Forum Topic

ICT Policy - Draft, Recommendations, Revisions

  • The ICT Policy Draft. Anyone could suggest addition, revision, deletion.

    The purpose of this post is to solicit from everyone, so be generous to share.

    -- edited by phdot_com on Sep 25 2012, 06:19 PM
  • Introduction
    1. The purpose of the ICT Policy is to ensure the effective protection and proper usage of the Information and Communications Technology (ICT) resources of XXX Company, INC. The ICT investment of the organization is considerable, and the dependency on these resources in the delivery of XXX Company, INC. services is high. The ICT Policy will assist in maintaining systems at operational level. Contraventions of the ICT Policy could seriously disrupt the operation of XXX Company, INC. and any breaches will be treated seriously.

    2. Department/Section Heads are responsible for ensuring adherence to the ICT Policy within their Departments/Sections, overseen by the XXX/President.

    -- edited by phdot_com on Sep 25 2012, 06:09 PM
  • Section One – Computer and Communication Systems

    -- edited by phdot_com on Sep 25 2012, 06:08 PM
  • Network

    1. Network management, administration and maintenance within XXX Company, INC. are the responsibility of the ICT Section. Access to and usage of the servers is restricted to authorized officer and staff.

    2. The ICT Section may implement solutions for the protection of the whole system.

    -- edited by phdot_com on Sep 25 2012, 06:18 PM
  • Hardware (Servers, PCs, Laptops, Printers, Telephone, etc.)

    1. The purchase, installation, configuration and maintenance of ICT equipment are the responsibility of the ICT Section.

    2. Requirements for new hardware should be discussed in advance with the ICT Officer to assess the detailed specification.

    3. The security and safekeeping of portable and other equipment used outside XXX Company, INC. offices is the responsibility of the employee using it.

    4. All Officers and Staff members are responsible for the proper usage, care and cleanliness of the equipment they use. Department/Section heads should ensure that staff member maintains the cleanliness of their machines and work area.

    5. Problems with hardware should be reported to the ICT Section in accordance with established ICT Help Desk/Support procedures.

    -- edited by phdot_com on Sep 25 2012, 06:20 PM
  • Software (Operating System, Office Suites, and other applications)

    1. The purchase, installation, configuration and support of all software used within XXX Company, INC. are the responsibility of the ICT Section.

    2. All Officers, staff members, and users are not allowed to install any software, including screensavers and plug-ins, on production equipment without prior authorization from the ICT Officer. This includes programs downloaded from the Internet. Software to be tested should only be installed on lab machines.

    3. XXX Company, INC. will treat the unauthorized installation of software by users as a serious breach of the ICT Policy.

    4. The ICT Section should maintain “Software license registers” to ensure compliance with legislation.

    5. Software disks will be kept securely by the ICT Section.

    6. Requirements for new software should be discussed in advance with the ICT Officer to assess the detailed specification and implications.

    6. Problems with software should be reported to the ICT Section in accordance with established ICT Help Desk/Support procedures.

    7. Requests for modifications, enhancements and upgrades of existing software should be discussed with the ICT Officer.

    -- edited by phdot_com on Sep 25 2012, 06:22 PM
  • Data/Electronic Information

    1. Data Management should be in accordance with the data management policies and procedures of XXX Company, INC.

    2. Department/Section Heads are responsible for maintaining the quality of the computer-held data processed by them or their staff.

    3. The individual user is responsible to their line officer for the quality of the computer data they have personally processed.

    4. All information/data held on the organization’s systems is deemed the property of XXX Company, INC. This includes but not limited to files and emails stored on the company’s equipment.

    5. As a condition of employment, Officers, staff members and users consent to the examination of the use and content of all data/information processed and/or stored on the organization’s systems as required.

    -- edited by phdot_com on Sep 25 2012, 06:23 PM
  • Back Up

    1. The ICT Section is responsible for ensuring the implementation of an effective back-up and recovery strategy for the company.

    2. Users should see to it that their data has a back up following the procedures established by the ICT Section.

    -- edited by phdot_com on Sep 25 2012, 06:23 PM
  • Virus and Malware Protection

    1. The ICT Section is responsible for the implementation of an effective virus/malware, email and internet security strategy. All machines, networked and standalone, will have up-to-date anti-virus protection.

    2. The installation of anti-virus software on all machines is the responsibility of the ICT Section.

    3. The ICT Section will ensure the update of the anti-virus software on networked desk-top PCs.

    4. Remote users and users of portable machines will assist in the upgrade of anti-virus software in accordance with specified mechanisms agreed with the ICT Officer.(e.g. internet updates)

    5. Staff should virus-scan all media (including floppy disks, optical discs, usb drives) before using.

    6. On detection of a virus, staff should notify the ICT Officer who will provide assistance.

    7. Under no circumstances should staff attempt to disable or interfere with the virus scanning software.

    -- edited by phdot_com on Sep 25 2012, 06:25 PM
  • Section Two – System Users

    -- edited by phdot_com on Sep 25 2012, 06:09 PM
  • Health & Safety

    1. Health and safety with regards to ICT equipment should be managed within the context of the general and any specific Health & Safety policies and procedures within XXX Company, INC.

    2. Department/Section Heads are responsible for ensuring health & safety policies and procedures with regards to computer equipment are implemented within their Departments/Sections.

