Information Technology Manual August 2013

Information Technology Manual

Date: August 2013

Information Technology Manual August 2013

TABLE OF CONTENTS

Introduction 1

1. Email Use 1

2. Internet Use 3

3. IT Equipment and Hardware 4

4. IT Software 6

5. Trouble Shooting 7

6. Taking Backup 7

7. Employees Departure Checklist 7

8. General Useful Tips 8

9. Databases 8

10. Cell Phone Use 8

Information Technology Manual August 2013

Introduction

The Information Technology (IT) unit is established to:

• Provide all employees with cost effective, innovative and appropriate technology
solutions so as to increase the quality of work and productivity.
• Ensure a secure and reliable network infrastructure.
• Meet software and hardware requirements including developing in-house databases.
• Provide IT related maintenance, enhancements and necessary support.

The IT Policy puts forth the guidelines for the employees of ORG on using the
organization’s IT facilities, including computer hardware, printers, fax machines, software, e-
mail, and internet. These IT facilities at ORG are provided to employees for the purpose of
performing official work.

ORG discourages personal use of these facilities. These facilities must be used responsibly
by all staff members. Misuse by even a few individuals has the potential to negatively impact
productivity, compromise corporate security and network integrity, interfere with the work or
rights of the other colleagues and ultimately reduce IT resources availability for critical
operations. Therefore, all employees are expected to exercise responsible and ethical
behaviour when using the organization’s Information Technology facilities.

Any action that may expose the organization to risks of unauthorized access to data,
disclosure of information, legal liability, or potential system failure is prohibited and may
result in disciplinary action up to and including termination of employment.

The content of this Manual may be revised anytime due to changing legal requirements,
internal needs or recommendations for increasing efficiency of IT. All changes need to be
discussed with the Management Team and approved by the Chief Executive. Notice of
changes will be distributed to employees from IT Department through an official
memorandum.

The following policies and guidelines will ensure effective Information Technology
Management.

1. Email Use

ORG Email Use policy provides the guidelines by which the electronic mail is to be used.
The purpose of this policy is to increase efficiency, reduce costs, and protect the
organization during litigation, government investigation or audit.

Organizations main email accounts system will be controlled by a designated person (IT or
Admin in-charge) and no other staff member will be allowed access to these accounts.

1.1 Email Security

The lack of adequate email security measures can result in unauthorized access of
resources, intrusion of viruses, theft of data, or destruction of technology.

To ensure safe and secure communication the following measures should be taken in
addition to measures described in section 2.1.

As soon as possible all staff should start using official ORG email for work related
correspondence.

Only secure and reliable software for communication should be used such as:

1
Reviewed by Director Operations Approved by Founding Chief Executive
Information Technology Manual August 2013

• Secure and reliable email server: such as Yahoo, Gmail, Hotmail etc
• Secure and reliable email client: such as Outlook Express
• Reliable browser such as Internet Explorer, FireFox or Chrome
• Signatures: User signature in emails to identify and authenticate emails

1.2 Considerations for Using E-mail

• Professional tone and language should be used in creating the message.
• Before creating an e-mail, one should consider whether e-mail is the correct
communication tool for the task. When the subject of the transaction is sensitive
or confidential, a phone call or a face to face discussion should be preferred.
• E-mail may not be used as a substitute for an open meeting.

1.3 Unacceptable Use of the E-Mail

Employees are accountable for their use of electronic communications just as they
are for other conduct and communications in the workplace. Therefore, use of the
electronic mail system is restricted as follows:

• ORG ’s e-mail system is not to be used to create, send or copy any offensive,
harassing or disruptive messages. Messages will be considered offensive if they
contain information or language that would violate the ORG ’s Harassment
Prevention Policies including Sexual Harassment Prevention.

• The e-mail system is not to be used to send, receive or download copyrighted

materials, trade secrets, proprietary financial information, or similar materials
without prior authorization.

