Transcription
Information TechnologyPolicy and Procedure ManualTable of ContentsInformation Technology Policy and Procedure Manual . 1Introduction. 3Technology Hardware Purchasing Policy. 4Purpose of the Policy . 4Procedures . 4Policy for Getting Software . 12Purpose of the Policy . 12Procedures . 12Policy for Use of Software . 14Purpose of the Policy . 14Procedures . 14Bring Your Own Device Policy . 17Purpose of the Policy . 17Procedures . 17Information Technology Security Policy . 20Purpose of the Policy . 20Procedures . 20Information Technology Administration Policy. 23Purpose of the Policy . 23Procedures . 23Website Policy . 24Purpose of the Policy . 24Procedures . 24IT Service Agreements Policy . 26Purpose of the Policy . 26Procedures . 26Emergency Management of Information Technology . 28
Purpose of the Policy . 28Procedures . 28HCC IT Policy and Procedure v1.0Page 2 of 30
IntroductionThe Highland Community College IT Policy and Procedure Manual provides the policies andprocedures for selection and use of Information Technology within the business which must befollowed by all staff. It also provides guidelines Highland Community College will use toadminister these policies, with the correct procedure to follow.Highland Community College will keep all IT policies current and relevant. Therefore, from timeto time it will be necessary to modify and amend some sections of the policies and procedures,or to add new procedures.Any suggestions, recommendations or feedback on the policies and procedures specified in thismanual are welcome.These policies and procedures apply to all employees.HCC IT Policy and Procedure v1.0Page 3 of 30
Technology Hardware Purchasing PolicyPolicy Date: 07/01/2018The policy for Technology Hardware Purchasing should be read and carried out by all staffmembers of Highland Community College.Purpose of the PolicyThis policy provides guidelines for the purchase of hardware for the business to ensure that allhardware technology for the business is appropriate, value for money, and where applicable,integrates with other technology for the business. The objective of this policy is to ensure thatthere is minimum diversity of hardware within the business.ProceduresPurchase of HardwareThe purchase of all business desktops, laptops, mobile devices, servers, network, and computerperipherals must adhere to this policy. All computer hardware, software, and mobile devicerelated purchases MUST be approved by or done through Highland Community CollegeIT department.HCC IT Policy and Procedure v1.0Page 4 of 30
Purchasing desktop computer systemsThe desktop computer systems purchased must be able to run Windows 10 Pro, Windows 10Enterprise, or Max OS version and integrate with existing eco-system.The desktop computer systems must be purchased as standard desktop system bundle andmust be by manufacturer Hewlett Packard (HP) or Apple.The desktop computer system bundle for regular class lab must include:All-in-One Desktop Desktop screen of 23.8” (24 inch) Keyboard and mouse must be wiredThe minimum capacity of the desktop must be: 1.5GHz –gigahertz. 4GB RAM 500 HDD / 128 SSD Intel Core i5 or AMD Dual-core processor 1 USB port 1 HDMI port 802.11a/b/g/n/acHCC IT Policy and Procedure v1.0Page 5 of 30
The desktop computer system bundle for Mac lab must include:All-in-One Desktop Desktop screen of 23.8” (24 inch) Keyboard and mouse must be wiredThe minimum capacity of the desktop must be: 1.5GHz –gigahertz. 4GB RAM 500 HDD / 128 SSD Intel Core i5 Dual-core processor 1 USB port 1 HDMI port 802.11a/b/g/n/acThe Mac desktop computer system must include the following software provided: Office 2016 Endpoint Protection Google Chrome Java 8 .NET 4.7.x Adobe Silverlight Shockwave VLC PlayerHCC IT Policy and Procedure v1.0Page 6 of 30
Dameware Mini Remote Control Notepad Custom software configuration as needed per region.Any change from the above requirements must be authorised by the Director of InformationTechnology.All purchases of desktops must be supported by basic 1-year manufacturer warranty and becompatible with the business’s server system.HCC IT Policy and Procedure v1.0Page 7 of 30
Purchasing portable computer systemsThe purchase of portable computer systems includes laptops, notebooks, iPads, and tablets.Laptops and notebooks computer systems purchased must be able to run Windows 10 Pro orWindows 10 Enterprise version and integrate with the existing eco-system.Laptops and notebook computer systems purchased must be by manufacturer Hewlett Packard(HP).iPads and Surface Pro tablets purchased must be able integrate with the existing eco-system.iPads and Surface Pro tablets systems purchased must be by manufacturer Apple, Inc. orMicrosoft respectively.The minimum capacity of laptop and notebook portable computer system must be: 1.5GHz –gigahertz. 4GB RAM 500GB HDD / 128 SSD Intel Core i5 or AMD Dual-core processor 1 USB port 1 HDMI port 802.11a/b/g/n/acThe portable computer system must include the following software provided: Office 2016 Endpoint Protection Google Chrome Java 8 .NET 4.7.x AdobeHCC IT Policy and Procedure v1.0Page 8 of 30
Silverlight Shockwave VLC Player Dameware Mini Remote Control Notepad Any change from the above requirements must be authorised by the Director of InformationTechnology.All purchases of all portable computer systems must be supported by basic 1-year manufacturerwarranty and be compatible with the business’s server system.The minimum capacity of iPads and Microsoft Surface tablets computer system must be:Apple iPad Screen size iPad 9.7 inches A9 chipset 4GB RAM 32GB SSD 1 USB port 802.11a/b/g/n/ac wireless networkingHCC IT Policy and Procedure v1.0Page 9 of 30
