Employee ICT Handbook

Abdulwahab Mansour Al Moallam Sons

Company

ICT Employee Handbook

Page 1 of 9 October 2020

 Employee ICT Handbook

WELCOME TO ALMOALLAM

Welcome to Almoallam Group. The purpose of this handbook is to provide you with
valuable information and documentation that will help you use Almoallam’s Information
Technology Resources effectively. The handbook contains information on the following
topics:

1. USER ACCOUNTS ............................................................................................................................. 3

2. PASSWORD USE .............................................................................................................................. 3
3. PC / LAPTOP .................................................................................................................................... 4
4. MS OFFICE APPLICATIONS............................................................................................................... 5
5. USE OF EQUIPMENT ........................................................................................................................ 5
6. PC & DATA SECURITY ...................................................................................................................... 6
7. COMPUTER AND E-MAIL USAGE ..................................................................................................... 7
8. USER AUTHENTICATION FOR EXTERNAL CONNECTIONS ................................................................ 7
9. REMOTE DIAGNOSTIC AND CONFIGURATION PORT PROTECTION ................................................ 7
10. SECURE LOG-ON PROCEDURES ....................................................................................................... 7
11. USER IDENTIFICATION AND AUTHENTICATION .............................................................................. 8
12. ACCEPTABLE USE ............................................................................................................................ 8
13. INTRODUCTION OF UNAUTHORIZED COPIES OF LICENSED SOFTWARE & HARDWARE ................ 8
14. ICT MONITORING ........................................................................................................................... 9
15. RETURN OF ICT RESOURCES & ASSETS ........................................................................................... 9

Page 2 of 9 October 2020

 Employee ICT Handbook

1. USER ACCOUNTS
ICT sets up user accounts for employees and guests, providing authorized access to
Almoallam’ s network and internet.
Your username and password are allocated for use across all IT services at Almoallam,
including your email account, shared drive, and ERP access.
a. Password shall be minimum of 8 characters length.
b. Password be combination of:
i. At least one uppercase alphabetic character (A-Z).
ii. At least one lowercase alphabetic character (a-z).
iii. At least one special character (e.g. @, %, &).
iv. At least one number (0-9).
c. Password shall not contain the name of the user.
d. Blank password shall not be allowed.
e. User account shall be locked after 10 unsuccessful attempts for systems. Such
locked accounts will be manually unlocked by IT department only on receiving
a formal request from the concerned user and department head.
f. Password change shall be enforced (by the operating system or the application)
at least every 90 days. The new passwords shall not be the same with the
previous 12 ones (password history).
g. Passwords shall be immediately changed if there is any suspicion of password
compromise; and this shall be reported immediately to Information Technology
Department.
h. Information Technology Department shall change all information system
default usernames and passwords before any information system is put into
operation.
If you have forgotten your username or password, please contact ICT staff.

2. PASSWORD USE
1. Users shall not insert password into email messages or electronic
communications.
2. Users shall not distribute their username and password to other users; thus, users
shall be accountable for any activity associated with their access rights.
3. Users shall not capture or otherwise obtain passwords, decryption keys, or any
other access control mechanism, which could permit unauthorized access.
4. Users shall not do the following:
a. Reveal a password over the phone to anyone.
b. Reveal a password in an email message.
c. Reveal a password to the boss.
d. Talk about a password in front of other.
e. Hint at the format of a password (e.g., my family name).
f. Reveal a password on questionnaires or security forms.
g. Share a password with family members.
5. Reveal a password to co-workers while on vacation.

Page 3 of 9 October 2020

 Employee ICT Handbook
6. You should never write down a password and store them anywhere in your
office. Do not store passwords in a file in a computer system.

3. PC / LAPTOP
a. Login to your desktop

To login to your PC or Laptop, or to access your desktop you will need to enter
your username and password at the Windows logon screen.
Your username is your Employee ID:
i. Example: 1234
ii. Password: Abcdefg@123456
b. Unattended User Equipment

1. Screen saver password shall be enabled on all information assets (e.g. desktop,
laptops, and servers) to prevent unauthorized access. The screen saver timer
shall be set to 5 minutes of inactivity or less.
2. Each user shall terminate active sessions when activities are finished.
3. Each user shall lock his/her equipment before leaving his/her desk.
4. Each user should shut down the system while leaving the office.

c. Backing up your files

i. Backing up your files helps to protect them from being permanently lost or
damaged in the event of accidental deletion, a virus attack, or a software or
hardware failure.
ii. Your PC/laptop has a One drive network folder configured for your use.
iii. OneDrive Sync folder will be available in your system

iv. Always keep all your important files that need to be backed up into this folder
v. When you save files and documents to the above OneDrive Sync Folder, the file
will be always synchronized to the cloud.
vi. It is recommended that you are periodically taking a backup of important files and
documents to your OneDrive Sync folder.
vii. Each user is responsible to take backups of the critical information under their
control.
viii. Users shall periodically backup the data based on its criticality in the above
recommended folder provided by IT Team.
ix. The backups shall be treated with same level of security as the actual data.
x. In case if the employee has any doubt that their data is not backed up or have
any synchronizing issues with the OneDrive cloud contact the IT team
immediately.