• Communications which would be inappropriate under other ORG policies are

equally unacceptable if delivered via electronic communication. These
communications may include, but are not limited to, harassing or discriminatory
comments, breaches of ORG code of conduct and insubordinate statements.

• No messages with derogatory or inflammatory remarks about an individual’s race,

age, disability, religion, national origin, physical attributes, or sexual orientation
shall be transmitted. No excessively abusive, profane, or offensive language is to
be transmitted through the ORG email/internet and complete network.

1.4 Organization of E-mail Records

• Whether an employee is using official email account or private email account for
official purpose, s/he should properly organize and categorize email record for
easy access at a later date. Simply leaving incoming messages in the “in-box”
and outgoing messages in the “Sent Item” folder is not sufficient.

• Both the sender and the recipient have to determine whether a particular email
message is a necessary part of that documentation.

1.5 E-mail Retention

Following are the guidelines for deciding when an email should be retained:
• If it is work related communication.
• Records that document the formulation and implementation of policies and
decisions and taking of necessary actions.
• Records that document important meetings.
• Records that facilitate action by officials and their successors.
• Records that protect the financial, legal, and other rights of the organization and
of persons directly affected by the organization’s actions.

2
Reviewed by Director Operations Approved by Founding Chief Executive
Information Technology Manual August 2013

• Such emails should be retained, downloaded to computer for archival/record

purpose and subsequently be backed-up to portable media such as CD or Zip
Disks. Every employee is responsible to inform IT Officer for proper back-up.
• All emails should be deleted from ORG email account after backup. ORG email
server may delete all emails older than 30 days without any notification.
• Following the record retention policy frees up server space reducing risk and the
cost for storage of email records.
• Following the record retention policy reduces searching and retrieval times and
eliminates risk of lost or misfile.
• Electronic messages are legally discoverable and permissible as evidence in a
court of law. Electronic messages can never be unconditionally and
unequivocally deleted. The remote possibility of discovery always exists. Use
caution and judgment in determining whether a message should be delivered
electronically instead of by other means.

1.6 Confidentiality of Email

All email messages created, sent, or retrieved using email systems are the property
of ORG . ORG reserves the right to access and monitor all messages and files on
the computer system as deemed necessary and appropriate. Internet messages are
public communication and are not private. All communications, including text and
images, can be disclosed to law enforcement or other third parties without prior
consent of the sender or the receiver. Employees should not expect complete privacy
of messages created, sent, or retrieved through the ORG computer network/internet.

2. Internet Use

The purpose of ORG internet use policy is to ensure that the use of internet among
employees of ORG is consistent with the ORG policies, all applicable laws, and the
individual user's job responsibilities.

2.1 Security
Employees should keep personal log-on and passwords confidential and change
passwords on a regular basis. Failure to adhere to this policy jeopardizes network
security and puts users at risk of potential misuse of the system by other individuals.
Network users may be held responsible for all actions taken using their personal
network access permissions.

Important: All staff members using IT resources should check with the IT Officer
before installing software or reconfiguring computer. Moreover the following steps
must be taken to ensure security. IT Officer may be asked to provide assistance.
• Install Antivirus software
• Use a firewall
• Use spy-ware protection
• Keep operating system patched & install updates/as advised by IT Officer
• Use strong passwords
• Disable file sharing when outside office
• Backup data
• Keep versions up-to-date
• Prevent unauthorized use and reduce laptop theft
• Scan computer regularly for viruses
• Do not configure network without permission of IT Officer (because it creates
wrong IP conflicts within the network and creates network sharing problems)

3
Reviewed by Director Operations Approved by Founding Chief Executive
Information Technology Manual August 2013

• Use of social networking websites eg Facebook, Twitter, Badoo, MSN

Messenger, Yahoo Messenger are discouraged (because these websites slow
down the networks and decrease the total bandwidth for other users)
• Don’t try to download movies and songs from the internet (because it slows down
the networks and decrease the total bandwidth for Internet Users)
• Don’t watch the live cricket sessions on internet (because live streaming makes
internet speed very slow and maximum download increases the total bill)

2.2 Copyright Infringement

ORG supports the rights of intellectual property owners as defined by the law. This
includes all forms of intellectual property regardless of how it is obtained or shared.
ORG endorses responsible use of information technology and specifically prohibits
illegal downloading, distribution, copying of materials or other activities that violate
intellectual property laws, including copyright. When notified of alleged copyright
infringement, ORG may investigate, provide information, and take corrective action.

