IT, Computer and Network Policies and Procedures This manual has everything you need to jump
start the documentation of your IT, Computer and Network Procedures and
Policies. Just edit these documents in your word processing program to
suit your organization and you are done! This manual is has 578 pages and
includes 67 policies, 36 job descriptions, 9 agreements, and a comprehensive
approach to software development.
Many companies spend thousands of dollars each
year on the acquisition, design, development, implementation, and maintenance of
information systems vital to their mission and administrative functions. The
need for safe, secure, and reliable system solutions is heightened by the
increasing dependence on computer systems and technology to provide services and
develop products, administer daily activities, and perform short- and long-term
management functions. There is also a need to ensure privacy and security when
developing information systems, to establish uniform privacy and protection
practices, and to develop acceptable implementation strategies for these
practices.
Peak Strategy Process�
Todays companies need a systematic and uniform methodology for
information systems development and the development of policies. Using the Peak
Strategy Process� (PSP) will ensure that systems meet IT
mission objectives; are easy to maintain and cost-effective to enhance. Sound
life cycle management practices include planning and evaluation in each phase of
the information system life cycle. The appropriate level of planning and
evaluation is commensurate with the cost of the system, the stability and
maturity of the technology under consideration, how well defined the user
requirements are, the level of stability of program and user requirements and
security considerations.
This manual is over 500 pages and is full of
information to help you hit the ground running. The table of contents shows what
is included and what you can customize to the needs of your company:
Chapter 1: Introduction
Why Do You Need Policies and Procedures?
Basic Purpose of Policy
Policies Must Be Workable
Who Will Use Your Policies? � Count Your Audiences
Audience Groups
Audience and Policy Content
Policies versus Procedures
Policy
Procedure
How to Start Writing Your Policy Topics
Review Policies Contained in This Manual
Review Existing Policies
Prioritizing Policy Topics
Policy Development Process
Development Approach
Development Process Maturity
Top-Down Versus Bottom-Up
Current Practice Versus Preferred Future
Policy Development Team
Primary Involvement
Secondary Involvement
Policy Development Lifecycle
Senior Management Buy-in
Determine a Compliance Grace Period
Determine Resource Involvement
Interview Subject Matter Experts (SMEs)
Write Initial Draft
Policy Document Outline
Introduction
Purpose
Scope
Roles and Responsibilities
Sanctions and Violations
Revisions and Updating Schedule
Contact information
Definitions/Glossary
Acronyms
Style Considerations
Review Cycles
Draft Review
Review with Additional Stakeholders
Communication Strategy
Develop Communication Strategy
Publish
Activate Communication Strategy
Regularly Review and Update
Conclusion
Chapter 2: Software Development Procedures & Policies
Section 1 � Introduction
Background
Purpose, Scope and Applicability
Purpose
Scope
Applicability
Introduction to PSP
Initiation Phase
System Concept Development Phase
Planning Phase
Requirements Analysis Phase
Design Phase
Development Phase
Integration and Test Phase
Implementation Phase
Operations and Maintenance Phase
Disposition Phase
Control
Section 2 � Strategic Planning
Strategic Planning
Enterprise Architecture
Performance Measures
Business Process Reengineering
Section 3 � Initiation Phase
Objective
Tasks and Activities
Identify the Opportunity to Improve Business Functions
Identify a Project Sponsor
Form (or appoint) a Project Manager
Document the Phase Efforts
Review and Approval to Proceed
Roles and Responsibilities
Deliverables
Concept Proposal
Issues for Consideration
Phase Review Activity
Section 4 - Task and Activities
Tasks and Activities
Study and Analyze the Business Need
Plan the Project
Form the Project Acquisition Strategy
Study and Analyze the Risks
Obtain Project Funding, Staff and Resources
Document the Phase Efforts
Review and Approval to Proceed
Roles & Responsibilities
Deliverables
Phase Review Activity
Section 5 - Task and Activities
Refine System Development & Acquisition Strategies
Analyze Project Schedule
Create Internal Processes
Staff Project Office
Establish Agreements with Stakeholders
Develop the Project Management Plan Document (PMP)
Develop the Systems Engineering Management Plan
Review Feasibility of System Alternatives
Study and Analyze Security Implications
Plan the Solicitation, Selection and Award
Roles & Responsibilities
Deliverables
Project Plan Document
Issues for Consideration
Audit Trails
Access Based on �Need to Know�
Phase Review Activity
Section 6 � Requirements Analysis Phase
Objective
Tasks and Activities
Analyze and Document Requirements.
