Select Page

IT Policies and Procedures Manual

$595.00

Clear
SKU: ABR34M Category:

Description

ALL THE PROCEDURES ARE IN MICROSOFT WORD AND YOU WILL RECEIVE INSTANT ACCESS THROUGH A DOWNLOAD LINK

FOR MORE INFORMATION VIEW THE TABS ABOVE

 

Computer & IT Policies and Procedures Manual

Our IT Policies and Procedures Manual set includes answers to basic IT questions:

  • How long do you need to keep different types of IT Department or Project records?
  • What should by your IT security policy on Network Security, IT acceptable use policy, or Third Party Software?
  • What is the IT disposal policy for the proper method of disposing of IT assets?
  • How does your IT purchasing policy approve and manage new IT vendors, suppliers, or contractors?
  • How do you gauge IT satisfaction?
  • What is the IT Security Policy for handling computer malware?
  • How do you identify and prevent computer security incidents or provide IT risk assessment?
  • What programming standards are needed or in place?
  • What processes are in place for IT troubleshooting, technical support, and IT training?

 

Computer & Information Technology Policies and Procedures Manual

Finally, a tool to help IT Managers with the volume of work standards that have mushroomed in their departments, ostensibly to implement accepted IT processes such as Information Technology Infrastructure Library (ITIL), Capability Maturity Model (CMM), and others. Such tools are, of course, supposed to help us gain better alignment with business goals and more efficient project implementation.

 

Get Better Results from Your IT Policies

Sometimes, though, this volume of IT documentation can slow rather than speed efficiency. Despite the growth of documentation, managers note persistent symptoms including an ever-increasing project backlog, and little direct feedback from completed software projects indicating that they are having the desired impact on the business. These are symptoms of lack of alignment of business processes with the business goals.

When workers view IT policies and procedures as irrelevant or hard to use, they tend to rely on tribal knowledge they just ask each other questions. While that can be effective, formal knowledge management systems become superfluous and they die. This invites other problems, like inconsistent product quality, loss of knowledge as people leave, lack of compliance and no audit trail, hoarding of information. All of this puts customer satisfaction and even the company’s future at risk.

IT Department Standards

Written IT standards, policies and procedures need to be aligned with key IT processes and business goals, or users will find workarounds. We hear from IT managers because they think of us as the policies and procedures guys, and they sense that better procedures, best practices, and time test routines are the answer.

Align IT Processes with Policies and Procedures

But we’re the first ones to suggest that are only part of the answer. When found in abundance, IT policies, procedures and standards could be a symptom of lack of alignment around business goals. It’s like trying to patch an ineffective working relationship by writing down every possible scenario. Of course that’s impossible. And it only hamstrings the creativity and initiative of your best computer professionals.

By playing the role of facilitator, you can help staff and stakeholders collaborate to critique existing business processes, modify them as necessary, and agree on a workable process. As their manager and resource, you can provide communications and training to reinforce buy-in and adoption. Success creates an impetus for further process improvement. With the improved focus, it’s easier to weed out unnecessary processes and get better results.

IT Policy and Procedures Manual Templates Simplify Documentation Writing

No matter what your objective, this prewritten and fully editable information technology policies and procedures manual will simplify your assignment and save you countless hours of research, planning and development time.

The Computer & Information Technology Policies and Procedures Manual comes with 41 prewritten IT procedures, 33 job descriptions, 75 IT forms, a sample CIO manual, and a free Computer and IT Security Guide. You will get over 800 pages of content written by knowledgeable technical writers and reviewed by experts in the field.

Computer & IT Policies and Procedures Manual

A well written Computer & IT policies and procedures Manual reduces costs and improves performance by enhancing consistency and establishing clear criteria for computer, network, hardware, software, IT security, and IT vendors. Establishing consistent best practices and methods are an important component in safeguarding your information systems, IT assets, and IT investments.

The IT Policies and Procedures Manual is written with IT security and compliance in mind. Clearly written IT process procedures simplify compliance with COBIT, ITIL and more

Download Editable IT Department Best Practices

Are you looking to implement Information Technology (IT) management best practices in your IT department or organization? Or are you trying to enhance your IT processes, or simply working to update and improve your IT policies and procedures manual?

Computer & IT Policies and Procedures Manual Templates Save Time

You can save hundreds of hours of research and writing by starting with prewritten information technology policies and procedures manuals. All content is available immediately for download using

Easily editable Microsoft Word templates,

We’ve made these easy to customize no different than working on any other day-to-day documentation.

Computer & IT Procedures in five critical areas of Information Technology Management:

  • IT Administration Policies
  • IT Asset Management Procedures
  • IT Training, Incident Handling and Technical Support Procedures
  • IT Security and Disaster Recovery Procedures
  • Software Development Procedures

Combined, these IT procedures address important information technology policies such as IT administration, IT vendor management, IT training and support, system and software development, computer asset management, and IT security. Since everything is instantly downloadable, you can start working on implementing IT Policies, Procedures and best practices right away.

Delivery Options CD and Hard Cover Book, Download Only 

41 PREWRITTEN POLICIES AND PROCEDURES

IT ADMINISTRATION PROCEDURES

E-Mail Policy Procedure

Implement guidelines for email usage within your company with our E-Mail Policy Procedure. This E-Mail Policy Procedure delineates specific standards regarding the use of email within the company IT network.

The email procedure limits the use of email to support of your company’s business needs. The email policy applies to all company personnel and computer systems.

(6 pages, 1215 words)

The E-Mail Policy Committee should periodically review the company e-mail policy, to verify that it continues to meet company requirements. Where the policy does not meet requirements, the Policy Committee should revise the policy as needed and communicate the revised policy to all employees. Within one month of such changes to the e-mail policy, the Information Technology Security Manager should verify that they are being implemented and that they are having the intended effect.

E-Mail Policy Responsibilities:

All Employees are responsible for knowing, understanding, and adhering to the company’s e-mail policy.

The Human Resources Manager is responsible for communicating the e-mail policy to all new employees and retaining employee policy acknowledgements.

Department Managers are responsible for communicating revisions to the e-mail policy to employees in their respective departments.

Information Technology Managers are responsible for developing e-mail policy and reviewing the policy (and any changes) with the Policy Committee.

The Information Technology Security Manager is responsible for monitoring e-mail use and enforcing the company e-mail policy.

E-Mail Policy Definitions:

Email Policy Committee – A group comprised of Top Management, the Information Technology Security Manager, and Information Technology Managers and led by Information Technology Managers. The purpose of the Email Policy Committee is to develop, revise (as needed), and approve the company’s email policy.

Top Management – A group comprised of the company’s chief executive and chief financial officers, at a minimum.

E-Mail Policy Procedure Activities

  • Email Policy Development
  • Email Policy Implementation
  • Email Policy Review
  • Email Policy Changes

E-Mail Policy Procedure References

  • ISO 9001:2000 Standard-Quality Management Systems-Requirements, Clause 4.2.4 (Control of Records)
  • Sarbanes-Oxley Act of 2002

E-Mail Policy Procedure Forms

  • Company Email Policy Acknowledgement Form

IT Department Satisfaction Procedure

The IT Department Satisfaction Procedure improves the IT staff’s service, enhances user approval of the department’s IT products and services, and increases the user community’s performance and productivity by supplying products and services that add value to your company.

Gauge user satisfaction of new IT installations or updates with proper follow-up or an IT satisfaction survey. The IT Department Satisfaction Procedure applies to all of your company’s IT employees as well as IT contractors or outsourcers.

(10 pages, 1787 words)

IT Department Satisfaction Responsibilities:

The Quality Assurance Manager is responsible for reviewing reports on user satisfaction (from Information Technology Management and the Tech Support Manager) and recommending actions to improve user satisfaction.

