1

FOREST HILLS ACADEMY OF BAYUGAN CITY, INC.

Magkiangkang, Bayugan City
“The School That Trains Leaders”

COMPUTER SYSTEM
SERVICING - NCII
4th Quarter - CSS 5 & 6

Name of Student :____________________________________Year Level: ______________________

Address :____________________________________________________________________

SALOME MONTEBON SALAZAR

TEACHER

mei.montebon
FACEBOOK ACCOUNT

[email protected]
GMAIL ACCOUNT

09389148744
CONTACT NUMBER
 2

SETTING-UP COMPUTER
SERVERS

Learning Outcomes:
At the end of this Lesson you are expected to do the
following:

LO 1. Setup user access

LO 2. Configure Network Services

LO 3. Perform testing, documentation, and pre-deployment procedures

 3

LO 1 SETUP USER ACCESS

LEARNING COMPETENCIES

 Create user folder in accordance with Networkoperating system features.

 Establish network access policies/end userrequirements.

 Perform security check in accordance withestablished network access policies/end user

requirements.

LET’S EXPLORE!

How do you setup user access? _________________________________________

LET’S FIND OUT!

Features of Network Operating Systems

By Scott Yoder

A network operating system is a software application that provides a platform for both the functionality of an individual computer and
for multiple computers within an interconnected network. Basically, a network operating system controls other software and computer
hardware to run applications, share resources, protect data and establish communication. Individual computers run client operating
systems, while network systems create the software infrastructure for wireless, local and wide area networks to function.

Basic Operating Features

Network operating systems support the basic underlying operating features of networks. These include support for processors and the
various protocols that allow computers to share data. Many network operating systems can detect hardware within the system to allow
for asset discovery within the network. Also, network operating systems support the processing of other software applications that run
on both individual computers and within the network.

Security Features

Network operating systems support a number of security features that control access to the network. These include authorization and
permission for access to the network, with specific control of features such as user management, log-on controls and passwords.
Systems also provide access control for features such as remote access and network monitoring.

Networking

A network operating system is the platform on which computer networking takes place. Basic features allow for file, print and Internet
connections. Data backup and replication functions are controlled through the network operating system. The management of
connective systems for local and wide area networks (LANs and WANs), such as routing, switches and other ports are configured and
managed through network operating system features.

The Advantages of a Relational Database Management System

By Deborah Lee Soltesz

A Relational Database Management System (RDBMS) is a software system that provides access to a relational database. The software
system is a collection of software applications that can be used to create, maintain, manage and use the database. A "relational
database" is a database structured on the "relational" model. Data are stored and presented in a tabular format, organized in rows and
columns with one record per row.

Data Structure
 4

The table format is simple and easy for database users to understand and use. RDBMSs provide data access using a natural structure
and organization of the data. Database queries can search any column for matching entries.

Multi-User Access

RDBMSs allow multiple database users to access a database simultaneously. Built-in locking and transactions management
functionality allow users to access data as it is being changed, prevents collisions between two users updating the data, and keeps
users from accessing partially updated records.

Privileges

Authorization and privilege control features in an RDBMS allow the database administrator to restrict access to authorized users, and
grant privileges to individual users based on the types of database tasks they need to perform. Authorization can be defined based on
the remote client IP address in combination with user authorization, restricting access to specific external computer systems.

Network Access

RDBMSs provide access to the database through a server daemon, a specialized software program that listens for requests on a
network, and allows database clients to connect to and use the database. Users do not need to be able to log in to the physical
computer system to use the database, providing convenience for the users and a layer of security for the database. Network access
allows developers to build desktop tools and Web applications to interact with databases.

Speed

The relational database model is not the fastest data structure. RDBMS advantages, such as simplicity, make the slower speed a fair
trade-off. Optimizations built into an RDBMS, and the design of the databases, enhance performance, allowing RDBMSs to perform
more than fast enough for most applications and data sets. Improvements in technology, increasing processor speeds and decreasing
memory and storage costs allow systems administrators to build incredibly fast systems that can overcome any database performance
shortcomings.

Maintenance

RDBMSs feature maintenance utilities that provide database administrators with tools to easily maintain, test, repair and back up the
databases housed in the system. Many of the functions can be automated using built-in automation in the RDBMS, or automation tools
available on the operating system.

Language

RDBMSs support a generic language called "Structured Query Language" (SQL). The SQL syntax is simple, and the language uses
standard English language keywords and phrasing, making it fairly intuitive and easy to learn. Many RDBMSs add non-SQL,
database-specific keywords, functions and features to the SQL language.

Network Operating System (NOS)

BySarah Lewis, Technical Writer

A network operating system (NOS) is a computer operating system (OS) that is designed primarily to support workstations, personal
computers and, in some instances, older terminals that are connected on a local area network (LAN). The software behind a NOS
allows multiple devices within a network to communicate and share resources with each other.

The composition of hardware that typically uses a NOS includes a number of personal computers, a printer, a server and file
server with a local network that connects them together. The role of the NOS is to then provide basic network services and features
that support multiple input requests simultaneously in a multiuser environment.

Due to earlier versions of basic operating systems not being designed for network use, network operating systems emerged as a
solution for single-user computers.

Types of network operating systems

There are two basic types of network operating systems, the peer-to-peer NOS and the client/server NOS:

Peer-to-peer network operating systems allow users to share network resources saved in a common, accessible network location. In
this architecture, all devices are treated equally in terms of functionality. Peer-to-peer usually works best for small to medium LANs
and is cheaper to set up.

Client/server network operating systems provide users with access to resources through a server. In this architecture, all functions and
applications are unified under one file server that can be used to execute individual client actions regardless of physical location.
 5

Client/server tends to be most expensive to implement and requires a large amount of technical maintenance. An advantage to the
client/server model is that the network is controlled centrally, makes changes or additions to technology easier to incorporate.

Common features of network operating systems

Features of network operating systems are typically associated with user administration, system maintenance and resource
management functionality. This includes:

 Basic support for operating systems like protocol and processor support, hardware detection and multiprocessing.

 Printer and application sharing.

 Common file system and database sharing.

 Network security capabilities such as user authentication and access control.

 Directory

 Backup and web services.

 Internetworking.

Examples of network operating systems:

True network operating systems are categorized as software that enhances the functionality of operating systems by providing added
network features. A few examples of these network operating systems and their service providers are:

Artisoft’s LANtastic- This is a simple, user-friendly NOS that supports most PC operating systems.

Banyan’s VINES- This uses a client-server architecture to request specific functions and services.

Novell’s NetWare- This was the first network operating system to be released and is designed based on XNS protocol architecture.

Microsoft’s LAN Manager- This operates as a server application and was developed to run under the Microsoft OS. Now, most of the
functionality of LAN Manager is included in the Windows OS itself.

In addition, some multi-purpose operating systems, such as Windows NT and Digital's OpenVMS come with capabilities that enable
them to be described as a network operating system. Further, the most popular operating systems
like Windows, Unix, Linux and Mac include built-in networking functions that may not require additional network services.

Steps on how to set up user access

Configuring User Access

1. Navigate to Settings > Administration Settings and select Manage User Roles.

2. In the View Role List of list, select Finance .
3. Click Add new role. ...
4. Enter the Role Name.
5. Optionally, enter a Description for the custom role.
6. Select the permissions that you want to set for the role.
7. Click save.

What Have You Learned So Far?

Enumeration:

1. Types of network operating systems 3. Steps on how to set up user access

2. Common features of network operating systems

1.
Security Policies
 6

Every organization has something that someone else wants. Someone might want that something for himself, or he might want the
satisfaction of denying something to its rightful owner. Your assets are what need the protection of a security policy.

Determine what your assets are by asking (and answering) the following questions:

 What do you have that others want?

 What processes, data, or information systems are critical to you, your company, or your organization?
 What would stop your company or organization from doing business or fulfilling its mission?

The answers identify assets in a wide range, including critical databases, vital applications, vital company customer and employee
information, classified commercial information, shared drives, email servers, and web servers.

A security policy comprises a set of objectives for the company, rules of behavior for users and administrators, and requirements for
system and management that collectively ensure the security of network and computer systems in an organization. A security policy is
a “living document,” meaning that the document is never finished and is continuously updated as technology and employee
requirements change.

The security policy translates, clarifies, and communicates the management position on security as defined in high-level security
principles. The security policy acts as a bridge between these management objectives and specific security requirements. It informs
users, staff, and managers of their obligatory requirements for protecting technology and information assets. It should specify the
mechanisms that you need to meet these requirements. It also provides a baseline from which to acquire, configure, and audit
computer systems and networks for compliance with the security policy. Therefore, an attempt to use a set of security tools in the
absence of at least an implied security policy is meaningless.

The three reasons for having a security policy are as follows:

 To inform users, staff, and managers

 To specify mechanisms for security
 To provide a baseline

One of the most common security policy components is an acceptable use policy (AUP). This component defines what users are
allowed and not allowed to do on the various components of the system, including the type of traffic that is allowed on the networks.
The AUP should be as explicit as possible to avoid ambiguity or misunderstanding. For example, an AUP might list the prohibited
website categories.

NOTE: Some sites refer to an acceptable use policy as an appropriate use policy.

A properly defined security policy does the following:

 Protects people and information

 Sets the rules for expected behavior
 Authorizes staff to monitor, probe, and investigate
 Defines the consequences of violations

The audience for the security policy is anyone who might have access to your network, including employees, contractors, suppliers,
and customers. However, the security policy should treat each of these groups differently.

The audience determines the content of the policy. For example, you probably do not need to include a description of why something
is necessary in a policy that is intended for the technical staff. You can assume that the technical staff already knows why a particular
requirement is included. Managers are also not likely to be interested in the technical aspects of why a particular requirement is
needed. However, they might want the high-level overview or the principles supporting the requirement. When end users know why a
particular security control has been included, they are more likely to comply with the policy.

In the policy, users can be organized into two audiences:

 Internal audience

o Managers and executives

o Departments and business units
o Technical staff
o End users
 7

 External audience

o Partners
o Customers
o Suppliers
o Consultants and contractors

One document will not likely meet the needs of the entire audience of a large organization. The goal is to ensure that the information
security policy documents are coherent with its audience needs.

Security Policy Components

Figure 1-14 shows the hierarchy of a corporate policy structure that is aimed at effectively meeting the needs of all audiences.

Figure 1-14. Components of a Comprehensive Security Policy

Most corporations should use a suite of policy documents to meet their wide and varied needs:

 Governing policy: This policy is a high-level treatment of security concepts that are important to the company. Managers
and technical custodians are the intended audience. The governing policy controls all security-related interaction among
business units and supporting departments in the company. In terms of detail, the governing policy answers the “what”
security policy questions.
 End-user policies: This document covers all security topics important to end users. In terms of detail level, end-user policies
answer the “what,” “who,” “when,” and “where” security policy questions at an appropriate level of detail for an end user.
 Technical policies: Security staff members use technical policies as they carry out their security responsibilities for the
system. These policies are more detailed than the governing policy and are system or issue specific (for example, access
control or physical security issues). In terms of detail, technical policies answer the “what,” “who,” “when,” and “where”
security policy questions. The “why” is left to the owner of the information.

NOTE:

To assist you at drafting your security policies, consider the SANS security policies repository
at http://www.sans.org/resources/policies.