Develop Test Criteria and Plans
Develop an Interface Control Document
Conduct Functional Review
Revise Previous Documentation
Roles & Responsibilities
Deliverables
Functional Requirements Document
Test and Evaluation Master Plan
Issues for Consideration
Phase Review Activity
Section 7 � Design Stage
Objective
Tasks and Activities
Establish the Application Environment
Design the Application
Develop Maintenance Manual
Develop Operations Manual
Conduct Preliminary Design Review
Design Training
Design Conversion/Migration/Transition Strategies
Conduct a Security Risk Assessment
Conduct Critical Design Review
Roles and Responsibilities
Deliverables
System Design Document
Phase Review Activity
Section 8 � Development Phase
Objective
Tasks and Activities
Code and Test Software
Integrate Software
Conduct Software Qualification Testing.
Integrate System
Install Software
Document Software Acceptance Support.
Revise Previous Documentation
Role and Responsibilities
Deliverables
Software Development Document
Integration Document
Phase Review Activity
Section 9 � Integration and Test Phase
Objective
Tasks and Activities
Establish the Test Environment
Conduct Integration Tests
Conduct Security Testing
Conduct Acceptance Testing
Revise previous documentation
Roles and Responsibilities
Deliverables
Test Analysis Report
Phase Review Activity
Section 10 � Implementation Phase
Objective
Tasks and Activities
Notify users of new implementation
Execute training plan
Perform data entry or conversion
Install System
Conduct post-implementation review
Revise previous documentation
Roles and Responsibilities
Deliverables
Delivered System
Post-Implementation Review
Issues for Consideration
Phase Review Activity
Section 11- Operations and Maintenance of Systems Phase
Objective
Tasks and Activities
Identify Systems Operations
Maintain Data / Software Administration
Maintain System / Software
Roles and Responsibilities
Deliverables
User Satisfaction Review Report
Issues and Considerations
Documentation
Phase Review Activity
Section 12 � Disposition Phase
Objective
Tasks and Activities
Prepare Disposition Plan
Archive or Transfer Data
Archive or Transfer Software Components
Archive Life Cycle Deliverables
End the System in an Orderly Manner
Dispose of Equipment
Conduct Post-Termination Review Report
Roles and Responsibilities
Deliverables
Disposition Plan
Post-Termination Review Report
Phase Review Activity
Section 13 � PSP Flexibility
Objective
Standard PSP Methodology (Full Sequential Work Pattern)
Alternative Work Patterns
Alternative Work Pattern Selection
Work Pattern Descriptions and Exhibits
Additional Work Patterns
Chapter 3: Governing Policy Outline
Chapter 4: Technical Policy Outline
Chapter 5: IT Policies
IT Security
Acceptable Encryption Policy
Anti-Virus Process
Database Credentials Coding Policy
Information Sensitivity Policy
Information System Audit Logging Requirements
Internal Department Security Policy
Department Anti-Virus Policy
Password Protection Policy
Router Security Policy
Server Security Policy
Server Malware Protection Policy
Risk Assessment Policy
IT Administration
Ethics Policy
Acceptable Use Policy
Records and Records Management
Appropriate Use of Electronic Mail.
Application Service Provider Policy
Application Service Provider Standards
Acquisition Assessment Policy
Audit Vulnerability Scanning Policy
Information Privacy Principles.
Software Use Policy
Help Desk Policy
Copyright Infringement Policy and Guidelines
Telecommunications Policy
Telephone Identification Numbers Policy
Software Site License Policy and Procedure
Guidelines on Passwords
Using Resources for Personal Business
Desktop Computer Security Guidelines
Conditions of Use of Computing and Networking Facilities.