The Tech Support Manager is responsible for maintaining a Tech Support Log, reporting on user satisfaction in the Log, and taking corrective actions related to user satisfaction.

Information Technology Department Managers</> are responsible for reviewing user satisfaction summaries and taking corrective actions in response to low user satisfaction.

IT Department Satisfaction Definitions:

Information Technology Asset</> – Any computer hardware, software, Information Technology-based company information, as well as related documentation, licenses, contracts or other agreements, etc.  In the context of this document, “asset” is synonymous with “Information Technology asset.”

Internal User – An employee or contractor using company Information Technology assets in the course of performing a job (task) for the company. In the context of this document, “user” is synonymous with “internal user.”

Random Sampling – Technique whereby a group of subjects (a sample) is selected for study from a larger group (a population) entirely by chance. Each member of the population has a known, but possibly non-equal, chance of being included in the sample. By using random sampling, the likelihood of sampling bias is reduced.

Statistically Significant – A finding (the observed difference between the means of two random samples, for example) is described as statistically significant when it can be demonstrated that the probability of obtaining such a difference by chance only is relatively low.

IT Department Satisfaction Procedure Activities

  • General IT Department Satisfaction
  • Post IT Service Follow-Up
  • IT User Survey
  • IT User Satisfaction Review

IT Department Satisfaction Procedure References

  • ISO 9001:2000 Standard- Quality Management Systems-Requirements, Clause 8.2.1 (Customer Satisfaction)

IT Department Satisfaction Procedure Forms

  • IT Post-Service Satisfaction Report Form
  • User Satisfaction Survey Form

 

IT ASSET MANAGEMENT PROCEDURES

IT Asset Installation Satisfaction Procedure

The IT Asset Installation Satisfaction Procedure improves your company’s internal users’ satisfaction with IT installation by measuring and analyzing user satisfaction through follow-up reviews and ongoing evaluations.

The IT Asset Installation Satisfaction Procedure helps increase performance and productivity within the user community. The IT installation procedure applies to IT users and IT contractors.

(6 pages, 1113 words)

Following installation of any Information Technology asset, the asset user should be contacted for the purpose of determining the user’s level of satisfaction with the installed hardware/software and with the installation process. User satisfaction data should be analyzed and the results of this analysis should be used to correct and improve the asset installation process. The process of measuring Information Technology user satisfaction should be reevaluated on an ongoing basis, to continue to improve the process and to improve user satisfaction.

Upon installing any Information Technology asset, data pertaining to the asset should be recorded in the correct database. The Tech Support Manager should contact the asset user within five (5) business days of installation.

IT Asset Installation Satisfaction Responsibilities:

The Tech Support Manager is responsible for installing Information Technology assets and gathering satisfaction data from internal users after installations.

The Information Technology Asset Manager is responsible for analyzing user satisfaction data and presenting the analysis to Information Technology Managers.

Information Technology Managers are responsible for reviewing the user and recommending corrective and/or preventive actions.

IT Asset Installation Satisfaction Definitions:

Information Technology Asset (IT asset) – Computer hardware, software, IT-based (i.e., electronic) company information, related documentation, licenses, contracts or other agreements, etc. In the context of this document, “asset” is synonymous with “Information Technology asset”.

Internal User – An employee or contractor using company Information Technology assets in the course of performing a job for the company. In the context of this document, the word “user” is synonymous with the term “internal user.”

IT Asset Installation Satisfaction Procedure Activities

  • IT Asset Installation Satisfaction Plan
  • IT Asset Installation Follow-Up
  • IT Asset Installation Satisfaction Data Review
  • IT Asset Installation-Corrective/Preventive Action
  • IT Asset Installation-Ongoing Evaluation

IT Asset Installation Satisfaction Procedure References

  • ISO 9001:2008 Standard-Quality Management Systems-Requirements, Clause 8.2.1 (Customer Satisfaction)

IT Asset Installation Satisfaction Procedure Forms

  • IT Asset Installation Follow-Up Report

IT Asset Standards Procedure

The purpose of the IT Asset Standards Procedure is to specify and define minimum standards for IT assets under your company’s control.

The IT standards procedure minimizes complexity and cost of building and managing IT systems. It applies to all of your company-controlled IT assets.

(12 pages, 1785 words)

IT Asset Standards Responsibilities:

Information Technology Managers are responsible for reviewing Information Technology asset standards.

The Information Technology Asset Manager is responsible for developing the company’s Information Technology asset standards, for reviewing such standards from time to time with Information Technology Managers, and for communicating these standards in an effective and timely manner to the Tech Support Manager.

The Tech Support Manager is responsible for implementing the company’s Information Technology asset standards.

The Human Resources Manager is responsible for communicating special employee requirements to the Information Technology Asset Manager.

IT Asset Standards Definition:

Information Technology Asset – Any computer hardware, software, Information Technology-based company information, related documentation, licenses, contracts or other agreements, etc.

IT Asset Standards Procedure Activities

  • IT Asset Standards Development
  • IT Asset Standards Implementation
  • IT Asset Standards Assessment

IT Asset Standards Procedure References

  • Americans with Disabilities Act(ADA)
  • Institute of Electrical and Electronic Engineers Computer Society (IEEECS) Standards
  • International Association Information Technology Asset Managers (IAITAM)
  • Bizmanualz Document #ABR41M- Human Resources and Forms

IT Asset Standards Procedure Forms

  • IT Asset Standards List Form
  • IT Asset Configuration Worksheet Form
  • IT Asset Standards Exception Request Form

 

IT SECURITY PROCEDURES

IT Access Control Procedure

The IT Access Control Procedure prevents unauthorized access to—and use of—your company’s information. The IT Access Control Procedure ensures your information’s security, integrity and availability to appropriate parties. The IT Access Control Procedure applies to all company information and to all storage access methods.

(14 pages, 2495words)

IT Access Control Responsibilities:

The Human Resources Manager is responsible for reviewing requirements for access (with Information Technology Managers) and Access Control Plan user training.

Information Technology Managers are responsible for reviewing access requirements, convening the Security Review Committee to review the Plan, and verifying updates to the Plan.

The Information Technology Security Manager is responsible for developing an Access Control Plan, presenting the Plan to the Security Review Committee for review, communicating the Plan to Human Resources, monitoring the Plan, revising the Plan, as needed, and enforcing the Plan.

The Security Review Committee is responsible for reviewing and approving the Plan.

Users are responsible for knowing and following the Plan.

IT Access Control Definition:

Access control – Enforcement of specified authorization rules based on positive identification of users and the systems or data they are permitted to access (or, providing access to authorized users while denying access to unauthorized users).

IT Access Control Procedure Activities

  • Planning IT Access Control
  • IT Access Control Plan
  • IT Access Control Plan Review
  • IT access Control Plan Update

IT Access Control Procedure References

  • ISO/IEC Standard 27002:2013- Information Technology-Code of Practice for Information Security Management
  • IEEE 802.1X- Port-Based Network Access Control Standard
  • IEEE Special Publication 802.12- An Introduction to Computer Security- The NIST Handbook

IT Access Control Procedure Forms

  • IT Access Control Plan Form
  • IT User Access Control Database Form
  • Access Control Log Form
  • User Account Conventions Form

IT Disaster Recovery Procedure

The IT Disaster Recovery Procedure defines your company’s recovery objectives and assigns procedures for achieving those objectives. The IT Disaster Recovery Procedure ensures continuity of all of your company’s operations.

The disaster recovery policy applies to all your company’s personnel, IT system, networks and assets.

