathtubs, shower
stalls, and so on.
Protect your computer from dampness or wet weather, such as rain, snow, and so on.
Never force a connector into a port. If the connector and port dont join with reasonable ease,
they probably dont match. Make sure that the connector matches the port and that you have
positioned the connector correctly in relation to the port.
You should aware avoid possible damage to the system, wait 5 seconds after turning off the
computer before disconnecting a device from the computer.
When you use the AC adapter to run the computer or to charge the battery, place the AC
adapter
18.Records
Approved Policy is kept in below location:
\\ Location address:
19.Roles and Responsibilities
19.1
19.2
19.3
19.4
IT
Page 11 of 11