IT department provides and maintains technological products, services and facilities like

Personal Computers (PCs), peripheral equipment, servers, telephones, Internet and

application software to its employees for official use. The Information Technology (IT)
Policy of the organization defines rules, regulations and guidelines for proper usage and
maintenance of these technological assets to ensure their ethical and acceptable use
and assure health, safety and security of data, products, facilities as well as the people
using them. It also provides guidelines for issues like purchase, compliance, IT support
and grievance redressal of the employees pertaining to technological assets and
services used for office work.

1.1 Purchase

1) The Procurement Dept. procedures & guidelines need to be followed to purchase

new technological equipment, services or software for official purposes.

2) All approved equipment, services or software will be purchased through the

Procurement Dept., unless informed/permitted otherwise.

3) IT Dept. will assist the Procurement Dept. while evaluating best and most cost-
effective hardware or software to be purchased for a particular dept./project/purpose
based on the requirement. The IT Dept. will also make sure all hardware/software
standards defined in the IT Policy are enforced during such purchases.

4) Complete details related to purchase of technological equipment, services or

software can be found in the Procurement Policy Manual.

1.2 Compliance

1) All employees are expected to comply with the IT Policy rules and guidelines while
purchasing, using and maintaining any equipment or software purchased or provided by
the organization.

2) Any employee who notices misuse or improper use of equipment or software within
the organization must inform his/her Reporting Manager(s) immediately.

3) Inappropriate use of equipment and software by an employee will be subject to

disciplinary action as deemed fit by the Management Committee of the organization.

1.3 Employee Training

1) Basic IT training and guidance is provided to all new employees about using and
maintaining their Personal Computer (PC), peripheral devices and equipment in the
organization, accessing the organization network and using application software.
2) Employees can request and/or the Management Committee can decide to conduct
an IT training on a regular or requirement basis.

1.4 IT Support

1) IT department uses an online Ticket System to provide IT Support to its employees

and clients.

2) Employees may need hardware/software installations or may face technological

issues which cannot be resolved on their own. Employees are expected to get help from
the IT Dept. for such issues via the Ticket System or the IT Support Email ID only.

3) Any IT Support work informed or assigned via emails sent on employee email IDs,
chats or any other media except the Ticket System or the IT Support Email ID would be
not entertained.

4) For the sake of quick understanding, employees are expected to provide details of
their issue or help required in the Ticket raised or Support Email sent.

5) For major issues like PC replacement, non-working equipment, installation of

application software and more, it is mandatory for all employees to inform the IT Dept.

6) For any damage to Personal Computers, approval from Reporting Manager would be
required for PC replacements.

7) After raising a ticket in the Ticket System, employees should expect a reply from the
IT Dept. within 1 working day. The IT Dept. may ask the employee to deposit the
problematic equipment to the IT Dept. for checking and will inform the timeline for
repair/maintenance/troubleshooting/installations or the required work.

8) If there is no response in 1 working day, then the IT Dept. Designated Staff should be
asked for an explanation for the delay. If no response is obtained in 3 working days, a
complaint can be raised through an email to the employee’s Reporting Manager and IT
Dept. Designated Staff.

9) Tickets will be resolved on a First-Come-First-Served basis. However, the priority can

be changed on request at the sole discretion of the designated team in IT Dept.

2 Equipment Usage Policy

2.1 Objective

The Equipment Usage policy informs employees and managers about equipment
purchase, organizational and project-level inventory management, rules for allocating &
transferring equipment to employees, departments or projects and best practices for all
equipment usage and maintenance.

2.2 Equipment Purchase

1) The following equipment is purchased by the organization and provided to individual

employees, departments or projects for their official use. The list can be modified as and
when required.

a. Personal Computing Devices (Desktop, Laptop, Tablet)

b. Computer Peripherals (Printer, Scanner, Photocopier, Fax Machine, Keyboard,

Mouse, Web Camera, Speaker, Modem etc.)

c. Networking Equipment & Supplies (Router, Switch, Antenna, Wiring, etc.)

d. Cell phones e. Biometric Devices

2) The Procurement Dept. procedures & guidelines need to be followed to purchase

new equipment for official purposes. All approved equipment will be purchased through
the Procurement Dept., unless informed/permitted otherwise.

3) The Procurement Dept. will maintain a small inventory of standard PCs, software and
equipment required frequently to minimize delay in fulfilling critical orders.

2.3 Inventory Management

1) The Procurement Dept. is responsible for maintaining an accurate inventory of all

technological assets, software and tangible equipment purchased by the organization.

2) The following information is to be maintained for above mentioned assets in an

Inventory Sheet:

a. Item

b. Brand/ Company Name

c. Serial Number

d. Basic Configuration (e.g. HP Laptop, 120 GB HD, 2 GB RAM etc.)

e. Physical Location

f. Date of Purchase

g. Purchase Cost

h. Current Person In-Charge

3) Proper information about all technological assets provided to a specific department,
project or center must be regularly maintained in their respective Inventory Sheets by an
assigned coordinator from that dept., project or center on a regular basis. The
information thus maintained must be shared with the Procurement Dept. as and when
requested.

4) When an Inventory Sheet is updated or modified, the previous version of the

document should be retained. The date of modification should be mentioned in the
sheet.

5) All technological assets of the organization must be physically tagged with codes for
easy identification.

6) Periodic inventory audits will be carried out by the IT Dept. to validate the inventory
and make sure all assets are up-to-date and in proper working condition as required for
maximum efficiency and productivity.

2.4 Equipment Allocation, De-allocation & Relocation

1) Allocation of Assets:

a. New Employees may be allocated a personal computer (desktop or laptop) for office
work on the Day of Joining, as per work requirement.

b. If required, employees can request their Reporting Manager(s) for additional

equipment or supplies like external keyboard, mouse etc.

c. Allocation of additional assets to an employee is at the sole discretion of the

Reporting Manager(s).

d. No employee is allowed to carry official electronic devices out of office without

permission from Reporting Manager.

2) De-allocation of Assets: a. It is the Reporting Manager’s responsibility to collect all

allocated organizational equipment & other assets from an employee who is leaving the
organization. b. Updating the Inventory Sheet is mandatory after receiving back all
allocated equipment. c. The received assets must be returned back to the Admin. Dept.

2.5 Equipment Usage, Maintenance and Security

1) It is the responsibility of all employees to ensure careful, safe and judicious use of the
equipment & other assets allocated to and/or being used by them.

