Professional Documents
Culture Documents
Contents
1 Introduction......................................................................................................................2
2 Roles and Responsibilities.............................................................................................2
3 IT Assets Management...................................................................................................3
4 Information Security........................................................................................................5
A. High Risk:...............................................................................................................6
B. Medium Risk:.........................................................................................................6
C. Low Risk:...............................................................................................................6
File Backup System:......................................................................................................7
Server backup:...............................................................................................................7
5 Network Infrastructure....................................................................................................7
6 Email and Communication.............................................................................................8
7 Internet Usage Policy.....................................................................................................9
8 Software Usage Policy..................................................................................................10
9 Hardware Usage and Maintenance.............................................................................12
10 Disaster Recovery and Business Continuity.............................................................13
11 Laptop Theft Policy.....................................................................................................14
12. Policy Review and Updates......................................................................................14
1 Introduction
Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
2of16
1.3 Objectives
The primary objectives of this policy are:
1.4 Compliance
All employees are expected to comply with the IT Policy rules and guidelines
while purchasing, using, and maintaining any equipment or software purchased
or provided by the organization.
Any employees who misuse the internet notices or improper use of laptop /
desktop within the organization must inform his/her Reporting Manager(s)
immediately. Based on Dept requirement.
Inappropriate use of IT equipment and software by an employee will be subject to
disciplinary action as deemed fit by the HR of the organization.
IT Managers
System Administrators
Help Desk Support
Network Administrators
Security (Door Access)
Each role has Specific duties and responsibilities, as outlined in their respective job
descriptions.
2.4 IT Support
Tsugami uses an online email system to provide IT Support to its employees and
clients. The email id for the same is systems@tsugami.co.in
Employees may need hardware/software installations or may face technological
issues which cannot be resolved on their own. Employees are expected to get
help from the IT Dept. for such issues via the IT Support Email ID only.
Any IT Support work informed or assigned via emails sent on employee email
IDs, chats or any other media except the IT Support Email ID would be not
entertained.
For the sake of quick understanding, employees are expected to provide details
of their issue or help required in the Support Email sent.
For major issues like Desktop, Laptop replacement, non-working equipment,
installation of application software and more, it is mandatory for all employees to
inform the IT Dept.
For any damage to Desktop, Laptop, and printer approval from Reporting
Manager would be required for replacements.
After sending the email, employees should expect a reply from the IT Dept within
1 working day. The IT Dept. may ask the employee to deposit the problematic
equipment to the IT Dept. for checking and will inform the timeline for
repair/maintenance/troubleshooting/installations or the required work.
3 IT Assets Management
Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
4of16
2) De-allocation of Assets:
Based on the HR dept email confirmation, who are relieving from the
organization we will deactivate the email id and SAP id & VPN access on
same day.
It is the Reporting Manager’s/HR Dept responsibility to collect all allocated
organizational equipment & other assets from an employee who is leaving
the organization.
Updating the Inventory Sheet is mandatory after receiving back all
allocated equipment.
The received assets must be to IT Dept.
1. Procurement of IT Assets:
Procurement refers to the acquisition of new IT assets, including hardware,
software, and related services.
Start by identifying the organization's IT needs. Determine what equipment,
software, or services are required to meet business objectives.
Allocate a budget for IT procurement. Ensure it aligns with the identified
needs and is realistic based on available funds.
Research and select reliable vendors or suppliers. Consider factors such as
product quality, pricing, reputation, and customer support.
Implement a system for tracking and managing newly acquired IT assets. This
includes recording asset details, serial numbers, and warranties.
Install and configure new assets as needed. Ensure they are integrated into
the existing IT infrastructure.
2. Disposal of IT Assets:
The disposal of IT assets is equally important as procurement, as it involves
securely removing and decommissioning old or obsolete equipment. Improper
disposal can lead to data breaches and environmental hazards.
Maintain an up-to-date inventory of all IT assets, including their age,
condition, and usage.
Before disposal, ensure that all sensitive data is securely wiped from storage
devices. This may involve using data erasure software or physically
destroying hard drives.
Effective management of IT asset procurement and disposal is crucial for
maintaining the security, efficiency, and cost-effectiveness of an organization's IT
infrastructure. It requires careful planning, documentation, and compliance with
relevant laws and regulations.
4 Information Security
Various methods like access control, authentication, monitoring, and review will be
used to ensure data security in the organization.
Security reviews of servers, firewalls, routers, and monitoring systems must be
conducted on a regular basis. These reviews should include monitoring of access
logs and intrusion detection software logs.
Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
6of16
Appropriate training must be provided to data owners, data users, and network &
system administrators to ensure data security.
Different protection strategies must be developed by the IT department for the above three
data categories. Information about the same must be disseminated appropriately to all
relevant departments and staff.
High risk data must be encrypted when transmitted over insecure channels.
Select strong passwords with at least eight characters (capital and lower-case
letters, symbols and numbers like @! #$^&...etc.) without using personal
information and common (e.g. birthdays, welcome123, password).
