Computer installation services for SME business customers in Staffordshire and West Midlands
Computer & IT Services   Home About Us

Services

News

Contact
Computing
Internet
Networking
Security & Anti-Virus
Digital CCTV
Consultancy
Support
Technical Help
 

Important issues that need consideration when creating your IT policy

Representation and Strategy

  • IT requirements are adequately represented at the most senior level
  • The organisation maintains and has communicated an effective IT Strategy
  • Responsible persons are aware of relevant legislation E.g. Data Protection Act, Computer Misuse Act

Usage Policy

  • All staff are clear about the company computer use policies (email, access to system, data storage, confidentiality etc)
  • Users are aware passwords must not be disclosed
  • Disciplinary code includes breaches of the above policies
  • Training is given to staff prior to use
  • External contractors and temporary staff are similarly covered

Inventory and Audit

  • There is an accurate inventory of Hardware
  • There is an accurate inventory of Software and licences
  • There is an accurate record of maintenance and other service agreements
  • Processes are in place to periodically audit
  • Hardware, Software and Information

Business Continuity and Disaster Recovery

  • Business continuity implications are considered at the system design stage
  • Key systems make use of redundancy to minimise the impact of hardware failures
  • The company assesses risks and maintains a Business Continuity plan
  • All resilience and business continuity arrangements are tested periodically
  • Backups are stored in a separate location
  • Key systems are protected from power disruption by a UPS

Managing Day to Day Operations

  • Key operational IT procedures are documented
  • A record of system changes is kept
  • Changes are assessed and approved before implementation
  • Anti-virus software is kept up to date regularly
  • Staff use administration privileges only when needed
  • Problems are recorded tracked and analysed by a helpdesk
  • Backups are made daily
  • Restoring data from backup is periodically tested

Security

  • Key systems are located in a physically secure position
  • The network contains controls preventing unnecessary access
  • Media such as tapes, CD’s and floppy disks are controlled
  • There is a procedure in place to deal with security breaches
  • Backup media are stored offsite
  • Visitors and contractors have controlled access to systems
  • The activity of all users is logged
  • All users have unique traceable ID’s
  • There is a process for granting, modifying and revoking system privileges
  • Access is granted on a need to know basis
  • Screens are locked when not in use
  • System forces the use of strong passwords (no re-use of passwords, limited attempts before lockout, periodic change)
  • The company keeps up to date with security fixes for operating systems and applications
 
© Copyright 24.03.2008 IMPlog
HOME | ABOUT US | SERVICES | NEWS | CONTACT | COMPUTERS | ENVIRONMENT