Microsoft Surface Screen size 12.3 inches Intel core i5 chipset 4GB RAM 128GB SSD 1 USB port 802.11a/b/g/n/ac wireless networkingAll iPad and Surface tablet computer systems must include the following software provided: Subject to approval by Highland Community College IT department.Any change from the above requirements must be authorised by the Director of InformationTechnology.All purchases of all portable computer systems must be supported by basic 1-year manufacturerwarranty and be compatible with the business’s server system.HCC IT Policy and Procedure v1.0Page 10 of 30
Purchasing server systemsServer systems can only be purchased by the Director of Information Technology or SystemsAdministrator.Server systems purchased must be compatible with all other computer hardware in thebusiness.All purchases of server systems must be supported by 24x7 service support and 4-hourresponse onsite support warranty every year and be compatible with the business’s other serversystems.Any change from the above requirements must be authorised by the Director of InformationTechnologyPurchasing computer peripheralsComputer system peripherals include add-on devices such as printers, scanners, external harddrives, etc.Computer peripherals can only be purchased where they are not included in any hardwarepurchase or are considered to be an additional requirement to existing peripherals.Computer peripherals purchased must be compatible with all other computer hardware andsoftware in the business.The purchase of computer peripherals can only be authorised by the Director of InformationTechnology.All purchases of computer peripherals must be supported by basic 1-year manufacturerwarranty and be compatible with existing computer systems.Any change from the above requirements must be authorised by the Director of InformationTechnology.HCC IT Policy and Procedure v1.0Page 11 of 30
Policy for Getting SoftwarePolicy Date: 07/01/2018The policy for Getting Software should be read and carried out by all staff members of HighlandCommunity College.Purpose of the PolicyThis policy provides guidelines for the purchase of software for the business to ensure that allsoftware used by the business is appropriate, value for money, and where applicable, integrateswith other technology for the business. This policy applies to software obtained as part ofhardware bundle or pre-loaded software.ProceduresRequest for SoftwareAll software, including types of non-commercial software such as open source, freeware, etc.here must be approved by the Director of Information Technology prior to the use or downloadof such software.Purchase of softwareThe purchase of all software must adhere to this policy.All purchased software must be purchased or approved by the Director of InformationTechnology.All purchased software must be purchased from reputable software sellers.All purchases of software must be supported by basic 1-year manufacturer warranty and becompatible with HCC servers and/or hardware system.Any changes from the above requirements must be authorised by the Director of InformationTechnology.HCC IT Policy and Procedure v1.0Page 12 of 30
Obtaining open source or freeware softwareOpen source or freeware software can be obtained without payment and usually downloadeddirectly from the internet.In the event that open source or freeware software is required, approval from the Director ofInformation Technology must be obtained prior to the download or use of such software.All open source or freeware must be compatible with the business’s hardware and softwaresystems.Any change from the above requirements must be authorised by the Director of InformationTechnology.HCC IT Policy and Procedure v1.0Page 13 of 30
Policy for Use of SoftwarePolicy Date: 07/01/2018The policy for Use of Software should be read and carried out by all staff members of HighlandCommunity College.Purpose of the PolicyThis policy provides guidelines for the use of software for all employees within the business toensure that all software use is appropriate. Under this policy, the use of all open source andfreeware software will be conducted under the same procedures outlined for commercialsoftware.ProceduresSoftware LicensingAll computer software copyrights and terms of all software licences will be followed by allemployees of the business.Where licensing states limited usage (i.e. number of computers or users etc.), then it is theresponsibility of the Director of Information Technology to ensure these terms are followed.Systems Administrator is responsible for completing a software audit of all hardware twice ayear to ensure that software copyrights and licence agreements are adhered to.Software InstallationAll software must be appropriately registered with the supplier where this is a requirement.Highland Community College is to be the registered owner of all software.Only software obtained in accordance with the Getting Software policy is to be installed on thebusiness’s computers.All software installation is to be carried out by Highland Community College IT department.A software upgrade shall not be installed on a computer that does not already have a copy ofthe original version of the software loaded on it.HCC IT Policy and Procedure v1.0Page 14 of 30