Remember passwords instead of writing them down and keep them secret.
Use different passwords for different accounts. Avoid using the same
password across multiple websites or services.
Change passwords periodically, especially for critical accounts.
Educate yourself and your employees (if applicable) about good password
practices, phishing awareness, and general cybersecurity best practices.
Data recovery is the process of restoring data from backups in the event of data loss or
a disaster.
Effective data backup and recovery, combined with a well-designed disaster recovery
plan, help organizations minimize downtime, maintain business continuity, and protect
valuable data assets in the face of unexpected events. These practices are essential
components of a robust information technology strategy.
5 Network Infrastructure
5.1 Network Access and Usage Policies
All PCs being used in the organization are enabled to connect to the
organization’s Local Area Network as well as the Internet. Network security is enabled in
all PCs through Firewall, Web Security and Email Security software.
Employees are expected to undertake appropriate security measures as enlisted in the
IT Policy.
The Internet Usage Policy provides guidelines for acceptable use of the organization’s
Internet network to devote Internet usage to enhance work productivity and efficiency and
ensure safety and security of the Internet network, organizational data, and the employees.
Internet is a paid resource and therefore shall be used only for office work. The organization
reserves the right to monitor, examine, block, or delete any/all incoming or outgoing internet
connections on the organization’s network. The organization has systems in place to monitor
and record all Internet usage on the organization’s network including each website visit, and
each email sent or received. The Management Committee can choose to analyse Internet
usage and publicize the data at any time to assure Internet usage is as per the IT Policy.
The organization has installed an Internet Firewall to assure safety and security of the
organizational network. Any employee who attempts to disable, defeat, or circumvent the
Firewall will be subject to strict disciplinary action.
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are security
solutions that monitor network and system activities to detect and respond to suspicious or
malicious behaviour. They can be standalone appliances or software integrated into
firewalls or network infrastructure.
Our corporate email usage policy helps employees use their company email addresses
appropriately. Email is essential to our everyday jobs. We want to ensure that our employees
understand the limitations of using their corporate email accounts.
Our goal is to protect our confidential data from breaches and safeguard our reputation and
technological property. This policy applies to all employees, vendors and partners who are
assigned a TPE email.
Corporate emails are powerful tools that help employees in their jobs. Employees should use
their company email primarily for work-related purposes. However, we want to provide
employees with some freedom to use their emails for personal reasons. Employees are
allowed to use their corporate email for work-related purposes without limitations
Email is often the medium of hacker attacks, confidentiality breaches, viruses, and other
malware. These issues can compromise our reputation, legality, and security of our
equipment.
Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
9of16
Select strong passwords with at least eight characters (capital and lower-case letters,
symbols and numbers like @! #$^&...etc.) without using personal information and
common (e.g. birthdays, welcome123, password).
Remember passwords instead of writing them down and keep them secret.
Change their email password every two months.
Also, employees should always be vigilant to catch emails that carry malware or phishing
attempts. We instruct employees to:
Avoid opening attachments and clicking on links when content is not adequately
explained (e.g. “Watch this video, it’s amazing.”)
Be suspicious of clickbait titles.
Check email and names of unknown senders to ensure they are legitimate.
Do not respond to requests for personal or sensitive information via email, even if the
request appears to be from a trusted source.
Encrypt any proprietary or sensitive information sent via email.
If an employee is not sure that an email, they received is safe, they can ask our IT
department
IM allows users to exchange text messages in real time, making it convenient for quick
questions, updates, and discussions. IM platforms typically support group chat, enabling
multiple users to participate in a single conversation. Many IM tools allow users to share
files, images, documents, and other media directly within the chat interface. E.g., New Talk,
Teams etc.,
Tools like Google Workspace (formerly G Suite) and Microsoft 365 enable real-time
collaboration on documents, spreadsheets, and presentations. Cloud storage services like
OneDrive allow teams to store, share, and collaborate on files and documents.
Best Practices for Using IM and Collaboration Tools, ensure that the tools used are
compliant with your organization's security and data privacy policies. Provide training and
guidelines for proper tool usage, including etiquette and security practices.
Effective use of instant messaging and collaboration tools can enhance communication,
streamline workflows, and improve overall productivity, especially in today's dynamic work
environments.
Internet is a paid resource and therefore shall be used only for office work. The
Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
10of1
organization reserves the right to monitor, examine, block, or delete any/all incoming or
outgoing internet connections on the organization’s network. The organization has systems
in place to monitor and record all Internet usage on the organization’s network including
each website visit, and each email sent or received. The Management Committee can
choose to analyse Internet usage and publicize the data at any time to assure Internet usage
is as per the IT Policy. The organization has installed an Internet Firewall to assure safety
and security of the organizational network. Any employee who attempts to disable, defeat, or
circumvent the Firewall will be subject to strict disciplinary action.