Code of Practice in the Use of Computing & Network Facilities
Code of Practice for Specific Activities
Network Code of Practice
Internet Conditions, Standards, and Guidelines
Software Acquisition Policy
Software Disaster Recovery Policy
IT Communication & Connection Policies
E-mail Policy
Extranet Policy
Mobile Device Guidelines
Data Center Access Policy
E-Commerce Management Policy
Email Communications Policy
Email Distribution List Policy
Personal Communication Device
Remote Access Policy
Remote Access - Mobile Computing and Storage Devices
VPN Security Policy
Wireless Communication Policy
Wireless Airspace Policy
Wireless Communication Standard
Automatically Forwarded Email Policy
Proper Use of the Loaner Program Equipment Guidelines
Analog/ISDN Line Policy
Policy on Company Payment for Employee Home and Off-Site Internet Access
Miscellaneous Policies & Procedures
Outsourcing Policy
Outsourcing Procedure
Multi-Step Bid Process
Guidelines for Committee Evaluation of Technical Bids
Asset Management Policy and Procedures Manual
Evaluator Confidentiality and Conflict of Interest Certification
Preparing a Scope of Work
Multi-Step Bid Template Instructions
Multi-Step Bid Template
Chapter 6: IT Job Descriptions
IT Customer Service Consultant
IT Data Communications Repair Specialist
IT Database Analyst
IT Database Analyst - Associate
IT Database Analyst - Senior
IT Information Service Manager
IT Information Service Manager - Senior
IT Information Systems Technician
IT Information Systems Technician � Senior
IT Manager
IT Network Analyst
IT Network Analyst - Senior
IT Production Services - Supervisor
IT Production Specialist
IT Program System Specialist
IT Programmer Analyst
IT Programmer Analyst - Associate
IT Programmer Analyst - Senior
IT Programmer Analyst - Trainee
IT Quality Assurance Analyst
IT Resource Manager
IT Support Technician
IT Systems Analyst
IT Systems Analyst � Supervising
IT Systems Coordinator
IT Systems Integration Analyst
IT Systems Integration Analyst � Senior
IT Systems Operations - Manager
IT Systems Operations - Supervisor
IT Systems Operator
IT Systems Operator - Associate
IT Systems Programmer - Associate
IT Systems Programmer - Senior
IT Systems Programmer � Supervisor
IT Systems Security Analyst
IT Systems Security Analyst � Senior
Chapter 7: Sample IT Agreements
Third Party Connection Agreement
Consulting Agreement
Exclusive Patent License Agreement
Employee Invention & Confidential Information Agreement
Software Source Code Escrow Agreement
Employee Invention & Confidential Information Agreement
Software Distribution Agreement
Software License Agreement
Computer Use Policy
Chapter 8: IT Forms and Business Tools
Executive Summary
Technology Planning Process
Vision and Mission Statements
Technology Assessment
Budget Form
Budget Narrative
Plan Evaluation
Sample IT Due Diligence Report Template
Disaster Recovery Plan
Sample Disaster Recovery Plan Template
Criteria for a Service Level Agreement
Project Template
Business Continuity & Planning Guidelines
Data and Computing Definitions
Project Risk Assessment Questionnaire
APPENDICES
Appendix A: Policy Prioritization Tool
Appendix B: Troubleshooting
Appendix C-1: Concept Proposal
Appendix C-2: Concept Development Document
Appendix C-3: Project Management Plan
Appendix C-4: Functional Requirements Document
Appendix C-5: Test and Evaluation Master Plan
Appendix C-6: Systems Design Document
Appendix C-7: Software Development Document
Appendix C-8: Integration Document
Appendix C-9: Test Analysis Report
Appendix C-10: Test Analysis Approval Determination
Appendix C-11: Test Problem Report
Appendix C-12: Change Implementation Notice
Appendix C-13: Post-Implementation Review
Appendix C-14: User Satisfaction Review
Appendix C-15: Disposition Plan
Appendix C-16: Post-Termination Review Report
Appendix D: Glossary
Sample of Some Reviews
Honestly if I had the time and lots of it I could probably of found a lot of
this for free on the internet but to have it all packaged together and well
thought out, it was well worth the investment if you value your time.
Kate Bailey, IT Manager
I am a small business owner and I knew I should
have a lot of these policies in place at my company but we just never had time
to do them. I wish we would of found this product awhile ago, it was a
great investment for us, now we can train people a lot quicker and we have
detailed documentation about our IT area - now for HR.... Kenny Burke,
Value Generations
600 pages, glad I did not have to read it all!
Just kidding you produce a great product. Thanks, Colleen Tinker,
Stein, Wasserman & Douglas
Thanks this is exactly what we needed it
covered all the relevant components and some of the tools were great. I
feel a lot more comfortable managing the Technology Department knowing that we
have implemented this product. A great investment. Scott Powers,
South Carolina Tool Shop
Don't forget all you receive with this
IT, Computer and Network Policies and Procedures Manual:
-Close to 600 pages of documentation
-67 prewritten policies
-36 job descriptions
-9 technology agreements
-16 forms and tools
-A best practices manual
The manual is available in download or hardcopy
versions. Both versions are easily customizable in your word processing
program. The hard copy comes with a binder and a CD ROM. Why wait, we
offer a 30 day no questions asked return policy. If you are not satisfied
for any reason, just return the manual to us within 30 days from the date of the
purchase and we will provide you a full refund.
Click
here for a sample chapter.
|