Software UsageOnly software purchased in accordance with the Getting Software policy is to be used within thebusiness.Prior to the use of any software, the employee must receive instructions on any licensingagreements relating to the software, including any restrictions on use of the software.All employees must receive training for all new software. This includes new employees to betrained to use existing software appropriately. This will be the responsibility of the Director ofInformation Technology.Employees are prohibited from bringing software from home and loading it onto the business’scomputer hardware.Unless express approval from the Director of Information Technology is obtained, softwarecannot be taken home and loaded on an employees’ home computerWhere an employee is required to use software at home, an evaluation of providing theemployee with a portable computer should be undertaken in the first instance. Where it is foundthat software can be used on the employee’s home computer, authorisation from the Director ofInformation Technology is required to purchase separate software if licensing or copyrightrestrictions apply. Where software is purchased in this circumstance, it remains the property ofthe business and must be recorded on the software register by the Highland CommunityCollege IT department.Unauthorised software is prohibited from being used in the business. This includes the use ofsoftware owned by an employee and used within the business.The unauthorised duplicating, acquiring or use of software copies is prohibited. Any employeewho makes, acquires, or uses unauthorised copies of software will be referred to the HumanResource Manager, for further consultation, reprimand action, etc. The illegal duplication ofsoftware or other copyrighted works is not condoned within this business and the Director ofInformation Technology is authorised to undertake disciplinary action where such event occurs.HCC IT Policy and Procedure v1.0Page 15 of 30
Breach of PolicyWhere there is a breach of this policy by an employee, that employee will be referred to EileenGronniger, HR Manager, for further consultation, reprimand action, etc.Where an employee is aware of a breach of the use of software in accordance with this policy,they are obliged to notify the Director of Information Technology immediately. In the event thatthe breach is not reported and it is determined that an employee failed to report the breach, thenthat employee will be referred to the Human Resource Manager, for further consultation,reprimand action, etc.HCC IT Policy and Procedure v1.0Page 16 of 30
Bring Your Own Device PolicyPolicy Date: 07/01/2018The policy for Bring Your Own Device should be read and carried out by all staff members ofHighland Community College.At Highland Community College we acknowledge the importance of mobile technologies inimproving business communication and productivity. In addition to the increased use of mobiledevices, staff members have requested the option of connecting their own mobile devices toHighland Community College's network and equipment. We encourage you to read thisdocument in full and to act upon the recommendations.Purpose of the PolicyThis policy provides guidelines for the use of personally owned notebooks, smart phones,tablets and computers for business purposes. All staff who use or access Highland CommunityCollege's technology equipment and/or services are bound by the conditions of this Policy.ProceduresCurrent mobile devices approved for business useThe following personally owned mobile devices are approved to be used for business purposes: Apple products such as iPhone, iPad, and smartwatches Android products such as smart phones, tablets and smartwatches Notebooks / LaptopsMobile devices for business usePersonal mobile devices can only be used for the following business purposes: Accessing company email Business internet access Business telephone callsEach employee who utilises personal mobile devices agrees:HCC IT Policy and Procedure v1.0Page 17 of 30
Not to download or transfer business sensitive information to the device. Sensitiveinformation includes for example intellectual property, student records, employee details,or other sensitive information, etc. Not to use the registered mobile device as the sole repository for Highland CommunityCollege's information. To make every reasonable effort to ensure that Highland Community College'sinformation is not compromised through the use of mobile equipment in a public place.Screens displaying sensitive or critical information should not be seen by unauthorisedpersons and all devices should be password protected. Not to share the device with other individuals to protect the business data accessthrough the device To abide by Highland Community College's internet policy for appropriate use andaccess of internet sites etc. To notify Highland Community College immediately in the event of loss or theft ofintellectual property, student records, employee details or other sensitive information onthe device Not to connect USB memory sticks from an untrusted or unknown source to HighlandCommunity College's equipment.HCC IT Policy and Procedure v1.0Page 18 of 30
Keeping mobile devices secureThe following must be observed when handling mobile computing devices (such as notebooksand iPads): Mobile computer devices must never be left unattended in a public place, or in anunlocked house, or in a motor vehicle, even if it is locked. Wherever possible they shouldbe kept on the person or securely locked away Cable locking devices should also be considered for use with laptop computers in publicplaces, e.g. in a seminar or conference, even when the laptop is attended Mobile devices should be carried as hand luggage when travelling by aircraft.ExemptionsThis policy is mandatory unless Highland Community Co
freeware software will be conducted under the same procedures outlined for commercial software. Procedures Software Licensing All computer software copyrights and terms of all software licences will be followed by all employees of the business. Where licensing states limited usage (i.e. number of computers or users etc.), then it is the
