SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL

INCLUDES AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB

DESCRIPTIONS
SAMPLE POLICY FROM THE BUSINESS POLICIES AND PROCEDURES SAMPLER
INCLUDES A LIST OF

Computer & IT Policies and Procedures Manual

The Computer and Network Policy, Procedures and Forms Manual
discusses strategic IT management, control of computer and network
assets, and includes a section on creating your own information systems
manual along with a computer and IT security guide. The Computer &
Network Manual helps you comply with Sarbanes Oxley, COBIT or ISO
17799 security and control requirements. This Computer and Network
Manual allows IT Managers, IT departments and IT executives to develop
their own unique IT policy and procedures
US$ 595.00

Includes seven (7) modules:

How to Order:
Online:
www.bizmanualz.com
By Phone: 314-863-5079
800-466-9953
Email:
sales@bizmanualz.com

1.
2.
3.
4.
5.
6.
7.
8.

Introduction and Table of Contents

Guide to preparing a well written
manual
A Sample Manual covering common
requirements and practices
41 Policies and 75 corresponding
forms
Software Development Supplement
IT Security Guide
33 Job Descriptions covering every
position referenced in the Manual
Complete Index

Choose your delivery

option:

Hard Cover Book plus

CD containing all
documents in editable
Microsoft Word format
and instant download

Instant download only

(no shipping)

or

Sample Policy from Computer & IT Policies and Procedures Manual

IT Asset Management Section: IT Asset Assessment

Document ID
ITAM104
Revision
0.0
Effective Date
mm/dd/yyyy

Title
IT ASSET ASSESSMENT
Prepared By
Preparers Name/Title
Reviewed By
Reviewers Name/Title
Approved By
Final Approvers Name/Title

Print Date
mm/dd/yyyy
Date Prepared
mm/dd/yyyy
Date Reviewed
mm/dd/yyyy
Date Approved
mm/dd/yyyy

Policy:

The Company shall assess (evaluate) its Information Technology assets

for conformance to Company requirements.

Purpose:

To identify hardware and software (Information Technology assets) on

the Company Information Technology network, determine if those
assets are appropriate for the Companys needs, determine if these
assets are properly licensed and versioned, and if they conform to
Company standards.

Scope:

All Information Technology assets that make up the Companys

Information Technology system/network are subject to this procedure.

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL

INCLUDES AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB
DESCRIPTIONS
SAMPLE POLICY FROM THE BUSINESS POLICIES AND PROCEDURES SAMPLER
INCLUDES A LIST OF

Responsibilities:
The Information Technology Asset Manager is responsible for
supervising the Information Technology asset assessment program.
The Tech Support Manager is responsible for conducting complete,
detailed, and objective Information Technology asset assessments,
writing nonconformance reports, and reporting findings of Information
Technology asset assessments.
Definitions:Network scan (or scan) Scanning an Information Technology network
(with specialized software) to confirm the presence or absence of
computer hardware or software, check asset configurations, verify
software versions, manage software licenses, track lease and warranty
information, detect network vulnerabilities, etc. Commercial and open
source software for conducting Information Technology asset scans is
readily available; see Additional Resource A for guidance.
Information Technology Asset Any computer hardware, software,
Information Technology-based Company information, related
documentation, licenses, contracts or other agreements, etc. In this
context, Information Technology assets may be referred to as just
assets.
Nonconformance A significant, material failure to conform to one or
more requirements; also referred to as a nonconformity. Moving a PC
from one desk/user to another without the knowledge or permission of
the Information Technology Asset Manager is one example of a
nonconformance.
Procedure:

1.0 IT asset assessment PLAN

1.1

Information Technology asset assessments shall be conducted at regular

intervals. Assessments should be conducted annually, at a minimum. (See
Reference A.)

1.2

Information Technology asset assessments should also be conducted

whenever a large turnover of assets (for example, a large number of PC
leases expires in a short time frame) occurs.

Prior to an assessment, the Information Technology Asset Manager shall

review ITAM104-1 IT ASSET ASSESSMENT CHECKLIST for possible
modifications. This checklist shall be used by the Tech Support Manager as a
guide to conducting Information Technology asset assessments.