2.3 Unacceptable Use of the Internet

• Commercial use - any form of commercial use of the internet is prohibited.
• Copyright violations - any use of the internet that violates copyright laws is
prohibited.
• Solicitation - purchase or sale of personal items through advertising on the
internet is prohibited.
• Harassment (including Sexual Harassment) - use of the internet to harass
employees, vendors, customers, and others is prohibited.
• Political - use of the internet for political purposes is prohibited.
• Misinformation/Confidential Information - release of untrue, distorted, or
confidential information regarding office business is prohibited.
• Viewing/downloading entertainment sites /and pornographic sites.
Instances of unacceptable use of the internet will be investigated and disciplinary
action will be taken against violators including termination from employment.

2.4 Monitoring and Enforcement

ORG has to ensure proper use of internet communication system to avoid
vulnerability to litigation over inappropriate conduct in the workplace environment
arising from inappropriate internet communication.
• ORG may track internet transactions by employees in order to manage its
internet and e-mail resources in a cost-effective and efficient manner and to plan
more efficiently for future technology expansion with intention to monitor the
existence of the traffic being generated including contents of communications
over the internet, whether in e-mail, chat, or any other medium
• ORG reserves the right to access and monitor the content of all messages and
files on the ORG e-mail and internet system any time with or without notice.
Employees should not assume electronic communications are totally private and
should transmit personal confidential data in other ways.
• Each employee may be required to share user name and password with
IT/Administration for smooth execution of IT network and infrastructure.

3. I. T. Equipment/Hardware

ORG provides Information Technology (IT) equipments/ facilities, including computer

hardware, printers, fax machines, software, e-mail, and Internet access to employees for the
purpose of conducting official work only.

4
Reviewed by Director Operations Approved by Founding Chief Executive
Information Technology Manual August 2013

All staff members are expected to use these services in a responsible fashion. The following
are considered unacceptable uses of I.T. equipments /Computer Systems/ hardware, and
are not allowed.

3.1 Unacceptable Uses of I.T. Equipment/Hardware

• Illegal use of a computer (i.e: attempting to use an ID other than your own)
• Intentional computer damage or destruction or damage due to user’s negligence
• Offences against computer users including discrimination and harassment
(including sexual harassment)
• Modification or destruction of programmes or data other than your own personal
files
• Use of computer to commit crime (embezzlement, harassment, blackmail etc.)
• Tampering or alteration of computer systems, programmes or files
• Unauthorized access or attempted unauthorized access to a computer or network
• Causing denial of computer services (eg, run a virus that renders a network
unusable)
• Preventing others from using computer services
• Theft of computer related materials
• Use of computer hacking and email hacking software
• Violation of any laws applying to electronic transmissions
• Posting others confidential information such as phone numbers
• Cracking passwords
• Using computer resource without prior permission
• Opening and changing computer hardware: Employee should properly consult
and inform IT Officer for any hardware and software problem

3.2 Purchase/Replacement of Computer Equipment

Computer equipments are generally purchased/replaced depending on the budget
and need at ORG .
• The goals of the purchase/replacement plan are to: ensure that appropriate
computing resources are available to support the mission of the organization;
ensure that each staff member who uses computing resources in his/her position
has a sufficient capability to fulfill his/her responsibilities.
• IT equipments cannot be purchased directly by the staff. Equipment specifications
are to be finalised involving the IT/Admin Deptt and then approval from the
competent aurthority is obtained. After the procurment has been done, the
equipment will be first tagged and entered in the asset register/inventory list and
then the it will be handed over to the concerned staff member.
• All purchases must adhere to the procurment policy formulated by ORG for the
purpose