    -- edited by phdot_com on Sep 25 2012, 06:25 PM
  • Training

    1. It is the responsibility of Department/Section Heads to ensure appropriate ICT-related training needs for their staff is identified. The ICT Section can advise or assist on ICT-related training issues.

    -- edited by phdot_com on Sep 25 2012, 06:26 PM
  • User Accounts

    1. Department/Sections Heads should notify the ICT Officer of new members of staff in advance to allow the creation of network, e-mail accounts and system permissions in accordance with established procedures.

    2. Department/Sections Heads should notify the ICT Officer of the departure of staff to allow the deletion of network, e-mail accounts and system permissions.

    -- edited by phdot_com on Sep 25 2012, 06:27 PM
  • Passwords

    1. The ICT Officer will ensure that username and password is part of the security strategy of the XXX Company, INC. IT system.

    2. Users should change their passwords when prompted by the system in the case of networked machines or on a regular basis for standalone machines.

    3. Users are responsible for the security of their password which they should not divulge, even to colleagues and other unauthorized users.

    4. Problems with passwords should be reported to the ICT Section in accordance with established ICT Help Desk/Support procedures.

    -- edited by phdot_com on Sep 25 2012, 06:28 PM
  • System Usage

    1. Users should ensure their computers are fully shut down and turned off at end of day, except for servers.

    2. Users should not use gadgets/equipment that may circumvent the controls of the system without authorization from the ICT Officer. (e.g. This includes but not limited to laptops accessing the company’s network, usb internet access point and similar gadget used on company property to access not allowed sites.)

    3. Users should not allow unauthorized use of the equipment assigned to them. (e.g. visitors, friends or children use the computers).

    -- edited by phdot_com on Sep 25 2012, 06:29 PM
  • Section Three - E-mail/Internet/Phone
  • E-Mail

    1. The XXX Company, INC. e-mail system is a core business application. It should not be used for political, business or commercial purposes not related to XXX Company, INC.

    2. The XXX Company, INC. e-mail system must not be used to send illegal or inappropriate material that includes but not limited to chain letters, pornographic materials, and destructive applications.

    3. It is a condition of employment that all users consent to the examination of the use and content of their email accounts as required.

    4. Global distribution lists should be used appropriately. Email to all staff should be used only when appropriate.

    5. Confidential material sent by e-mail should be sent only with caution.

    6. XXX Company, INC. retains the right to access and view all Emails sent and received by the Email system.

    -- edited by phdot_com on Sep 25 2012, 06:31 PM
  • Internet

    1. Access to the Internet is provided for business purposes. Limited personal use is permitted and is to be restricted to lunch breaks only.

    2. Users should not make inappropriate use of their access to the Internet. They must not use XXX Company, INC. systems to access pornographic, illegal or other improper material.

    3. Users should not subscribe or browse to chat rooms, dating agencies, messaging services or social networking sites.

    To be revised. No.3 is not realistic anymore and cannot be prevented. It is tantamount to killing yourself as ICT Officer to police them. This will be replaced with some social media policy.


    4. Programs, including screensavers and add-ins, must not be downloaded from the Internet without prior request and authorization from the ICT Officer.

    5. XXX Company, INC. retains the right to monitor Internet usage by users.

    6. It is a condition of employment that all users consent to the examination of the use and content of their Internet activity as required.

    7. Abuse of Internet access will be dealt with accordingly.

    -- edited by phdot_com on Sep 25 2012, 06:33 PM

    -- edited by phdot_com on Sep 26 2012, 10:44 AM
  • Phone

    1. The XXX Company, INC. phone system should be used for official business only. Use of phone should be as short as possible to give way to the next user or caller.

    2. XXX Company, INC. retains the right to monitor and log calls made by users.

    3. It is a condition of employment that all users consent to the examination of the use and content of their phone activity as required.

    -- edited by phdot_com on Sep 25 2012, 06:34 PM
  • Section Four - Contravention of the ICT Policy

    1. Contravention of the XXX Company, INC. ICT Policy or any act of deliberate sabotage to XXX Company, INC. ICT systems may be considered a disciplinary offense.

    -- edited by phdot_com on Sep 25 2012, 06:14 PM
  • -End of Draft Revision 0-
  • A very helpful and informative , KUDOS to phdot_com
  • nice one sir phdot
  • ^_^ how okey toh ha

    thanks sir phdot_com
  • ganda! thank you
  • ayus,
  • Nice one :) Thanks sana pwede din ma-edit ng ibang user or paano kung merong gustong i-add?
  • @phdot_com

    sir may draft ka ba for implementing open source softwares usage mag umpisa sa operating system, server modules and applications like office suites?

    parang dito sa post mo
    Software (Operating System, Office Suites, and other applications)

    TIA!

    bookmarked!

    -- edited by clerrific on Sep 26 2012, 09:39 AM
  • Nice one :) Thanks sana pwede din ma-edit ng ibang user or paano kung merong gustong i-add?


    Post lang dito sa baba sir. At e include ko sa edit sa taas with your name.
  • No.3 on Internet is to be revised.
    To be revised. No.3 is not realistic anymore and cannot be prevented. It is tantamount to killing yourself as ICT Officer to police them. This will be replaced with some social media policy.