Version date:

Prepared by:

GENERAL POLICY FOR IT SERVICES

IT

DEPARTMENT

1. Brief
Policy Name
General Policy for IT Services
Policy effective date

Policy Owner
IT

Prepared By
IT
1st May 2016

2. Document Type
Type
Description

Protected
This is a policy manual document of general
guidelines for IT Department.

3. Distribution and Approval

Indentification /Ref:
Applies to:
Prepared by:
Approved by:

GENERAL POLICY FOR IT SERVICES V1.0

IT

Page 1 of 11

Version date:
Prepared by:

GENERAL POLICY FOR IT SERVICES

IT

DEPARTMENT

4. Table of Contents
1. Brief..............................................................................................................................1
2. Document Type...............................................................................................................1
3. Distribution and Approval.................................................................................................1
4. Table of Contents............................................................................................................2
5. Objective.......................................................................................................................4
6. Scope............................................................................................................................4
7. Audience........................................................................................................................4
8. Compliance....................................................................................................................4
9. Description of Policy:.......................................................................................................4
9.1
Availing IT Service & facilities........................................................................................4
9.2
Workstation policy.......................................................................................................4
9.3
Softwares/Applications Usage in BL Workstations............................................................5
9.4
File Server Access Policy...............................................................................................5
9.4.1
File Share:...............................................................................................................5
9.4.2
Implementation guideline..........................................................................................5
9.4.3
Storage Limit:..........................................................................................................5
9.4.4
Backup and restoration.............................................................................................5
9.4.5
Rules of storing files in the file server..........................................................................6
9.5
Indesore Sweater Policy:..............................................................................................6
9.6
Password Policy:..........................................................................................................7
9.7
User Profile Modification:..............................................................................................7
9.8
Viruses:.....................................................................................................................7
9.9
Internet Access: Access to internet is solely for business purposes....................................7
9.10
Workstation Data......................................................................................................8
9.11
IT Asset Management Policy:.....................................................................................8
9.11.1
Equipment custody:...............................................................................................8
9.11.2
Laptop Desktop Disbursement.................................................................................8
9.11.3
Lost / Damage Case/Robbery of IT Assets:...............................................................8
9.11.4
IT Asset Replacement:...........................................................................................9
9.11.5
IT Asset Movement/Handover/Handling....................................................................9
9.12
Printer Access:.........................................................................................................9
9.13
Wireless Access:.......................................................................................................9
10. SFTP (Secure File transfer protocol).................................................................................10
11. User Access Management...............................................................................................10
12. System (OS, Application, Database) Access Control...........................................................10
13. Physical Access Control..................................................................................................10
14. System Administration Standards....................................................................................10
15. Miscellaneous:..............................................................................................................10
17.5.1
List of Authorized Softwares/Applications/Services.................................................11
16
Actions for Non-Compliance.....................................................................................12
17. Records........................................................................................................................12
18. Roles and Responsibilities...............................................................................................12
18.1
Indesore Sweater management is responsible for:......................................................12
18.2
IT is responsible for:...............................................................................................12
18.3
HR is responsible for:..............................................................................................12
18.4
Employee is responsible for:....................................................................................12

GENERAL POLICY FOR IT SERVICES V1.0

IT

Page 2 of 11

Version date:
Prepared by:

GENERAL POLICY FOR IT SERVICES

IT

DEPARTMENT

5. Objective
The purpose of this policy is to set the guidelines and instructions for Indesore end-users using IT
Services in office Environment. To ensure a controlled IT environment with efficient and optimized IT
Services, high level clauses are added here in different IT areas.
6. Scope
Scope of this policy is limited to IT Services, Applications and IT Infrastructure provided by Indesore IT
Department for employees.
7. Audience
This policy is applicable to Indesore Employees as well as vendors/3rd parties/Outsourced working in
Indesore premises and using IT services, applications provided by Indesore IT department.
8. Compliance
Failure to adhere this policy or violation of this policy may lead to interruptions in business area which
depends on IT services. Exception of the policy is allowed only based on proper justifications as well as
considering minimal level of documented threats and if and only if it were positive for business.
Exception shall allow also only based on necessary approval process.
9. Description of Policy:
9.1 Availing IT Service& facilities

All kinds of IT facilities and services are provided to the employees to serve the business
purpose only.
Employee has to follow right tools defined by IT to avail IT Services (Emails and Forms etc.).
Forms for asset related issue and email for general IT Services.