For readers interested in security policies for academic institutions, visit the University of Toronto’s Computer Security
Administration website for a comprehensive example of a network security policy for a higher education
institution: http://www.cns.utoronto.ca/newsite/documentation/policies/policy_5.htm

Governing Policy

The governing policy outlines the security concepts that are important to the company for managers and technical custodians:

 It controls all security-related interactions among business units and supporting departments in the company.
 It aligns closely with not only existing company policies, especially human resource policies, but also any other policy that
mentions security-related issues, such as issues concerning email, computer use, or related IT subjects.
 It is placed at the same level as all companywide policies.
 It supports the technical and end-user policies.
 It includes the following key components:

o A statement of the issue that the policy addresses

o A statement about your position as IT manager on the policy
o How the policy applies in the environment
 8

o The roles and responsibilities of those affected by the policy

o What level of compliance to the policy is necessary
o Which actions, activities, and processes are allowed and which are not
o What the consequences of noncompliance are

End-User Policies

End-user policies are compiled into a single policy document that covers all the topics pertaining to information security that end users
should know about, comply with, and implement. This policy may overlap with the technical policies and is at the same level as a
technical policy. Grouping all the end-user policies together means that users have to go to only one place and read one document to
learn everything that they need to do to ensure compliance with the company security policy.

Technical Policies

Security staff members use the technical policies in the conduct of their daily security responsibilities. These policies are more
detailed than the governing policy and are system or issue specific (for example, router security issues or physical security issues).
These policies are essentially security handbooks that describe what the security staff does, but not how the security staff performs its
functions.

The following are typical policy categories for technical policies:

 General policies

o Acceptable use policy (AUP): Defines the acceptable use of equipment and computing services, and the
appropriate security measures that employees should take to protect the corporate resources and proprietary
information.
o Account access request policy: Formalizes the account and access request process within the organization. Users
and system administrators who bypass the standard processes for account and access requests may cause legal action
against the organization.
o Acquisition assessment policy: Defines the responsibilities regarding corporate acquisitions and defines the
minimum requirements that the information security group must complete for an acquisition assessment.
o Audit policy: Use to conduct audits and risk assessments to ensure integrity of information and resources,
investigate incidents, ensure conformance to security policies, or monitor user and system activity where
appropriate.
o Information sensitivity policy: Defines the requirements for classifying and securing information in a manner
appropriate to its sensitivity level.
o Password policy: Defines the standards for creating, protecting, and changing strong passwords.
o Risk-assessment policy: Defines the requirements and provides the authority for the information security team to
identify, assess, and remediate risks to the information infrastructure that is associated with conducting business.
o Global web server policy: Defines the standards that are required by all web hosts.

 Email policies

o Automatically forwarded email policy: Documents the policy restricting automatic email forwarding to an
external destination without prior approval from the appropriate manager or director.
o Email policy: Defines the standards to prevent tarnishing the public image of the organization.
o Spam policy: The AUP covers spam.

 Remote-access policies

o Dial-in access policy: Defines the appropriate dial-in access and its use by authorized personnel.
o Remote-access policy: Defines the standards for connecting to the organization network from any host or network
external to the organization.
o VPN security policy: Defines the requirements for remote-access IP Security (IPsec) or Layer 2 Tunneling Protocol
(L2TP) VPN connections to the organization network.

 Personal device and phone policies

o Analog and ISDN line policy: Defines the standards to use analog and ISDN lines for sending and receiving faxes
and for connection to computers.
o Personal communication device policy: Defines the information security’s requirements for personal
communication devices, such as voicemail, smartphones, tablets, and so on.
 9

 Application policies

o Acceptable encryption policy: Defines the requirements for encryption algorithms that are used within the
organization.
o Application service provider (ASP) policy: Defines the minimum security criteria that an ASP must execute
before the organization uses the ASP’s services on a project.
o Database credentials coding policy: Defines the requirements for securely storing and retrieving database
usernames and passwords.
o Interprocess communications policy: Defines the security requirements that any two or more processes must meet
when they communicate with each other using a network socket or operating system socket.
o Project security policy: Defines requirements for project managers to review all projects for possible security
requirements.
o Source code protection policy: Establishes minimum information security requirements for managing product
source code.

 Network policies

o Extranet policy: Defines the requirement that third-party organizations that need access to the organization
networks must sign a third-party connection agreement.
o Minimum requirements for network access policy: Defines the standards and requirements for any device that
requires connectivity to the internal network.
o Network access standards: Defines the standards for secure physical port access for all wired and wireless network
data ports.
o Router and switch security policy: Defines the minimal security configuration standards for routers and switches
inside a company production network or used in a production capacity.
o Server security policy: Defines the minimal security configuration standards for servers inside a company
production network or used in a production capacity.

 Wireless communication policy: Defines standards for wireless systems that are used to connect to the organization
networks.
 Document retention policy: Defines the minimal systematic review, retention, and destruction of documents received or
created during the course of business. The categories of retention policy are, among others:

o Electronic communication retention policy: Defines standards for the retention of email and instant messaging.
o Financial retention policy: Defines standards for the retention of bank statements, annual reports, pay records,
accounts payable and receivable, and so on.
o Employee records retention policy: Defines standards for the retention of employee personal records.
o Operation records retention policy: Defines standards for the retention of past inventories information, training
manuals, suppliers lists, and so forth.

Standards, Guidelines, and Procedures

Security policies establish a framework within which to work, but they are too general to be of much use to individuals responsible for
implementing these policies. Because of this, other, more-detailed documents exist. Among the more important of these detailed
documents are the standards, guidelines, and procedures documents.

Whereas policy documents are very much high-level overview documents, the standards, guidelines, and procedures documents are
documents that the security staff will use regularly to implement the security policies.

Standards

Standards enable an IT staff to be consistent. They specify the use of specific technologies so that IT staff members can narrow the
focus of their expertise to those technologies instead of trying to know everything about all sorts of technologies. Standards also try to
provide consistency in the network, because supporting multiple versions of hardware and software is unreasonable unless it is
necessary. The most successful IT organizations have standards to improve efficiency and to keep things as simple as possible.

Standardization also applies to security. One of the most important security principles is consistency. If you support 100 routers, it is
important that you configure all 100 routers as similarly as possible. If you do not do this, it is difficult to maintain security. When you
do not strive for the simplest of solutions, you usually fail in being secure.
 10

Guidelines

Guidelines help provide a list of suggestions on how you can do things better.

Guidelines are similar to standards, but are more flexible and are not usually mandatory. You will find some of the best guidelines
available in repositories known as “best practices.” The following is a list of widely available guidelines:

 National Institute of Standards and Technology (NIST) Computer Security Resource Center; http://csrc.nist.gov/
 National Security Agency (NSA) Security Configuration
Guides; http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/index.shtml
 The Common Criteria for Information Technology Security Evaluation; http://www.commoncriteriaportal.org/
 Defense Information Systems Agency (DISA) Field Security Operations Office – Security Technical Information Guides
(STIG); http://iase.disa.mil/stigs/

NOTE

Note that the Rainbow Series from NIST was historically a reliable source for InfoSec guidelines but is now outdated.

Procedures

Procedure documents are longer and more detailed than the standards and guidelines documents. Procedure documents include the
details of implementation, usually with step-by-step instructions and graphics. Procedure documents are extremely important for large
organizations to enable them to have the consistency of deployment that is necessary to have a secure environment. Inconsistency is
the enemy of security.

Table 1-6 provides a comparative chart for standards, guidelines, and procedures, which accompany security policies.

Table 1-6. Comparison Between Standards, Guidelines, Procedures

Characteristics

Standards Specify the use of specific technologies in a uniform way

Improve efficiency

Are usually mandatory

Accomplish consistency and uniformity

Guidelines Are similar to standards, but more flexible and not usually mandatory
Can be used to define how standards should be developed or to guarantee adherence to general security policies

Include NIST Computer Security Resource Center, NSA Security Configuration Guides, Common Criteria, and others

Procedure Are usually required

s
Are the lowest level of the policy chain

Provide detailed steps used to perform specific tasks

Provide the steps required to implement the policies, standards, and guidelines

Are also known as practices

Security Policy Roles and Responsibilities

In any organization, it is senior management, such as the CEO, that is always ultimately responsible for everything. Typically, senior
management only oversees the development of a security policy. The creation and maintenance of a security policy is usually
delegated to the people in charge of IT or security operations.
 11

Sometimes the senior security or IT management personnel, such as the chief security officer (CSO), the chief information officer
(CIO), or the chief information security officer (CISO), will have the expertise to create the policy, sometimes they will delegate it,
and sometimes it will be a bit of both strategies. But the senior security person is always intimately involved in the development and
maintenance of security policy. Guidelines can provide a framework for policy decision making.

Senior security staff is often consulted for input on a proposed policy project. They might even be responsible for the development and
maintenance of portions of the policy. It is more likely that senior staff will be responsible for the development of standards and
procedures.

Everyone else who is involved in the security policy has the duty to abide by it. Many policy statements will include language that
refers to a potential loss of employment for violation of the policy. IT staff and end users alike are responsible to know the policy and
follow it.

Security Awareness

Technical, administrative, and physical controls can all be defeated without the participation of the end-user community.

To get accountants, administrative assistants, and other end users to think about information security, you must regularly remind them
about security. The technical staff also needs regular reminders because their jobs tend to emphasize performance, such as introducing
new technologies, increasing throughput, and the like, rather than secure performance, such as how many attacks they repelled.
Therefore, leadership must develop a non-intrusive program that keeps everyone aware of security and how to work together to
maintain the security of their data. The three key components used to implement this type of program are awareness, training, and
education.

An effective computer security-awareness and training program requires proper planning, implementation, maintenance, and periodic
evaluation. In general, a computer security-awareness and training program should encompass the following seven steps:

Step 1. Identify program scope, goals, and objectives.

The scope of the program should provide training to all types of people who interact with IT systems. Because users need training that
relates directly to their use of particular systems, you need to supplement a large, organization-wide program with more system-
specific programs.

Step 2. Identify training staff.

It is important that trainers have sufficient knowledge of computer security issues, principles, and techniques. It is also vital that they
know how to communicate information and ideas effectively.

Step 3. Identify target audiences.

Not everyone needs the same degree or type of computer security information to do his or her job. A computer security-awareness and
training program that distinguishes between groups of people, presents only the information that is needed by the particular audience,
and omits irrelevant information will have the best results.

Step 4. Motivate management and employees.

To successfully implement an awareness and training program, it is important to gain the support of management and employees.
Consider using motivational techniques to show management and employees how their participation in a computer security and
awareness program will benefit the organization.

Step 5. Administer the program.

Several important considerations for administering the program include visibility, selection of appropriate training methods, topics,
and materials, and presentation techniques.

Step 6. Maintain the program.

You should make an effort to keep abreast of changes in computer technology and security requirements. A training program that
meets the needs of an organization today may become ineffective when the organization starts to use a new application or changes its
environment, such as by connecting to the Internet.

Step 7. Evaluate the program.

An evaluation should attempt to ascertain how much information is retained, to what extent computer security procedures are being
followed, and the general attitudes toward computer security.
 12

A successful IT security program consists of the following:

1. Developing IT security policy that reflects business needs tempered by known risks.
2. Informing users of their IT security responsibilities, as documented in agency security policy and procedures.
3. Establishing processes for monitoring and reviewing the program.

