Computer & Network Policies, Procedures and Forms
Computer, Network and IT Management Manual
Computer, Network and IT
Management Manual
The New Computer, Network and IT Policies and Procedures Manual
The IT Manual contains 40 procedures, 72 forms and over 170 activities, all provided in a thorough format including applicable references, checklists and exhibits. This manual covers various IT-related areas including IT administration, IT asset management, IT training and support, IT security and disaster, and software development. Use these documents to ensure smooth operations of your IT functions and alignment of your IT processes in your company.
New Page 2
Write Your Computer & IT Policies & Procedures Faster
The Computer and Network Policy, Procedures and Forms Manual discusses strategic IT management, control of computer and network assets, and includes a section on creating your own information systems manual along with a computer and IT security guide. The computer, network and IT Policies, Procedures Manual helps you comply with Sarbanes Oxley, COBIT or ISO 17799 security and control requirements. You get all the content in editable MS-Word files so you can easily customize the manual to fit your needs. Fast, easy compliance with COBIT (Control Objectives for Information and related Technology), the latest ISO 17799:2005, which focuses on security and effective security planning, and Sarbanes-Oxley Act of 2002, now required by the SEC for all publicly traded companies. The Computer and Network Policy, Procedures and Forms Manual covers the ten main sections of ISO 17799: security policy, security organization, asset classification and control, personnel security, physical and environmental security, communications and operations management, access control, systems development and maintenance, business continuity management, and compliance. Prewritten "Best-Practices" IT Policies and Procedures
Available in hard copy and editable MS-Word files, the computer security policy manual is a valuable reference for Information Technology Businesses, IT Managers, IT Policy Experts and IT departments.
Who Needs IT Management Manual of IT
Policies and Procedures?
The need to review information
technology (IT) management concepts�the background, structure, IT
standards and definitions�is greater now than it ever was and will
continue to be so. Information technology solutions have become more
robust, more specialized, and more varied with time. The rapid pace
change continues, despite predictions over a decade ago that � Moore �s
Law� had run its course.
This Computer, Network and IT Policies
and Procedures Manual allows IT Managers, IT departments and IT
executives to develop their own unique IT policy and procedures.
IT Policies and Procedures for Five Broad Areas
IT Policies and Procedures for Five Broad
Areas:
The IT Policies and Procedures in the Computer
& IT Manual are divided into five sections (tabs). Most procedures include
activities (sub processes) and/or supporting forms. Additional resources and
references are listed where appropriate.
IT Administration
ITAD101 - Information Technology Management Procedure
Activities
-Business Planning
-IT Department Objective Planning
-IT Plan Development
-IT Plan Implementation
-IT Plan Review
-IT Plan Update
Forms
-ITAD101-1 � Information Technology Plan
-ITAD101-2 � IT Plan Review Checklist
ITAD102 -
IT Records Management Procedure
Activities
-Identification of Records
-Record Generation
-Record Management
-Technology Obsolescence
-Records Audit
Forms
-ITAD102-1 � Records Classification and
Retention Guide
-ITAD102-2 � Records Management Database
ITAD103 -
IT Document Management Procedure
Activities
-Planning Document Management
-Document Management Plan
-Document Management Plan Review
-Document Management Plan Update
Forms
-ITAD103-1 � Document Control List
-ITAD103-2 � Document Change Request Form
-ITAD103-3 � Document Change Control Form
ITAD104 -
IT Device Naming Conventions Procedure
Activities
-Server Naming Conventions
-Network Host Naming Conventions
-Mainframe Naming Conventions
-Infrastructure Device Naming Conventions
ITAD105 -
TCP/IP Implementation Standards Procedure
Activities
-TCP/IP Address
-Dynamic Host Configuration Protocol
-Network Address Translation
-Subnet Addressing Standards
-WAN Link Addressing Conventions
ITAD106 -