9.2 Workstation policy

Admin privilege will not be provided to the employee workstation considering the computer
security and network threat, virus infection and their adverse consequence in system.
However based on business requirement it could be provided on proper justifications, very high
business impact as well as considering minimal level of documented risks. If IT support can
attend the business needs then such kind of request will not be entertained.
Approval Process Workflow for Admin Rights:
Requester->Dept. HoD->IT Support
Requester->Dept. HoD->Mangment>IT Support
End-users having Administrative privilege on local PC are not authorized to perform below
activities:
o Install/reinstall software other than
o Reset the local Administrator account
the business related ones mentioned
password.
in Authorized list
o Uninstall existing installed software
o Uninstall/disable Antivirus software.
by IT Support
o Disjoin PC from domain.
o Disable Windows Firewall.
o Create/modify/delete
local
user
o User should not set any BIOS
accounts and other user accounts.
password to his/her workstation, unless
explicitly authorized.

GENERAL POLICY FOR IT SERVICES V1.0

IT

Page 3 of 11

Version date:
Prepared by:

GENERAL POLICY FOR IT SERVICES

IT

DEPARTMENT

9.3 Softwares/Applications Usage in Indesore Sweater Workstations

Workstation(Desktop/Laptop) will be prepared by IT Support team with standard required

software. By default, OS (Windows/Mac, MS.Office ,Anti-virus, Zip, Adobe Reader/Writer and
VNCare provided with the Workstations.
Software installations request should be sent to IT Support team via a formal request (email).
Softwares/Applications used in Indesore Workstations must be under authorized list provided
by IT.
If anyone needs separate software for business purpose, IT would provide that particular
software with necessary approval and available license in stock.
Approval Workflow if Software is not in default/standard Authorized List
Requester->Dept. HoD->Management->IT Support
Approval Workflow if Software is in default/standard Authorized List
Requester->IT Support
It's strictly prohibited to copy, install or launch unauthorized software. Its strictly prohibited to
install or use hacking tools or anonymizer software, to activate auditing processes or
vulnerability scanners without any formal approval from Head of IT.

9.4 File Server Access Policy

IT department provides local network file storage and departments across Indesore for storing
and sharing work related files for business purposes.
9.4.1 File Share:
Currently there are two (2) types of file shares on the local storage server:
Personal File Shares: A personal file share is created by IT support team for each employee
at Indesore upon generating each user's Account.

Departmental File Shares: Each department can request file shares for group of employees to
access. All users in the group must have a Indesore System User Account to access a
departmental file share. Request for creating Departmental File Shares must be approved by the
department head. Departmental head will determine who should get access to all the files, as
well as the type of access. The access options are "read-only," or "modify."
Common File stores: There is a common folder named as miscalleneous, which is used for
storing files needed to be shared between teams/departments, and is not possible in
departmental folders. All Indesore permanent employees are entitled to access and store data
on file server, with access rights depending on their roles and responsibilities, and as per
business needs.
9.4.2 Implementation guideline
a. Controlling Access Rights to Folders
For access issue workflow is requestor-HoD->IT Department
All Indesore permanent employees are entitled to access and store data on file
server, with access rights depending on their roles and responsibilities, and as per
business needs.
b. New Folder Creation: For folder creation in a file server (miscalleneous: drive) needs to be
done through IT Department
9.4.3 Storage Limit:

Personal File Shares in miscalleneous folder : 512 MB for excess requirement requester has
to send special reqiust to IT department.

Departmental File Shares: Based on the department needs.

9.4.4 Backup and restoration

A full backup is taken on weekly basis. File server data backup retention period is 21 days.
GENERAL POLICY FOR IT SERVICES V1.0

IT

Page 4 of 11

Version date:
Prepared by:

GENERAL POLICY FOR IT SERVICES

IT

DEPARTMENT

Data older than 21 days cannot be restored. Lost or deleted files & folders can be restored
on request by users.