You should focus security awareness and training on the entire user population of the organization. Management should set the
example for proper IT security behavior within an organization. An awareness program should begin with an effort that you can
deploy and implement in various ways and be aimed at all levels of the organization, including senior and executive managers. The
effectiveness of this effort usually determines the effectiveness of the awareness and training program and how successful the IT
security program will be.

10 steps to a successful security policy

There are two parts to any security policy. One deals with preventing external threats to maintain the integrity of the network. The
second deals with reducing internal risks by defining appropriate use of network resources.

Addressing external threats is technology-oriented. While there are plenty of technologies available to reduce external network
threats -- firewalls, antivirus software, intrusion-detection systems, e-mail filters and others -- these resources are mostly
implemented by IT staff and are undetected by the user.

However, appropriate use of the network inside a company is a management issue. Implementing an acceptable use policy (AUP),
which by definition regulates employee behavior, requires tact and diplomacy.

At the very least, having such a policy can protect you and your company from liability if you can show that any inappropriate
activities were undertaken in violation of that policy. More likely, however, a logical and well-defined policy will reduce bandwidth
consumption, maximize staff productivity and reduce the prospect of any legal issues in the future.

These 10 points, while certainly not comprehensive, provide a common-sense approach to developing and implementing an AUP that
will be fair, clear and enforceable.

1. Identify your risks

What are your risks from inappropriate use? Do you have information that should be restricted? Do you send or receive a lot of large
attachments and files? Are potentially offensive attachments making the rounds? It might be a non-issue. Or it could be costing you
thousands of dollars per month in lost employee productivity or computer downtime.

A good way to identify your risks can be through the use of monitoring or reporting tools. Many vendors of firewalls and Internet
security products allow evaluation periods for their products. If those products provide reporting information, it can be helpful to
use these evaluation periods to assess your risks. However, it's important to ensure that your employees are aware that you will be
recording their activity for the purposes of risk assessment, if this is something you choose to try. Many employees may view this as
an invasion of their privacy if it's attempted without their knowledge.

2. Learn from others

There are many types of security policies, so it's important to see what other organizations like yours are doing. You can spend a
couple of hours browsing online, or you can buy a book such as Information Security Policies Made Easy by Charles Cresson
Wood, which has more than 1,200 policies ready to customize. Also, talk to the sales reps from various security software vendors.
They are always happy to give out information.

3. Make sure the policy conforms to legal requirements

Depending on your data holdings, jurisdiction and location, you may be required to conform to certain minimum standards to ensure
the privacy and integrity of your data, especially if your company holds personal information. Having a viable security policy
documented and in place is one way of mitigating any liabilities you might incur in the event of a security breach.

4. Level of security = level of risk

Don't be overzealous. Too much security can be as bad as too little. You might find that, apart from keeping the bad guys out, you
don't have any problems with appropriate use because you have a mature, dedicated staff. In such cases, a written code of conduct
is the most important thing. Excessive security can be a hindrance to smooth business operations, so make sure you don't
overprotect yourself.

5. Include staff in policy development

No one wants a policy dictated from above. Involve staff in the process of defining appropriate use. Keep staff informed as the rules
are developed and tools are implemented. If people understand the need for a responsible security policy, they will be much more
inclined to comply.
 13

6. Train your employees

Staff training is commonly overlooked or underappreciated as part of the AUP implementation process.

But, in practice, it's probably one of the most useful phases. It not only helps you to inform employees and help them understand
the policies, but it also allows you to discuss the practical, real-world implications of the policy. End users will often ask questions or
offer examples in a training forum, and this can be very rewarding. These questions can help you define the policy in more detail and
adjust it to be more useful.

7. Get it in writing

Make sure every member of your staff has read, signed and understood the policy.

All new hires should sign the policy when they are brought on board and should be required to reread and reconfirm their
understanding of the policy at least annually. For large organizations, use automated tools to help electronically deliver and track
signatures of the documents. Some tools even provide quizzing mechanisms to test user's knowledge of the policy.

8. Set clear penalties and enforce them

Network security is no joke. Your security policy isn't a set of voluntary guidelines but a condition of employment. Have a clear set of
procedures in place that spell out the penalties for breaches in the security policy. Then enforce them. A security policy with
haphazard compliance is almost as bad as no policy at all.

9. Update your staff

A security policy is a dynamic document because the network itself is always evolving. People come and go. Databases are created
and destroyed. New security threats pop up. Keeping the security policy updated is hard enough, but keeping staffers aware of any
changes that might affect their day-to-day operations is even more difficult. Open communication is the key to success.

10. Install the tools you need

Having a policy is one thing, enforcing it is another. Internet and e-mail content security products with customizable rule sets can
ensure that your policy, no matter how complex, is adhered to. The investment in tools to enforce your security policy is probably
one of the most cost-effective purchases you will ever make.

What Have You Learned So Far?

Define the following: Essay:

1. Governing policy 1. How are Standards, Guidelines and Procedures differ from each other?

2. End-user policies 2. How important is the security policy in an organization?

3. Technical policy

2 Configure
Network Services
LEARNING COMPETENCIES

 Check normal server function in accordance withmanufacturer’s instructions.

 Confirm network services based on user/systemrequirements.

 Respond to unplanned events or conditions inaccordance with established procedures.

LET’S EXPLORE!
How to respond unplanned events or conditions in accordance with
established procedures? ___________________________________

________________________________________________________
 14

LET’S FIND OUT!

Install and Configure the Network Service

To enable configuration of network keys on the server from other computers on the network, you need to install FineLicNetService
on the server. Installation is done by the Fine License Customer on the "Service FineLicNetService" tab.

Network service installation

This tab displays information about whether the service is running.

 By clicking on "Find out available version of the service", the available version of the service will be found on the Internet
and will be displayed

 The "Download and install the service" button downloads the current version from the Internet, installs, runs on the
appropriate port, and adds a rule to the Windows Firewall to communicate with the service

 With the "Uninstall the service" button, the service stops and uninstalls, the rule in the Windows Firewall is removed

Fine License Customer communicates with the HTTP SOAP protocol on port 51727. In exceptional cases, you can modify the port
with the "Change" button in the "Network (TCP) port of the service" window. This must be set both on the server before the service
is installed and on client computers before the key is updated.

Input port No.

If it is necessary to install the service on a server that is not connected to the Internet, you can download service from the Fine pages
(www.finesotware.eu, Support, Download, Drivers for Keys). Run in in Admin mode

 for installation: FineLicNetSvc.exe /FINE_INSTALL [/PORT=n]

 for uninstallation: FineLicNetSvc.exe /FINE_UNINSTALL

Determining Your Networking Requirements

Designing a network can be a challenging task. Your first step is to understand your networking requirements.
 15

The rest of this chapter explains how to determine these requirements. After you have identified these requirements, refer to Chapter 2
for information on selecting network capability and reliability options that meet these requirements.

Networking devices must reflect the goals, characteristics, and policies of the organizations in which they operate. Two primary goals
drive networking design and implementation:

 Application availability—Networks carry application information between computers. If the applications are not available to
network users, the network is not doing its job.
 Cost of ownership—Information system (IS) budgets today often run in the millions of dollars. As large organizations
increasingly rely on electronic data for managing business activities, the associated costs of computing resources will continue to
rise.

A well-designed network can help balance these objectives. When properly implemented, the network infrastructure can optimize
application availability and allow the cost-effective use of existing network resources.

The Design Problem: Optimizing Availability and Cost

In general, the network design problem consists of the following three general elements:

 Environmental givens—Environmental givens include the location of hosts, servers, terminals, and other end nodes; the
projected traffic for the environment; and the projected costs for delivering different service levels.
 Performance constraints—Performance constraints consist of network reliability, traffic throughput, and host/client computer
speeds (for example, network interface cards and hard drive access speeds).
 Networking variables—Networking variables include the network topology, line capacities, and packet-flow assignments.

The goal is to minimize cost based on these elements while delivering service that does not compromise established availability
requirements. You face two primary concerns: availability and cost. These issues are essentially at odds. Any increase in availability
must generally be reflected as an increase in cost. As a result, you must weigh the relative importance of resource availability and
overall cost carefully.

Assessing User Requirements

In general, users primarily want application availability in their networks. The chief components of application availability
are response time, throughput, and reliability:

 Response time is the time between entry of a command or keystroke and the host system's execution of the command or delivery
of a response. User satisfaction about response time is generally considered to be a monotonic function up to some limit, at
which point user satisfaction falls off to nearly zero. Applications in which fast response time is considered critical include
interactive online services, such as automated tellers and point-of-sale machines.
 Applications that put high-volume traffic onto the network have more effect on throughput than end-to-end connections.
Throughput-intensive applications generally involve file-transfer activities. However, throughput-intensive applications also
usually have low response-time requirements. Indeed, they can often be scheduled at times when response-time–sensitive traffic
is low (for example, after normal work hours).
 Although reliability is always important, some applications have genuine requirements that exceed typical needs. Organizations
that require nearly 100% uptime conduct all activities online or over the telephone. Financial services, securities exchanges, and
emergency/police/military operations are a few examples. These situations imply a requirement for a high level of hardware and
topological redundancy. Determining the cost of any downtime is essential in determining the relative importance of reliability to
your network.

You can assess user requirements in a number of ways. The more involved your users are in the process, the more likely that your
evaluation will be accurate. In general, you can use the following methods to obtain this information:

 User community profiles—Outline what different user groups require. This is the first step in determining network
requirements. Although many users have roughly the same requirements for an electronic mail system, engineering groups using
X Windows terminals and Sun workstations in an NFS environment have different needs than PC users sharing print servers in a
finance department.
 Interviews, focus groups, and surveys—Build a baseline for implementing a network. Understand that some groups might
require access to common servers. Others might want to allow external access to specific internal computing resources. Certain
organizations might require IS support systems to be managed in a particular way according to some external standard. The least
formal method of obtaining information is to conduct interviews with key user groups. Focus groups can also be used to gather
information and generate discussion among different organizations with similar (or dissimilar) interests. Finally, formal surveys
 16

can be used to get a statistically valid reading of user sentiment regarding a particular service level or proposed networking
architecture.
 Human factors tests—The most expensive, time-consuming, and possibly revealing method is to conduct a test involving
representative users in a lab environment. This is most applicable when evaluating response-time requirements. You might set up
working systems and have users perform normal remote host activities from the lab network, for example. By evaluating user
reactions to variations in host responsiveness, you can create benchmark thresholds for acceptable performance.

Assessing Proprietary and Non-proprietary Solutions

Compatibility, conformance, and inter-operability are related to the problem of balancing proprietary functionality and open
networking flexibility. As a network designer, you might be forced to choose between implementing a multi-vendor environment and
implementing a specific, proprietary capability. For example, the Interior Gateway Routing Protocol (IGRP) provides many useful
capabilities, such as a number of features designed to enhance its stability. These include holddowns, split horizons, and poison
reverse updates.

The negative side is that IGRP is a proprietary routing protocol. In contrast, the integrated Intermediate System-to-Intermediate
System (IS-IS) protocol is an open networking alternative that also provides a fast converging routing environment; however,
implementing an open routing protocol can potentially result in greater multi-vendor configuration complexity.

The decisions that you make have far-ranging effects on your overall network design. Assume that you decide to implement integrated
IS-IS rather than IGRP. In doing this, you gain a measure of inter-operability; however, you lose some functionality. For instance, you
cannot load balance traffic over unequal parallel paths. Similarly, some modems provide a high level of proprietary diagnostic
capabilities but require that all modems throughout a network be of the same vendor type to fully exploit proprietary diagnostics.