2) Proper guidelines or safety information must be obtained from designated staff in the
IT Dept. before operating any equipment for the first time.
3) Any observed malfunction, error, fault or problem while operating any equipment
owned by the organization or assigned to you must be immediately informed to the
designated staff in IT Dept.

4) Any repeated occurrences of improper or careless use, wastage of supplies or any

such offense compromising the safety or health of the equipment and people using
them will be subject to disciplinary action.

5) If your assigned computing device is malfunctioning or underperforming and needs to

be replaced or repaired, then written approval from your Reporting Manager is required
for the same. The malfunctioning device needs to be submitted to the IT Dept. for
checking, maintenance or repair. The IT Dept. staff person will give a time estimate for
repair/maintenance.

6) The Reporting Manager can be informed about excessive delay or dissatisfaction

about the repair or maintenance performed by the IT Dept. The issue will then be
resolved by the Reporting Manager in consultation with the IT Dept. Head. The
Management Committee can be consulted in terms of serious disputes or unresolved
issues.

2.6 Phone Usage Policy

1) Landline phone systems are installed in the organization’s offices to communicate

internally with other employees and make external calls.

2) The landline phones should be strictly used to conduct official work only. As far as
possible, no personal calls should be made using landline phones owned by the
organization.

3) Long distance calls should be made after careful consideration since they incur
significant costs to the organization.

4) The Admin. Dept. is responsible for maintaining telephone connections in offices. For
any problems related to telephones, they should be contacted.

5) Employees should remember to follow telephone etiquette and be courteous while

representing themselves and the organization using the organization’s phone services.

3 Personal Computer (PC) Standards

3.1 Objective

The main aim of this policy is to maintain standard configurations of PC hardware and
software purchased by the organization and provided to employees for official work. The
hardware standards will help maintain optimum work productivity, computer health &
security and provide timely and effective support in troubleshooting PC problems. The
software standards will ensure better system administration, effective tracking of
software licenses and efficient technical support.

3.2 General Guidelines

1) It is the responsibility of the IT Dept. to establish and maintain standard

configurations of hardware and software for PCs owned by the organization. The
standard, can however, be modified at any point in time as required by the IT Dept.
Head in consultation with the Management Committee.

2) Multiple configurations are maintained as per the different requirements of various

departments and projects in the organization, in consultation with the Dept. /Project
Head.

3) Only in exceptional cases, when none of the standard configurations satisfy the work
requirements, can an employee request a non-standard PC configuration. Valid reasons
need to be provided for the request and written approval of the Reporting Manager(s) is
required for the same.

3.3 Network Access

1) All PCs being used in the organization are enabled to connect to the organization’s
Local Area Network as well as the Internet.

2) Network security is enabled in all PCs through Firewall, Web Security and Email
Security software.

3) Employees are expected to undertake appropriate security measures as enlisted in

the IT Policy.

3.4 Data Backup Procedure

1) Data Backup is setup during installation of Operating System in a PC. As an

additional security measure, it is advised that employees keep important official data in
some external storage device also.

2) File Backup System:

a. Organization will be installing a file server for backing up data of all employees. All
employees are expected to keep official data on the file system.

b. Employee’s Reporting Manager or the Management Committee or the IT Manager

will have access to that data.

c. All employees will login to the file server through ADDC1 user ID and password.
3) Server backup:

a. IT Dept. is expected to maintain an incremental backup of all servers with at least 4

copies of all servers. At any time, 4 backups of all servers must be maintained.

b. Replica mode of all running servers will be offline and it should maintain half-hourly
backup.

c. The hard disk of every server should be in the Red5 mode.

3.5 Antivirus Software

1) Approved licensed antivirus software is installed on all PCs owned by the

organization.

2) Two configurations – Basic and Advanced are maintained for Antivirus software
installed on organization’s computers. The configurations are installed on PCs as per
work requirement of particular Dept. /Project.

3) Employees are expected to make sure their Antivirus is updated regularly. The IT
Dept. should be informed if the Antivirus expires.

4) Any external storage device like pen drive or hard disk connected to the PC needs to
be completely scanned by the Antivirus software before opening it and copying files
to/from the device.

3.6 PC Support

1) Guidance and tips given by the IT Dept. designated staff for maintaining the PC
should be remembered while using a PC.

2) The IT Dept. should be contacted via the IT Support Ticket System or IT Support
Email for any assistance with your PC hardware or software.

3) Technical support will not be provided for hardware devices or software which are
personally purchased, illegal or not included in the standard hardware/software list
developed by the IT Dept.

4) Software applications evaluated by the IT Dept. to cause problems with the

organization’s PCs will be removed. 1 ADDC - Active Directory Domain Controller

4 Internet Usage Policy

4.1 Objective
The Internet Usage Policy provides guidelines for acceptable use of the organization’s
Internet network so as to devote Internet usage to enhance work productivity and
efficiency and ensure safety and security of the Internet network, organizational data
and the employees.

4.2 General Guidelines

1) Internet is a paid resource and therefore shall be used only for office work.

2) The organization reserves the right to monitor, examine, block or delete any/all
incoming or outgoing internet connections on the organization’s network.

3) The organization has systems in place to monitor and record all Internet usage on the
organization’s network including each website visit, and each email sent or received.
The Management Committee can choose to analyze Internet usage and publicize the
data at any time to assure Internet usage is as per the IT Policy.

4) The organization has installed an Internet Firewall to assure safety and security of
the organizational network. Any employee who attempts to disable, defeat or circumvent
the Firewall will be subject to strict disciplinary action.

4.3 Internet Login Guidelines

1) All employees may be provided with a Username and Password to login to the
Internet network in the office and to monitor their individual usage.

2) An employee can also get a local static IP address for internet and intranet use. All
employees will be responsible for the internet usage through this local static IP.

3) Username and password for a new employee must be requested by the HR Dept.

4) Sharing the Username and Password with another employee, visitor or guest user is
prohibited.

5) A visitor or guest user who wants to use the office Internet will be given a Guest
Username and Password.

6) The IT Dept. will define guidelines for issuing new passwords or allowing employees
to modify their own passwords.

7) Any password security breach must be notified to the IT Dept. immediately.

8) Username and password allotted to an employee will be deleted upon

resignation/termination/retirement from the organization.

4.4 Password Guidelines

The following password guidelines can be followed to ensure maximum password
safety.

1) Select a Good Password:

a. Choose a password which does not contain easily identifiable words (e.g. your
username, name, phone number, house location etc.).

b. Use 8 or more characters.

c. Use at least one numeric and one special character apart from letters.

d. Combine multiple unrelated words to make a password.