3.3 Repair of Computer Equipment

• All ORG computer equipment is maintained by IT/Admin. If a hardware problem is
suspected the user should call the IT/Admin department during normal working
hours for assistance. If hardware service is required, necessary arrangements will
be made.
• Each employee is responsible for taking reasonable safety precautions in regard
to ORG owned computer equipment. Employees will be held responsible for
damage to such equipment arising out of their negligence or intentional
misconduct.
• Normally, there is no charge for examining the personal equipment if repair is not
needed. ORG does not provide repair for personally owned computers.

5
Reviewed by Director Operations Approved by Founding Chief Executive
Information Technology Manual August 2013

3.4 Printers and Other Peripheral Equipments Policy

Printers represent a high equipment expenditure at ORG . ORG encourages
appropriate and responsible business use of ORG ’s printers, as well as, preventing
the waste of paper, toner, ink, and so on.
• ORG provides printers in every department/floor. Individual desktop printers are
not normally provided. Other peripheral pieces of equipment such as
scanners/photocopiers are generally provided in main office departments instead
of individual offices. ORG allows sharing of specialized technical resources.
• Printers are to be used for documents that are relevant to the day-to-day conduct
of business. Using ORG printers to print personal documents is discouraged.
• Avoid printing multiple copies of the same document – unless the printer is also a
copier – because the printing cost will be more than the cost for making
photocopies. If you need multiple copies, print one good copy on the printer and
use the photocopier to make additional copies.
• If you print something, please pick it up in a timely fashion. If you no longer want
it, please dispose of it appropriately (i.e. recycle/destroy confidential documents).
• Make efforts to limit paper use by taking advantage of duplex printing (i.e. double-
sided printing).
• Avoid printing large files, as this puts a drain on network resources and interferes
with the ability of others to use the printer. Please report any planned print jobs in
excess of 100 pages to the Admin.
• Avoid printing e-mail messages.
• Avoiding printing a document just to see what it looks like.
• Avoid re-using paper in laser printers, as this can lead to paper jams and other
problems with the machine. Printer paper is available at all departments.
Toner/cartridges are available with Admin departments.
• If you encounter a physical problem with the printer (paper jam, out of toner, etc.)
and are not “trained” in how to fix the problem, please do not try to fix it. Instead,
report the problem to Admin or ask a trained co-worker for help.
• Report malfunction of any printing device to the IT Officer as soon as possible.
• Do not change the printer settings manually or by software settings. Always
consult IT officer for different settings.

3.5 Recommended hardware for ORG offices

List of recommended/advised hardware for use in ORG offices will be suggested by
IT/Admin department, agreed by Director Operations and approved by CEO.

4. IT Software
4.1 Authorized/Licensed Software
The software programmes on the computers used for ORG should comply with local
and international laws of software piracy. All software acquired for or on behalf of the
ORG or developed by its employees is and shall be deemed as ORG property. All
such software must be used in compliance with applicable licenses, notices,
contracts, and agreements.

Each employee is individually responsible for reading, understanding, and following

all applicable licenses, notices, contracts and agreements for software that s/he uses
or seeks to use on ORG computers.

ORG is commonly using Microsoft products. All the computers are loaded with these
software applications.

6
Reviewed by Director Operations Approved by Founding Chief Executive
Information Technology Manual August 2013

4.2 Recommended software for ORG Offices

Details of software recommended/advised to be used in ORG offices will be
prepared by IT/Admin departments, agreed by Director Operations and approved by
CEO.

4.3 Unauthorized Software

ORG discourages the use of unlicensed or pirated software. It is the responsibility of
the IT Department and every individual to keep a check on this issue and avoid any
unauthorized use of pirated software. The use of all these software is strongly
discouraged and such software would be deleted from the system. IT Department is
authorized to check the computers of the employee for any unauthorized software.