Previous networking investments and expectations for future requirements have considerable influence over your choice of
implementations. You need to consider installed networking equipment; applications running (or to be run) on the network; traffic
patterns; physical location of sites, hosts, and users; rate of growth of the user community; and both physical and logical network
layout.

Assessing Costs

The network is a strategic element in your overall information system design. As such, the cost of your network is much more than the
sum of your equipment purchase orders. View it as a total-cost-of-ownership issue. You must consider the entire life cycle of your
networking environment. A brief list of costs associated with networks follows:

 Equipment hardware and software costs—Consider what is really being bought when you purchase your systems; costs
should include initial purchase and installation, maintenance, and projected upgrade costs.
 Performance trade-off costs—Consider the cost of going from a 5-second response time to a half-second response time. Such
improvements can cost quite a bit in terms of media selection, network interfaces, networking nodes, modems, and WAN
services.
 Installation costs—Installing a site's physical cable plant can be the most expensive element of a large network. The costs
include installation labor, site modification, fees associated with local code conformance, and costs incurred to ensure
compliance with environmental restrictions (such as asbestos removal). Other important elements in keeping your costs to a
minimum include developing a well-planned wiring-closet layout and implementing color-code conventions for cable runs.
 Expansion costs—Calculate the cost of ripping out all thick Ethernet, adding additional functionality, or moving to a new
location. Projecting your future requirements and accounting for future needs saves time and money.
 Support costs—Complicated networks cost more to monitor, configure, and maintain. Your network should be no more
complicated than necessary. Costs include training, direct labor (network managers and administrators), sparing, and replacement
costs. Additional costs that should be considered are out-of-band management, SNMP management stations, and power.
 Cost of downtime—Evaluate the cost of every minute that a user is unable to access a file server or a centralized database. If this
cost is high, you must attribute a high cost to downtime. If the cost is high enough, fully redundant networks might be your best
option.
 Opportunity costs—Every choice you make has an opposing alternative option. Whether that option is a specific hardware
platform, topology solution, level of redundancy, or system integration alternative, there are always options. Opportunity costs
are the costs of not picking one of those options. The opportunity costs of not switching to newer technologies and topologies
might be lost competitive advantage, lower productivity, and slower overall performance. Any effort to integrate opportunity
costs into your analysis can help make accurate comparisons at the beginning of your project.
 Sunken costs—Your investment in existing cable plant, routers, concentrators, switches, hosts, and other equipment and
software is your sunken costs. If the sunken costs are high, you might need to modify your networks so that your existing
network can continue to be utilized. Although comparatively low incremental costs might appear to be more attractive than
 17

significant redesign costs, your organization might pay more in the long run by not upgrading systems. Too much reliance on
sunken costs can cost your organization sales and market share when calculating the cost of network modifications and additions.

Estimating Traffic: Workload Modeling

Empirical workload modeling consists of implementing a working network and then monitoring traffic for a given number of users,
applications, and network topology. Try to characterize activity throughout a normal workday in terms of the type of traffic passed,
level of traffic, response time of hosts, time to execute file transfers, and so on. You can also observe utilization on existing network
equipment over the test period.

If the tested network's characteristics are similar to a prospective network, you can try extrapolating to the prospective network's
number of users, applications, and topology. This is a best-guess approach to traffic estimation given the unavailability of tools to
characterize detailed traffic behavior.

In addition to passive monitoring of an existing network, you can measure activity and traffic generated by a known number of users
attached to a representative test network and then extrapolate findings to your anticipated population.

One problem with modeling workloads on networks is that it is difficult to accurately pinpoint traffic load and network device
performance as functions of the number of users, type of application, and geographical location. This is especially true without a real
network in place. Consider the following factors that influence the dynamics of the network:

 The time-dependent nature of network access—Peak periods can vary; measurements must reflect a range of observations that
includes peak demand.
 Differences associated with type of traffic—Routed and bridged traffic place different demands on network devices and
protocols; some protocols are sensitive to dropped packets; some application types require more bandwidth.
 The random (nondeterministic) nature of network traffic—Exact arrival time and specific effects of traffic are unpredictable.

Sensitivity Testing

From a practical point of view, sensitivity testing involves breaking stable links and observing what happens. When working with a
test network, this is relatively easy. Disturb the network by removing an active interface, and monitor how the change is handled by
the network: how traffic is rerouted, the speed of convergence, whether any connectivity is lost, and whether problems arise in
handling specific types of traffic. You can also change the level of traffic on a network to determine the effects on the network when
traffic levels approach media saturation. This empirical testing is a type of regression testing: A series of specific modifications (tests)
is repeated on different versions of network configurations. By monitoring the effects of the design variations, you can characterize
the relative resilience of the design.

NOTE

Using a computer to model sensitivity tests is beyond the scope of this book. A useful source for more information about computer-
based network design and simulation is A.S. Tannenbaum's Computer Networks (Prentice Hall, 1996).

Overview of Network Requirements

Oracle Big Data Appliance includes 6, 12, or 18 servers and the equipment to connect the servers to your network. The network
connections allow the servers to be administered remotely and allow clients to connect to them. Use the information in this chapter
to configure the environment for Oracle Big Data Appliance.

Each server has the following network components and interfaces:

 1 Dual-port 4X QDR (40 Gbps) InfiniBand Host Channel Adapter network interface card
 1 Ethernet port for Oracle Integrated Lights Out Manager v3.0 for remote management
 1 Gigabit Ethernet port

Default Network Connections

The installation process automatically discovers whether each Sun Network QDR InfiniBand Gateway switch has at least one 10 GbE
connection. If they all do, then two virtual network interface cards (VNICs) are configured for each server: one for each switch
bonded as bondeth0 in active/passive failover mode. The VNICs are assigned automatically to the available 10 GbE connections in
round-robin fashion. For example, if each switch has three available 10 GbE connections, then the VNIC on server 1 is assigned to 10
GbE port 1, server 2 to port 2, server 3 to port 3, server 4 to port 1, and so on.

All VNICs are assigned to the same default virtual local area network (VLAN). To assign different VLANs to different VNICs, you
must delete the initial VNICs and manually create your own.
 18

Minimum Requirements for the Networks

Additional configuration, such as defining multiple VLANs or enabling routing, may be required for the switch to operate properly in
your environment. If additional configuration is needed, then your network administrator must perform the necessary configuration
steps during installation of Oracle Big Data Appliance.

To deploy Oracle Big Data Appliance, ensure that your network meets the minimum requirements. Oracle Big Data Appliance uses
three networks. Each network must be on a distinct and separate subnet from the others. These are the network descriptions:

Administrative network: This 1 gigabit Ethernet (GbE) network connects to your existing administrative network and is
used to administer all components of Oracle Big Data Appliance. It connects the servers, Oracle ILOM, and switches
connected to the Ethernet switch in the rack.

There are two up-links to the administrative network:

 From the Ethernet switch in the rack

 From the KVM switch in the rack (Sun Fire X4270 M2-based racks only)

Each server has two network interfaces for administration. One provides administrative access to the operating system through the
eth0 Ethernet interface, and the other provides access to the Integrated Lights Out Manager through the Oracle ILOM Ethernet
interface. Oracle Big Data Appliance is delivered with the eth0 and ILOM interfaces connected to the Ethernet switch on the rack. Do
not use the eth0 interface on the servers for client network traffic. Cabling or configuration changes to these interfaces are not
permitted.

Domain Name System (DNS) servers are not required on the administrative network, although Oracle Big Data Appliance uses them
if they are available. At least one Network Time Protocol (NTP) server must also be available. The NTP server for the administrative
network can be different from the NTP server for the client network.

Client access network: This 10 GbE network connects the servers though the gateway switches to your existing client network and is
used for client access to the servers. Client applications access the software through this network by using the client network host
names of the servers.

There are two Sun Network QDR InfiniBand Gateway switches in the rack. Each switch supports 1 to 8 connections for client access
for a total of up to 16 client network connections. For failover, you must have at least one connection from each switch and scale up
according to your requirements for loading data and providing client access.

At least one DNS server must be accessible on the client network. At least one NTP server must also be available. The NTP server for
the client network can be different from the NTP server for the administrative network.

InfiniBand private network: This network connects the servers by using the InfiniBand switches on the rack and the bondib0
interface. This nonroutable network is fully contained within Oracle Big Data Appliance and any other Oracle engineered systems that
are connected to it with InfiniBand cables. This network does not connect to your existing network. It is automatically configured
during installation.

Cabling the Client Network

 19

Each of the two Sun Network QDR InfiniBand Gateway switches in Oracle Big Data Appliance has eight 10 GbE ports. The two
switches enable you to create up to 16 10 GbE connections for each rack. You can determine how many connections to create based
on the bandwidth needed for the client network. For proper functioning, at least one of the eight ports of each gateway switch must
have an active connection to the site's 10 GbE network. Oracle recommends that the two switches have the same number of active
10 GbE connections, so that failover does not result in a loss of available client network bandwidth.

How the Servers Connect to the Gateway Switches

Physical Ethernet connections are created only between the site network and the gateway switches. The Oracle Big Data Appliance
servers are connected only by InfiniBand to those switches. Each server has two InfiniBand connections, one to each gateway switch,
in an active-passive backup mode; only the active InfiniBand connection is used for all InfiniBand traffic to that server. If that
connection fails, it immediately fails over to the other connection.

Half of the Oracle Big Data Appliance servers have active connections to one gateway switch, and the other half have active
connections to the other gateway switch. Inside Oracle Big Data Appliance, the client network traffic is transported over those
InfiniBand connections using the Ethernet over InfiniBand (EoIB) protocol. As a result, each Oracle Big Data Appliance server has
two virtual NICs (VNICs) that are bonded in the same active-passive backup mode. Each VNIC is assigned a specific port on the
gateway switch. If a switch has only one 10 GbE connection, then all VNICs for that switch point to the same port. If a switch has
multiple connections, then the VNICs are spread across those ports in round-robin fashion.

What Have You Learned So Far?

Answer the following:

1. How important is sensitivity testing? _________________________________________________

2. What are the methods in obtaining information of users? ________________________________

Accidents, malfunctions, and unplanned events

Overview Accidents, malfunctions, and unplanned events are accidents or upset events or conditions that are not planned as a part of
routine Project activities during any Project phase. Even with the planning and application of mitigation, accidents, malfunctions, and
unplanned events could occur during any phase of the Project.

These could occur as a result of abnormal operating conditions, wear and tear, human error, equipment failure, and other possible
causes. Many accidents, malfunctions, and unplanned events are preventable and can be readily addressed or prevented by good
planning, design, equipment selection, hazards analysis and corrective action, emergency response planning, and mitigation. In this
section, the potential accidents, malfunctions, and unplanned events that could occur during any phase of the Project and potentially
result in significant adverse environmental effects are described, discussed, and assessed.

