Procedure Manual Version 1.1 Information Technology Last updated on 24-09 - 2016 Access Projects (Pvt) Ltd. Information Technology Policy Prepared by Version 1.0 Authorized by Version 1.0 Name: Nalaka Bandara Signature Name: Nishal Ferdinando Signature Designation : ICT Executive Date Designation : Director Date Page 1 of 10
Table of Contents 1.1 Introduction... 3 1.2 Policy Statement... 3 1.3 Scope... 3 1.4 Roles and responsibilities:... 3 1.5 Audit and review... 3 1.6 Internet and Email Usage... 4 1.7 Network and Systems IT Security... 5 1.8 Computers, Software and Hardware... 5 1.9 Helpdesk... 7 1.10 Application Development.... 7 1.11 Back-up and Archiving:... 8 1.12 Upgrading of Hardware.... 8 1.13 Disaster Recovery and Business Continuity for IT Assets... 9 1.14 Risk Assessment... 9 1.15 Asset Register... 10 1.16 Security... 10 Page 2 of 10
1.1 Introduction 1.1.1 This policy is designed to be the overall Information Technology Policy for Access Projects (Pvt) Ltd. 1.1.2 The policy is designed to ensure that all departments of Access Projects (Pvt) Ltd will comply with all relevant compliance legislation in respect of Information Technology. The policy will describe specific rules on Information Technology and reference any subservient policies that will describe policy in more detail. 1.2 Policy Statement 1.2.1 The purpose and objective of this Information Technology Policy is to standardize the usage of IT Assets and to protect Access Projects (Pvt) Ltd information assets from all threats, whether internal or external, deliberate or accidental, it also describes measures to prevent misuse, ensure business continuity, minimise damage and maximise return on investment. 1.3 Scope 1.3.1 This policy is intended for all staff and any visitors using the Access Projects (Pvt) Ltd. IT systems, data or any other information technology asset. 1.3.2 For the purposes of this Policy the term staff will be taken to mean paid employees, consultants, sub-contractors employed by Access Projects (Pvt) Ltd. 1.4 Roles and responsibilities: 1.4.1 The Policy is approved by the Executive Director of Access Projects (Pvt) Ltd. 1.4.2 The Managing Director of Access Projects (Pvt) Ltd. is the designated owner of the Information Technology Policy. 1.4.3 The ICT Executive will be responsible for implementation and monitoring of the Information Technology Policy. 1.4.4 All members of staff are expected to have read, understood and to adhere to the IT Policy. Breaches of any of the policy rules will in the first instance be reported to the line manager and then a record of the breach should be passed to the ICT Executive. 1.5 Audit and review 1.5.1 The ICT Executive will be responsible for arranging and monitoring regular audits of all aspects of the Information Technology Policy. The results of audits will be recorded and logged. Audits will be carried out no less than annually. 1.5.2 The Information Technology Policy will be reviewed annually by the ICT Executive and approved by the Executive Director. Page 3 of 10
1.6 Internet and Email Usage 1.6.1 Internet Access 1.6.2 All head office staff members will be granted Internet access. The ICT Executive to implement a Firewall and restrict access to the following material. All Videos Adult Content Social Media Websites Note : Access to any job related websites can be granted subject to the Executive Director s Approval. 1.6.3 The ICT Executive to obtain a report of all websites visited by all staff members on a daily basis. This report has to be forwarded by the ICT Executive to Manager QMS on a daily basis. 1.6.4 Manager QMS to take necessary action based on the report. 1.6.5 You may not use internet / email to write, send, read, or receive data that contains content that could be considered discriminatory, offensive, obscene, threatening, harassing, intimidating, or disruptive to any employee or other person. Examples of unacceptable content include (but are not limited to) sexual comments or images, racial slurs, genderspecific comments, or other comments or images that could reasonably offend someone on the basis of race, age, sex, religious or political beliefs, national origin, disability, sexual orientation, or any other characteristic protected by law. 1.6.6 Wi-Fi Access 1.6.7 Wireless access will be provided to staff members using APWI Network. All social networks will not be accessible from this network. 1.6.8 Wireless access will be provided to guests using the AP GUEST Network. 