2) Keep your Password Safe:

a. Do not share your password with anyone.

b. Make sure no one is observing you while you enter your password.

c. As far as possible, do not write down your password. If you want to write it down, do
no display it in a publicly visible area.

d. Change your password periodically (every 3 months is recommended).

e. Do not reuse old passwords. If that is difficult, do not repeat the last 5 passwords.

3) Other Security Measures:

a. Ensure your computer is reasonably secure in your absence.

b. Lock your monitor screen, log out or turn off your computer when not at desk.

4.5 Online Content Usage Guidelines

1) Employees are solely responsible for the content accessed and downloaded using
Internet facility in the office. If they accidentally connect to a website containing material
prohibited by the organization, they should disconnect from that site immediately.

2) During office hours, employees are expected to spend limited time to access news,
social media and other websites online, unless explicitly required for office work.

3) Employees are not allowed to use Internet for non-official purposes using the Internet
facility in office.

4) Employees should schedule bandwidth-intensive tasks like large file transfers, video
downloads, mass e-mailing etc. for off-peak times.
4.6 Inappropriate Use

The following activities are prohibited on organization’s Internet network. This list can be
modified/updated anytime by the Management Committee as deemed fit. Any
disciplinary action considered appropriate by the Management Committee (including
legal action or termination) can be taken against an employee involved in the activities
mentioned below:

1) Playing online games, downloading and/or watching games, videos or entertainment

software or engaging in any online activity which compromises the network speed and
consumes unnecessary Internet bandwidth

2) Downloading images, videos and documents unless required to official work

3) Accessing, displaying, uploading, downloading, storing, recording or distributing any

kind of pornographic or sexually explicit material unless explicitly required for office work

4) Accessing pirated software, tools or data using the official network or systems

5) Uploading or distributing software, documents or any other material owned by the

organization online without the explicit permission of the Management Committee

6) Engaging in any criminal or illegal activity or violating law

7) Invading privacy of coworkers

8) Using the Internet for personal financial gain or for conducting personal business

9) Deliberately engaging in an online activity which hampers the safety & security of the
data, equipment and people involved.

10) Carrying out any objectionable, frivolous or illegal activity on the Internet that shall
damage the organization’s reputation

5 Information Security Policy

5.1 Objective Information security means protection of the organization’s data,

applications, networks and computer systems from unauthorized access, alteration and
destruction. The Information Security Policy provides guidelines to protect data integrity
based on data classification and secure the organization’s information systems.

5.2 General Guidelines

1. Various methods like access control, authentication, monitoring and review will be
used to ensure data security in the organization.
2. Security reviews of servers, firewalls, routers and monitoring systems must be
conducted on a regular basis. These reviews should include monitoring of access logs
and intrusion detection software logs.

3. Appropriate training must be provided to data owners, data users, and network &
system administrators to ensure data security.

5.3 Data Classification

1. The organization classifies data into three categories:

a. High Risk: i. It includes information assets which have legal requirements for
disclosure and financial penalties imposed for disclosure. ii. E.g. Payroll, personnel,
financial, biometric data

b. Medium Risk: i. It includes confidential data which would not impose losses on the
organization if disclosed, but is also not publicly available. ii. E.g. Agreement
documents, unpublished reports, etc.

c. Low Risk: i. It includes information that can be freely disseminated. ii. E.g. brochures,
published reports, other printed material etc.

2. Different protection strategies must be developed by the IT department for the above
three data categories. Information about the same must be disseminated appropriately
to all relevant departments and staff.

3. High risk data must be encrypted when transmitted over insecure channels.

4. All data must be backed up on a regular basis as per the rules defined by the IT Dept.
at that time.

5.4 Access Control

1. Access to the network, servers and systems in the organization will be achieved by
individual logins and will require authentication. Authentication includes the use of
passwords, biometrics or other recognized forms of authentication.

2. All users of systems which contain high or medium risk data must have a strong
password as defined in the IT Policy.

3. Default passwords on all systems must be changed after installation.

4. Where possible and financially feasible, more than one person must have full rights to
any organization-owned server storing or transmitting high risk and medium risk data.

5.5 Virus Prevention

1. Virus prevention for personal computers and email usage has been described
previously.

2. Apart from that, all servers and workstations that connect to the network must be
protected with licensed anti-virus software recommended by the vendor. The software
must be kept up-to-date.

3. Whenever feasible, system/network administrators must inform users when a virus/

other vulnerability has been detected in the network or systems.

5.6 Intrusion Detection

1. Intrusion detection must be implemented on all servers and workstations containing

high and medium risk data.

2. Operating system and application software logging process must be enabled on all
systems.

3. Server, firewall and critical system logs must be reviewed frequently.

6 Email & Chat Policy

6.1 Objective

This policy provides information about acceptable usage, ownership, confidentiality and
security while using electronic messaging systems and chat platforms provided or
approved by the organization. The policy applies to all electronic messages sent or
received via the above mentioned messaging systems and chat platforms by all official
employees of the organization.

6.2 General Guidelines

1) The organization reserves the right to approve or disapprove which electronic

messaging systems and chat platforms would be used for official purposes. It is strictly
advised to use the pre-approved messaging systems and platforms for office use only.

2) An employee who, upon joining the organization, is provided with an official email
address should use it for official purposes only.

3) Any email security breach must be notified to the IT Dept. immediately.

4) Upon termination, resignation or retirement from the organization, the organization

will deny all access to electronic messaging platforms owned/provided by the
organization.
5) All messages composed and/or sent using the pre-approved messaging systems and
platforms need to comply with the company policies of acceptable communication.

6) Electronic mails and messages should be sent after careful consideration since they
are inadequate in conveying the mood and context of the situation or sender and might
be interpreted wrongly.

7) All email signatures must have appropriate designations of employees and must be
in the format approved by the Management Committee.

6.3 Ownership

1) The official electronic messaging system used by the organization is the property of
the organization and not the employee. All emails, chats and electronic messages
stored, composed, sent and received by any employee or non-employee in the official
electronic messaging systems are the property of the organization.

2) The organization reserves the right to intercept, monitor, read and disclose any
messages stored, composed, sent or received using the official electronic messaging
systems.

3) The organization reserves the right to alter, modify, re-route or block messages as
deemed appropriate.

4) IT Administrator can change the email system password and monitor email usage of
any employee for security purposes.

1) Proprietary, confidential and sensitive information about the organization or its

employees should not be exchanged via electronic messaging systems unless pre-
approved by the Reporting Manager(s) and/or the Management Committee.