The focus is on credible accidents that have a reasonable probability of occurrence, and for which the resulting residual environmental
effects could be major without careful management. It is noted that accidents, malfunctions, and unplanned events are evaluated
individually, in isolation of each other, as the probability of a series of accidental events occurring in combination with each other is
very minimal. These possible events, on their own, generally have a very low probability of occurrence and thus their environmental
effects are of low likelihood. They have an even lower probability or likelihood of occurring together – thus their combination is not
considered credible, nor of any measurable likelihood of occurrence. Accidents, malfunctions, and unplanned event scenarios have
been conservatively selected that represent higher consequence events that would also address the consequences of less likely or lower
 20

consequence scenarios. The accidents, malfunctions, and unplanned events that have been selected based on experience and
professional judgment are as follows:

• Worker accident: worker accidents may occur during either construction or operation, and may result in harm, injury, or death to one
or more Project workers;

• Fire: consists of a fire in a Project component. The focus is on the consequence, and not the mechanism by which it occurs;

• Hazardous materials spill: spills of fuel, petroleum products, and/or other chemicals used on site or in Project components; and

• Vehicle accident: Project-related vehicle accidents that could occur on the road transportation network.

Worker accident

A worker accident has the potential to interact with communities as it may result in harm, injury, or death to workers. All workers
will be properly trained in practices to prevent workplace accidents including Workplace Hazardous Materials Information System
(WHMIS), first aid, and other applicable training programs. These procedures are designed to prevent serious injury to staff and the
general public as well as to minimize the occurrence of unplanned events and minimize any potential damage to the environment.

Interactions between a worker accident and communities will be mitigated by compliance with health and safety legislation, safety by
design, and implementation of environmental management measures aimed at protecting human health. Safety risks to workers will be
reduced by complying with the requirements of various governing standards including the federal Canada Labour Code, the federal
Transportation of Dangerous Goods Act, the Manitoba Workplace Health and Safety Act and all associated regulations. Adherence to
public safety codes and regulations will help the Project to be carried out in a safe manner to protect workers and the public. With the
application of, and compliance with, these acts, regulations, and standards, including the application of safety and security measures
that are known to effectively mitigate the potential environmental effects, the potential environmental effects of a worker accident on
communities during construction and operation and maintenance of the Project are assessed as minor

Fire

A fire at the Project location could interact with the atmospheric environment (smoke emissions), infrastructure and services (stress on
services) communities (potential safety risks to workers), land use and property (potential for substantive loss or damage to property
of resources), and the aquatic, wildlife and natural vegetation environments (potential contamination with sediment-laden water used
in extinguishing the fire).

A fire may arise from Project heavy equipment or from natural causes such as a lightning strike. In the unlikely event that a fire
occurred, the immediate concern for a fire would be for human health and safety. Local air quality conditions may deteriorate through
the duration of the fire. Personnel will take the necessary precautions to prevent fire hazards when at the work site and will keep the
site free of all flammable waste. Manitoba Hydro will ensure that personnel are trained in the use of fire-extinguishing equipment. In
the unlikely event of a fire, local emergency response will be able to reduce the severity and extent of damage.

Assessment Control

The careful planning of the Project and the implementation of proven and effective mitigation will minimize the potential for
accidents, malfunctions, and unplanned events to occur. The effects of an individual accident or unplanned event could have
significant effects on a localized extent. For example, a fire could negatively affect nesting birds or a spill could affect surface or
groundwater quality. However, the potential for these events to occur, given the measures that will be undertaken to prevent their
occurrence, is low. In the very unlikely and improbable event that an accidents, malfunctions, and unplanned events of any
considerable magnitude were to occur, it would be of a short duration, low frequency, or limited geographic extent such that major
residual adverse environmental effects would be unlikely to occur. Overall, given the nature of the Project and credible accidents,
malfunctions, and unplanned events considered, and in light of the nature of the Project and proposed mitigation, the potential residual
environmental effects of all Project-related accidents, malfunctions, and unplanned events on all biophysical and socioeconomic
components during all phases of the Project, are assessed as minor.

File server: Definition and basics

A file server is a central server instance in a computer network that enables connected clients to access the server’s storage
capacities. The term encompasses both the hardware and software needed to implement such a server. As long as they have
received the corresponding authorizations, accessing users can open, read, change, and delete files and folders on a file server as
well as even upload their own files to the server.

What is a file server?

A file server is a central server in a computer network that provides file systems or at least parts of a file system to connected clients.
File servers therefore offer users a central storage place for files on internal data media, which is accessible to all authorized
 21

clients. Here, the server administrator defines strict rules regarding which users have which access rights: For instance, the
configuration or file authorizations of the respective file system enable the admin to set which files can be seen and opened by a
certain user or user group, and whether data can only be viewed or also added, edited, or deleted.

With file servers connected to the internet and configured accordingly, users cannot only access the files via the local network but also
benefit from remote access. This enables files to be accessed and saved on the file server even when users are on the go. All modern
operating systems such as Windows, Linux, or macOS can be used on a file server, although the devices available in the network need
to be compatible with the operating system. But file servers are not only used for file storage and management. They are also often
used as a repository for programs that have to be accessible to multiple network participants, and as a backup server.

How do file servers work?

The right hardware is the foundation for a reliable file server. Most importantly, of course, this includes the  hard
drive which needs to offer sufficient space for the files and necessary programs, as well as the respective operating
system, and the software for using the clients. The server also needs enough working memory and processing power to
process file and program accesses for various users as quickly and faultlessly as possible. Whether the hardware
requirements can be fulfilled by a standard PC or whether a special server setup is required primarily depends on the number
of users.

Special network protocols are responsible for communication between file servers and clients: While the  SMB protocol (Server
Message Block) developed by IBM is used in local networks with Windows and macOS devices, computers with Unix-like systems –
such as Linux distributions – largely work with the NFS protocol (Network File System). To combine both protocol types in a single
network, clients and file servers based on Unix/Linux must be accordingly equipped with software that implements the SMB protocol
in these systems – for example the free software suite Samba.

The functions and options of a file server

As already mentioned, the main functions of a file server are to enable multiple users to access the stored files and free storage
space for the file repository. For this reason, these servers are especially popular as a central storage place for internal company files
that are not only relevant for individual users. In many cases, companies (particularly in the open-source sector) also use a file server
as a download server connected to their own web offering. This way, they allow their customers or website visitors to download
select content such as programs, drivers, updates, images, or videos with ease.

 Note: Central file access via a file server is often also linked to access to the network printers.

The second major application of file servers is data backups. Unlike when saving and jointly managing relevant files, this specifically
refers to the creation and maintenance of conventional backups – of system or user files (or both) depending on the need. Storing
these backup copies on a file server is both an easy and inexpensive alternative to having to plan and cover the necessary additional
storage requirements on each individual client.

What are the advantages of using a file server?

For many companies, using a file server is worth considering for a range of reasons. First, there is of course the advantage
of centrality which ensures each authorized network participant can access the stored files. This makes shared working possible on
these files. Conflicts between different versions of a document can be practically ruled out, as certain actions – such as editing or
 22

deleting – are blocked for other users as soon as you open a file. If users have to share the desired files on their own system instead, or
transmit them using removable media, this would be considerably more time-consuming and cumbersome – and it would most likely
result in different file versions.

Another key advantage of using file servers is that it relieves the strain on client resources. With the exception of personal
documents, essentially all business files and backups can be stored on the file server, depending on how the company wishes to use
the file repository. And with the right organization (comprising directories, folders, etc.) users automatically have a much  better
overview of the entire file inventory.

If the file server is configured for remote access over the internet, the files are also accessible on the go – much like an online
storage service. But unlike a cloud solution, the company retains control of the files and their security at all times. This represents a
clear advantage over third-party solutions.

Summary of file server advantages:

 easy organization of the entire file inventory

 High degree of clarity

 Convenient file sharing

 Collaboration without version conflicts

 Relief of client computers (almost unlimited storage possible)

 Remote access via WebDAV, (S)FTP, or SCP possible

 Data protection and security in your own hands

 File server: Practical but a challenge

The advantages listed clearly show how valuable a file server can be. However, many companies make the mistake of
underestimating the work involved in setting up and managing such a server. Companies often do without advance planning. As a
result, not only is the hardware stretched to its limits after a short amount of time, but also many of the benefits of a file server
don’t take effect. For example, if there is no clear principle for the assignment of rights, situations will likely arise in which users are
unable to perform necessary actions. Problems may also occur when the directory and folder structure is unclear – or if no folder
structure exists at all.

If you’d like to use a file server, you should therefore consider these aspects from the very beginning, as well as a  comprehensive
security concept. In the case of the latter, this is important if the file server is also accessible over the internet. The installation and
configuration of security software are just as critical as training the employees who access the file server. Only when they have been
made aware of topics like cyber security and data protection can the configured protection mechanisms work as intended. This is
also true when it comes to storing the files: Clearly communicate where and how files should be saved on the file server to prevent a
chaotic data situation from occurring in the first place.

What Are the Different Web Technologies?

 Browsers.
 HTML and CSS.
 Programming Languages.
 Frameworks.
 Web Servers.
 Databases.
 Protocols.
 Lastly, data Formats.

14 Technologies Every Web Developer Should Be Able to Explain

1. Browsers

Browsers are the interpreters of the web. They request information and then when they receive it, they show us on the page in a
format we can see and understand.
 23

 Google Chrome - Currently, the most popular browser brought to you by Google
 Safari - Apple’s web browser
 Firefox - Open-source browser supported by the Mozilla Foundation
 Internet Explorer - Microsoft’s browser. You will most often hear web developers complain about this one.

2. HTML

HTML is a markup language. It provides the structure of a website so that web browsers know what to show.

3. CSS

CSS is a Cascading Style Sheet. CSS let’s web designers change colors, fonts, animations, and transitions on the web. They make the
web look good.

 LESS - a CSS pre-compiler to make working with CSS easier and add functionality
 SASS - a CSS pre-compiler to make working with CSS easier and add functionality

4. Programming Languages

Programming languages are ways to communicate to computers and tell them what to do. There are many different programming
languages just like there are many different lingual languages (English, Spanish, French, Chinese, etc). One is not better than the
other. Developers typically are just proficient at a couple so they promote those more than others. Below are just some of the
languages and links to their homepages

 Javascript - used by all web browsers, Meteor, and lots of other frameworks
 Coffeescript - is a kind of “dialect” of javascript. It is viewed as simpler and easier on your eyes as a developer but it
complies (converts) back into javascript
 Python -used by the Django framework and used in a lot of mathematical calculations
 Ruby - used by the Ruby on Rails framework
 PHP - used by Wordpress
 Go - newer language, built for speed.
 Objective-C- the programming language behind iOS (your iPhone), lead by Apple
 Swift - Apple’s newest programming language
 Java - Used by Android (Google) and a lot of desktop applications.

5. Frameworks

 Frameworks are built to make building and working with programming languages easier. Frameworks typically take all the
difficult, repetitive tasks in setting up a new web application and either does them for you or make them very easy for you
to do.

 Node.js - a server-side javascript framework

 Ruby on Rails - a full-stack framework built using ruby
 Django - a full-stack framework built using python
 Ionic - a mobile framework
 Phonegap / Cordova - a mobile framework that exposes native api’s of iOS and Android for use when writing javascript
 Bootstrap - a UI (user interface) framework for building with HTML/CSS/Javascript
 Foundation - a UI framework for building with HTML/CSS/Javascript
 Wordpress - a CMS (content management system) built on PHP. Currently, about 20% of all websites run on this framework
 Drupal - a CMS framework built using PHP.
 .NET - a full-stack framework built by Microsoft
 Angular.js - a front-end javascript framework.
 Ember.js - a front-end javascript framework.
 Backbone.js - a front-end javascript framework.