1.6.9 Email Accounts 1.6.10 Department Head to request email accounts through an email to the ICT Executive. User to fill the Email Requisition Form, sign and submit to ICT Executive with the divisional heads approval. 1.6.11 ICT Executive to ensure that the email account is created within 1 working day from the requisition. Maximum storage per email account is 1 GB. 1.6.12 The use of email and the Internet within Access Projects (Pvt) Ltd. is controlled by the IT Policy and overseen by the ICT Executive. 1.6.13 HR to advise the ICT Executive on the staff members who leave / transfer within the organization. ICT Executive to check with the Executive Director whether to forward the email account to another employee. If not delete / amend the respective email accounts / groups immediately. Page 4 of 10
1.6.14 The Project Manager to provide a list of the site staff members who require email accounts to the GM Construction for approval and thereafter forward it to the ICT Executive for action. 1.6.15 Email accounts will be provided for the following staff members with approval from the Director, on the Google Cloud Service. This is for security reasons. Managing Director Director GM Construction Manager Costing & Estimation Chief Architect Accountant Manager QMS Project Manager (Selected PMs) ICT Executive 1.7 Network and Systems IT Security 1.7.1 The computer network is part of the Access Projects network and is managed by the ICT Executive. The ICT Executive audits and monitors the systems and will have access to the administration systems. 1.7.2 Staff members can be given a 50MB space on the server. Approval would need to be obtained by Line Manager and Executive Director. 1.7.3 Every Site & Factory to have a hard ware firewall for sites which have more than 5 Desktops / Laptops. 1.7.4 Dongles to be provided to site staff if the sites have less than 5 Desktops / Laptops 1.7.5 The firewall will not be required if Dongles are provided to the site staff. 1.7.6 Network access to be given to sites which have more than 5 Desktops / Laptops 1.8 Computers, Software and Hardware 1.8.1 Line managers will ensure that their staff members adhere to the Information Technology Policy. Any breaches will be reported in the first instance to the ICT Executive. 1.8.2 For IT hardware requests for departments / sites, an IT equipment request form to be filled, necessary approvals obtained and handed over to the IT department. 1.8.3 The ICT Executive needs to obtain 3 quotations from suppliers for purchase of new items. 1.8.4 Changes to Hardware / Software configurations of a company Desktop Laptop can only be done with the ICT Executive s Approval. Staff members are strictly prohibited to make any changes to the Hardware / Software configurations of a company Desktop Laptop machine. 1.8.5 All purchasing of IT equipment MUST go through the purchasing department. The ICT Executive to obtain three quotations for new items. 1.8.6 The ICT Executive to negotiate with the suppliers and fix prices for 1 month. The prices to be reviewed monthly by the ICT Executive. Page 5 of 10
1.8.7 Access Projects should purchase ONLY branded Desktop / Laptop Machines. 1.8.8 The warranty provided by the supplier should be for all components of the workstation / Laptop. 1.8.9 Software Installation 1.8.10 RNH IT will be contacted for any technical assistance related to the website. The website will be updated using the Portal by the ICT Executive. 1.8.11 The Access Projects Facebook Page to be maintained by the PA to the Director. 1.8.12 The procedure to obtain Hardware / Software Configurations is as follows. Request made by staff member->department Head to Approve-> Sectional Head to approve- >Raise PO->Purchase Item The following hardware configurations are to be used when providing workstations / laptops to staff Staff Grade PC / Laptop Configuration Project Manager Intel core i3 or i5 Notebook, 4GB Memory 500GB Hard disk 15.6 screen, mouse, virus guard, Company E mail, Company Dongle, Software- Windows 7 or Windows 8,MS Office,MS PROJECT,AUTOCAD, ADOBE Site Engineer Quantity Surveyor Accounts Assistant Trainee Quantity Surveyor Store keeper CAD Draughtsman GM and above grades Manager Level 4 & Above Senior Executive & Below (Depending on nature of Job) Executive Level 1 & Below Intel i3 Note book, 4GB Memory 500GB Hard Disk,15.6 screen, mouse, virus guard Company email,dongle if recommended by Project Manager Intel i3 or Dual core Desktop or second hand computer recommended by Dept. Manager, 4GB Memory 500GB Hard disk, UPS, Virus Guard Intel i3 or Dual