Files/folders which created and eventually deleted in between the daily backup, cannot be
restored.

9.4.5 Rules of storing files in the file server

User will be allowed to access to files and folders in file server according to the job
responsibility after getting the approval from supervisor and/or departmental head.

Disk space limit will be set for each division folder will be set by IT department considering
departments nature of activity.

A warning message will be sent to user when his home folder size reaches 75% of limit.
After reaching 100%, the user will not be able to store files anymore until he/she does own
housekeeping.

No personal documents can be stored in file server.

Following File formats are strictly prohibited to be stored even in compressed format
(rar/zip) in file server unless the files are related to company business.
o Movie and media files (*.mp4, *.mkv, *.avi, *.mpg, *.flv, *.mp3, *.wav, *.wma, *.VOB
etc); Personal Photos/images (*.jpg, *.jpeg, etc), iPhone/android applications (*.ipa,
*.apk, etc); Computer Games , Executable files (*.exe, *.vbs, *.bat, etc.) , Database
files (*.mdb, *.accdb, etc.)
Users are discouraged to run any kind of executable files from file server.
As per IT Ethics policy, storing of inappropriate files is prohibited including those which are
sexually harassing or offensive to others on the ground of race, religion or gender.
File server will be scanned regularly for data housekeeping disk maintenance and virus scan
purposes. If any files are found that are not related to company business, these will be
quarantined after informing the owner, for a period of 21 days, after which it will be
permanently deleted if no valid request for restore is placed.
If any user continuously stores invalid file types which are not related to company business,
his /her user account will be temporarily disabled after sending five warning messages. If
the same incident reoccurs by the same user, it will be escalated to the concerned HOD.

9.5 Indesore Email Policy

User ID, Mailbox, Mail Group:

User ID and Mailbox is created for permsanent employees have been created and remain till
resign. After getting notification from respective department or Hr, IT System Team will take
action to delete or disable his/her User ID and Mailbox.
Use of mailing lists
Sending mails to group mailing lists is restricted unless it demonstrates a relation

For temporary mailing lists created for the purpose of cross functional projects the content
of information should be of a specific nature and only members are allowed to send
messages to such groups. Furthermore, temporary mailing lists will be permanently deleted
once their reason for existence ends.
Administration of mailing lists
Every mailing list must have an owner. For organizational mailing lists, this is the head of unit.
For other mailing lists, this is the person authorized by departmental head, and it is usually the
GENERAL POLICY FOR IT SERVICES V1.0

IT

Page 5 of 11

Version date:
Prepared by:

GENERAL POLICY FOR IT SERVICES

IT

DEPARTMENT

project manager. It is the responsibility of the owner to maintain the mailing list. Creation and
changes are done by IT based on approval from the owner of the list.
Etiquettes
When using the corporate email system it is strictly prohibited:
Forward, print or copy any emails or attachments which are INTERNAL or
CONFIDENTIAL to any external party or which areCONFIDENTIAL internally
without acquiring permission from department head(s).
To transmit large volume documents to vast number of respondents overloading
the mail system;
e-mail account password is strongly prohibited to share& administrative
action will be imposed, if found.
The sending of inappropriate messages should be prohibited including those
which are sexually harassing or offensive in nature to others on the grounds of
race, religion or gender.
Users should not send implied or explicit messages which criticize other
individuals or organizations.
Users should not open emails or attached files without ensuring that the content
appears genuine.
Users are allowed to store email data in the mail server. After every two months
IT department Check the available space and detele the old emails discussing
with users .
E-mail items (Older than 6 month) from users primary mailbox will be
offloaded to the Personal Archive by IT department , while the archive emails remain transparent to users.
9.6 Password Policy:
All desktops and laptops should be password protected by user of the
equipment.
Password should not be shared with anyone other than IT Admin..
Account will be locked after 5 consecutive unsuccessful attempts to login.
Users need to inform IT admin if he changes the password.
9.7 User Profile Modification:
Any changes of Employees profile (display name, contact no, department, designation etc),
notification mail come from HR to IT Support Team. Then Support Team will take necessary
action.
9.8 Viruses:
It is the responsibility of the individual to ensure that any imported executable software code
or data is free of destructive codes, such as virus before using it in Indesore network. IT
Support can provide assistance to ensure safety of such files.
9.9 Internet Access: Access to internet is solely for business purposes.