Network Infrastructure Standards Procedure
Activities
-Network Infrastructure Standards Development
-Network Infrastructure Standards
Implementation
-Network Infrastructure Standards Review
Forms
-ITAD106-1 � Network Infrastructure Standards
List
ITAD107 -
Computer and Internet Usage Policy
Activities
-Acceptable Use
-Inappropriate Use
-Internet and E-Mail Etiquette
-Security
-Penalties
-Conclusion
-User Compliance
ITAD108 -
E-Mail Policy
Activities
-E-Mail Policy Development
-E-Mail Policy Implementation
-E-Mail Policy Review
-E-Mail Policy Changes
Forms
-ITAD108-1 � Company E-Mail Policy
Acknowledgement
ITAD109 -
IT Outsourcing Procedure
Activities
-Identifying a Candidate Function for
Outsourcing
-Selecting an IT Outsourcer
-Outsourcer Billings
-Arbitration
-Outsourcer Relationship Management
Forms
-ITAD109-1 � IT Outsourcer Due Diligence
Checklist
-ITAD109-2 � IT Outsourcer Record
ITAD110 -
IT Department Satisfaction Procedure
Activities
-General
-Post-Service Follow-Up
-User Survey
-User Satisfaction Review
Forms
-ITAD110-1 � IT Post-Service Satisfaction
Report
-ITAD110-2 � User Satisfaction Survey
IT Asset Management
ITAM101 -
IT Asset Standards Procedure
Activities
-IT Asset Standards Development
-IT Asset Standards Implementation
-IT Asset Standards Assessment
Forms
-ITAM101-1 � IT Asset Standards List
-ITAM101-2 � IT Asset Configuration Worksheet
-ITAM101-3 � IT Asset Standards Exception
Request
ITAM102 -
IT Asset Management Procedure
Activities
-IT Asset Planning
-IT Asset Acquisition
-IT Asset Inspection, Acceptance, &
Distribution
-IT Asset Disposal
-IT Asset Verification
Forms
-ITAM102-1 � IT Asset Requisition/Disposal
Form
-ITAM102-2 � IT Asset Acquisition List
-ITAM102-3 � Tech Support Receiving Log
-ITAM102-4 � Nonconforming IT Asset Form
-ITAM102-5 � IT Asset Inventory Database
-ITAM102-6 � IT Network Map
ITAM103 -
IT Vendor Selection Procedure
Activities
-IT Vendor Evaluation
-Request For Proposal
-IT Vendor Selection
-IT Vendor Review
-IT Vendor Files
Forms
-ITAM103-1 � IT Vendor Notification Form
-ITAM103-2 � IT Vendor Survey
-ITAM103-3 � Approved IT Vendor Data Sheet
-ITAM103-4 � IT Vendor List
-ITAM103-5 � IT Vendor Disqualification Form
ITAM104 -
IT Asset Assessment Procedure
Activities
-IT Asset Assessment Plan
-IT Asset Scan
-Documentation and Distribution
-Nonconformance Handling
-IT Asset Records Update
Forms
-ITAM104-1 � IT Asset Assessment Checklist
-ITAM104-2 � IT Asset Scan Summary
ITAM105 -
IT Asset Installation Satisfaction Procedure
Activities
-IT User Satisfaction Plan
-IT Asset Installation Follow-Up
-User Satisfaction Data Review
-Corrective/Preventive Action
-Ongoing Evaluation
Forms
-ITAM105-1 � IT Asset Installation Follow-Up
Report
IT Training & Support
ITTS101 - IT System Administration Procedure
Activities
-Planning System Administration
-System Administration Plan
-System Administration Plan Review
-System Administration Plan Update
Forms
-ITTS101-1 � System Administration Task List
ITTS102 -
IT Support Center Procedure
Activities
-IT Support Center Overview
-IT Support Center Plan (Operations)
-IT Support Plan Review
-IT Support Plan Update
Forms
-ITTS102-1 � Tech Support Log
-ITTS102-2 � System Trouble Acknowledgement
Form
ITTS103 -
IT Server / Network Support Procedure
Activities
-Server / Network Support Planning
-Server / Network Support Plan
-Support Plan Review
-Support Plan Update
Forms
-ITTS103-1 � Server / Network Planning
Checklist
-ITTS103-2 � Server / Network Support Plan
ITTS104 -
IT Troubleshooting Procedure
Activities
-IT Troubleshooting � Planning
-IT Troubleshooting Plan
-IT Troubleshooting Plan Review
-IT Troubleshooting Plan Update
Forms
-ITTS104-1 � IT Troubleshooting Plan
-ITTS104-2 � User Troubleshooting Guide
ITTS105 -
IT User-Staff Training Plan
Activities
-Planning IT User-Staff Training
-The IT User-Staff Training Plan-
-IT User-Staff Training Plan Evaluation
(Review)
-IT User-Staff Training Plan Update
Forms
-ITTS105-1 � IT Training Requirements List
-ITTS105-2 � IT Training Log
IT Security & Disaster Recovery
ITSD101 - IT Threat And Risk Assessment Procedure
Activities
-Threat and Risk Assessment � Introduction
-Threat Assessment Preparation
-Threat Assessment
-Threat/Risk Management Review
Forms
-ITSD101-1 � IT Threat / Risk Assessment
Report
ITSD102 -
IT Security Plan
Activities
-Preparing The IT Security Plan
-Developing The IT Security Plan