2) Caution and proper judgment should be used to decide whether to deliver a message
in person, on phone or via email/electronic messaging systems.

3) Before composing or sending any message, it should be noted that electronic

messages can be used as evidence in a court of law.

4) Unauthorized copying and distributing of copyrighted content of the organization is

prohibited.

6.5 Email Security

1) Anti-Virus:

a. Anti-virus software pre-approved by the Dept. Head - IT should be installed in the

laptop/desktop provided to a new employee after joining the organization.
b. All employees in the organization are expected to make sure they have anti-virus
software installed in their laptops/desktops (personal or official) used for office work.

c. Organization will bear responsibility for providing, installing, updating and maintaining
records for one anti-virus per employee at a time for the official laptop provided by the
organization. The employee is responsible for installing good quality anti-virus software
in their personal laptop/desktop used for office work.

d. Employees are prohibited from disabling the anti-virus software on organization

provided laptops/desktops.

e. Employees should make sure their anti-virus is regularly updated and not out of date.

2) Safe Email Usage: Following precautions must be taken to maintain email security:

a. Do not to open emails and/or attachments from unknown or suspicious sources

unless anticipated by you.

b. In case of doubts about emails/ attachments from known senders, confirm from them
about the legitimacy of the email/attachment.

c. Use Email spam filters to filter out spam emails.

6.6 Inappropriate Use

1) Official Email platforms or electronic messaging systems including but not limited to
chat platforms and instant messaging systems should not be used to send messages
containing pornographic, defamatory, derogatory, sexual, racist, harassing or offensive
material.

2) Official Email platforms or electronic messaging systems should not be used for
personal work, personal gain or the promotion or publication of one’s religious, social or
political views.

3) Spam/ bulk/junk messages should not be forwarded or sent to anyone from the
official email ID unless for an officially approved purpose. 6.4 Confidentiality

7 Software Usage Policy

7.1 Objective

The Software Usage Policy is defined to provide guidelines for appropriate installation,
usage and maintenance of software products installed in organization-owned
computers.

7.2 General Guidelines

1) Third-party software (free as well as purchased) required for day-to-day work will be
preinstalled onto all company systems before handing them over to employees. A
designated person in the IT Dept. can be contacted to add to/delete from the list of pre-
installed software on organizational computers.

2) No other third-party software – free or licensed can be installed onto a computer

system owned or provided to an employee by the organization, without prior approval of
the IT Dept.

3) To request installation of software onto a personal computing device, an employee

needs to send a written request via the IT Ticket System or IT Support Email.

4) Any software developed & copyrighted by the organization belongs to the

organization. Any unauthorized use, storage, duplication or distribution of such software
is illegal and subject to strict disciplinary action.

7.3 Compliance

1) No employee is allowed to install pirated software on official computing systems.

2) Software purchased by the organization or installed on organizational computer

systems must be used within the terms of its license agreement.

3) Any duplication, illegal reproduction or unauthorized creation, use and distribution of

licensed software within or outside the organization is strictly prohibited. Any such act
will be subject to strict disciplinary action.

4) The Procurement Dept. procedures & guidelines need to be followed to purchase

new software (commercial or shareware) for official purposes. All approved software will
be purchased through the Procurement Dept., unless informed/permitted otherwise.

5) Any employee who notices misuse or improper use of software within the
organization must inform his/her Reporting Manager(s).

7.4 Software Registration

1) Software licensed or purchased by the organization must be registered in the name

of the organization with the Job Role or Department in which it will be used and not in
the name of an individual.

2) After proper registration, the software may be installed as per the Software Usage
Policy of the organization. A copy of all license agreements must be maintained by the
IT Dept.
3) After installation, all original installation media (CDs, DVDs, etc.) must be safely
stored in a designated location by the IT Dept.

7.5 Software Audit

1) The IT Dept. will conduct periodic audit of software installed in all company-owned
systems to make sure all compliances are being met.

2) Prior notice may or may not be provided by the IT Dept. before conducting the
Software Audit.

3) During this audit, the IT Dept. will also make sure the anti-virus is updated, the
system is scanned and cleaned and the computer is free of garbage data, viruses,
worms or other harmful programmatic codes.

4) The full cooperation of all employees is required during such audits.

Introduction

The Bhilosa IT Policy and Procedure Manual provides the policies and procedures for
selection and use of IT within the institution which must be followed by all staff. It also
provides guidelines Bhilosa will use to administer these policies, with the correct
procedure to follow.

Bhilosa will keep all IT policies current and relevant. Therefore, from time to time it will
be necessary to modify and amend some sections of the policies and procedures, or to
add new procedures.

Any suggestions, recommendations or feedback on the policies and procedures

specified in this manual are welcome.

These policies and procedures apply to all employees.

Technology Hardware Purchasing Policy

Guidance: This policy should be read and carried out by all staff. Edit this policy so it
suits your needs.

Computer hardware refers to the physical parts of a computer and related devices.
Internal hardware devices include motherboards, hard drives, and RAM. External
hardware devices include monitors, keyboards, mice, printers, and scanners.

Purpose of the Policy

This policy provides guidelines for the purchase of hardware for the institution to ensure
that all hardware technology for the institution is appropriate, value for money and
where applicable integrates with other technology for the institution. The objective of this
policy is to ensure that there is minimum diversity of hardware within the institution.

Procedures

Purchase of Hardware

Guidance: The purchase of all desktops, servers, portable computers, computer

peripherals and mobile devices must adhere to this policy. Edit this statement to cover
the relevant technology needed.

Purchasing desktop computer systems

The desktop computer systems purchased must run a {insert relevant operating system
here e.g. Windows} and integrate with existing hardware { insert names of existing
technology such as the institution server}.

The desktop computer systems must be purchased as standard desktop system bundle
and must be {insert manufacturer type here, such as HP, Dell, Acer etc.}.

The desktop computer system bundle must include:

Desktop tower

Desktop screen of {insert screen size here}

 Keyboard and mouse You may like to consider stating if these are to be wireless

 {insert name of operating system, e.g. Windows 7, and software e.g. Office 2013
here}

 {insert other items here, such as speakers, microphone, webcam, printers etc.}

The minimum capacity of the desktop must be:

 {insert speed of computer size (GHz -gigahertz)here}

 {insert memory (RAM) size here}

 {insert number of USB ports here}

 {insert other specifications for desktop here, such as DVD drive, microphone port,
etc.}
Any change from the above requirements must be authorised by {insert relevant job title
here}

All purchases of desktops must be supported by{insert guarantee and/or warranty

requirements here} and be compatible with the institution’s server system.