Permanent:All Indesore permanent employees will be eligible for internet access with
valid business justifications.
Guest:Guest will be given internet access only for temporary basis upon approval from
management.
By default, Internet access is limited to browsing some specific sites for all employees.
E.g. YouTube, facebook, linkedin, video streaming, and sites with malicious contents are
blocked for all.
Any exception will be allowed for business purpose only and approval flow will be like
below: User->User Dept. HoD->Management

GENERAL POLICY FOR IT SERVICES V1.0

IT

Page 6 of 11

Version date:
Prepared by:

9.10

GENERAL POLICY FOR IT SERVICES

IT

DEPARTMENT

Workstation Data

9.11

Employee are encouraged to keep critical business data in file servers which is backup
enabled.
Indesore will not maintain any backup for data kept in workstation & Employee is fully
responsible for the data kept in workstations.
During any change of workstation or sharing, employee is responsible for data transfer. If
they face any technical problem, IT Support will guide them.
Computer programs, electronic mail, voice and electronic files are presumed to be private
and confidential unless they have explicitly been made available to other authorized
individuals. Their contents may be accessed only by authorized personnel for compelling
business and/or security reasons and only with the approval of the Departmental Head.
IT will format all data and submit the asset to inventory once IT Asset is permanently
handed over to IT Support Officers/Engineers during replacement and resign case. To
comply with information security, IT will not keep any data from end user device or will not
provide any data to resigned user.
For any official data requirement from the asset of resigned user, email notification has to
be sent by Line manager of resigned employee or HR before handing over the asset to IT
Support Officer.

IT Asset Management Policy:

9.11.1Equipment custody:
Employeewill receive IT equipment (Notebook, Desktop, Printer, Pen drive, Adapter, etc.)
against designated request.
User should not change/replace any IT equipment between each other without IT Support
concern.
Users must not move or remove any computing hardware or associated media without
prior agreement and authorization from IT Support.
9.11.2Laptop Desktop Disbursement
Indesore Employee:
For business purpose, Indesore employee can get primary laptop or desktop based on the
necessary approval and job description that matches with workstations
If the job descriptions do not contain any mobility and job is desk based, employee will get
desktop be provided accordingly from employee department
IT will provide workable/functional laptop/desktop to employee which can be used or new
based on stock and condition of the laptop/desktops.
9.11.3Lost / Damage Case/Robbery of IT Assets:

Employee needs to file a GD/FIR for lost case/robbery at the nearest police station and
email to IT and HR department.
IT Support Engineer will deliver the anotherequipment following IT Equipment Request
Process
For IT Accessories, IT can declare penalty if employee negligence found in
damage/lost/robbery cases except the issues which are normal during long time usage.
Penalty will be replacement/repair cost of same equipment. HR will finalize the decission
on this.

9.11.4IT Asset Replacement:

Generally, Laptop, Desktop will be replaced during 4.5 years usage & For the Executive
Laptop(Director & above) in 3 years based on the budget approval & budget expercise
calendar;

GENERAL POLICY FOR IT SERVICES V1.0

IT

Page 7 of 11

Version date:
Prepared by:

GENERAL POLICY FOR IT SERVICES

IT

DEPARTMENT

The life of Laptop/desktop is considered as 5 years. After 5 years the performance of the
equipment is reviewed and replacement is done if requires.
In case of faulty Laptops, Desktops, Printers, projectors, scanners, IT will replace those if
necessary business functions are totally unstable or interrupted;
There is no replacement plan for IT Accessories (mouse, keyboard, scanneretc.) and
printer consumables, spare parts which will be replaced only in faulty cases or consumed
fully.
Replaced IT Assets can be re-issued to, Intern or other business purpose in Indesore
premises;
Replaced IT Assets can be used for CSR or can be Auctioned or can be sold or given to
employee based on the necessary approval.