-Implementing The IT Security Plan
-IT Security Plan Review
-IT Security Plan Update
Forms
-ITSD102-1 � IT Security Assessment Checklist
-ITSD102-2 � IT Security Plan
-ITSD102-3 � IT Security Plan Implementation
Schedule
ITSD103 -
IT Media Storage Procedure
Activities
-IT Storage Planning
-IT Storage Plan
-IT Storage Plan Review
-Updating The IT Storage Plan
Forms
-ITSD103-1 � Information Storage Plan
ITSD104 -
IT Disaster Recovery Procedure
Activities
-IT Disaster Recovery Planning
-IT Disaster Recovery Plan
-IT Disaster Recovery Plan Review
-IT Disaster Recovery Plan Revision
Forms
-ITSD104-1 � IT Disaster Recovery Plan
ITSD105 -
Computer Malware Procedure
Activities
-Malware Defense Planning
-Malware Defense Plan
-Malware Defense Plan Review
-Malware Defense Plan Update
ITSD106 -
IT Access Control Procedure
Activities
Planning Access Control
-IT Access Control Plan
-IT Access Control Plan Review
-IT Access Control Plan Update
Forms
-ITSD106-1 � Access Control Plan
-ITSD106-2 � User Access Control Database
-ITSD106-3 � Access Control Log
-ITSD106-4 � User Account Conventions
ITSD107 -
IT Security Audits Procedure
Activities
-IT Security Audit Planning
-IT Security Audit Plan
-IT Security Audit Review
-Corrective Action
Forms
-ITSD107-1 � IT Security Audit Report
-ITSD107-2 � IT Nonconformity Report
-ITSD107-3 � IT Security Audit Plan
ITSD108 -
IT Incident Handling Procedure
Activities
-IT Incident Handling Preparation
-IT Incident Handling
-IT Incident Handling Review
Forms
-ITSD108-1 � IT Incident Report/Response Form
IT Software Development
ITSW101 - IT Project Definition
Activities
-IT Project Needs Identification
-IT Project Definition
-IT Project Definition Review
-IT Project Plan
Forms
-IEEE Software Engineering Standards List
-ITSW101-1 � IT Project Plan
ITSW102 -
IT Project Management Procedure
Activities
-IT Project Setup
-IT Project Schedule
-IT Project Cycle Management
-IT Project Review
Forms
-ITSW102-1 � IT Project Development Database
-ITSW102-2 � IT Project Status Report
-ITSW102-3 � IT Project Team Review Checklist
-ITSW102-4 � IT Project Progress Review
Checklist
ITSW103 -
Systems Analysis Procedure
Activities
-Introduction
-System Requirements
-Information Flows Documentation
-Acceptance Test Plan
-Beta Test Plan
-Systems Analysis Review
ITSW104 -
Software Design Procedure
Activities
-Introduction
-Software Design Specification
-Software Design Review
Forms
-ITSW104-1 � Design Review Checklist
ITSW105 -
Software Programming
Activities
-Programming Standards
-Programming Tasks
-Software Development
-Programming Reviews
Forms
-ITSW105-1 � Work Product Review Checklist
ITSW106 -
Software Documentation Procedure
Activities
-Software Assessment
-Documentation Production
-Final Review
-Documentation Release
-Document Revision
-Procedure and Work Instruction Format
Forms
-ITSW106-1 � Request for Document Change (RDC)
-ITSW106-2 � Document Change Control
ITSW107 -
Software Testing Procedure
Activities
-Software Testing Overview
-Acceptance Testing
-Beta Testing
-Final Release Testing
Forms
-ITSW107-1 � Project Test Script
-ITSW107-2 � Project Test Checklist
-ITSW107-3 � Project Test Problem Report
ITSW108 -
Design Changes During Development
Activities
-Introduction
-Design Change Review
-Design Change Implementation
Forms
-ITSW108-1 � Design Change Request Form
ITSW109 -
Software Releases and Updates
Activities
-Introduction
-Version Control Standards
-Configuration Control Standards
-Release Control Standards
-Software License, Warranty, and Copyright
Forms
-ITSW109-1 � Product License Agreement
-ITSW109-2 � Limited Warranty
-ITSW109-3 � Copyright Notice
ITSW110 -
Software Support Procedure
Activities
-Support Overview
-Support Services Management
-Free Basic Support Services
-Extended Support Services
-User Group Support
-Phone Support Services
ITSW111 -
Software Consulting Services
Activities
-Introduction
-Cost Estimates
-Enhancements and Customizations
-Software Problems
-Consulting Services Review
Forms
-ITSW111-1 � Consulting Agreement
-ITSW111-2 � Statement of Work
-ITSW111-3 � Customer Support Log
ITSW112 -
Software Training Procedure
Activities
-Introduction
-Standard Training Courses
-Customized Training Courses
-Teaching Training Courses
Forms
-ITSW112-1 � Software Training Evaluation
Form
IT Forms and Records
-The Computer and IT Manual includes 72 forms
that accompany the procedures.