6. Libraries 

Libraries are groupings of code snippets to enable a large amount of functionality without having to write it all by yourself. Libraries
typically also go through the trouble to make sure the code is efficient and works well across browsers and devices (not always the
case, but typically they do).

 jQuery
 24

 Underscore

7. Databases

Databases are where all your data is stored. It’s like a bunch of filing cabinets with folders filled with files. Databases come mainly in
two flavors: SQL and NoSQL. SQL provides more structure which helps with making sure all the data is correct and validated. NoSQL
provides a lot of flexibility for building and maintaining applications.

 MongoDB - is an open-sourced NoSQL database and is currently the only database supported by Meteor.
 Redis - is the most popular key-value store. It is lighting fast for retrieving data but doesn’t allow for much depth in the data
storage.
 PostgreSQL - is a popular open-sourced SQL database.
 MySQL - is another popular open-sourced SQL database. MySQL is used in Wordpress websites.
 Oracle - is an enterprise SQL database.
 SQL Server - is an SQL server manager created by Microsoft.

8. Client (or Client-side)

A client is one user of an application. It’s you and me when we visit http://google.com. Client’s can be desktop computers, tablets, or
mobile devices. There are typically multiple clients interacting with the same application stored on a server.

9. Server (or Server-side)

A server is where the application code is typically stored. Requests are made to the server from clients, and the server will gather the
appropriate information and respond to those requests.

10. Front-end

The front-end is comprised of HTML, CSS, and Javascript. This is how and where the website is shown to users.

11. Back-end

The back-end is comprised of your server and database. It’s the place where functions, methods, and data manipulation happens
that you don’t want the clients to see.

12. Protocols

Protocols are standardized instructions for how to pass information back and forth between computers and devices.

 HTTP - This protocol is how each website gets to your browser. Whenever you type a website like “ http://google.com” this
protocol requests the website from google’s server and then receives a response with the HTML, CSS, and javascript of the
website.
 DDP - is a new protocol created in connection with Meteor. The DDP protocol uses websockets to create a consistent
connection between the client and the server. This constant connection lets websites and data on those websites update in
real-time without refreshing your browser.
 REST - is a protocol mainly used for API’s. It has standard methods like GET, POST, and PUT that let information be
exchanged between applications.

13. API

An API is an application programming interface. It is created by the developer of an application to allow other developers to use
some of the application's functionality without sharing code. Developers expose “end points” which are like inputs and outputs of
the application. Using an API can control access with API keys. Examples of good API’s are those created by Facebook, Twitter, and
Google for their web services.

14. Data formats

Data formats are the structure of how data is stored.

 JSON - is quickly becoming the most popular data format

 25

 XML - was the main data format early in the web days and predominantly used by Microsoft systems
 CSV - is data formatted by commas. Excel data is typically formatted this way.

A Guide to Different Web Technologies and How They Are Related

Relationships Between HTML, CSS, HTTP, REST, JavaScript and JSON

A web browser such as Explorer, Firefox or Chrome will draw a web page based on a description found in a file written
in HTML format. HTML like Markdown and Latex only describes structure and semantics of a document. It does not describe the
looks. CSS files is what described what different elements in an HTML document are supposed to look like.

HTTP in contrast is a communication protocol, built on top of TCP/IP. It is what a Web browser uses to actually et hold of HTML
and CSS files. HTTP defines things such as URLs. URLs define a sort of path to a resource on the internet. With these URLs HTTP
associates a set of operations such as GET, POST, UPDATE and DELETE. When you write a URL in your web browser’s address
field, you actually get the browser to perform a GET request. When you fill out a form on a web page and press the “submit” button, it
will usually cause a POST to be performed. This collects your input and sends to the server.

REST means exposing a service to the outside world in terms of the vocabulary of the HTTP protocol. That sounds a bit abstract, so
let me clarify: If you got a program running on a server, with a bunch of functionality you want other people to be able to use. There
are lots of ways of making that accessible from the outside. Way back they used CORBA, which was a way of making it look like you
had objects on the network, which you could call methods on. You would have references to objects, and you could send these
references as arguments. It was a binary protocol. Later we got things like XML-RPC and Soap, which tried to make method calls and
object references be represented as XML text. In essence it was a verbose version of CORBA.

REST was a rejection of this complexity, and people saying: Instead of accessing functionality in terms of objects with method calls,
why don’t we just use the principles already found in the HTTP protocol? Try to represent functionality in terms of URLs which you
do GET, POST, UPDATE and DELETE on.

JavaScript is a simple script language which was made to be able to offer some interactivity to HTML pages. Due to the ubiquity of
JavaScript it became popular to represent data in JavaScript syntax, thus JSON was born. JSON is just JavaScript syntax for strings,
arrays, numbers and dictionaries. Syntax for loops, if statements and functions has been excluded.

Differences Between REST, WebSockets and Unix Sockets for Communications

For an old-school programmer such as myself it was not obvious what things like WebSockets where, since it brought the associating
to regular Unix sockets. In the Unix world sockets, are sort of like files. You can open and close them like files, but they don’t
represent storage on a hard disk but rather a network connection. Like a file, you can read and write data to a socket. That data gets
received on socket opened at the other end of the connection. So a client and a server can communicate with each other by both
opening a socket which get connected to each other.

Sockets exist at the TCP/IP layer. But you can also create e.g. UDP sockets rather than TCP sockets. WebSockets in contrast are not
really sockets at all, but just a protocol built on top of HTTP. The difference is that typical HTTP is setup so that a web browser
creates a regular Unix socket connection to fetch a web page or other resource. As soon as it is received, it closes down the socket
connection. Thus regular HTTP is not well suited for continuous communication back and forth. You can thing of WebSockets as a
persistent communication channel built on regular sockets, which server and client can use to send data back and forth between each
other.

WebSockets can thus be used as an alternative or supplement to REST. You may use REST to access functionality on the server and
then later setup a WebSocket connection to get continuous updates or events from the server.

According to Microsoft, web technologies include the following:

1. Mark-up languages, such as HTML, CSS, XML, CGI, and HTTP (Front-end or Client-side technologies)
2. Programming languages and technologies that help create applications for the web. Some of these are Perl, C#, Java, Visual
Basic, and .NET (Back-end or Server-side technologies)
3. Web server and server technologies that enable request handling on a network, where different users have to share the same
resources and communicate with each other
4. Databases, which are extremely important for data and information storage on a computer network
5. Business applications that are customized for specific execution of tasks on a network

There are several programming languages and technologies for the Web. Some of the most popular websites, ranging from Google to
YouTube and from Amazon to twitter are built using these server-side technologies. The latter include ASP.NET, C, C++, Java,
 26

JavaScript, PERL, Python, PHP, Ruby, and more. We shall discuss the most popular current website technologies in this guide. So,
without further ado, let’s begin…

The top website technologies:

1. HTML5: If you know this programming language, knowing all the others is a walk in the park. This recent addition to the
HTML family is very equipped and potent in assisting in web development activities.
2. JavaScript: This programming language lets you make communication for your website. It was developed by Netscape and
borrows a lot of its syntax from the C language. Using JavaScript, you can manage your browser, edit content on a document,
let client-side scripts interact with users, and also enable asynchronous communication. JavaScript is generally used for
including animations on web pages, loading new images, scripts or objects onto a web page, and creating extremely receptive
user interfaces.
3. Java: This is the top programming language in the industry and is currently the perfect language for web development. Created
by Sun Microsystems in the 1990s, this language is not platform dependent, so using Java and creating Java-based applications
is extremely easy.
4. PHP: This stands for PHP Hypertext Processor. It is one of the widely-used languages for web development and was created
in 2004. It is an HTML-embedded scripting language and is useful for creating dynamic web pages. Using this language you
can expand a web app very quickly. This language has been used to create websites such as WordPress, Digg, and Facebook.
5. Python: This is an advanced programming language and is used for creating websites and mobile apps. It is very flexible and
has a broad range of applications. It can run on both Linux and Windows-based servers. Some of the sites powered by Python
include Instagram and Pinterest, both social media sites.
6. Ruby: This is a user-friendly language for beginners. It is used for the programming of mobile apps and websites. Created in
1993, Ruby is an open-source platform that is not only easy to understand, but also to write. For those who are interested in
creating small business software or for those who are into creative designing, Ruby is the perfect programming language.
7. .NET: This was created by Microsoft in the year 2000. Though it is used primarily in systems running on Windows, this
language is used in scientific research and academic fields, thereby more than making up for this feature.
8. Perl: This is an interpreted script language and presents unique tools for system programming.
9. C: This is a standard programming language created in the 1970s. It is appreciated for its efficiency and is known for writing
system software. It is also used for writing applications. This language can be easily compiled by using a simple compiler. It
support cross-platform programming.
10. C++: This is an intermediary programming language, initially designed to boost the C language. Created in the year 1979, it is
a very powerful language, and is used in very important operating systems, such as Windows.
11. C#: This is a multi-paradigm programming language and is a general-purpose language, used to build up software for the
Microsoft and Windows platforms.
12. SQL: This stands for Structured Query Language and is a necessary part of web development. Using this language, web
developers can obtain data from large and multifaceted databases.

What the future holds

These are the top 12 website programming languages and technologies. However, many web developers attest that JavaScript is the
future of web development. This is because it is the standard scripting language in our browsers for the foreseeable future.
However, with Web 3.0 and Web 4.0 a distinct reality, it is possible that a programming language that is not one of the above 12 will
rule the roost in the future.

Also, mobile technology will becoming increasingly popular, with more and more websites becoming responsive and mobile-
enabled. Another application will be the proliferation of social media sites, with one or more of these programming languages being
used to power these sites.

So, now you know all about the different website technologies and how they are powering the Web. If you’re a programmer, there
has never been a better time to work in web development. With website technologies evolving by the day, the field is increasingly
becoming not only more popular but also more exciting, with newer websites being created all the time. Here’s to a seamless World
Wide Web experience for everyone!

What Have You Learned So Far?

Answer the following:

1. What is a file server? ______________________________________________________________

2. How do file servers work? __________________________________________________________

3. What Are the Different Web Technologies? Give each a brief explanation. ___________________
 27

Perform testing, documentation

3 and pre-deployment procedure

LEARNING COMPETENCIES

 Undertake pre-deployment procedures based onenterprise policies and procedures.

 Undertake operation and security check based onend-user requirements.

 Prepare reports according to enterprise policiesand procedures.

 Complete reports according to enterprise policiesand procedures.

LET’S EXPLORE!
Answer the following:

1. What is Documentation? ____________________________________________

2. How to prepare reports? ____________________________________________

LET’S FIND OUT!

Procedure Testing

Procedure testing shall model the procedural requirements of the software system as a complete and delivered unit.   Procedure
Requirements shall define what is expected of any procedural documentation and shall be written in the form of Procedural
instructions.  These procedural instructions will normally come in the form of one of the following documents:

           A user Guide

           An Instruction Manual

           A User Reference Manual

 This information will normally define how the user is meant to:

           Set up the system for normal usage

           Operate the system in normal conditions

           Become a competent user of the system (tutorial files)

           Trouble-shoot the system when faults arise

           Re-configure the system

  Design

There shall be 2 types of testing carried-out when performing procedural testing: Static and Dynamic
 28

 Static testing of the procedural instructions themselves should firstly be carried out.  This would include an assessment of the system,
examining things such as, set-up, main areas of operation, complex areas of operation, tutorial file examples, trouble-shooting,
etc.  The result of the assessment would group together a series of procedural instructions thought to be a requirement of the end-user
in order to use the system effectively.  These would then go through a series of reviews that would include the end-user, or a
representative of the end-user.  This purpose of these reviews would be to: assess the importance of the procedural instruction to
become part of the manual, it's usefulness to the end-user and the degree of its ability to be understood by the end-user.