d. Saving to the networked drive

Page 4 of 9 October 2020

 Employee ICT Handbook

i. Click on the Window/File Explorer icon located on the taskbar.

ii. Select Computer/This PC.
iii. Locate the file/folders that you want to back up from your local “Documents”
folder.
iv. Click to select the file or folder. Shift-click to select multiple files or folders.
v. Right mouse click and select “Send to”.
vi. Select the network drive.
vii. A copy of the selected files/folders is stored on the networked drive.

e. Accessing Network Shared Drives.

i. Click on the This PC icon or Window/File Explorer on the desktop.

ii. In the directory Navigation pane on the left side of the screen, click the networked
drive(s) under the “Computer” icon.
iii. Employees have access to shared drives depending on their access.

4. MS OFFICE APPLICATIONS
a. Outlook: Microsoft Outlook is used to manage Email and Calendars. You can access
Outlook using the desktop application or the Outlook Web Access web-based version.
b. Office 365: Office 365 is Microsoft’s hosted collaboration and productivity suite of
applications available to employees (based on job requirement). Office 365 includes
access to web and mobile versions of Word, Excel, PowerPoint, and OneNote
c. OneDrive: The cloud file storage with XX GB of cloud storage in OneDrive for Business
that can be used to store and share work related files.
d. SharePoint: SharePoint is a web-based collaborative platform that integrates with
Microsoft Office.

5. USE OF EQUIPMENT

Equipment’s (example: laptops, PCs, printers, & etc.) are essential in accomplishing job
duties which are often expensive and requires time to replace. When using company
property, employees are expected to exercise care, and follow all operating instructions,
safety standards, and guidelines.
The improper, careless, negligent, destructive, or unsafe use or operation of equipment can
result in disciplinary action, up to and including termination of employment.

Page 5 of 9 October 2020

 Employee ICT Handbook
6. PC And Data Security

Almoallam maintains information that is sensitive and valuable and is often protected by
KSA laws that prohibit its unauthorized use or disclosure. As an individual with access to Al
Moallam’s information, everyone will have the responsibility to comply with the KSA laws and
Almoallam policies that govern such information.
Employees shall be committed to preserve the security of all the information assets owned
and entrusted to them to ensure the information security and legal conformity.
Employees can only access information needed to perform legitimate duties as requested by
Al Moallam. Employees must protect the confidentiality, integrity, and availability of the
information. Employees should not share any confidential information or access with any
unauthorized individual, whether internal or external to Almoallam.
 Employees are responsible for protecting their personal password and for the
consequences of their password.
 Employees will not sign on to Al Moallam network and/or any of its system using a
user id other than that assigned to them or authorised for their use.
 Staff will be held accountable for all system activity that occurs using their user id
and password.
 The standard Windows password protected screen saver should be activated in five
minutes when the PC is left unattended.
 The PC should always be logged out and switched off before being left overnight
unless it is running an overnight process, in which case the screen saver should be
activated.
 In all cases employees should exercise good judgement and take reasonable care
to safeguard mobile equipment (like laptops), e.g., equipment should be physically
secured when not in use and should never be left unattended in public places.
 Employees should report or seek advice from the IT department regarding any
items which are identified to affect the confidentiality, integrity or availability.
 Unlicensed software or Application not authorised by the IT should not be loaded
onto PCs.
 Offensive and inappropriate material should not be downloaded onto or stored on
any of the firm’s IT asset, including servers and PCs.
 Employees are not permitted to install any personal software onto IT assets,
including but not limited to personally owned software, software downloaded
from the Internet, software received through email, shareware and freeware.
 All hardware, software and data supplied to employees is the property of Al
Moallam and as such may at any time, without prior notice, be subject to audit
review.
 Employees may not access Al Moallam computer system or computer held
information and data without proper authority, nor may they make unauthorised
modifications to the contents of any Al Moallam computer system, including
deleting or changing data.

Page 6 of 9 October 2020

 Employee ICT Handbook
 Employees are responsible for the availability, integrity and confidentiality of Al
Moallam and/or customer data held on their PC/laptop and all forms of removable
media. Employees should seek the assistance of the IT department if they are
unsure whether they are adequately securing data.
 USBs, CDs, or similar removable media should not be labelled in such a way as to
openly identify any sensitive information held on them.

7. COMPUTER AND E-MAIL USAGE

Computers, computer files, the e-mail system, and software furnished to employees are
Al Moallam property that is intended for business use.
Employees must safeguard any physical key, ID card or computer, network account that
enables access to information. Employees may not facilitate illegal access to IT systems or
compromise the integrity of the systems information by sharing passwords, or other access
information or devices.
E-mail may not be used to solicit others for commercial ventures, religious or political causes,
outside organizations, or other non-business matters.