(42 pages, 4121 words)

IT Disaster Recovery Responsibilities:

The Information Technology Disaster Recovery Coordinator is responsible for chairing the Information Technology Disaster Recovery Planning Committee, coordinating Information Technology disaster response and recovery, reporting on disaster response and recovery, and updating the Recovery Plan.

The Information Technology Security Manager is responsible for conducting and/or supervising testing of the Information Technology Disaster Recovery Plan.

The Information Technology Disaster Recovery Planning Committeeis responsible for developing and reviewing the Information Technology Disaster Recovery Plan.

The Information Technology Storage Librarian is responsible for backing up and restoring company data.

The Tech Support Representative are responsible for various recovery tasks, such as installation and testing of replacement equipment, operations systems, applications software, communications, etc.

IT Disaster Recovery Definitions:

Business continuity – The degree to which an organization may achieve uninterrupted stability of systems and operational procedures.

Information Technology disaster – A sudden, significant event that may result in the loss or destruction of company information and/or loss of service on the company’s Information Technology network.

IT Disaster Recovery Procedure Activities

  • IT Disaster Recovery Plan
  • IT Disaster Recovery Plan Review
  • IT Disaster Recovery Plan Revision

IT Disaster Recovery Procedure References

  • Bizmanualz Publication #ABR33M-Disaster Recovery Policies, Procedures, and Forms
  • The Public Company Accounting Reform and Investor Protection Act of 2002 (Sarbanes-Oxley, SOX)
  • ISO/IEC Standard 27002:2013- Information Technology-Code of Practice for Information Security Management
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)
  • Expedited Funds Availability Act of 1989 (EFA)

IT Disaster Recovery Procedure Forms

  • IT Disaster Recovery Plan

 

IT TRAINING & SUPPORT PROCEDURES

IT Support Center Procedure

The purpose of the IT Support Center Procedure is to identify staffing, training, and logistic requirements for an internal service or IT support center.

This IT Support Center Procedure provides ongoing emergency and non-emergency technology support to all departments and users. It applies to the IT support center, in particular, and all departments with technology needs, in general.

(8 pages, 1623 words)

This procedure applies, in particular, to the Information Technology Support Center. In general, all departments within the company have technology needs, including:

  • Hardware support – Assistance with installation, usage, upgrades, or failures of all Information Technology related computer and communication equipment;
  • Software support – Assistance with technical questions on all operating systems, e-mail, applications, and database software; and
  • Telecommunications – Assistance with telephone, voice mail, pager, and all wireless equipment, including all setup, usage, and hardware difficulties.

Therefore this procedure, while not directly applicable to other departments, has a direct impact on the ability of every other department to do business in a manner that satisfies company and customer requirements.

IT Support Center Responsibilities:

Information Technology Managers are responsible for developing Support Center goals, identifying needs, developing the Information Technology Support Plan, providing resources for the Information Technology Support Center, reviewing Support Center metrics with the Support Center Manager, and recommending changes to the Plan.

The Information Technology Support Center Manager is responsible for administering the Support Center budget and other recordkeeping, recording and analyzing Support Center metrics and reporting on such metrics and other Support Center activities to Information Technology Managers on a regular basis, managing a staff of (in-house or outsourced) Technical Support analysts, recommending improvements to Information Technology Managers, and meeting or exceeding user expectations for the Support Center.

The Tech Support Manager is responsible for carrying out the daily operations of the Information Technology Support Center (i.e., delivering user support).

The Technology Review Committee is responsible for reviewing the Information Technology Support Plan, recommending revisions to the Plan, and for final approval of the Plan. The Technology Review Committee should consist of Information Technology Managers (who should chair the Committee) and management of the company’s functional departments or their representatives.

IT Support Center Definitions:

Technical Support (or “Tech Support”) – Provision of human resource and contract services for the installation, setup, and efficient operation of information technologies; also refers to personnel having responsibility for providing technical support.

Help Desk – Alternate name for technical support services.

IT Support Center Procedure Activities

  • IT Support Center Overview
  • IT Support Center Operations
  • IT Support Review

IT Support Center Procedure Forms

  • Tech Support Log Form
  • System Trouble Acknowledgement Form

 

IT Troubleshooting Procedure

The IT Troubleshooting Procedure offers a procedure for troubleshooting IT-related problems and enables effectiveness, consistency, and continual improvement of the IT troubleshooting process.

This IT Troubleshooting Procedure applies to all company IT assets and complies with the policy of minimizing IT system disruptions, enhancing productivity and promoting user satisfaction.

(10 pages, 1907 words)

IT Troubleshooting Responsibilities:

Information Technology Managers are responsible for evaluating the Information Technology Department’s troubleshooting methods, approving the Information Technology Troubleshooting Plan, and periodically reviewing the Plan. Information Technology Managers should review and evaluate the Information Technology Department’s current troubleshooting methods and capabilities, comparing them with industry standards, best practices, and technology trends and performing a gap analysis.

The Tech Support Manager is responsible for developing, communicating, and implementing the Plan.

The Tech Support Manager is responsible for acting on user requests for troubleshooting, knowing and consistently applying the Information Technology Troubleshooting Plan, and recording troubleshooting activities for the purpose of monitoring and improving the Plan.

Users are responsible for reporting problems to the Help Desk in a timely manner, reporting accurately and with as much detail as possible.

IT Troubleshooting Definitions:

Cold boot – Start a computer (CPU) from its powered-down (off) state; also referred to as a “hard boot”.

Reboot – Restart a computer, either by warm booting or cold booting.

Troubleshoot – Isolate the source of a problem and fix it. Troubleshooting is a process of elimination, whereby possible sources of the problem are investigated and eliminated, beginning with the most obvious or easiest problem to fix. In computer systems, the term troubleshoot is often used when the problem is thought to be hardware-related; if the problem is software-related, the term debug is used.

Warm boot – Restart a computer by way of its operating system (i.e., “Control-Alt-Delete”). Warm booting returns a computer to its initial state without shutting it off.

IT Troubleshooting Procedure Activities

  • IT Troubleshooting-Planning
  • IT Troubleshooting Plan
  • IT Troubleshooting Plan Review
  • IT Troubleshooting Plan Update

IT Troubleshooting Procedure Forms

  • IT Troubleshooting Plan Form
  • User Troubleshooting Guide Form
IT SOFTWARE DEVELOPMENT PROCEDURES

IT Project Management Procedure

The IT Project Management Procedure ensures that IT projects are clearly defined, well structured and efficiently and effectively managed.

The IT Project Management Procedure ensures the desired results are produced on time and within budget. The management procedure applies to all in-house software development projects.

(16 pages, 2061 words)

IT Project Management Responsibilities:

The Information Technology Project Manager is responsible for ensuring that projects run smoothly, remain on schedule, and are completed on time.

IT Project Management Definition:

Quality Management System (QMS) – A formalized system that documents the structure, responsibilities, and procedures required to achieve effective quality management.

IT Project Management Procedure Activities

  • IT Project Setup
  • IT Project Schedule
  • IT Project Cycle Management
  • IT Project Review

IT Project Management Procedure References

  • ISO 9001:2008 Standard-Quality Management Systems Requirements
  • ISO/IEC 12207:1995-Information Technology-Software Life-Cycle Processes
  • IEEE/EIA 12207.0-Standard Industry Implementation of International Standard ISO/EIC 12207:2005 (ISO/EIC 12207) Standard for information Technology Software Life Cycle Processes

IT Project Management Procedure Forms

  • IT Project Development Database Form
  • IT Project Status Report Form
  • IT Project Team Review Checklist Form
  • IT Project Progress Review Checklist Form

 

Agile Software Development

With most IT products or projects your company handles, there is a clear, definitive roadmap to follow: Define-Design-Build-Test-Deploy.