All purchases for desktops must be in line with the purchasing policy in the Financial
policies and procedures manual.

Purchasing portable computer systems

The purchase of portable computer systems includes {insert names of portable devices
here, such as notebooks, laptops, tablets etc.}

Portable computer systems purchased must run a {insert relevant operating system
here e.g. Windows} and integrate with existing hardware { insert names of existing
technology such as the institution server}.

The portable computer systems purchased must be {insert manufacturer type here,
such as HP, Dell, Acer, etc.}.

The minimum capacity of the portable computer system must be:

 {insert speed of computer size (GHz -gigahertz)here}

 {insert memory (RAM) size here}{insert number of USB ports here}

 {insert other specifications for portable device here, such as DVD drive, microphone

port, webcam, speakers, etc.}

The portable computer system must include the following software provided:

 {insert names of software e.g. Office 2013, Adobe, Reader, Internet Explorer here}

 {insert names of software e.g. Office 2013, Adobe, Reader, Internet Explorer here}

 {insert names of software e.g. Office 2013, Adobe, Reader, Internet Explorer here}

 Any change from the above requirements must be authorized by {insert relevant job
title here}

All purchases of all portable computer systems must be supported by{insert guarantee
and/or warranty requirements here} and be compatible with the institution’s server
system.
All purchases for portable computer systems must be in line with the purchasing policy
in the Financial policies and procedures manual.

Purchasing server systems

Server systems can only be purchased by {insert relevant job title here, recommended
IT specialist}.

Server systems purchased must be compatible with all other computer hardware in the
institution.

All purchases of server systems must be supported by {insert guarantee and/or

warranty requirements here} and be compatible with the institution’s other server
systems.

Any change from the above requirements must be authorized by {insert relevant job title
here}

All purchases for server systems must be in line with the purchasing policy in the
Financial policies and procedures manual.

Purchasing computer peripherals

Computer system peripherals include {insert names of add-on devices such as printers,
scanners, external hard drives etc. here}