2.0 IT Asset SCAN

2.1

The Information Technology Asset Manager shall ensure that the Tech Support
Manager has the current version of the following on hand prior to conducting
a network scan:

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL

INCLUDES AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB
DESCRIPTIONS
SAMPLE POLICY FROM THE BUSINESS POLICIES AND PROCEDURES SAMPLER
INCLUDES A LIST OF
ITAM102-5 IT ASSET INVENTORY DATABASE;
ITAM102-6 IT NETWORK MAP; and
ITAM104-1 IT ASSET ASSESSMENT CHECKLIST.
2.2the Tech Support Manager shall run a scan on the Companys Information
Technology network to determine the status of all Information Technology
assets on the network and compare the results with the documents listed in
2.1, looking for information such as:

2.3

What Information Technology hardware is on the network and who are the
registered owners;

Whether hardware is in use or not;

What software is installed on each computer, whether it is the correct

version, and whether it is a licensed copy; and/or

Whether unapproved/unauthorized software has been installed on any PC.

If a nonconformance is found, the Tech Support Manager shall report it in

accordance with procedure ITSD109 IT INCIDENT HANDLING.

3.0 DOCUMENTATION AND DISTRIBUTION

3.1

The Tech Support Manager shall consolidate and summarize asset scan
results on ITAM104-2 IT ASSET SCAN SUMMARY.

3.2

The Tech Support Manager shall prepare and submit their findings including
forms ITAM104-1 and ITAM104-2 to the Information Technology Asset
Manager.

4.0 NONCONFORMANCE HANDLING

4.1

If a nonconformance is discovered in the course of an asset assessment, the

Information Technology Asset Manager shall write a Corrective Action Request
(CAR), in accordance with procedure ITSD109 IT INCIDENT HANDLING.

4.2

The CAR shall be submitted to the Manager of the department where the
nonconformance occurred.

4.3

The Department Manager receiving the CAR shall submit a reply in

accordance with procedure ITSD109 IT INCIDENT HANDLING.

4.4

If a corrective action was taken, the Information Technology Asset Manager

should review the situation within three months to verify that the corrective
action was effective.

5.0 IT ASSET Records update

After the Information Technology asset assessment and subsequent
corrective actions, The Information Technology Asset Manager shall ensure
timely and accurate updates to ITAM102-5 IT ASSET INVENTORY DATABASE
and ITAM102-6 IT NETWORK MAP. (See Reference B.)

Forms:

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL

INCLUDES AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB
DESCRIPTIONS
SAMPLE POLICY FROM THE BUSINESS POLICIES AND PROCEDURES SAMPLER
INCLUDES A LIST OF

ITAM104-1 IT ASSET ASSESSMENT CHECKLIST

ITAM104-2 IT ASSET SCAN SUMMARY

References:
A. ISO STANDARD 27002:2013 CODE OF PRACTICE FOR INFORMATION
SECURITY MANAGEMENT, CLAUSE 8 ASSET MANAGEMENT
Clause 8 of the Standard is the Asset Management standard, which deals with
asset accountability and information classification.

ISO Standard 27002:2011 and its companion standards, ISO

27001:2011 and ISO 27005:2008, provide a comprehensive set of
controls comprising best practices in the field of information security.
ISO 27002 was formerly known to ISO as 17799 and may continue to
be known that way in the business and Information Technology world
for some time. See
http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.ht
m
B. SARBANES-OXLEY ACT OF 2002
Sarbanes-Oxley, passed by the U.S. Congress in 2002, is designed to prevent
manipulation, loss, or destruction of records within publicly-held companies
doing business in the U.S. Because virtually all companies keep records
electronically, Section 404 of the Act implies that an adequate internal
control structure is Information Technology-based.
Therefore, regular scanning of the Companys Information Technology
network, evidence of regular scanning, and keeping an up-to-date
Information Technology asset inventory are all evidence of adequate internal
controls.
Additional Resources:
A. There are many types of scans that may be conducted on a computer
network hardware scans, software scans, wireless and wired network scans,
security scans, etc. System Center 2012 R2 Configuration Manager
(http://www.microsoft.com/en-us/server-cloud/products/system-center/2012r2-configuration-manager/default.aspx#fbid=Xd6tQVcmWsT) is one form of
asset management software. Additional asset management software
providers and their products may be found by searching the Internet.