core Desktop or second hand computer recommended by Dept. Manager, 4GB Memory 500GB Hard disk, UPS, Virus Guard Core 2duo processor, 4GB RAM,500GB Hard disk second hand branded desktop computer, UPS and Virus Guard Core 2duo processor, 4GB RAM,500GB Hard Disk second hand branded Desktop Computer, UPS and Virus Guard Intel core i7 or i5 processor,8gb or 16GB RAM, 500GB Hard Disk,22 Monitor, UPS,Virus Guard branded Desktop Computer Intel core i5 Notebook / Desktop, 4GB Memory 500GB Hard disk 15.6 screen, mouse, virus guard, Company E mail, Company Dongle, Software- Windows 7 or Windows 8,MS Office,MS PROJECT,AUTOCAD, ADOBE Intel i3 Desktop / Notebook, 4GB Memory 500GB Hard Disk,15.6 screen, mouse, virus guard Company email,dongle if recommended by Project Manager Intel i3 Desktop / Notebook, 4GB Memory 500GB Hard Disk,15.6 screen, mouse, virus guard Company email,dongle if recommended by Project Manager Dual core Desktop or second hand computer recommended by Dept. Manager, 4GB Memory 500GB Hard disk, UPS, Virus Guard Page 6 of 10
1.8.13 Any variation to the above configurations, depending on the job role, would require the prior approval by the Executive Director, for Construction related items prior approval by the General Manager Construction would be required. 1.8.14 The Staff member has the right to choose between a Desktop / Laptop for his / her work. 1.8.15 An ipad will be provided only for staff grades of GM and above. 1.8.16 The staff member to fill a Software Installation Completion form after all the required software has been installed the Desktop / Laptop 1.8.17 A backup laptop can be provided for each department. One person in the department needs to be responsible for it. 1.8.18 If a staff member requires both a Desktop and a Laptop, it would require the prior approval by the Executive Director, for Construction related items prior approval by the General Manager Construction would be required. 1.8.19 ONLY the department head can request for IT resources for the department. 1.8.20 Damages / loss of a company owned IT equipment assigned to a staff member, will be recovered up to a maximum of LKR 50,000/- from the staff member. The ICT Executive to obtain an estimate for the repairs and fill a damages to IT equipment re-imbursement form and hand over to the Accounts dept. In an exceptional situation the Executive Director has the authority to waive off the cost of the Laptop. 1.8.21 On the receipt of a Desktop / Laptop by a staff member for use, he / she to fill an IT Material Receivable Form. 1.8.22 On the receipt of a new / repaired Desktop / Laptop by a staff member, he / she to fill a Repaired/Replaced Items Receivable Form. 1.9 Helpdesk 1.9.1 All IT related complaints, issues to be logged into the online IT Helpdesk System. The ICT Executive to check the logs every hour and action them. 1.9.2 The ICT Executive to provide the timelines to action each type of request. 1.10 Application Development. 1.10.1 Proper risk assessment would need to be carried out on all new application development projects. 1.10.2 All Software Developments require the approval by the Executive Director. 1.10.3 The Peachtree system used by the Accounts department is the only software system acquired by a third party. All customized software development for Access Projects (Pvt) Ltd will be carried out by Nsoft Solutions (Pvt) Ltd. The Executive Director would need to enter into an agreement with Nsoft Solutions (Pvt) Ltd for the software development. Items to be considered when finalizing software / hardware purchase agreements. Page 7 of 10
Warranty After Sales Support Source Code can be obtained or not 1.11 Back-up and Archiving: 1.11.1 All data must be archived appropriately when they are no longer required within the organization. 1.11.2 The ICT Executive would need to Back-up the Back-up server on external hard drives on a weekly basis and store them safely at the Head Office premises. 1.11.3 All the divisional heads to certify on a monthly basis, that their respective divisions data and Emails have been duly backed up in the File Server by getting his / her staff members to fill the Data Back-up Form, Sign off at the end and send to the ICT Executive by the 5 th of the following month. 1.11.4 The ICT Executive would need to Back-up All the email accounts. 1.11.5 External Hard drives can be provided with approval of the Executive Director. 1.11.6 If a construction site requires an external Hard Disk, it can be provided with approval from the GM construction. 