Computer peripherals can only be purchased where they are not included in any
hardware purchase or are considered to be an additional requirement to existing
peripherals. Computer peripherals purchased must be compatible with all other
computer hardware and software in the institution. The purchase of computer
peripherals can only be authorised by {insert relevant job title here, recommended IT
specialist or department manager}. All purchases of computer peripherals must be
supported by{insert guarantee and/or warranty requirements here} and be compatible
with the institution’s other hardware and software systems. Any change from the above
requirements must be authorised by {insert relevant job title here} All purchases for
computer peripherals must be in line with the purchasing policy in the Financial policies
and procedures manual. Purchasing mobile telephones A mobile phone will only be
purchased once the eligibility criteria is met. The purchase of a mobile phone must be
from {insert names authorised suppliers here.} to ensure the institution takes advantage
of volume pricing based discounts provided by {insert names authorised suppliers
here.}. Such discounts should include the purchase of the phone, the phone call and
internet charges etc. The mobile phone must be compatible with the institution’s current
hardware and software systems. The mobile phone purchased must be {insert
manufacturer type here, such as IPhone, Blackberry, Samsung, etc.}. The request for
accessories (a hands-free kit etc.) must be included as part of the initial request for a
phone. The purchase of a mobile phone must be approved by {insert relevant job title
here} prior to purchase. Any change from the above requirements must be authorised
by {insert relevant job title here} All purchases of all mobile phones must be supported
by{insert guarantee and/or warranty requirements here}. All purchases for mobile
phones must be in line with the purchasing policy in the Financial policies and
procedures manual. Additional Policies for Purchasing Hardware Guidance: add, link or
remove the policies listed below as required. Purchasing Policy Mobile phone policy
Policy for Getting Software Policy Number: {insert unique number} Policy Date: {insert
date of policy} Guidance: This policy should be read and carried out by all staff. Edit this
policy so it suits your needs. Purpose of the Policy This policy provides guidelines for
the purchase of software for the institution to ensure that all software used by the
institution is appropriate, value for money and where applicable integrates with other
technology for the institution. This policy applies to software obtained as part of
hardware bundle or pre-loaded software. Procedures Request for Software All software,
including {insert relevant other types of non-commercial software such as open source,
freeware, etc. here} must be approved by {insert relevant job title here} prior to the use
or download of such software. Purchase of software The purchase of all software must
adhere to this policy. All purchased software must be purchased by {insert relevant job
title here} All purchased software must be purchased from {insert relevant suppliers
names or the words ‘reputable software sellers’ here} All purchases of software must be
supported by{insert guarantee and/or warranty requirements here} and be compatible
with the institution’s server and/or hardware system. Any changes from the above
requirements must be authorised by {insert relevant job title here} All purchases for
software must be in line with the purchasing policy in the Financial policies and
procedures manual. IT Policy and Procedure Manual Page 10 of 30 Obtaining open
source or freeware software Open source or freeware software can be obtained without
payment and usually downloaded directly from the internet. In the event that open
source or freeware software is required, approval from {insert relevant job title here}
must be obtained prior to the download or use of such software. All open source or
freeware must be compatible with the institution’s hardware and software systems. Any
change from the above requirements must be authorised by {insert relevant job title
here} Additional Policies for Obtaining Software Guidance: add, link or remove the
policies listed below as required. Purchasing Policy Use of Software policy IT Policy and
Procedure Manual Page 11 of 30 Policy for Use of Software Policy Number: {insert
unique number} Policy Date: {insert date of policy} Guidance: This policy should be read
and carried out by all staff. Edit this policy so it suits your needs. Purpose of the Policy
This policy provides guidelines for the use of software for all employees within the
institution to ensure that all software use is appropriate. Under this policy, the use of all
open source and freeware software will be conducted under the same procedures
outlined for commercial software. Procedures Software Licensing All computer software
copyrights and terms of all software licences will be followed by all employees of the
institution. Where licensing states limited usage (i.e. number of computers or users
etc.), then it is the responsibility of {insert relevant job title here} to ensure these terms
are followed. {insert relevant job title here} is responsible for completing a software audit
of all hardware twice a year to ensure that software copyrights and licence agreements
are adhered to. Software Installation All software must be appropriately registered with
the supplier where this is a requirement. {Municipality Name} is to be the registered
owner of all software. Only software obtained in accordance with the getting software
policy is to be installed on the institution’s computers. All software installation is to be
carried out by {insert relevant job title here} IT Policy and Procedure Manual Page 12 of
30 A software upgrade shall not be installed on a computer that does not already have a
copy of the original version of the software loaded on it. Software Usage Only software
purchased in accordance with the getting software policy is to be used within the
institution. Prior to the use of any software, the employee must receive instructions on
any licensing agreements relating to the software, including any restrictions on use of
the software. All employees must receive training for all new software. This includes
new employees to be trained to use existing software appropriately. This will be the
responsibility of {insert relevant job title here} Employees are prohibited from bringing
software from home and loading it onto the institution’s computer hardware. Unless
express approval from {insert relevant job title here} is obtained, software cannot be
taken home and loaded on a employees’ home computer Where an employee is
required to use software at home, an evaluation of providing the employee with a
portable computer should be undertaken in the first instance. Where it is found that
software can be used on the employee’s home computer, authorisation from {insert
relevant job title here} is required to purchase separate software if licensing or copyright
restrictions apply. Where software is purchased in this circumstance, it remains the
property of the institution and must be recorded on the software register by {insert
relevant job title here} Unauthorised software is prohibited from being used in the
institution. This includes the use of software owned by an employee and used within the
institution. The unauthorised duplicating, acquiring or use of software copies is
prohibited. Any employee who makes, acquires, or uses unauthorised copies of
software will be referred to {insert relevant job title here} for {insert consequence here,
such as further consultation, reprimand action etc.}. The illegal duplication of software or
other copyrighted works is not condoned within this institution and {insert relevant job
title here} is authorised to undertake disciplinary action where such event occurs. IT
Policy and Procedure Manual Page 13 of 30 Breach of Policy Where there is a breach
of this policy by an employee, that employee will be referred to {insert relevant job title
here} for {insert consequence here, such as further consultation, reprimand action etc.}
Where an employee is aware of a breach of the use of software in accordance with this
policy, they are obliged to notify {insert relevant job title here} immediately. In the event
that the breach is not reported and it is determined that an employee failed to report the
breach, then that employee will be referred to {insert relevant job title here} for {insert
consequence here, such as further consultation, reprimand action etc.} Additional
Policies for Use of Software Guidance: add, link or remove the policies listed below as
required. Technology Hardware Policy Obtaining Software policy IT Policy and
Procedure Manual Page 14 of 30 Bring Your Own Device Policy Policy Number: {insert
unique number} Policy Date: {insert date of policy} Guidance: Edit this policy so it suits
your needs. At {Municipality Name} we acknowledge the importance of mobile
technologies in improving institution communication and productivity. In addition to the
increased use of mobile devices, staff members have requested the option of
connecting their own mobile devices to {Municipality Name}'s network and equipment.
We encourage you to read this document in full and to act upon the recommendations.
This policy should be read and carried out by all staff. Purpose of the Policy This policy
provides guidelines for the use of personally owned notebooks, smart phones, tablets
and {insert other types of mobile devices} for institution purposes. All staff who use or
access {Municipality Name}'s technology equipment and/or services are bound by the
conditions of this Policy. Procedures Current mobile devices approved for institution use
The following personally owned mobile devices are approved to be used for institution
purposes: {insert type of approved mobile devices such as notebooks, smart phones,
tablets, iPhone, removable media etc.} {insert type of approved mobile devices such
as notebooks, smart phones, tablets, iPhone, removable media etc.} {insert type of
approved mobile devices such as smart phones, tablets, iPhone etc.} {insert type of
approved mobile devices such as notebooks, smart phones, tablets, iPhone,
removable media etc.}. IT Policy and Procedure Manual Page 15 of 30 Registration of
personal mobile devices for institution use Guidance: You will need to consider if the
institution is to have any control over the applications that are used for institution