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL

INCLUDES AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB
DESCRIPTIONS
SAMPLE POLICY FROM THE BUSINESS POLICIES AND PROCEDURES SAMPLER
INCLUDES A LIST OF
Revision History:
Revisi
on

Date

mm/dd/yy
yy

Description of Changes
Initial Release

Requested
By

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL

INCLUDES AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB
DESCRIPTIONS

Form:
Assessment #:

ITAM104-1 IT ASSET ASSESSMENT CHECKLIST

Date:

Area Evaluated:
Dept. Mgr.:
Lead Assessor:
Assessor:
IT Asset Accountability

Response and Comments

1) Is every IT asset hardware, software, and

related documentation accounted for?
2) Is an IT asset inventory maintained?
3) Is an IT asset classification scheme in place?
4) Does the inventory identify the owner and
location of each asset?
5) Does the company have a clear set of
standards for IT assets? Are the standards
up to date? How often are they reviewed?
Do they conform to industry standards
and/or legal requirements?
6) Is the IT asset inventory reviewed regularly
to see the company does not risk having
obsolete IT assets in inventory?
7) Does every hardware asset conform to
company standards? Are they clearly and
properly identified?
8) Do all software assets conform to company
standards? Are they clearly and properly
identified?
9) Does the IT asset inventory thoroughly and
accurately account for software versions and
licenses?
10) Is there an IT network diagram? Is it
accurate? Is it readily produced? When was
it last reviewed? How frequently is it
reviewed?

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL

INCLUDES AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB
DESCRIPTIONS

Tech Support Area

Response and Comments

1) Are workers organized and scheduled?

2) Are adequate working areas provided for tasks?
3) Are drawings and schematics organized,
inventoried and readily accessible?
4) Are work instructions sufficient?
5) Are all items (new hardware/software, items
being repaired, etc.) inventoried?
6) Is there any obvious disorganization?

Tools randomly scattered about?

Parts on benches disorganized?

Components or parts for other assemblies

present?

7) Are work areas (benches) clean?

8) Are parts organized and stored efficiently? Are
stores clearly marked?
9) Are staging areas organized?
Tech Support Equipment
Comments

Response and

Are tools properly inventoried? Are records

accurate and up-to-date?
Are tools properly stored when not in use?
Are tools in good working order?
Are tools requiring calibration being recalibrated
on a regular basis? Are calibration
records current?
Tech Support Records

Response and Comments

Are production records (installations, repairs,

etc.) maintained? Are they
complete and up-to-date? Are
they readily accessible?
Are work pending and work in process
records included with the above?
Are they likewise complete and
up-to-date? Are they also readily
accessible?

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL

INCLUDES AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB
DESCRIPTIONS

User Complaints

Response and Comments

1) Is there a log of user complaints and concerns?

Is it complete, up
to date, organized,
and readily
accessible?
2) What is the level of detail in the log file? Are
complaints/concer
ns classified
clearly and
logically?
3) Is this complaint file periodically reviewed for
trends?

Authorization
Comments:

Tech Support:

Date:

IT Asset Manager:

Date:

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL

INCLUDES AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB
DESCRIPTIONS

ITAM104-2 IT ASSET SCAN SUMMARY

(Attach results from scanning software to this sheet.)
Hardware scan results:

Software scan results:

Nonconformities (discrepancies) found:

Other comments:

Tech Support:

Date:

IT Asset Mgr.:

Date:

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL

INCLUDES AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB
DESCRIPTIONS

Computer and IT Policies and Procedures Manual:

41 Prewritten Policies and Procedures
IT Administration
1. Information Technology Management
2. IT Records Management
3. IT Document Management
4. IT Device Naming Conventions
5. TCP/IP Implementation Standards
6. Network Infrastructure Standards
7. Computer and Internet Usage Policy
8. E-Mail Policy
9. IT Outsourcing
10. IT Department Satisfaction
IT Asset Management
11. IT Asset Standards
12. PIT Asset Management
13. IT Vendor Selection
14. IT Asset Assessment
15. IT Asset Installation Satisfaction
IT Training and Support
16. IT System Administration
17. IT Support Center
18. IT Server / Network Support
19. IT Troubleshooting
20. IT User-Staff Training Plan