But what about your website or your Web-based product? Can you employ the same type of methodology to achieve your end-goal? Of course not, because you know that the Web is ever evolving. The requirements you conceive will be obsolete by the time the product is launched, and your funding will dry up while you try to adapt.

Enter Agile. Software developers have been utilizing Agile methodology since the mid-90s, but you can use many of the same ideas for building and maintaining your Web-based project.

Instead of taking five months, 12 months, two years to drag a project through the roadmap from Define to Deploy, Agile is a recurring, constantly mobile process that completes the cycle multiple times until the team achieves the desired end-product.

By cycling through week-long iterations of defining, designing, building, testing, and deploying, you know the product’s limitations, what it will look like, and its usefulness to the customer. The key component to IT project management and the success of the IT project is customer input. When you have something to show them after only spending a week on it, you can build that customer feedback into the next iteration’s set of requirements.

For example, say your product is a website that aggregates the day’s headlines for your city from various news sources. After a week, you have a version to show. Your customer says it would be helpful if users could rank the news stories, so the most read and most popular ones show first. It’s a simple fix that you can implement immediately into the next definition phase.

The sooner you receive customer input, the more successful your project will be. And from the customers’ point of view, they now have a vested interest in the success of the project. They provided input; they want it to work.

Software Design Procedure

The purpose of the Software Design Procedure is to transform a set of system requirements (developed by the systems analyst) into programming instructions for a software product.

The Software Design Procedure helps design software in a technically sound and efficient manner. This software procedure applies to all software products and updates released by the company.

(6 pages, 1117 words)

Software Design Responsibilities:

The Software Designer is responsible for transforming system requirements developed by the systems analyst into programming instructions and then communicating the overall design approach. The Software Designer should write a description of the programming environment. They should also create a general design of the software required to fulfill the system requirements developed by the systems analyst. They might use the following tools:

  • A word processing program, for typing text;
  • A paint or draw program, for creating graphics;
  • A flow charting program, for documenting data flows;
  • A source code control system, for controlling program revisions; and
  • A central database, for storing specifications, charts, and images.

Document ideas, comments, and concerns for possible investigation. Plan on spending as much time as necessary to answer any questions before turning the design over for programming. The more time spent in the early planning phases will help to create easier coding and save time later in the software programming phase. Users may request design changes during this or any other phase of the software development life cycle.

Software Design Procedure Activities

  • Software Design-Introduction
  • Software Design Specification
  • Software Design Review

Software Design Procedure References

  • ISO/IEC 12207:1995-Information Technology-Software Life Cycle Processes
  • IEEE/EIA 12207.0-Standard Industry Implementation of International Standard ISO/IEC 12207:1995

Software Design Procedure Forms

  • Design Review Checklist Form

75 CORRESPONDING ACCOUNTING FORMS

IT ADMINISTRATION FORMS

Computer-Internet Usage Policy Acknowledgement Template

The Computer-Internet Usage Policy Acknowledgement Template covers acceptable use, inappropriate use, internet and e-mail security, and more. All terms and conditions as stated in the policy are applicable to all users of the company network and the Internet. These reflect an agreement of all parties and should be governed and interpreted in accordance with the laws of the country, state, municipality, etc., in which the company is located.

The user signifies his or her understanding of the aforementioned policies and agrees to abide by them. The user also signifies understanding that violating these policies is, at the least, unethical and may even be a criminal offense, punishable by revocation of access privileges, disciplinary action (which may include termination), and/or court action that could result in a fine, imprisonment, or both.

Once the user signs ITAD107-1 COMPANY COMPUTER AND INTERNET USAGE POLICY, they should deliver the signed original to Human Resources and retain or be given a copy for their personal records. Any user violating the policies or applicable local, state, or federal laws while using the company network should be subject to loss of network privileges and any other disciplinary actions deemed appropriate, possibly including termination and criminal/civil prosecution.

This policy applies to all employees with access to Internet and related services through the company network infrastructure. Internet Related services include all services provided with the TCP/IP protocol, including but not limited to Electronic Mail (email), File Transfer Protocol (FTP), and World Wide Web (WWW) access.

Computer-Internet Usage Policy Acknowledgement Template Details

Pages: 03 Words: 690 Format: Microsoft Word 2013 (.docx) Language: English Manual: Computer & IT Category: IT Administration Procedure: Computer Internet Usage Policy Procedure ITAD107 Type: Guide

IT Document Change Control Request Template

If a document/change is approved, a Document Change Number (DCN) should be noted on the IT Document Change Control Request Template. ITAD103-3 DOCUMENT CHANGE CONTROL FORM and a copy of the (changed) document, along with appropriate approvals, should be submitted to the Document Manager for updating the document, indexing the revision, and updating the revision history. If the document (change) request is denied, the requestor should be notified of the reason(s) for denial.

The Document Manager should circulate the final document/revision in order to obtain the required approvals (signatures). When the required approvals have been obtained, the Document Manager should update the master document list with the correct revision number, last review date, and other required information. In the case of hard-copy documents, the master document (revision) should be stored with the master document list.

IT Document Change Control Request Template Details

Pages: 01 Words: 55 Format: Microsoft Word 2013 (.docx) Language: English Manual: Computer & IT Category: IT Administration Procedure: IT Document Management Procedure ITAD103 Type: Form

Related Documents

  • ITAD103-1 DOCUMENT CONTROL LIST
  • ITAD103-2 DOCUMENT CHANGE REQUEST FORM
IT ASSET MANAGEMENT FORMS

IT Approved Vendor List Template

The Information Technology Asset Manager should maintain the IT Approved Vendor List Template, listing vendors with which it has done business over the last five years, for reference purposes. ITAM103-4 IT VENDOR LIST includes vendor ID, contract number, asset class, and more.

If a vendor is found to be out of compliance, Quality Management should submit a Corrective Action Request, in accordance with the IT Incident Handling procedures. The Information Technology Asset Manager should update the disqualified vendor’s entry in the IT Vendor List. Disqualified vendors should be prohibited from doing business with the company for one year from date of disqualification.

IT Approved Vendor List Template Details

Pages: 01 Words: 41 Format: Microsoft Word 2013 (.docx) Language: English Manual: Computer & IT Category: IT Asset Management Procedure: IT Vendor Selection Procedure ITAM103 Type: List

Related Documents

  • ITAM103-1 IT VENDOR NOTIFICATION FORM
  • ITAM103-2 IT VENDOR SURVEY
  • ITAM103-3 APPROVED IT VENDOR DATA SHEET
  • ITAM103-5 IT VENDOR DISQUALIFICATION FORM

IT Asset Assessment Checklist Template

The IT Asset Assessment Checklist Template should be used by the Tech Support Manager as a guide to conducting Information Technology asset assessments. Prior to an assessment, the Information Technology Asset Manager should review ITAM104-1 IT ASSET ASSESSMENT CHECKLIST for possible modifications. Assessments should be conducted annually, at a minimum.

Information Technology asset assessments should also be conducted whenever a large turnover of assets (for example, a large number of PC leases expires in a short time frame) occurs. The Information Technology Asset Manager should ensure that the Tech Support Manager has the current version of the IT Asset Assessment Checklist Template on hand prior to conducting a network scan.

IT Asset Assessment Checklist Template Details

Pages: 03 Words: 438 Format: Microsoft Word 2013 (.docx) Language: English Manual: Computer & IT Category: IT Asset Management Procedure: IT Asset Assessment Procedure ITAM104 Type: Checklist

Related Documents

  • ITAM104-2 IT ASSET SCAN SUMMARY
IT SECURITY FORMS

IT Access Control Log Template

Instances of access and use of any Information Technology resource should be automatically logged in the IT Access Control Log Template. ITSD106-3 ACCESS CONTROL LOG should be retained in accordance with legal and regulatory requirements. Access to applications should be limited to authorized users and to normal business hours, with reasonable exceptions.