Dynamic testing of the system shall be conducted using Test Cases.  Primarily Test Cases shall be guided by the procedural
instructions with the aim of ascertaining whether the procedural requirements have been met.  Test Cases shall be designed to exercise
the procedural instructions of the system under specified conditions.

 For each test case the following shall be specified:

 1.       Set-up of the system

2.       The specific procedural sequence to be exercised

3.       The expected outcome of the system

4.       The expected outcome of the User, i.e. what the user has achieved/understood.

Measurement

Procedural testing shall be measured in the following ways:

Static testing – shall be measured as the percentage of the total specified procedural requirements, which have been covered by
procedural instructions, reviewed.

Dynamic testing – as a percentage of the specified procedural requirements which have been executed.

 PRE-DEPLOYMENT PLANNING

Checklist

 Complete all CO pre-deployment responsibilities and provide all required information to the incoming staff member.
 Arrange accommodation for all incoming staff.
 Ensure sufficient office space, phones and equipment for all incoming team members.
 Confirm arrival and pick-up details with incoming staff.

 Pre-departure/deployment checklist , which the CO may use for every new staff member deployed to the emergency.
 29

Pre-arrival tasks and responsibilities

The CO and the Deploying Member must implement a number of critical steps in pre-departure planning to ensure a safe and speedy
deployment for a new staff member travelling from one country location to another to the emergency environment. These critical steps
are listed in section 5.1.1, which also outlines the roles and responsibilities of the CO and National Member in this process.

What is a workplace policy?

A policy is a statement which underpins how human resource management issues will be dealt with in an organization. It
communicates an organization’s values and the organization’s expectations of employee behaviors and performance.

Workplace policies often reinforce and clarify standard operating procedure in a workplace. Well written policies help employers
manage staff more effectively by clearly defining acceptable and unacceptable behaviour in the workplace, and set out the
implications of not complying with those policies.

A workplace policy consists of a statement of purpose and one or more broad guidelines on action to be taken to achieve that purpose.
The statement of purpose should be written in simple terms, free of jargon. The length of the policy may vary depending on the issue it
addresses.

A policy may allow discretion in its implementation and the basis of that discretion should be stated as part of the policy. A policy
may also be required where there is a diversity of interests and preferences, which could result in vague and conflicting objectives
among those who are directly involved.

Not all workplace issues require a policy. Many routine matters can be dealt with through simple workplace procedures and processes
being put in place.

Benefits of having workplace policies

Well-written workplace policies:

 are consistent with the values of the organization

 comply with employment and other associated legislation
 demonstrate that the organization is being operated in an efficient and businesslike manner
 ensure uniformity and consistency in decision-making and operational procedures
 add strength to the position of staff when possible legal actions arise
 save time when a new problem can be handled quickly and effectively through an existing policy
 foster stability and continuity
 maintain the direction of the organization even during periods of change
 provide the framework for business planning
 assist in assessing performance and establishing accountability
 clarify functions and responsibilities.

Developing and introducing workplace policies

Step 1 – Management Support

It is crucial to have senior management support for the implementation or modification of a policy, especially where policies relate to
employee behaviour. The endorsement and modelling of the behaviour by senior managers and supervisors will encourage staff to
take the policies seriously. While management support for a policy is an important first step before actively seeking employee
feedback on a proposed policy, the idea for the policy and some of its details may in fact come from staff.

Step 2 - Consult with staff

Involve staff in developing and implementing workplace policies to promote stronger awareness, understanding and ownership of the
outcome. Staff involvement also helps to determine how and when the policies might apply, and can assist in identifying possible
unintentional outcomes of the policy.

Step 3 - Define the terms of the policy

Be explicit. Define key terms used in the policy at the beginning so that employees understand what is meant. The policy should
explain what is acceptable and unacceptable behaviour in the workplace. You may wish to include specific examples to illustrate
problem areas or unacceptable types of behaviors. For example:
 30

An individual shall be deemed to be under the influence of alcohol if he/she exceeds a blood alcohol level of 0.05% (0.02% for heavy
vehicle drivers).

Be clear about who the policy applies to. For example, does it only apply to employees of the company or to contractors and sub-
contractors engaged to perform work on business premises? This is particularly important, for example, with occupational health and
safety which covers everyone in the workplace.

The policy may also need to contain information about what to do if it is not possible to follow the policy. For example, if you have a
policy relating to punctuality, you may need to include a procedure outlining what to do if the employee is going to be late.

The policy should also contain procedures to support the policy in its operation, such as the implications for not complying with the
policy.

Example 1: Occupational health and safety

No employee is to commence work, or return to work while under the influence of alcohol or drugs. A breach of this policy is grounds
for disciplinary action, up to and including termination of employment.

Example 2: Email policy

Using the organization's computer resources to seek out, access or send any material of an offensive, obscene or defamatory nature is
prohibited and may result in disciplinary action.

Step 4 - Put the policies in writing and publicize them

To be effective, policies need to be publicized and provided to all existing and new employees. This includes casual, part-time and
full-time employees and those on maternity leave or career breaks.

Policies should be written in plain English and easily understood by all employees. Consider translating the policies into the
appropriate languages for employees whose first language is not English.

Ensure all staff understand what the policies mean. Explain how to comply with the policies and the implications of not complying.

Step 5 - Training and regular referral

The policies may be explained to staff through information and/or training sessions, at staff meetings and during induction sessions for
new staff. They should also be reiterated and discussed with staff regularly at staff meetings to ensure they remain relevant.

Copies of policies should be easily accessible. Copies may be kept in folders in a central location or staff areas, in staff manuals and
available on the organization's intranet system.

Step 6 – Implementation

It is important that policies are applied consistently throughout the organization. A breach of a policy should be dealt with promptly
and according to the procedures set out in the policy. The consequence of the breach should also suit the severity of the breach –
whether it be a warning, disciplinary action or dismissal.

Case study

An organization which dismissed an employee for sexual harassment was subsequently ordered to re-employ the sacked staff member
as they had failed to follow their own policy. The company had a policy of zero tolerance to sexual harassment but failed to exercise
the provision when the policy was breached. The Commission hearing revealed that the company had breached its own policy when it
issued the employee numerous unofficial warnings instead.

Step 7 - Evaluate and review

Review policies regularly to ensure they are current and in line with any changes within the organization. Where policies are
significantly changed they should be re-issued to all staff and the changes explained to them to ensure they understand the
organization's new directions. These changes should also be widely publicized.

Policy checklist
 31

A workplace policy should:

 set out the aim of the policy

 explain why the policy was developed
 list who the policy applies to
 set out what is acceptable or unacceptable behaviour
 set out the consequences of not complying with the policy
 provide a date when the policy was developed or updated.

Policies also need to be reviewed on a regular basis and updated where necessary. For example, if there is a change in equipment or
workplace procedures you may need to amend your current policy or develop a new one.

Employment law changes, changes to your award or agreement may also require a review of your policies and procedures. Stay up to
date with relevant changes by regularly checking Fair Work Ombudsman.

Types of workplace policies

Here are some examples of common workplace policies that could assist your workplace:

 code of conduct
 recruitment policy
 internet and email policy
 mobile phone policy
 non-smoking policy
 drug and alcohol policy
 health and safety policy
 anti-discrimination and harassment policy
 grievance handling policy
 discipline and termination policy
 using social media.

What are Policies and Procedures?

Policies and procedures go hand-in-hand but are not interchangeable.

A policy is a set of general guidelines that outline the organization’s plan for tackling an issue. Policies communicate the connection
between the organization’s vision and values and its day-to-day operations.

A procedure explains a specific action plan for carrying out a policy. Procedures tells employees how to deal with a situation and
when.

Using policies and procedures together gives employees a well-rounded view of their workplace. They know the type of culture that
the organization is striving for, what behavior is expected of them and how to achieve both of these.

The Importance of Policies and Procedures

Regardless of your organization’s size, developing formal policies and procedures can make it run much more smoothly and
efficiently. They communicate the values and vision of the organization, ensuring employees understand exactly what is expected of
them in certain situations.

Because both individual and team responsibilities are clearly documented, there is no need for trial-and-error or micromanaging. Upon
reading the workplace policies and procedures, employees should clearly understand how to approach their jobs.

Formal policies and procedures save time and stress when handling HR issues. The absence of written policies results in unnecessary
time and effort spent trying to agree on a course of action. With strict guidelines already in place, employees simply have to follow the
procedures and managers just have to enforce the policies.

Implementing these documents also improves the way an organization looks from the outside. Formal policies and procedures help to
ensure your company complies with relevant regulations. They also demonstrate that organizations are efficient, professional and
stable. This can lead to stronger business relationships and a better public reputation.

How to Develop Policies and Procedures in the Workplace

When creating a policy or procedure for your workplace, start by reviewing the mission statement, vision and values. According to
the New South Wales Government Industrial Relations, “a workplace policy should:
 32

 set out the aim of the policy

 explain why the policy was developed
 list who the policy applies to
 set out what is acceptable or unacceptable behavior
 set out the consequences of not complying with the policy
 provide a date when the policy was developed or updated”

Once you implement your policies and procedures, the next step is to inform and train employees on them. You can’t expect
employees to follow guidelines if they aren’t aware of them. Be sure to schedule regular refresher training sessions, too, to keep
employees on track.

Paychex WORX says that “employees may be more likely to embrace rules when they understand their purpose and that they are not
meant to be a form of control or punishment.” For this reason, keep a positive attitude during training sessions and leave plenty of
time for employee questions.

Policies and procedures should not be written once and left alone for decades. Reviewing these documents regularly and updating
them when necessary is key to their success. In addition to an annual review, consider updating them when you:

 adopt new equipment, software, etc.

 see an increase in accidents or failures on-site
 experience increased customer complaints
 have a feeling of general confusion or increased staff questions regarding day-to-day operations
 see inconsistency in employee job performance
 feel increased stress levels across the office

 Types of Policies and Procedures Every Workplace Needs

Organizations need policies and procedures for a wide range of HR topics. Below are some of the subjects you should consider
creating guidelines for.

Polices and Procedures for Attendance

These documents can include guidelines on tardiness, vacation time, sick leave, appointments and paid volunteer hours. You can
also include the amount of notice required before booking time off. Take your corporate culture into consideration when developing
these rules.

Policies and Procedures for Employee Conduct

This is a broad topic and may require multiple, separate policies. Including guidelines on drugs and alcohol use, smoking,
performance management and discipline helps employees know what is and is not acceptable behavior at work.

 Policies and Procedures for Use of Company Property

Employees have to use company property in order to do their jobs. Depending on your industry, this could include electronics,
medical equipment, vehicles, tools and uniforms. Include guidelines on how to care for company property, as well as how much (if
any) and what types of personal use are permitted using company property.

Policies and Procedures for Internet and Social Media Use

Make employees aware that any internet use at work is not private. Urge employees to limit personal internet use and ensure
everything they do online in the workplace is legal, ethical and appropriate (and explain what these mean). Add guidelines about
what is and is not appropriate to post on social media regarding your organization as well.