8. USER AUTHENTICATION FOR EXTERNAL CONNECTIONS

Remote user access to Al Moallam networks shall be restricted to authorized users only;
and shall follow the appropriate user authentication methods.

9. REMOTE DIAGNOSTIC AND CONFIGURATION PORT PROTECTION

The use of network diagnostic and security tools shall be limited to designated staff, and
in accordance with their job responsibilities.
Any remote administration connections authorized by Almoallam shall use strong
authentication (e.g. two-factor authentication) as well as corresponding encryption methods
(e.g., SSH, SSL, and VPN).

10. SECURE LOG-ON PROCEDURES

 System shall display a general notice warning that the computer shall only be
accessed by authorized users.
 The logon process on any system shall display only the limited information about
the system and its purposed use.
 System shall limit the number of unsuccessful logon attempts allowed; the
following shall be considered:
 Recording both successful and unsuccessful attempts.
 Forcing a time delay before further logon attempts are allowed or rejecting any
further attempts without specific authorization.
 Sending an alarm message to the system console if the maximum number of logon
attempts is reached.

Page 7 of 9 October 2020

 Employee ICT Handbook
 System administrators shall review all unsuccessful log attempts in a periodically
basis

11. USER IDENTIFICATION AND AUTHENTICATION

System shall validate the log-on information only upon completion of all input data. If an
error condition appears, the system shall not indicate which part of the data is correct or
incorrect.
Al Moallam shall identify and authenticate all users uniquely before granting them the
appropriate system access. Enforce 2FA as applicable.

12. ACCEPTABLE USE

This Policy will respect the Al Moallam environment and inhibit these characteristics only
when necessary to protect the essential interests of Almoallam.
Limited Personal Use: It is acknowledged that reasonable limited personal use will occur.
'Limited personal use' means private use that is infrequent, brief, and kept to a minimum. ICT
Resources should not be used for activities unrelated to appropriate Almoallam functions.
Almoallam accepts no liability for any loss or damages suffered by Users because of personal
use.
Illicit Material: Users must not send, view, download or store illicit, fraudulent, obscene,
or pornographic material that are a violation of KSA applicable laws.
Defamation, Harassment and Other Abusive Behavior: No User will, under any
circumstances take any action which would or might lead to the Al Moallam's ICT Resources
being used for the purpose of defaming or slandering any individual or organization or use an
ICT system in any way such that a reasonable individual may consider this action to be viewed
as harassing, abusive or obscene behavior.
Copyright, Licenses and Related Obligations: Users must not violate copyright law and
must respect license to copyrighted materials. Users must ensure confidentiality and re-use
obligations are observed.
Social Media: Users must respect the purpose of and abide by the terms and conditions
of use of online forums, including social media networking websites, mailing lists, chat rooms,
wikis and blogs.
Commercial Use - Almoallam ICT Resources should not be used for commercial purposes,
including advertisements, solicitations, promotions, or other commercial messages, except as
permitted under Almoallam Policy.

13. INTRODUCTION OF UNAUTHORIZED COPIES OF LICENSED SOFTWARE & HARDWARE

Introduction of unauthorized copies of licensed software & hardware (piracy/copyright &
patent infringement) to Al Moallam information resources and the copying of such material
is strictly prohibited.

Page 8 of 9 October 2020

 Employee ICT Handbook
The storage, processing, or transmittal of unauthorized copies of licensed software &
hardware (piracy/copyright & patent infringement), by Almoallam personnel/ it’s associates
is strictly prohibited.

14. ICT MONITORING

Al Moallam respects the privacy of Users of ICT Resources; however, it reserves the right to
monitor User activity and take appropriate action if misuse of resources is identified.
Al Moallam reserves the right to inspect all Almoallam owned ICT devices, together with all
files, Employee email accounts and message, and logs contained on those devices. Awareness
of these provisions shall be included as a mandatory component of all new Employee
inductions.
Al Moallam reserves the right to examine files and directories where it is necessary to
determine the ownership or recipient of lost or misdirected files, and also where Al Moallam
has information or evidence that:
 System Integrity is threatened
 Security is compromised
 An activity has a detrimental impact on the quality of service to other Users
 The system is being used for purposes which are prohibited under KSA laws &
Almoallam policies
 System is being used for unlawful purposes.
By connecting a privately owned ICT device (including wireless or remote connection) to the
Al Moallam network, any User acknowledges that they will be bound by, and comply with,
the terms and conditions of use of the Al Moallam ICT resources.
ICT as part of the routine inspection will monitor the traffic on networks. Logs obtained from
monitoring operations are used for capacity planning, performance measurement, security,
accountability, and as a proof of incident purposes.

15. RETURN OF ICT RESOURCES & ASSETS

Employees are responsible for all Al Moallam ICT resources/assets in their possession or
control. Employees must return all resources/assets in use immediately upon request or upon
termination of employment. Where permitted by applicable laws, Al Moallam may withhold
from the employee's final paycheck the cost of any items that are not returned or got
damaged. Al Moallam may also take all necessary action that are deemed appropriate to
recover or protect its property.

Page 9 of 9 October 2020