Access control is defined as the enforcement of specified authorization rules based on positive identification of users and the systems or data they are permitted to access (or, providing access to authorized users while denying access to unauthorized users). The Information Technology Security Manager should periodically (once a week is recommended) review the Access Control Log and present a status report to Information Technology Managers.

IT Access Control Log Template Details

Pages: 01 Words: 24 Format: Microsoft Word 2013 (.docx) Language: English Manual: Computer & IT Category: IT Security & Disaster Recovery Procedure: IT Access Control Procedure ITSD106 Type: Log

Related Documents

  • ITSD106-1 IT ACCESS CONTROL PLAN
  • ITSD106-2 IT USER ACCESS CONTROL DATABASE
  • ITSD106-4 USER ACCOUNT CONVENTIONS

IT Disaster Recovery Plan Template

To be prepared for disaster – to best ensure the continuity of business, should a disaster occur – the company should develop an IT Disaster Recovery Plan Template. The company should implement ITSD104-1 IT DISASTER RECOVERY PLAN, educating employees in their roles and responsibilities; test the Plan, to see if it will ensure rapid and full recovery; and fix flaws identified in testing, to better ensure the Plan will work when it is most needed.

The company should establish an Information Technology Disaster Recovery Planning Committee (Information Technology DRPC), composed of key personnel from each functional area within the company (HR, accounting, sales, etc.) and an Information Technology Disaster Recovery Coordinator, who should chair the Committee. The Information Technology DRPC should meet to:

  • Analyze and discuss the information obtained by the Information Technology Disaster Recovery Coordinator;
  • Identify mission-critical systems and services, determining how long each business unit can survive without those systems/services in operation (conduct a business impact analysis);
  • Establish recovery priorities.

The Information Technology Security Manager should test Information Technology disaster response and recovery at least once every 12 months. The Information Technology Security Manager should also test response and recovery upon any changes to the IT Disaster Recovery Plan. The Information Technology Disaster Recovery Plan should be periodically (at least once every three years) subjected to a third-party audit, to verify that the Plan is clear, sound, and continues to meet company, customer, and legal/regulatory requirements.

IT Disaster Recovery Plan Template Details

Pages: 37 Words: 2556 Format: Microsoft Word 2013 (.docx) Language: English Manual: Computer & IT Category: IT Security & Disaster Recovery Procedure: IT Disaster Recovery Procedure ITSD104 Type: Form

 

IT RAINING & SUPPORT FORMS

IT Server-Network Support Plan Template

Information Technology Managers should develop a IT Server-Network Support Plan Template, including budget requirements, and submit it to the Technology Review Committee for review and recommendations. A Server and Network Support team should be responsible for supporting servers and the Information Technology network infrastructure, in accordance with ITTS103-2 SERVER/NETWORK SUPPORT PLAN. Server and network support functions may reside entirely in-house and some or all functions may be outsourced.

The Server/Network Support team should be responsible for:

  • Server and network design;
  • Testing, installation, and configuration of hardware and software;
  • Daily operations (administration) of servers and the network; and
  • Maintenance, repair, and service

In accordance with the IT Server-Network Support Plan Template. Information Technology Managers should update (make revisions to) the Server/Network Support Plan, as needed, and communicate the revised Plan to the Server/Network Support Team. Within one month of implementing the revised Plan, the Technology Review Committee should review server and network activity logs (and server/network related documentation, if necessary) of the last month to ensure that the revised Plan has been properly implemented and is yielding the desired results.

IT Server-Network Support Plan Template Details

Pages: 02 Words: 231 Format: Microsoft Word 2013 (.docx) Language: English Manual: Computer & IT Category: IT Training & Support Procedure: IT Server-Network Support Procedure ITTS103 Type: Form

Related Documents

  • ITTS103-1 SERVER/NETWORK PLANNING CHECKLIST

ITTS103-2

IT Training Requirements List Template

The IT Training Requirements List Template is a list of minimum technical skills and knowledge required to perform the primary duties of each Information Technology position. ITTS105-1 IT TRAINING REQUIREMENTS LIST covers job title, grade, technical requirements, prescribed career path, and more. Information Technology Managers should include cross-training and succession planning guidelines, to ensure backup for key personnel.

There should also be an Information Technology security awareness training requirement for every employee. All employees are to be made aware – and such awareness maintained – that they each are responsible for the security of Information Technology assets in the course of their normal work. The Human Resources Department should ensure that all new employees (or employees new to a given position) receive the necessary technical and security training to perform their duties. Types of training, dates, times, and locations will be arranged for and communicated to employees.

IT Training Requirements List Template Details

Pages: 01 Words: 31 Format: Microsoft Word 2013 (.docx) Language: English Manual: Computer & IT Category: IT Training & Support Procedure: IT User-Staff Training Plan Procedure ITTS105 Type: List

Related Documents

  • ITTS105-2 ITS TRAINING LOG
IT SOFTWARE DEVELOPMENT FORMS

IT Project Development Database Template

The IT Project Development Database Template keeps track of project ID, proposed start and end date, proposed length, and more. The Information Technology Project Manager should review the proposed schedule with Information Technology Management. They should discuss possible changes to the proposed project with respect to ITSW102-1 IT PROJECT DEVELOPMENT DATABASE and resolve possible scheduling conflicts with existing projects.

The Information Technology Project Manager should discuss scheduling changes with the development team and revise the project schedule accordingly. The Information Technology Project Manager should enter the original project schedule into the IT Project Development Database so that at the end of the project, it can be evaluated in relation to the actual times spent on the project.

IT Project Development Database Template Details

Pages: 01 Words: 33 Format: Microsoft Word 2013 (.docx) Language: English Manual: Computer & IT Category: Software Development Procedure: IT Project Management Procedure ITSW102 Type: Log

Related Documents

  • ITSW102-3 IT PROJECT TEAM REVIEW CHECKLIST
  • ITSW102-4 IT PROJECT PROGRESS REVIEW CHECKLIST

IT Project Status Report Template

Throughout the course of the project, the Information Technology Project Manager should document the project status, as obtained above, at regular periodic intervals using the IT Project Status Report Template. ITSW102-2 IT PROJECT STATUS REPORT covers general information, key questions, key milestones, and more. Keep in mind, throughout the course of the project, the Information Technology Project Manager should:

  • Continually monitor progress on each major task;
  • Resolve internal staff and scheduling conflicts;
  • Keep team members current on all changes;
  • Update and communicate the project schedule;
  • Lead project meetings;
  • Help team members handle project-related requests from other departments and from management; and
  • Periodically inform management of the progress on the project.

The reporting cycle should be a function of the level of project activity but should not occur less often than once a month.

IT Project Status Report Template Details

Pages: 04 Words: 312 Format: Microsoft Word 2013 (.docx) Language: English Manual: Computer & IT Category: Software Development Procedure: IT Project Management Procedure ITSW102 Type: Report

Related Documents

  • ITSW102-1 IT PROJECT DEVELOPMENT DATABASE
  • ITSW102-3 IT PROJECT TEAM REVIEW CHECKLIST
  • ITSW102-4 IT PROJECT PROGRESS REVIEW CHECKLIST

33 EXAMPLE JOB DESCRIPTIONS

BOARD MEMBER SUMMARY OF FUNCTIONS

Each Member of the Board of Directors[1] acts in a position of trust for the community and is responsible for the effective governance of the organization.