4.4 Software purchase

To obtain any other software tool/application a formal approval request (purchase
requisition) is required from staff approved from their department head. All decisions
regarding ORG software shall be centralized with the Information Technology
department to ensure that all applications conform to corporate software standards.
All requests for software must be submitted to the procurement department on
Purchase Requisition duly signed by the concerned line manager as well as reviewed
by the IT department representative.

5. Troubleshooting

One of the objectives of the IT department is to provide timely and efficient technological
support to all the project staff. Users contact IT department directly via phone, cell number
or through email. IT Resource person himself visits users to identify and resolve the issues.
These are small issues related to installation, configuration of devices and software tools.
Such types of issues can also be resolved remotely providing telephonic help or remote login
to client’s computers locally and in provincial offices. Since ORG has only one IT resource
person in Head Office and one in regional office, therefore, it is important to cooperate and
develop a mutual understanding, which is helpful for IT and other staff members. Staff may
be required to fill out IT services and feedback forms.

6. Taking Backup

Data is one of ORG 's most important assets. In order to protect this asset from loss or
destruction, it is imperative that it be safely and securely captured, copied, and stored by the
IT department. Backups must be conducted on monthly basis by the IT department with prior
approval from the Admin and stored in office and off-site.

7. Employee Departure Checklist

This checklist explains the employee departure process.

• If the employee is leaving, his/her accounts (network, e-mail) will need to be deactivated
at a particular date and time. Ideally, deactivation should take place on the employee’s
last working day.
• Admin and IT Department will list in advance any equipment and files that should be in
the employee ‟s possession and must be returned.
• The leaving employee will be reminded that all files and documents are property of ORG
and cannot be destroyed, removed, modified, or copied without approval from the direct
supervisor.

7
Reviewed by Director Operations Approved by Founding Chief Executive
Information Technology Manual August 2013

• Personal data will be removed from the computer and returned to the employee.
Employee will need to arrange his/her own CDs/flash drive/hard drive/ for receiving the
data.

8. General Useful Tips

• All ORG employees are advised to run the antivirus scan of computers at least once a
week in order to remove the virus from computers.
• It is better to use USB disk security software and scan USB before use.
• Employee should turn off LCDs, printers before leaving office in order to avoid damage
from electricity fluctuation which can cause circuit burn to equipment.
• Laptops are most sensitive IT Equipment. Employee should avoid the Laptops from jerks
and shocks. Liquid such as water, juices, tea should be strictly avoided during laptop
use.

9. Databases

IT department may be required to develop databases as per programme and operation

requirements of ORG and support in maintaining of these databases.

When IT department is required to extend support in maintaining the databases,

confidentiality of information (such as salary information of employees not to be shared with
other employees) should be maintained by the IT department.

10. Cell Phone Use

IT department will assist Administration in implementation of Cell Phone Use Policy. Cell
phone limits are available with Admin. Cellular telephones and personal digital assistants
(PDAs) - such as blackberry, smart phone and other devices - enable fast communications,
remote wireless network connectivity and more productive mobile employees. However,
such devices add significant operating expenses and create additional security concerns for
the organization. This policy intends to control costs, secure organization data and protect
mobile devices, and the data.

10.1 Information Security

Mobile devices can present unique security challenges. When a mobile device is lost
or stolen, it may not be considered as serious as losing a laptop, but it can be
depending on how the device is used. To avoid this, following guidelines should be
followed while using cell phone/ smart phone. IT will facilitate.

• Use of a PIN-based lockout: A PIN-based lockout is a minimal requirement for

safety of information.
• Use of device encryption: All mobile devices (laptops included) can be fully
encrypted so that loss of the device doesn’t equate to loss of information.
• Report a lost or stolen device. Whenever a device is lost, it must be reported as
quickly as possible to the IT/Administration so that it can be remotely wiped to
prevent data loss.
• IMEI (International Mobile Equipment Identity) number of each cell phone should
be kept in a record in order to recover the theft and stolen mobile phones.

8
Reviewed by Director Operations Approved by Founding Chief Executive