purposes and/or used on the personal devices. Employees when using personal
devices for institution use will register the device with {insert relevant job title or
department here}. {insert relevant job title or department here} will record the device and
all applications used by the device. Personal mobile devices can only be used for the
following institution purposes: {insert each type of approved use such as email access,
institution internet access, institution telephone calls etc.} {insert each type of
approved use such as email access, institution internet access, institution telephone
calls etc.} {insert each type of approved use such as email access, institution internet
access, institution telephone calls etc.}. Each employee who utilises personal mobile
devices agrees: Not to download or transfer institution or personal sensitive information
to the device. Sensitive information includes {insert types of institution or personal
information that you consider sensitive to the institution, for example intellectual
property, other employee details etc.} Not to use the registered mobile device as the
sole repository for {Municipality Name}'s information. All institution information stored
on mobile devices should be backed up To make every reasonable effort to ensure that
{Municipality Name}'s information is not compromised through the use of mobile
equipment in a public place. Screens displaying sensitive or critical information should
not be seen by unauthorised persons and all registered devices should be password
protected To maintain the device with {insert maintenance requirements of mobile
devices such as current operating software, current security software etc.} IT Policy
and Procedure Manual Page 16 of 30 Not to share the device with other individuals to
protect the institution data access through the device To abide by {Municipality
Name}'s internet policy for appropriate use and access of internet sites etc. To notify
{Municipality Name} immediately in the event of loss or theft of the registered device
Not to connect USB memory sticks from an untrusted or unknown source to
{Municipality Name}'s equipment. All employees who have a registered personal mobile
device for institution use acknowledge that the institution: Owns all intellectual property
created on the device Can access all data held on the device, including personal
data Will regularly back-up data held on the device Will delete all data held on the
device in the event of loss or theft of the device Has first right to buy the device where
the employee wants to sell the device Will delete all data held on the device upon
termination of the employee. The terminated employee can request personal data be
reinstated from back up data Has the right to deregister the device for institution use at
any time. Keeping mobile devices secure The following must be observed when
handling mobile computing devices (such as notebooks and iPads): Mobile computer
devices must never be left unattended in a public place, or in an unlocked house, or in
a motor vehicle, even if it is locked. Wherever possible they should be kept on the
person or securely locked away Cable locking devices should also be considered for
use with laptop computers in public places, e.g. in a seminar or conference, even when
the laptop is attended Mobile devices should be carried as hand luggage when
travelling by aircraft. IT Policy and Procedure Manual Page 17 of 30 Exemptions This
policy is mandatory unless {insert relevant job title or department here} grants an
exemption. Any requests for exemptions from any of these directives, should be
referred to the {insert relevant job title or department here}. Breach of this policy Any
breach of this policy will be referred to {insert relevant job title} who will review the
breach and determine adequate consequences, which can include { insert
consequences here such as confiscation of the device and or termination of
employment.} Indemnity {Municipality Name} bears no responsibility whatsoever for any
legal action threatened or started due to conduct and activities of staff in accessing or
using these resources or facilities. All staff indemnify {Municipality Name} against any
and all damages, costs and expenses suffered by {Municipality Name} arising out of any
unlawful or improper conduct and activity, and in respect of any action, settlement or
compromise, or any statutory infringement. Legal prosecution following a breach of
these conditions may result independently from any action by {Municipality Name}.
Additional Policies for Institution Mobile Phone Use Guidance: add, link or remove the
policies listed below as required. Technology Hardware Purchasing Policy Use of
Software policy Purchasing Policy IT Policy and Procedure Manual Page 18 of 30
Information Technology Security Policy Policy Number: {insert unique number} Policy
Date: {insert date of policy} Guidance: This policy should be read and carried out by all
staff. Edit this policy so it suits your needs. Purpose of the Policy This policy provides
guidelines for the protection and use of information technology assets and resources
within the institution to ensure integrity, confidentiality and availability of data and
assets. Procedures Physical Security For all servers, mainframes and other network
assets, the area must be secured with adequate ventilation and appropriate access
through {insert relevant security measure here, such as keypad, lock etc.} It will be the
responsibility of {insert relevant job title here} to ensure that this requirement is followed
at all times. Any employee becoming aware of a breach to this security requirement is
obliged to notify {insert relevant job title here} immediately. All security and safety of all
portable technology, {insert relevant types here, such as laptop, notepads, iPad etc.} will
be the responsibility of the employee who has been issued with the {insert relevant
types here, such as laptop, notepads, iPads, mobile phones etc.}. Each employee is
required to use {insert relevant types here, such as locks, passwords, etc.} and to
ensure the asset is kept safely at all times to protect the security of the asset issued to
them. In the event of loss or damage, {insert relevant job title here} will assess the
security measures undertaken to determine if the employee will be required to
reimburse the institution for the loss or damage. IT Policy and Procedure Manual Page
19 of 30 All {insert relevant types here, such as laptop, notepads, iPads etc.} when kept
at the office desk is to be secured by {insert relevant security measure here, such as
keypad, lock etc.} provided by {insert relevant job title here} Information Security All
{insert relevant data to be backed up here – either general such as sensitive, valuable,
or critical institution data or provide a checklist of all data to be backed up } is to be
backed-up. It is the responsibility of {insert relevant job title here} to ensure that data
back-ups are conducted {insert frequency of back-ups here} and the backed up data is
kept {insert where back up data is to be kept e.g. cloud, offsite venue, employees home
etc. here} All technology that has internet access must have anti-virus software
installed. It is the responsibility of {insert relevant job title here} to install all anti-virus
software and ensure that this software remains up to date on all technology used by the
institution. All information used within the institution is to adhere to the privacy laws and
the institution’s confidentiality requirements. Any employee breaching this will be {insert
relevant consequence here} Technology Access Every employee will be issued with a
unique identification code to access the institution technology and will be required to set
a password for access every {insert frequency here} Each password is to be {insert
rules relating to password creation here, such as number of alpha and numeric etc.} and
is not to be shared with any employee within the institution. {insert relevant job title
here} is responsible for the issuing of the identification code and initial password for all
employees. Where an employee forgets the password or is ‘locked out’ after {insert a
number here e.g. three attempts}, then {insert relevant job title here} is authorised to
reissue a new initial password that will be required to be changed when the employee
logs in using the new initial password. The following table provides the authorisation of
access: Technology – Hardware/ Software Persons authorised for access IT Policy and
Procedure Manual Page 20 of 30 Technology – Hardware/ Software Persons authorised
for access {insert name or type of technology here} {insert authorised persons or job
titles here} {insert name or type of technology here} {insert authorised persons or job
titles here} {insert name or type of technology here} {insert authorised persons or job
titles here} {insert name or type of technology here} {insert authorised persons or job
titles here} Employees are only authorised to use institution computers for personal use
{insert when this is allowable and what they can personally use it for here, such as
internet usage etc.} For internet and social media usage, refer to the Human Resources
Manual. It is the responsibility of {insert relevant job title here} to keep all procedures for
this policy up to date. Additional Policies for Information Technology Security Guidance:
add, link or remove the policies listed below as required. Emergency Management of
Information Technology Policy Information Technology Administration Policy IT Policy
and Procedure Manual Page 21 of 30 Information Technology Administration Policy
Policy Number: {insert unique number} Policy Date: {insert date of policy} Guidance:
This policy should be read and carried out by all staff. Edit this policy so it suits your
needs. Purpose of the Policy This policy provides guidelines for the administration of
information technology assets and resources within the institution. Procedures All
software installed and the licence information must be registered on the {insert where
these records are to be kept}. It is the responsibility of {insert relevant job title here} to
ensure that this registered is maintained. The register must record the following
information: What software is installed on every machine What licence agreements
are in place for each software package Renewal dates if applicable. {insert relevant
job title here} is responsible for the maintenance and management of all service
agreements for the institution technology. Any service requirements must first be