BOARD MEMBER ESSENTIAL DUTIES AND RESPONSIBILITIES

  • Participate primarily in the organization’s financial management process.
  • Review and cast votes on stock offerings.
  • Review and approve/disapprove of the organization’s vision and mission statements and set forth the organization’s direction.
  • Review and vote on the organization’s Strategic and Business Plans, as well as subordinate Plans (e.g., Marketing Plan, Technology Plan); ensure that the various Plans are in sync; ensure that the organization’s Top Management effectively carries out these Plans.
  • Approves the stakeholder analysis, as well as other inputs to the MP1070-1 – MARKETING PLAN, and ensures the Plan’s effectiveness.
  • Attend Board meetings and makes decisions regarding the Company’s operations, as required.
  • Authorize the raising of capital through bank loans.
  • Oversee investigations into reporting errors; help prepare and submit all financial restatements as required by law and company policy; help prepare press releases about restatements.
  • Reviews and accesses foreign exchange risks and policy options, and then sets the Company foreign exchange management policy.
  • Reviews and approves all submitted financial reports, FA1000-1 FINANCIAL OBJECTIVES, the Capital Plan and any changes to the Plan, the Company’s formal goals and objectives, the Finance department’s continuity plan, and the RC1000-1 – BUSINESS PLAN.
  • Reviews and approves the risk assessment/risk analysis prior to development of a Risk Management Plan (see procedure AC1030 – RISK MANAGEMENT).
  • Reviews approved related party transactions and sets auditing or monitoring practices according to the requirements of each individual case.
  • Reviews financial analysis and approves corrections or improvements to financial policies, objectives, or activities.
  • Review and approve/disapprove of the organization’s financial forecasts and forecasted financial statements.

ORGANIZATIONAL RELATIONSHIPS

Reports to the other members of the Board and to shareholders. Works in conjunction with other Board members and the organization’s executive staff (President, Chief Finance Officer, etc.).

PROCEDURES

The Board Member Job Description is mentioned in the following procedures:

Procedure ID and Name

Policies & Procedures Manual

AC1020 Risk Assessment Finance
FA1000 Financial Objectives Finance
FA1020 Continuity Planning Finance
FA1060 Board of Directors’ Meetings Finance
FS1000 Financial Forecasting Finance
FS1010 Financial Reporting Finance
FS1020 Financial Statement Analysis Finance
FS1030 Financial Management Review Finance
FS1040 Financial Restatements Finance
ITAD101 Information Technology Management Computer & Network (IT)
MP1010 Stakeholder Analysis Sales and Marketing
MP1020 Vision and Mission Sales and Marketing
MP1050 Goals and Objectives Sales and Marketing
RC1000 Business Plan Finance
RC1010 Capital Plan Finance
RC1030 Bank Loans Finance
RC1040 Stock Offerings Finance
RC1050 Debt & Investment Finance
TM1030 Related Party Transactions Finance
TM1040 Foreign Exchange Management Finance

BOARD MEMBER QUALIFICATIONS

Prefer a candidate who currently holds (or recently held) an executive position with a firm having $2 million or more in revenue in the most recent fiscal year. Requires 10+ years of experience overseeing a company or companies in a related industry. Knowledge of, experience in field of finance is important.

The candidate must have a h4 sense of and commitment to ethical behavior; the appearance of unethical or illegal behavior in the past is unacceptable.

Must be committed to the work of the organization. Require knowledge and skills in one or more areas of Board governance (e.g., policy, finance, programs, personnel). Must be willing to serve on at least one committee and actively participate. Require attendance at monthly Board meetings; a time commitment of about 5 hours per month (including Board preparation, meeting, and committee meeting time) is expected. Must also attend the organization’s Annual General Meeting.

BOARD MEMBER PHYSICAL DEMANDS

Ability to communicate orally with top management, advisors, and other board members is crucial. Regular use of the telephone and e-mail for communication is essential. Sitting for extended periods is common. Hearing and vision within normal ranges is essential for normal conversations, to receive ordinary information, and to prepare or inspect documents.

Activities require the ability to remain in a stationary position 50% of the time, occasionally move about inside the office to access files or office equipment, operate a computer and other office productivity machinery, such as a calculator, hand held devices, copy machine, and computer printer, and operate and monitor various medical equipment.

No heavy lifting is expected. Exertion of up to 10 lbs. of force occasionally may be required. Good manual dexterity for the use of common office equipment such as computer terminals, calculator, copiers, and FAX machines.

WORK ENVIRONMENT

The job is performed indoors in a traditional office setting. Activities include extended periods of sitting and extensive work at an office/conference desk, using a phone or computer.

[1] Where the organization is not large or complex enough to warrant a Board of Directors, the CEO/ President should consider having an informal group of advisors or business consultants.

 

DIRECTOR OF QUALITY SUMMARY OF FUNCTIONS

The Director of Quality ensures that the organization’s products and services are in compliance with the company’s quality requirements, in addition to complying with customer and regulatory requirements for quality, safety, and reliability.

DIRECTOR OF QUALITY ESSENTIAL DUTIES AND RESPONSIBILITIES

  • Responsible for the development, implementation, and strict adherence to a quality program. Develops and/or reviews standards, policies, and procedures for all functions and departments involved with or related to the production of all products. The Director of Quality has the ultimate authority and decision over the shipment of any product or products and accepts the responsibility for products being in compliance with all regulatory and company standards.
  • Reviews and resolves quality control problems/concerns with the Quality Control Manager and others including vendors, customers, quality control personnel, and any personnel related to production.  Coordinates and assists with vendor inspections.
  • Periodically inspects completed quality control checklists, forms, and other documents; randomly inspects and verifies quality control checks for conformance to prescribed standards.
  • Schedules and performs quality audits and reports findings to the President, Quality Control Manager and Vice President of Production and Operations; develops corrective action plans and ensures timely resolution of findings.
  • Receives and reviews all customer satisfaction surveys and customer contacts and complaints. Reviews complaint trends and product/component failure analysis; reviews corrective actions with appropriate personnel.
  • Prepares reports and other documentation required by regulatory agencies and to support the quality function.

ORGANIZATIONAL RELATIONSHIPS

Reports directly to the President. Supervises, trains, and assists all quality control personnel. Directs quality-related activities in conjunction with Manufacturing, Engineering, Purchasing, Customer Service, and any other department/function that affects the quality of the organization’s goods or services.

PROCEDURES

The Director Of Quality Job Description is mentioned in the following procedures:

Procedure ID and Name

Policies & Procedures Manual

AD1000 Document Control Sales & Marketing
AS1000 Document Control AS 9100
AS1070 Customer Communication AS 9100
AS1100 Preproduction Quality and Planning AS 9100
AS1110 Supplier Evaluation AS 9100
AS1130 Receiving and Inspection AS 9100
AS1140 Control of Production-Service Processes AS 9100
AS1150 Manufacturing AS 9100
AS1180 Control of Monitoring & Measuring Eqpt. AS 9100
AS1210 Monitoring-Measurement of Processes AS 9100
AS1230 Control of Nonconforming Material AS 9100
AS1240 Data Analysis-Continual Improvement AS 9100
AS1250 Corrective Action AS 9100
AS1260 Preventive Action AS 9100
FS1070 Hazard Analysis ISO 22000
FS1100 Supplier Evaluation ISO 22000
FS1120 Manufacturing ISO 22000
FS1140 Control of Monitoring and Measuring ISO 22000
FS1150 Control of Potentially Unsafe Food Product ISO 22000
FS1190 Product Recall ISO 22000
ITAD110 IT Department Satisfaction Computer & Network (IT)
ITSW106 Software Documentation Computer & Network (IT)
ITSW107 Software Testing Computer & Network (IT)
ITSW109 Software Releases Updates Computer & Network (IT)
MFG111 Corrective Action Business Sampler
PM1030 Product Recalls Sales and Marketing
PUR101 Vendor Selection Accounting
PUR104 Receiving and Inspection Accounting
QP1030 Control of Nonconforming Product/Material ISO 9001 QMS
QP1120 Vendor Evaluation ISO 9001 QMS
QP1130 Preproduction Planning ISO 9001 QMS
QP1140 Manufacturing ISO 9001 QMS
QP1150 Identification and Traceability ISO 9001 QMS
QP1170 Control of Monitoring & Measuring Eqpt. ISO 9001 QMS
QP1180 Process Monitoring and Measurement ISO 9001 QMS
QP1200 Data Analysis and Continual Improvement ISO 9001 QMS
QP1210 Receiving and Inspection ISO 9001 QMS
QP1220 Purchasing ISO 9001 QMS
SWD106 Software Documentation Software Development
SWD107 Software Testing Software Development
SWD109 Software Releases Updates Software Development

DIRECTOR OF QUALITY QUALIFICATIONS

A bachelor’s degree in engineering or quality is required, as is 10 years of experience in Quality Assurance/Quality Management. A master’s degree in quality or a relevant field of science (e.g., bioengineering degree for a bioengineering company) is preferred.