Policies and Procedures for Health and Safety

Protecting employees’ safety and well-being should be every organization’s top priority. When writing your health and safety
policies, include information about how to deal with illness or injury at work, equipment safety guidelines and how to report a
health or safety concern. Also include procedures to follow in the event of a fire or natural disaster.

Policies and Procedures for Expenses

 33

If your employees travel or purchase things for work, having an expense reimbursement policy in place is essential. Explain what
types of expenses are acceptable for reimbursement (airfare class, transportation, meals, etc.). Include procedures on how to submit
a reimbursement claim

Why You Need to Enforce Policies and Procedures

Policies and procedures are helpful for making your workplace run more efficiently, but they are only effective if you enforce them.
Enforcement of the guidelines guarantees your organization’s operational procedures and decision-making processes are uniform
and consistent across cases.

When you don’t enforce your procedures, you put your organization at risk. If an employee or external person comes forward with
an allegation against your company, having formal policies and procedures in place strengthens your case.

For example, say someone sues your organization for hiring discrimination, claiming that they were not given a job they interviewed
for because they have a disability. Having an anti-discrimination policy in place is a strong piece of evidence in your defense.

Or, say that you refuse to reimburse a first-class plane ticket an employee bought to get to a conference. Pointing out that first-class
airfare is not eligible for expense reimbursement and having proof of this in your policy protects your organization from legal actions
and reputation damage.

Without formal policies and procedures, your organization may not be reaching its potential. Developing and enforcing policies that
reflect your workplace’s values make it a better environment for all employees.

5 Reasons To Have Enterprise Policy Management Software In Place For Your Business

In today’s current economic climate, it’s vital that organizations have an enterprise policy management system in place that can help
identify and manage risk whilst protecting against reputation damage and the threat of hefty fines.

Compliance can prove an impossible task using existing methods of communication such as email and corporate intranet, however
through the use of policy management software, organizations can streamline internal processes and demonstrate ongoing
accountability to regulators.

A policy management system provides organizations with an easy to use, centralized solution for creating, storing and distributing
important policy documents. An effective policy management system will have a consistent method of creating policies, adds
structure to company procedures and makes it easier to track compliance.

There are many reasons why your organization should implement an Enterprise Policy Management System: 

1. Policy Automation

Policy management can either be conducted manually or through automation. The manual route can be a labour-intensive process that
often results in inaccurate reporting and distorted results.

By automating your enterprise policy management, you will streamline processes and save time on a number of key tasks. Policies can
be completed on time, and in a way that can be controlled and measured, reducing the impact of human error.

The automation of policy management will ensure that compliance is up to date and that your organisation is protected from risks and
litigation.

2. Effective Governance Reporting

 34

Policy Management software addresses they key problem of demonstrating compliance with legislative requirements and providing
due care to auditors and regulators. It provides transparent real time information that can be used to improve processes within
organizations, and effectively target those areas that present the highest risk to data security.

3.   Manage Risk

Implementing an enterprise policy management system begins with the identification of risks and managing suitable controls to
deliver risk mitigation. One of the problems that can arise with this process is the effective communication of policies and
procedures to employees.

Employees represent the most significant threat to the reputation of an organization, so it’s vital that a system is put in place that
guarantees user awareness, and ensures that staff are presented with targeted compliance content that is relevant and specific to
their role.

Policy Management software ensures that all users in a target group must agree to a policy or complete tests by a specified date and
time. This enables organizations to properly determine employee understanding of the policy and demonstrate compliance.

4. Target Multiple Users

An effective policy management system will have the ability to target or exempt specific groups of users. Policies may differ across
an organization, so specific policies may be needed for individual departments. This kind of targeting ensures that the right policy is
going to the right people, at the right time.

5. Drive User Participation and Awareness

 35

It’s important that organizations achieve and demonstrate 100% compliance and user awareness with key policies. Managing
compliance is always more effective when users are involved as it gives them a greater understanding of the significance of their
actions with regards to information handling.

An effective policy management system will enable organizations to measure and demonstrate the continuing improvements in
awareness, and highlight areas that require attention before they pose a risk to security and compliance.

In every field, it's important to minimize as much risk as possible. Documentation is a great tool in protecting against lawsuits and
complaints. Documentation help ensure consent and expectations. ... There are many legal and regulatory requirements in this field,
and proper documentation helps to maintain compliance.

Documentation is anything written or printed on which you rely as record or proof of patient actions and activities. A record or chart
or client record, is a formal, legal document that provides evidence of a client's care and can be written or computer based.

The recording (patient registration) and reporting system is used to systematically evaluate patient progress and treatment outcomes,
as well as to monitor overall programme performance (through cohort analysis).

There needs to be some level of cohesion so that you don't look sloppy or uninformed. Documentation encourages knowledge
sharing, which empowers your team to understand how processes work and what finished projects typically look like.

Proper documentation provides evidence of what has transpired as well as provides information for researching discrepancies.
Supporting documentation may come in paper or electronic form. In recent years, more often, official supporting documentation has
moved from paper based to electronic forms.

When documentation is a recording of a strategic and creative process focused on clearly outlining issues, goals, recommendations,
and guidelines, and created in a way that empowers collaboration and revisions in the future, it is one of the most important phases of
any project.

Consistent documentation is essential for employers to properly evaluate employees and avoid liability connected with disciplining
and terminating employees. Accurate documentation allows decisions to be made with as much information as possible.

HR Documents You Need To Have For a Hassle Free and Safe Workplace

Ever wondered why documents are so important for any business?? They act as proof of records of all the official activities of the
company. HR Documents are vital to record all the transactions, activities, and events related to the organization. You need to have all
the Important HR Documents to make sure that your business administration is smooth and the Internal Control System is strong.
Make sure you get these documents

Let’s face it, the documentation process is not the most amazing but it is a very vital part of every business. Recording employment
information is very important these days. These Important HR documents play a vital role in the administration of any business.

In today’s dynamic business world you need to file and archive official documents. These HR documents will be handy in the future
or in unforeseen circumstances. 

Important HR documents need to be maintained with the utmost care because they act as a “proof” of important activities and events.
The foundation of a successful organization is an efficient documentation process and maintenance.

Why are Human Resource Documents important?

An HR professional will tell you about the significance of good documentation. Very regularly managers come to the Human
Resources Dept. with plans to fire an employee or make other disciplinary moves with no supporting documentation.

HR documentation is significant for many reasons. Documentation legitimizes work activities, from enrollment, resignation, and
retirement or termination. Development and Compensation are portions of employee documentation. Keeping up precise and complete
documentation bolsters HR goals, for example, planning succession and promotion. HR documentation, when arranged cautiously,
secretly and as per organizational policies, is the foundation of an HR office. Important HR documents are not only vital for the HR
Department but also for the business as a whole.

Types of Documentation

There are many types of Important HR documents that form a vital part of the documentation process.

Policies, Procedures, Performance Management, and Statutory Documents form the core of Important HR documents. These are
important to outline the expected employee behavior and workplace standards that need to be maintained orderly in which the
employees know what is expected of them.
 36

These documents contain records in written format. It includes permanent records like employment contracts, recruitment-related
documents such as Job Descriptions, Resumes, Background checks, Company Policies, and much more. Documents may be formal as
well as informal.

Informal records such as a manager’s record of discussions with an employee. Maintaining such informal pieces of documents is as
important as maintaining formal documents.

Formal documentation has to be retained with care. These documents play an important role regardless of whether they’re related
to administrative issues or legal issues.

Why businesses need proper Documentation?

HR documents play a very important role when it comes to the documentation process of an organization. It acts as proof or evidence
of the activities related to the business. Documentation of such events, whether positive or negative, has to be maintained because they
may come handy in the future.

Below is the list of Important HR documents that every business should have.

1. Job Descriptions

A Job Description gives both the business and the employee a clear idea of the necessities of a specific Job. The JD plots every one
of the obligations and duties that are related to a specific job role. It likewise gives a sign of the sorts of abilities that are required to
efficiently carry out that specific work. For the most part, a nitty-gritty JD will comprise of all the significant information of any
specific employment like Job Role, Job Title, Responsibilities, Job Summary, and so on.

2. Employment Contract

An Employment contract is a written proof of the professional relationship between an employer and an employee. The document is
explicit to an employee or to a whole organization. An employment contract can totally negate voluntarily work, which makes it a
helpful document for luring new employees.

It is a signed piece of document that acts as proof of the agreement between an employer and an employee. The employment
contract states the rights & responsibilities of both parties.

3. Recruitment Process Documents

The selection procedure has many steps, for example, screening, interviewing, meeting, selection, induction, and onboarding. A
hiring specialist plays out every one of these procedures to choose a qualified candidate the shortlisted ones.

All these processes need to be recorded in official documents to keep a track of how and where the process is heading.

The following documents are vital when it comes to the recruitment process,

 Offer Letter

 Manpower Requisition

 Job Description

 Employment Agreement and contract

 Recruitment Tracker

 Candidate Evaluation Form

 Reference Check Guide

4. Performance Appraisal Documents

A Performance Appraisal Document helps in performance management and measurement for both parties.

A strong performance management system is based on the simple concept of SMART goals (Specific. Measurable. Attainable.
Relevant. Time-based)

Also, the feedback exercise can help an organization in the basic future decision-making process. For the board, input from an
employee can prompt upgrades in procedures and the management style.

Creating a standardized and a uniform format to define performance and in setting goals across various levels of employees.
 37

Following are some of the Performance appraisal document examples:

 Performance Management Process

 Performance Review

 Performance Improvement Plan

 Performance Appraisal Letter

 Performance Warning Letter

 KRA

5. Employee Handbook

An employee handbook consists of all the procedures, policies, authority & responsibility, and expectations from a certain employee
who is carrying out a specific job in the organization.

It is one of the important HR documents as it contains businesses’ administrative procedures. Generally, it is handed over to an
employee on the first day of employment. The employee handbook is utilized by employers to outline important policies of the
company and to protect the rights and responsibilities of both the employer and the employee.

An employee handbook contains legal information like employment policies, anti-harassment policies, as well as the expected level
of safety for employees in the organization.

An employee handbook forms a very important part of the employee policies of a company.

What Have You Learned So Far?

Answer the following:

1. What are the types of policies and procedures in the workplace? ________________________________

2. What are the important document an HR must have in every business? ___________________________

3. How important does proper documentation in every business? __________________________________

Extend Your
Knowledge

Do this activity.

You are an HR staff. Your work is to keep all the records of the company. To ensure that all documents are kept, you
need to do the following:

1. Make a journal of all the activities you are doing everyday.

2. Record it and take pictures.

3. The journal must be presentable and unique.

Congratulations! You did a great job! Rest and

relax for a while then move on to the next
lesson.

God bless!!!
 38

REFERENCES
 https://www.google.com/search?
q=how+to+Perform+security+check+in+accordance+with+established+network+access+policies/
end+user+requirements

 https://tms-outsource.com/blog/posts/web-technologies/

 https://www.google.com/search?
q=Undertake+predeployment+procedures+based+on+enterprise+policies+and+procedures

 https://www.google.com/search?q=Prepare+reports+according+to+enterprise+policies+and+procedures

 https://www.google.com/search?q=Documentation+and+making+reports&oq=docume&aqs=chrome