approved by {insert relevant job title here}. {insert relevant job title here} is responsible
for maintaining adequate technology spare parts and other requirements including
{insert specific technology requirements here, such as toners, printing paper etc.} A
technology audit is to be conducted {insert frequency here e.g. annually} by {insert
relevant job title here} to ensure that all information technology policies are being
adhered to. IT Policy and Procedure Manual Page 22 of 30 Any unspecified technology
administration requirements should be directed to {insert relevant job title here}
Additional Policies for Information Technology Administration Guidance: add, link or
remove the policies listed below as required. IT Service Agreements Policy Purchasing
Policy IT Policy and Procedure Manual Page 23 of 30 Website Policy Policy Number:
{insert unique number} Policy Date: {insert date of policy} Guidance: This policy should
be read and carried out by all staff. Edit this policy so it suits your needs. Purpose of the
Policy This policy provides guidelines for the maintenance of all relevant technology
issues related to the institution website. Procedures Website Register The website
register must record the following details: • List of domain names registered to the
institution • Dates of renewal for domain names • List of hosting service providers •
Expiry dates of hosting {insert any other records to be kept in relation to your institution
website here}. The keeping the register up to date will be the responsibility of {insert
relevant job title here}. {insert relevant job title here} will be responsible for any renewal
of items listed in the register. Website Content All content on the institution website is to
be accurate, appropriate and current. This will be the responsibility of {insert relevant
job title here} All content on the website must follow {insert relevant institution
requirements here where applicable, such as a institution or content plan etc.} IT Policy
and Procedure Manual Page 24 of 30 The content of the website is to be reviewed
{insert frequency here} The following persons are authorised to make changes to the
institution website: {insert relevant job title here} {insert relevant job title here} {insert
relevant job title here} Basic branding guidelines must be followed on websites to
ensure a consistent and cohesive image for the institution. All data collected from the
website is to adhere to the Privacy Act Additional Policies for Website Policy Guidance:
add, link or remove the policies listed below as required. Information Technology
Security Policy Emergency Management of Information Technology policy IT Policy and
Procedure Manual Page 25 of 30 Electronic Transactions Policy Policy Number: {insert
unique number} Policy Date: {insert date of policy} Guidance: This policy should be read
and carried out by all staff. Edit this policy so it suits your needs. Purpose of the Policy
This policy provides guidelines for all electronic transactions undertaken on behalf of the
institution. The objective of this policy is to ensure that use of electronic funds transfers
and receipts are started, carried out, and approved in a secure manner. Procedures
Electronic Funds Transfer (EFT) It is the policy of {Municipality Name} that all payments
and receipts should be made by EFT where appropriate. All EFT payments and receipts
must adhere to all finance policies in the Financial policies and procedures manual. All
EFT arrangements, including receipts and payments must be submitted to {insert
relevant department of the institution here, e.g. finance department}. EFT payments
must have the appropriate authorisation for payment in line with the financial
transactions policy in the Financial policies and procedures manual. EFT payments
must be appropriately recorded in line with finance policy in the Financial policies and
procedures manual. EFT payments once authorised, will be entered into the {insert title
of payment system here e.g. NAB online system} by {insert relevant job title here} IT
Policy and Procedure Manual Page 26 of 30 EFT payments can only be released for
payment once pending payments have been authorised by {insert relevant job title here}
For good control over EFT payments, ensure that the persons authorising the payments
and making the payment are not the same person. All EFT receipts must be reconciled
to customer records {insert frequency here e.g. once a week etc.} Where EFT receipt
cannot be allocated to customer account, it is responsibility of {insert relevant job title
here} to investigate. In the event that the customer account cannot be identified within
{insert length of time here, such as one month} the receipted funds must be {insert
action here such as allocated to suspense account or returned to source etc.}. {insert
relevant job title here} must authorise this transaction. It is the responsibility of {insert
relevant job title here} to annually review EFT authorisations for initial entry, alterations,
or deletion of EFT records, including supplier payment records and customer receipt
records. Electronic Purchases All electronic purchases by any authorised employee
must adhere to the purchasing policy in the Financial policies and procedures manual.
Where an electronic purchase is being considered, the person authorising this
transaction must ensure that the internet sales site is secure and safe and be able to
demonstrate that this has been reviewed. All electronic purchases must be undertaken
using institution credit cards only and therefore adhere to the institution credit card
policy in the Financial policies and procedures manual. Additional Policies for Electronic
Transactions Policy Guidance: add, link or remove the policies listed below as required.
Information Technology Security Policy Finance Policies IT Policy and Procedure
Manual Page 27 of 30 IT Service Agreements Policy Policy Number: {insert unique
number} Policy Date: {insert date of policy} Guidance: This policy should be read and
carried out by all staff. Edit this policy so it suits your needs. Purpose of the Policy This
policy provides guidelines for all IT service agreements entered into on behalf of the
institution. Procedures The following IT service agreements can be entered into on
behalf of the institution: Guidance: Insert the acceptable IT services for your institution –
the following dot points will assist. Provision of general IT services Provision of
network hardware and software Repairs and maintenance of IT equipment Provision
of institution software Provision of mobile phones and relevant plans Website design,
maintenance etc. {insert type of IT service here}. All IT service agreements must be
reviewed by {insert who should review, recommended lawyer or solicitor} before the
agreement is entered into. Once the agreement has been reviewed and
recommendation for execution received, then the agreement must be approved by
{insert relevant job title here} IT Policy and Procedure Manual Page 28 of 30 All IT
service agreements, obligations and renewals must be recorded {insert where the
agreements are to be recorded here} Where an IT service agreement renewal is
required, in the event that the agreement is substantially unchanged from the previous
agreement, then this agreement renewal can be authorised by {insert relevant job title
here}. Where an IT service agreement renewal is required, in the event that the
agreement has substantially changed from the previous agreement, {insert who should
review, recommended lawyer or solicitor} before the renewal is entered into. Once the
agreement has been reviewed and recommendation for execution received, then the
agreement must be approved by {insert relevant job title here} In the event that there is
a dispute to the provision of IT services covered by an IT service agreement, it must be
referred to {insert relevant job title here} who will be responsible for the settlement of
such dispute. Additional Policies for IT Services Policy Guidance: add, link or remove
the policies listed below as required. Technology Hardware Purchasing Policy IT Policy
and Procedure Manual Page 29 of 30 Emergency Management of Information
Technology Policy Number: {insert unique number} Policy Date: {insert date of policy}
Guidance: This policy should be read and carried out by all staff. Edit this policy so it
suits your needs. Purpose of the Policy This policy provides guidelines for emergency
management of all information technology within the institution. Procedures IT
Hardware Failure Where there is failure of any of the institution’s hardware, this must be
referred to {insert relevant job title here} immediately. It is the responsibility of {insert
relevant job title here} to {insert relevant actions that should be undertaken here} in the
event of IT hardware failure. It is the responsibility of {insert relevant job title here} to
undertake tests on planned emergency procedures {insert frequency here,
recommended quarterly} to ensure that all planned emergency procedures are
appropriate and minimise disruption to institution operations. Point of Sale Disruptions
In the event that point of sale (POS) system is disrupted, the following actions must be
immediately undertaken: Guidance: Insert the actions required for your institution – the
following dot points will assist. POS provider to be notified {insert relevant job title
here} must be notified immediately All POS transactions to be taken using the manual
machine located below the counter IT Policy and Procedure Manual Page 30 of 30 For
all manual POS transactions, customer signatures must be verified {insert other
relevant emergency actions here} {insert other relevant emergency actions here}.
Virus or other security breach In the event that the institution’s information technology is
compromised by software virus or {insert other relevant possible security breaches
here} such breaches are to be reported to {insert relevant job title here} immediately.
{insert relevant job title here} is responsible for ensuring that any security breach is dealt
with within {insert relevant timeframe here} to minimise disruption to institution
operations. Website Disruption In the event that institution website is disrupted, the
following actions must be immediately undertaken: Guidance: Insert the actions
required for your institution – the following dot points will assist. Website host to be
notified {insert relevant job title here} must be notified immediately {insert other
relevant emergency actions here} {insert other relevant emergency actions here}