9.11.5IT Asset Movement/Handover/Handling

9.12

In case of any IT equipment Movement/Handover, users have to notify IT Support advance

to update asset location.
In case of users departure from Indesore, IT Support will take IT assets used by the
departed user and might reuse the asset for better resource utilization and save company
budget. The asset will be reconfigured and reinstalledupon assigned to other users.
IT End-users are not authorized to remove asset tag from any IT Asset e.g. Desktop,
Notebook, Printer, Scanner etc. Any sort of sticker or handling of IT Equipment which
decreases the probability of asset reuse is strictly prohibited.
Printer Access:

Default printer access for all employees will be in Black & White printer only.
Permanent color printer access shall be given only to the users those has valid business
requirement with necessary approval from Head of the department.Temporary color printer
access shall be given upon valid justification checked and monitored by IT Support
For the users those have color printer access, shall not give black&white printing in color
printer if there available black&white printer.
Users should only print necessary documents to avoid paper and ink waste, and
unnecessary wear and tear of the printers. User should utilize the printer and paper for
official purposes only.
After giving the print command, user should collect the printed documents immediately.

9.13 Wireless Access

Wifi connection is provided only to the emplyoees approved by management

Guests from other subsidiaries are connected to wifi on request on approvel from
management.,

10.SFTP (Secure File transfer protocol)

Indesore IT provides a Secure FTP Service to Indesore employees, which is used to

exchange data in a secure way. The purpose of this service is to ensure security,
confidentiality & reduce the time taken to send/receive large volume files outside of
Indesore Sweater
Any files stored for sharing will be removed immediately after the concern person confirms
its availability.

11.User Access Management

Access control standards for information systems are approved by management and
incorporate the need to balance restrictions to prevent unauthorized access against the
need to provide unhindered access to meet business needs;

GENERAL POLICY FOR IT SERVICES V1.0

IT

Page 8 of 11

Version date:
Prepared by:

GENERAL POLICY FOR IT SERVICES

IT

DEPARTMENT

Access to all systems are authorized by the owner of the system and such access,
including the appropriate access rights (or privileges), must be recorded in an Access
Control List;
There are procedures which guide and control user registration, de-registration and
periodic follow-up; The selection of passwords, their use and management as a primary
means to control access to systems are to strictly adhere to best practice guidelines;
Regular review of user access rights will be done;

12.System (OS, Application, Database) Access Control

Access to systems (OS, Application, and Database) is controlled by a secure log-on

procedure;
System for managing passwords is interactive; should ensure quality password;
Inactive sessions are to be disconnected after a defined period of inactivity.

13.Physical Access Control

Physical access to high security areas is controlled with strong identification and
authentication techniques to ensure that only authorized personnel are allowed to access.

14.System Administration Standards

All Indesore IT systems are configured to enforce the following:
Authentication of individual users, not groups of users - i.e. no generic accounts.
Protection with regards to retrieval of passwords and security details.
System access monitoring and logging at user level.
Password administration processes are properly controlled, secure and auditable.
Periodic auditing of user accounts is performed by the system admin to identify and
revoke non-active, unused or non-authorized accounts; or to perform the reallocation or
revocation of privileges.
15.Security Camera and Server:
Indesore is fully committed to the safety of its staff, Employees and visitors and to this
extent has invested in the security of its buildings and facilities. The purpose of this
Policy is to regulate the management, operation and use of the closed circuit camera (CC
CAM) system at Indesore. Operation of the System are:

To protect the Office/Factory buildings and its assets to ensure they are kept free from
intrusion, vandalism, damage or disruption.
The CCTV system will be operated 24 hours each day, every day of the year. The ICT
Department will check and confirm the efficiency of the system on a daily basis and in
particular that the equipment is properly recording and that cameras are functional.
All surveillance records shall be stored in a secure centralized location for a period of 2
months and will then promptly be erased or written over.
Access to the CCTV will be strictly limited to the members of staff approved by the
Management.
Copies of downloads may only be viewed by authorised person.

16. PABX and Telephone system:

IT department reserves the right to monitor the system in its entirety to ensure system
stability and security.
IT department shall also provide ample warning to all employees of the office when
maintenance will occur. Computer Services shall not schedule any kind of outage for the
system unless absolutely necessary and then, only after regular business hours.
IT department shall provide at least one batterybacked telephone per building. In the
event of a power failure, these telephones will still be available for calls.