IT Security and Disaster Recovery

21. IT Threat And Risk Assessment
22. IT Security Plan
23. IT Media Storage
24. IT Disaster Recovery
25. Computer Malware
26. IT Access Control
27. IT Security Audits
28. IT Incident Handling
29. BYOD Policy
Software Development
30. IT Project Definition
31. IT Project Management
32. Systems Analysis
33. Software Design
34. Software Programming
35. Software Documentation
36. Software Testing
37. Design Changes During Development
38. Software Releases and Updates
39. Software Support
40. Software Consulting Services
41. Software Training

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL

INCLUDES AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB
DESCRIPTIONS

75 Corresponding Forms and Records

IT Administration
1. Information Technology Plan
2. IT Plan Review Checklist
3. Records Classification and Retention Guide
4. Records Management Database
5. Document Control List
6. Document Change Request Form
7. Document Change Control Form
8. Network Infrastructure Standards List
9. Company Computer and Internet Usage Policy
10. Company E-Mail Policy Acknowledgement
11. IT Outsourcer Due Diligence Checklist
12. IT Outsourcer Record
13. IT Post-Service Satisfaction Report
14. User Satisfaction Survey
15. BYOD Policy & Acknowledgement
IT Asset Management
16. IT Asset Standards List
17. IT Asset Configuration Worksheet
18. IT Asset Standards Exception Request
19. IT Asset Requisition/Disposal Form
20. IT Asset Acquisition List
21. Tech Support Receiving Log
22. Nonconforming IT Asset Form
23. IT Asset Inventory Database
24. IT Network Map
25. IT Vendor Notification Form
26. IT Vendor Survey
27. Approved IT Vendor Data Sheet
28. IT Vendor List
29. IT Vendor Disqualification Form
30. IT Asset Assessment Checklist
31. IT Asset Scan Summary
32. IT Asset Installation Follow-Up Report
IT Training and Support
33. System Administration Task List
34. Tech Support Log
35. System Trouble and Acknowledgement Form
36. Server/Network Planning Checklist
37. IT Server/Network Support Plan

38.
39.
40.
41.

IT Troubleshooting Plan
User Troubleshooting Guide
ITS Training Requirements List
ITS Training Log

IT Security and Disaster Recovery

42. It Threat/Risk Assessment Report
43. IT Security Assessment Checklist
44. IT Security Plan
45. IT Security Plan Implementation Schedule
46. Information Storage Plan
47. IT Disaster Recovery Plan
48. Access Control Plan
49. User Access Control Database
50. Access Control Log
51. User Account Conventions
52. IT Security Audit Report
53. IT Nonconformity Report
54. IT Security Audit Plan
55. IT Incident Report
56. BYOD Policy & Acknowledgements
Software Development
57. IT Project Plan
58. IT Project Development Database
59. IT Project Status Report
60. IT Project Team Review Checklist
61. IT Project Progress Review Checklist
62. Design Review Checklist
63. Work Product Review Checklist
64. Request For Document Change (RDC)
65. Software Project Test Script
66. Software Project Test Checklist
67. Software Project Test Problem Report
68. Design Change Request Form
69. Software License Agreement
70. Software Limited Warranty
71. Software Copyright Notice
72. Software Consulting Agreement
73. Statement Of Work
74. Software Consulting Customer Support Log
75. Software Training Evaluation Form

Job Descriptions: A complete job description is included for each of the 33 positions referenced in the
Computer & IT Policies and Procedures Manual. Each position includes a summary description of the position,
essential duties and responsibilities, organizational relationships, a list of the procedures where the position is
referenced, specific qualifications, physical demands of the position, and work environment.
Beta Test Coordinator
Board Member
Chief Executive Officer (CEO
Director of Quality
Document Manager
Financial Manager
Help Desk Technician
Human Resources Manager
Internal Audit Team Leader
IT Asset Manager
IT Disaster Recovery Coordinator

Information Technology Manager

IT Project Manager
IT Security Manager
IT Storage Librarian
IT Support Center Manager
LAN Administrator
Network & Computer Systems
Administrator
President
Product Manager
Project Manager
Purchasing Manager

Quality Manager
Shipping/ Receiving Clerk
Software Designer
Software Support Analyst
Software Trainer
Systems Analyst
Technical Support Manager
Technical Support Specialist
Technical Writer
Telecommunications Manager
Training Manager

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL

INCLUDES AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB
DESCRIPTIONS