Must have proven ability to lead a diverse team of technicians. Excellent communication skills and the ability to work well with people at all levels are essential. Must be able to demonstrated h4 organizational and managerial skills. Project management experience is a must; prefer someone with h4 MS-Project skills.

The ideal candidate is certified in one or more quality-related disciplines (e.g., CQA, CMQ/OE, PMP). Experience with MS-Office and Minitab are extremely helpful.

DIRECTOR OF QUALITY PHYSICAL DEMANDS

Ability to communicate orally with customers, vendors, management and other co-workers is crucial. Regular use of the telephone and e-mail for communication is essential. Sitting for extended periods is common. Hearing and vision within normal ranges is helpful for normal conversations, to receive ordinary information and to prepare or inspect documents.

No heavy lifting is expected. Exertion of up to 10 lbs. of force occasionally may be required. Good manual dexterity for the use of common office equipment such as computer terminals, calculator, copiers, and fax machines.

Good reasoning ability is required to solve a wide range of business problems. Able to apply statistical calculations, analysis of variance, correlation techniques, and sampling theory as well as algebra, linear equations, and other analytics as required. Able to understand and utilize Internet server and network reports to conduct business.

WORK ENVIRONMENT

The job is performed indoors in a traditional office setting. Activities include extended periods of sitting and extensive work at a computer.

WHAT’S INCLUDED?

Computer & IT Introduction

Information Technology Introduction

This Information Technology Introduction explains the basic concepts of information technology – its background, structure, standards, and definitions – and their effect on business process management. The need to review these concepts is greater now than it ever was and it will continue to be, as information technology solutions have become more robust, more specialized, and more varied with time. The rapid pace of technology change continues, in spite of predictions over a decade ago that “Moore’s Law” had run its course.This section provides an Information Technology Introduction to the basic concepts of Information Technology (IT) – its structure, standards, security requirements, definitions, and more:

 

WHO NEEDS IT POLICIES AND PROCEDURES?

  • The Recent Past
  • The Present
  • The Future

INFORMATION TECHNOLOGY AND BUSINESS MANAGEMENT

  • Technological Advancements

INFORMATION DEPLOYMENT

  • Information Interactions
  • Information Usage
  • IT as a Strategic Differentiator

BUSINESS PROCESS MANAGEMENT

  • Process Flow and IT
  • Information Maps
  • Business Process Management Software (BPMS)
  • For more information on BPM

ACCELERATING RETURNS AND PARADIGM SHIFTS

  • Moore’s Law
  • Paradigms
  • Paradigm Shifts
  • Accelerating Returns
  • Future Business Processes

INFORMATION SECURITY AND IT STANDARDS

  • Information Security
  • IT Governance
  • IT Standards
  • Benefits of IT Standards

INFORMATION-KNOWLEDGE-WISDOM

  • Data To Information
  • Information To Knowledge
  • Knowledge To Wisdom

COMPANY POLICIES AND PROCEDURES

  • IT Policies and Procedures

Computer and IT Terms

Information Technology is a technical field.  A number of terms are used throughout the Computer, Network, and IT Policies and Procedures Manual.  Those IT terms commonly used within an IT department are defined in this Information Technology Introduction.

ABBREVIATIONS/ACRONYMS

CIO – Chief Information Officer IT – Information Technology (IT) IEEE – Institute of Electrical and Electronics Engineers PDF – Portable Document Format RAM – Random Access Memory SaaS – Software as a Service TCP/IP – Transmission Control Protocol/Internet Protocol URL – Uniform Resource Locator (i.e. website address) VPN – Virtual Private Network www – World Wide Web

ACTIVE

Currently in use; used in the conduct of current business.  Active records are often referred to as “production” records.

ARCHIVE

Offline storage of records (onto backup tapes, floppy disks, optical disks, etc.); files containing data that are no longer in current use but are kept in long-term storage for possible future needs (to fulfill legal requirements, for instance).

CHIEF INFORMATION OFFICER (CIO)

The senior manager of the IT Department that reports to the Company’s Chief Executive Officer (CEO).

CONTROLLED DOCUMENT

Any document for which distribution and status are to be kept current by the issuer, to ensure that authorized holders or users have the most up-to-date version available.

IT DOCUMENT

Information and its supporting medium (paper, magnetic, electronic, optical, photograph, or sample).  A document is an object commonly found in office systems (a spreadsheet, word processing document, database, etc.), whereas a record is a document that provides evidence of a particular business activity.  Documents are frequently changed, updated and revised.

E-MAIL POLICY COMMITTEE

A group comprised of Top Management, the IT Security Manager, and IT Management and led by IT Management.  The purpose of the E-mail Policy Committee is to develop, revise (as needed), and approve the Company’s e-mail policy.

EXTERNAL DOCUMENT

A document of external origin that provides information or direction for performing work.  Examples of external documents are customer drawings, industry and governing body standards, vendor-supplied user manuals, and equipment manuals.

INTERNAL USER

An employee or contractor using Company IT assets in the course of performing a job (task) for the Company.  In the context of this document, “user” is synonymous with “internal user”.

INTERNET

The international computer network of networks that connect government, academic and business institutions; the Internet (capitalized) refers specifically to the DARPA Internet and the TCP/IP protocols it uses.

INTRANET

A private network contained within an enterprise; a network within one organization, using Web technologies to share information internally.

IT ASSET

Any computer hardware, software, IT-based Company information, related documentation, contracts or other agreements, reference or other supporting material (in printed or other form), including rights and licenses, that is owned or controlled by the Company.  Within the scope of this manual, “asset”, “IT asset”, “resource”, and “IT resource” are synonymous.

ITIL

The Information Technology Infrastructure Library (ITIL) is an international standard for describing the best practices for IT Service Management.

IT POLICY

IT policy is a guiding principle used to set direction in the IT Department. It should be used as a guide to IT decision making within the framework of IT objectives, goals and IT management philosophies as determined by top management or the CIO.

OUTSOURCER

An outsourcing vendor; a business entity providing necessary services to the Company, allowing the Company to lower operating costs and gain flexibility while gaining special expertise on an as-needed basis.

IT OUTSOURCING

Seeking IT services (resources) outside the Company, typically to reduce costs, gain flexibility, and benefit from an outsourcer’s expertise with respect to a given function or process.

RANDOM SAMPLING

Technique whereby a group of subjects (a sample) is selected for study from a larger group (a population) entirely by chance.  Each member of the population has a known, but possibly non-equal, chance of being included in the sample.  By using random sampling, the likelihood of sampling bias is reduced.