IT
Administration
-ITAD101-1 � Information Technology Plan
-ITAD101-2 � IT Plan Review Checklist
-ITAD102-1 � Records Classification And
Retention Guide
-ITAD102-2 � Records Management Database
-ITAD103-1 � Document Control List
-ITAD103-2 � Document Change Request Form
-ITAD103-3 � Document Change Control Form
-ITAD106-1 � Network Infrastructure Standards
List
-ITAD108-1 � Company E-Mail Policy
Acknowledgement
-ITAD109-1 � IT Outsourcer Due Diligence
Checklist
-ITAD109-2 � IT Outsourcer Record
-ITAD110-1 � IT Post-Service Satisfaction
Report
-ITAD110-2 � User Satisfaction Survey
IT
Asset Management
-ITAM101-1 � IT Asset Standards List
-ITAM101-2 � IT Asset Configuration Worksheet
-ITAM101-3 � IT Asset Standards Exception
Request
-ITAM102-1 � IT Asset Requisition/Disposal
Form
-ITAM102-2 � IT Asset Acquisition List
-ITAM102-3 � Tech Support Receiving Log
-ITAM102-4 � Nonconforming IT Asset Form
-ITAM102-5 � IT Asset Inventory Database
-ITAM102-6 � IT Network Map
-ITAM103-1 � IT Vendor Notification Form
-ITAM103-2 � IT Vendor Survey
-ITAM103-3 - Approved IT Vendor Data Sheet
-ITAM103-4 � IT Vendor List
-ITAM103-5 � IT Vendor Disqualification Form
-ITAM104-1 � IT Asset Assessment Checklist
-ITAM104-2 � IT Asset Scan Summary
-ITAM105-1 � IT Asset Installation Follow-Up
Report
IT
Training & Support
-ITTS101-1 � System Administration Task List
-ITTS102-1 � Tech Support Log
-ITTS102-2 � System Trouble Acknowledgement
Form
-ITTS103-1 � Server / Network Planning
Checklist
-ITTS103-2 � Server / Network Support Plan
-ITTS104-1 � IT Troubleshooting Plan
-ITTS104-2 � User Troubleshooting Guide
-ITTS105-1 � IT Training Requirements List
-ITTS105-2 � IT Training Log
IT
Security & Disaster Recovery
-ITSD101-1 � IT Threat / Risk Assessment
Report
-ITSD102-1 � IT Security Assessment Checklist
-ITSD102-2 � IT Security Plan
-ITSD102-3 � IT Security Plan Implementation
Schedule
-ITSD103-1 � Information Storage Plan
-ITSD104-1 � IT Disaster Recovery Plan
-ITSD106-1 � Access Control Plan
-ITSD106-2 � User Access Control Database
-ITSD106-3 � Access Control Log
-ITSD106-4 � User Account Conventions
-ITSD107-1 � IT Security Audit Report
-ITSD107-2 � IT Nonconformity Report
-ITSD107-3 � IT Security Audit Plan
-ITSD108-1 � IT Incident Report/Response Form
Software
Development
-ITSW102-1 � IT Project Development Database
-ITSW102-2 � IT Project Status Report
-ITSW102-3 � IT Project Team Review Checklist
-ITSW102-4 � IT Project Progress Review
Checklist
-ITSW104-1 - Design Review Checklist
-ITSW105-1 � Work Product Review Checklist
-ITSW106-1 � Request For Document Change (Rdc)
-ITSW106-2 � Document Change Control
-ITSW107-1 � Project Test Script
-ITSW107-2 � Project Test Checklist
-ITSW107-3 � Project Test Problem Report
-ITSW108-1 � Design Change Request Form
-ITSW109-1 � Product License Agreement
-ITSW109-2 � Limited Warranty
-ITSW109-3 � Copyright Notice
-ITSW111-1 � Consulting Agreement
-ITSW111-2 � Statement Of Work
-ITSW111-3 � Customer Support Log
-ITSW112-1 � Software Training Evaluation
Form
Sample IT Manual
The Computer, Network & IT Procedures Manual
also includes a sample IT Manual.