1.11.7 After the site is completed the ICT Executive to ensure that the External Hard Disks are returned and the data is copied to the File Server. 1.11.8 All files older than 8 years have to be deleted from the system. The ICT executive to coordinate with the departments to ensure this is done annually. 1.11.9 Access Projects Maintains 3 Servers as follows. Server Name Location Purpose Authorized Users Accounts Server Accounts Dept. Host the Peachtree System Server 2 H/O 1 - IT Room Project Management System Costing & Estimating Software Finance Manager, Manage Accounts ICT Executive File Server 1 H/O 1 - IT Room All divisions store / backup data ICT Executive File Server 2 Nawala Office ALU / CEI / MKT store / backup data ICT Executive System Server 3 Nawala Office Ceiling & Material Management Software ICT Executive / Nirosh 1.12 Upgrading of Hardware. 1.12.1 The ICT Executive to ensure that a review of the existing hardware configurations of company owned Desktop / Laptop machines is carried out annually. 1.12.2 Subject to the above review, upgrading of the existing hardware configurations of company owned Desktop / Laptop machines should be carried out every 3 years. 1.12.3 Subject to the above review, replacement of the existing hardware configurations of company owned Desktop / Laptop machines should be carried out every 5 years. Page 8 of 10
1.13 Disaster Recovery and Business Continuity for IT Assets 1.13.1 Access Projects (Pvt) Ltd would conduct business continuity planning for IT Assets in the following manner. The plan will be reviewed annually by the ICT Executive and will be approved by the executive Director. Department / Staff Member Risk Ranking Managing Director 1 Ipad Contingency Strategy Executive Director 2 Use Planning Eng. Desktop Machine General Manager Construction 3 Use Head of Q/S Desktop Machine, Ipad ICT Executive 4 Backup Laptop of ICT Executive Planning & Procurement Mgr 5 Backup Laptop of Planning Manager Head of Quantity Surveying 6 Backup Laptop of Q/S Dept Head of Drafting 7 Backup Laptop of CAD Manager s Laptop Site Project Manager 8 Backup Laptop of Site Q/S Dept Head of Accounts 9 Backup Laptop of the company Head of Purchasing 10 Backup Desktop of the Purchasing Dept. Head of Marketing 11 Backup Laptop of Marketing Dept Head of Human Resources 12 Laptop of Admin Manager Ceiling 13 Laptop of Ceiling Manager Aluminium 14 Backup Laptop of Head Aluminium Dept. Head of Factory 16 Laptop of Factory Manager 1.14 Risk Assessment 1.14.1 Access Projects (Pvt) Ltd will have an up to date Risk Register as follows. # Description 1 Power failure- Reason for Power supply unit or Mother board issue Probability 1= low 5 = high Impact 1= low 5 = high 4 5 Mitigation / Contingency Strategy Manage Power supply, setup UPS units, replace faulty components 2 Hard disk Failure reason for lifting,power failure, or physical damage 3 5 Backup data on the server, obtain assistance from hardware vendor to retrieve data 3 Memory Failure - factory issue 3 2 Fix new / additional memory 4 Monitor - Factory issue 3 2 Replace Monitor. 5 Reduction of computer speed - reason virus or hardware issue 4 3 Install Genuine Antivirus Software, Renew license on-time, obtain assistance from hardware vendor to retrieve data to retrieve data 6 Misuse by staff 2 3 Implement rules. Take disciplinary action as per disciplinary procedure. Page 9 of 10
7 Network Failure 3 5 8 Backup Failure 1 5 Maintenance of network infrastructure, install Surge Protectors, rectify network issue. Test backup status weekly. Maintain a bi- weekly backup of the server at another location. 1.14.2 Any major changes to IT hardware / software must be with the director s approval. An IT Change Request form must be filled and approval obtained from the director before proceeding with the change. 1.15 Asset Register 1.15.1 The ICT Executive to maintain a register of all IT Equipment in collaboration with the Accounts Department. The ICT Executive to update the register every time an item is released to a department or acquired. IT Officer to perform a stock take of all the IT Assets every year. 1.16 Security 1.16.1 ICT Executive to maintain an administrator accounts as well as a user account for all company desktop / Laptop machine. A list of updated passwords to be given to the Personal Assistant to the Director. 1.16.2 Only authorized personnel will be allowed to go into the IT room. 1.16.3 ICT Executive to ensure that an Anti-Virus Software is installed in every company owned Desktop / Laptop machine. Page 10 of 10