RECORD

Generally, a record is data or information of any kind and in any form, created or received and accumulated by an organization in the course of conducting business and subsequently kept as “evidence of activity” through incorporation into a recordkeeping system.  Records are not supposed to change, although they may be revised with appropriate annotation.

IT RECORD

In IT, a record is a data structure aggregating several items of possibly different types.  The items being aggregated are called fields and are usually identified or indexed by field labels. Generally, a record is data or information of any kind and in any form, created or received and accumulated by an organization in the course of conducting business and subsequently kept as “evidence of activity” through incorporation into a recordkeeping system.

RISK

Possibility of loss or injury to the Company.

ROI

Return On Investment (ROI), calculated by dividing the expected results of committed resources by the resources committed to achieve the results.  (ROI = Results / Resources.)

SERVICE LEVEL AGREEMENT (SLA)

A binding contract, formally specifying or quantifying a customer’s expectations with regard to solutions and tolerances; a collection of service level requirements, negotiated and mutually agreed upon by the service provider and the consumer.  In IT this takes the form of turn around time, response time, or downtime measures.

STATISTICALLY SIGNIFICANT

A finding (the observed difference between the means of two random samples, for example) is described as statistically significant when it can be demonstrated that the probability of obtaining such a difference by chance only is relatively low.

TOP MANAGEMENT

A senior group of management comprised of the Company’s Chief Executive Officer (CEO) and Chief Financial Officer (CFO), at a minimum.  Within IT there may also be a Chief Information Officer (CIO).

 

“How To” Manual Preparation Guide

This section provides an introduction and guidance to help you develop and implement your company’s Policies and Procedures manual. For the company Policies and Procedures Manual to be effective, it should be easily understood by all employees. Therefore, it has to be written clearly and concisely. The objectives of this Manual are to enable and encourage continual improvement within the organization, improve communication within the company and with the company’s target market and channel partners, and increase customer satisfaction.

 

USAGE INSTRUCTIONS

  • Editing Files

THE POLICY MANUAL

  • Style and Format
  • Considerations In Writing Your Manual
  • Revisions
  • Sources of Additional Information

EFFECTIVE COMMUNICATION

  • Communication – Addressing Your Audience
  • Sexism in Writing
  • Number Usage
  • Organizing Your Thoughts
  • Outlining Technique
  • Defining the Format and Organization of Your Manual
  • Additional Sources

PROCEDURES

  • Format
  • Authorization
  • Production And Distribution
  • Revising and Updating Procedures

 

Sample IT Policy Manual

IT Policy Manual

The IT policy manual covers the common IT requirements and practices. This sample is intended only to provide an example of wording that might be used in an IT manual. This sample wording can be helpful in generating ideas for developing a manual for your own company.  However, IT policies should be drafted, as appropriate and necessary, in a way that accurately reflects your company’s IT standards and requirements.

(48 pages, 8443 words)

The IT manual establishes and states the policies governing the company’s IT standards and practices.  These policies define management’s arrangements for managing operations and activities in accordance with computer industry practices.  These top-level policies represent the plans or protocols for achieving and maintaining the confidentiality, integrity and availability of all IT Assets.

The purpose of this Information Technology (IT) manual is to define, develop, and document the information policies and procedures that support organizational goals and objectives. The policies and procedures provide:

  • A foundation for a system of internal controls;
  • Guidance in current Computer and Network activities;
  • Criteria for decisions on appropriate IT security; and
  • IT officers with direction and guidance in connection with those IT policies, procedures, and reports that should be uniform throughout the Company.

When consistently applied throughout the company, these policies and procedures assure that the information assets are protected from a range of threats in order to ensure business continuity and maximize the return on investments of business interests. All additional departmental or functional policies and procedures written should conform to and parallel the policies in this manual.  All changes to policies and procedures are required to be reviewed to ensure that there are no conflicts with the policies stated in this IT Policy Manual. This policy manual covers:

PURPOSE

SCOPE

  • Responsibility
  • Exclusions

MANAGEMENT RESPONSIBILITY

  • IT Organization
  • Management Commitment
  • Management IT Policy
  • Planning
  • Responsibility, Authority, And Communication
  • Management Reporting
  • Business Conduct

IT MANAGEMENT SYSTEM

  • Objectives
  • Requirements
  • Transactions
  • Documentation
  • Security

PROCESSES AND CONTROLS

IT ADMINISTRATION PROCEDURES

ASSET MANAGEMENT PROCEDURES

IT TRAINING AND SUPPORT PROCEDURES

IT SECURITY AND DISASTER RECOVERY PROCEDURES

 

SOFTWARE DEVELOPMENT PROCEDURES

RESOURCE MANAGEMENT

  • Provision Of Resources
  • Human Resources
  • Infrastructure
  • Work Environment

 

IT Security Guide

IT Security Guide

The IT Security Guide is vital for any organization. IT security is all about securing and protecting your IT assets and information is likely your most prized asset. IT is pretty much a commodity these days, but your information is your business. Failure to secure information could have legal, economic or physical ramifications for your organization. It covers the following:

 

WHY INFORMATION SECURITY?

  • A Brief History of Information Security
  • What Is At Risk?
  • Why Company Executives Should Read These Guidelines
  • A Final Word on Considering IT Security Issues
  • Introductory Security Checklist

ASSESSING YOUR NEEDS

  • Introduction to Risk Assessment
  • Commonly Asked Questions
  • Components of Risk
  • Dealing with Risk
  • Guidelines for Risk Assessment
  • Closing Thoughts on Risk Assessment
  • Risk Assessment Checklist

SECURITY POLICY: DEVELOPMENT AND IMPLEMENTATION

  • Why Do You Need a Security Policy?
  • Commonly Asked Questions
  • How to Develop Policy
  • From Board Room to Break Room: Implementing Security Policy
  • Closing Thoughts on Policy
  • Policy Development and Implementation Checklist

INFORMATION SECURITY MANAGEMENT

  • Introduction to Security Management
  • Commonly Asked Questions
  • Nurturing Support within the Organization
  • Planning for the Unexpected
  • Testing and Review
  • Implementation and Day-to-Day Maintenance
  • IT Security Management Checklist

PROTECTING YOUR SYSTEM: PHYSICAL SECURITY

  • Introduction to Physical Security
  • Commonly Asked Questions
  • Policy Issues
  • Physical Security Checklist

PROTECTING YOUR SYSTEM: INFORMATION SECURITY

  • Introduction to Information Security
  • Commonly Asked Questions
  • Policy Issues
  • Information Threats
  • Information Security Countermeasures
  • Information Security Checklist

PROTECTING YOUR SYSTEM: INFORMATION SECURITY

  • Introduction to Software Security
  • Commonly Asked Questions
  • Policy Issues
  • Software Threats (Examples)
  • Software Security Countermeasures
  • Software Security Checklist

PROTECTING YOUR SYSTEM: USER ACCESS SECURITY

  • Introduction to User Access Security
  • Commonly Asked Questions
  • Policy Issues
  • User Access Threats (Examples)
  • User Access Security Countermeasures
  • User Access Security Checklist

PROTECTING YOUR SYSTEM: NETWORK (INTERNET) SECURITY

  • Introduction to Network Security
  • Commonly Asked Questions
  • Policy Issues
  • Network Threats (Examples)
  • Network Security Countermeasures
  • Closing Thoughts on Network Security
  • Network Security Checklist

TRAINING: A NECESSARY INVESTMENT IN PEOPLE

  • Introduction to Training
  • Commonly Asked Questions
  • Targeting Training Efforts
  • How Does Security Affect the Workplace?
  • Training Goals
  • A Sample Training Outline
  • Training Frequency
  • Closing Thoughts on Security Training
  • Security Training Checklist
  • Reference Materials