GENERAL POLICY FOR IT SERVICES V1.0

IT

Page 9 of 11

Version date:
Prepared by:

GENERAL POLICY FOR IT SERVICES

IT

DEPARTMENT

IT department shall provide redundancy and faulttolerance on the telephone system

through backup hardware, and hardware replacement contracts with manufacturers.
Computer Services shall test the faulttolerance of the system once per month.
Computer Services reserves the right to disconnect any portion of the network that is
causing interference with the telephone system without notice.
All PABX configuration changes will be made by an authorised Computer Services
employee.

17.Miscellaneous for End User Policy:

Terms and conditions of using the Company's IT Services
The information which become available and processed by employees within business-processes
is owned by the Company;
Employees are provided IT-infrastructure for information processing & should be used for
business purposes only;
No person shall do any deliberate, reckless, unlawful act which may cause disruption to
services, degrade the performance of an information system, or jeopardize the integrity of data
networks, computing equipment, systems programs, or other stored information;
All employees are responsible for providing and maintaining the security of information
throughout any phase of its life cycle including processing, distribution and storage;
When working with internet resources it's strictly prohibited:
o to install or use hacker or anonymizer software, to activate auditing processes or
vulnerability scanners on the behalf of the Company as well as to emulate attacks or to
impact any other IT-infrastructure without authorization;
o to attempt to adjust the equipment or access the internet bypassing standard corporate
technologies or remote access gateways;
o
to upload or exchange sensitive information of the Company via external resources of
the internet;
o to divulge work-related information while using social networking websites, to publicize
any discrediting information regarding the Company, its policies, financial reports,
projects, decisions or other staff members.
The Company reserves the right to control the security of corporate information processing and
to carry out content analysis of every IT-resource using the required technical means. Such ITresources include mail correspondence or any other channels of corporate information
exchange. For staff members such control can result in administrative or legal action if any
illegal activity against the Company is detected.
User Have to login into their local domain.
Desktop, My Documents should be free from any necessary documents.
Users have to keep their important files into his / her network drive mandatory, also his /her
drive
on laptop / desktop.
User needs permission for installing any software.
User must shutdown their computer properly.
User must check virus every time after insert any USB device like pen drive, Camera and
Mobile,
Memory Card, Removable Drive.
User must keep their computer neat & clean.
Different browser should not be used.
User must not take his or her computer at home without the prior concern of their supervisor.
Application software like email, MS word, MS Excel should be closed properly.
User should check whether power adapter is attached with computer properly at the time of
turn
on the computer.
GENERAL POLICY FOR IT SERVICES V1.0

IT

Page 10 of 11

Version date:
Prepared by:

GENERAL POLICY FOR IT SERVICES

IT

DEPARTMENT

Use a damp, soft, lint-free cloth to clean the computers exterior. Avoid getting moisture in any
openings.
Do not spray liquid directly on the computer.
Dont use aerosol sprays, solvents, or abrasives.
Dampen a clean, soft, lint-free cloth or paper with water only and wipe the screen.
Keep your computer away from sources of liquids, such as drinks, washbasins, bathtubs, shower
stalls, and so on.
Protect your computer from dampness or wet weather, such as rain, snow, and so on.
Never force a connector into a port. If the connector and port dont join with reasonable ease,
they probably dont match. Make sure that the connector matches the port and that you have
positioned the connector correctly in relation to the port.
You should aware avoid possible damage to the system, wait 5 seconds after turning off the
computer before disconnecting a device from the computer.
When you use the AC adapter to run the computer or to charge the battery, place the AC
adapter

18.Records
Approved Policy is kept in below location:
\\ Location address:
19.Roles and Responsibilities
19.1

19.2

19.3

19.4

Indesore management is responsible for:

Supporting and complying with this policy.
IT is responsible for:
Supporting, monitoring and complying with this policy
HR is responsible for:
Review and ensure employee comply with this policy;
Take administrative action in violation of policy (if required);
Employee is responsible for:
Reporting risk and violations and any activities that conflicts with this policy;
Support and comply with these policies and services.

GENERAL POLICY FOR IT SERVICES V1.0

IT

Page 11 of 11