The IT manual establishes and states the
policies governing The Company�s IT standards and practices. These policies
define management�s arrangements for managing operations and activities in
accordance with computer industry practices. These top-level policies represent
the plans or protocols for achieving and maintaining the confidentiality,
integrity and availability of all IT Assets.
Sample IT
Manual Table of Contents
Table of Figures
List of Referenced Procedures
Purpose
Scope
Responsibility
Exclusions
Management Responsibility
IT Organization
Management Commitment
Management IT Policy
Planning
Responsibility, Authority, and
Communication
Management Reporting
Business Conduct
IT Management System
Objectives
Requirements
Transactions
Documentation
Security
Processes and Controls
IT Administration
Asset Management
IT Training and Support
IT Security and Disaster Recovery
Software Development
Resource Management
Provision of Resources
Human Resources
Infrastructure
Work Environment
Sample IT Security Guide
Information Security is vital for any
organization. IT security is all about securing and protecting your IT assets
and information is likely your most prized asset. IT is pretty much a commodity
these days, but your information is your business. Failure to secure information
could have legal, economic or physical ramifications for your organization.
Why
Information Security?
-A Brief History of Information Security
-What Is At Risk?
-Why Company Executives Should Read These
Guidelines
-A Final Word on Considering IT Security
Issues
-Introductory Security Checklist
Assessing
Your Needs
-Introduction to Risk Assessment
-Commonly Asked Questions
-Components of Risk
-Dealing with Risk
-Guidelines for Risk Assessment
-Closing Thoughts on Risk Assessment
-Risk Assessment Checklist
Information Security Policy: Development and Implementation
-Why Do You Need a Security Policy?
-Commonly Asked Questions
-How to Develop Policy
-From Board Room to Break Room: Implementing
Security Policy
-Closing Thoughts on Policy
-Policy Development and Implementation
Checklist
Information Security Management
-Introduction to Security Management
-Commonly Asked Questions
-Nurturing Support within the Organization
-Planning for the Unexpected
-Testing and Review
-Implementation and Day-to-Day Maintenance
-IT Security Management Checklist
Protecting Your System: Physical Security
-Introduction to Physical Security
-Commonly Asked Questions
-Policy Issues
-Physical Security Checklist
Protecting Your System: Information Security
-Introduction to Information Security
-Commonly Asked Questions
-Policy Issues
-Information Threats
-Information Security Countermeasures
-Information Security Checklist
Protecting Your System: Software Security
-Introduction to Software Security
-Commonly Asked Questions
-Policy Issues
-Software Threats (Examples)
-Software Security Countermeasures
-Software Security Checklist
Protecting Your System: User Access Security
-Introduction to User Access Security
-Commonly Asked Questions
-Policy Issues
-User Access Threats (Examples)
-User Access Security Countermeasures
-User Access Security Checklist
Protecting Your System: Network (Internet) Security
-Introduction to Network Security
-Commonly Asked Questions
-Policy Issues
-Network Threats (Examples)
-Network Security Countermeasures
-Closing Thoughts on Network Security
-Network Security Checklist
Training:
A Necessary Investment in People
-Introduction to Training
-Commonly Asked Questions
-Targeting Training Efforts
-How Does Security Affect the Workplace?
-Training Goals
-A Sample Training Outline
-Training Frequency
-Closing Thoughts on Security Training
-Security Training Checklist
-Reference Materials
|