Employees are solely responsible for the content accessed and downloaded using
Internet facility in the office. If they accidentally connect to a website containing material
prohibited by the organization, they should disconnect from that site immediately. During
office hours, employees are expected to spend limited time to access news, social media,
and other websites online, unless explicitly required for office work. Employees are not
allowed to use Internet for non-official purposes using the Internet facility in office.
Employees should schedule bandwidth-intensive tasks like large file transfers, video
downloads, mass e-mailing etc. for off-peak times.
Describe the website filtering mechanisms in place, whether through hardware or software
solutions.
Explain the criteria used for filtering, which may include categories (e.g., social media,
gaming, adult content), specific URLs, and keywords.
Implementing and enforcing website access and filtering policies can help organizations
mitigate cybersecurity risks, improve productivity, and ensure compliance with legal and
regulatory requirements. It is important to communicate these policies clearly to all
employees and regularly review and update them to address emerging threats and changing
business needs.
8.1 Objective
The Software Usage Policy is defined to provide guidelines for appropriate
installation, usage and maintenance of software products installed in organization-
owned computers.
Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
11of1
8.2 General Guidelines
Third-party software (free as well as purchased) required for day-to-day work will
be pre- installed onto all company systems before handing them over to
employees. A designated person in the IT Dept. can be contacted to add to/delete
from the list of pre-installed software on organizational computers.
No other third-party software – free or licensed can be installed onto a computer
system owned or provided to an employee by the organization, without prior
approval of the IT Dept.
To request installation of software onto a personal computing device, an
employee needs to send a written request via the IT Ticket System or IT Support
Email.
Any software developed & copyrighted by the organization belongs to the
organization. Any unauthorized use, storage, duplication, or distribution of such
software is illegal and subject to strict disciplinary action.
8.3 Compliance
No employee is allowed to install pirated software on official computing systems.
Software purchased by the organization or installed on organizational computer
systems must be used within the terms of its license agreement.
Any duplication, illegal reproduction, or unauthorized creation, use and
distribution of licensed software within or outside the organization is strictly
prohibited. Any such act will be subject to strict disciplinary action.
The IT Dept. procedures & guidelines need to be followed to purchase new
software (commercial or shareware) for official purposes. All approved software
will be purchased through the Procurement Dept., unless informed/permitted
otherwise.
Any employee who notices misuse or improper use of software within the
organization must inform his/her Reporting Manager(s).
Hardware assets are to be used solely for official business purposes in alignment with
Tsugami Precision Engineering India Pvt., Ltd., mission, and goals.
Employees should handle hardware equipment with care to prevent physical damage. This
includes avoiding spills, drops, and unnecessary stress on devices.
All hardware, including computers and networking equipment, must have up-to-date security
patches and firmware updates installed promptly.
Different types of hardware may have specific maintenance requirements, so consult the
user manuals or documentation provided by the manufacturers for device-specific guidance.
Following these guidelines can help extend the lifespan and reliability of your hardware,
saving you time and money in the long run.
This policy defines the guidelines and rules for the responsible use of printing
and scanning equipment within Tsugami Precision Engineering India Pvt., Ltd., to promote
efficiency, reduce waste, enhance security, and comply with applicable laws and regulations.
Printing should be limited to official business purposes and tasks directly related to job
responsibilities.
Whenever possible, employees are encouraged to use the duplex (double-sided) printing
option to reduce paper consumption.
Employees are encouraged to review documents on-screen and print only necessary
portions to reduce paper and ink/toner consumption.
Scanning should be used for legitimate business purposes, such as digitizing documents,
archiving records, or sending digital copies.
Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
13of1
When scanning sensitive or confidential information, take precautions to ensure secure
handling and storage of scanned files. Follow data security policies and procedures.
Minimize unnecessary printing and scanning to conserve paper, ink/toner, and energy.
Data owners are responsible for identifying critical data, specifying backup requirements,
and ensuring data protection measures are in place.
All employees are required to comply with these backups and restore procedures and
associated policies.
The IT department is responsible for implementing technical solutions that support business
continuity, ensuring data backup and recovery procedures, and maintaining IT infrastructure
resilience.
Develop a detailed test plan that outlines the scope of the test, the resources required, the
steps to be followed, and the success criteria. Share this plan with all involved team
members.
Set up a separate testing environment that mirrors your production environment as closely
as possible. This environment should include all the necessary hardware, software, and
data.
Monitor the test closely, and document the results, including the time it takes to recover
systems and data, any issues encountered, and how effectively the DR plan was executed.
Ensure that employees involved in disaster recovery are adequately trained and prepared for
their roles during a real disaster.
Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
14of1
11. Laptop theft policy
A laptop theft policy is a set of guidelines and procedures that an organization puts in
place to prevent and respond to laptop theft. This policy aims to protect sensitive data,
minimize the financial impact of theft, and ensure the security of laptops and their contents.
After 1month if they do not get the laptop, Employee must be collected and provide the
Non- traceable Certificate at management from the police station.
------------------------------------End of
Document----------------------------------