HOP LUN INFORMATION TECHNOLOGY POLICIES

INTRODUCTION................................................................................................................................. 2
ABOUT THIS DOCUMENT ........................................................................................................................ 2
AUDITING .............................................................................................................................................. 2
TERMINATION ........................................................................................................................................ 2
A.

SECURITY................................................................................................................................. 3
Access To HOP LUN Computer Systems..................................................................................................3
Security Control Section.............................................................................................................................3

B.

WORKSTATION (PC) ENVIRONMENT............................................................................. 4

C.

ELECTRONIC COMMUNICATION...................................................................................... 6
Electronic Mail Policy ..................................................................................................................................6
Internet Access Policy ................................................................................................................................8

D.

PURCHASE OF INFORMATION SYSTEMS PRODUCTS............................................. 10

E.

IT PURCHASE APPROVAL PROCEDURE........................................................................ 10

IT PURCHASE APPROVAL PROCEDURE .................................................................................................10

APPENDIX

A ................................................................................................................................. 11

User Dos And Donts................................................................................................................................11

Your Responsibilities.................................................................................................................................12
Disclaimers.................................................................................................................................................12
Endorsement And Acceptance ................................................................................................................12

APPENDIX

B ................................................................................................................................. 13

PC hardware & software configuration standard..................................................................................13

APPENDIX

C.................................................................................................................................. 14

IT Request Form .......................................................................................................................................14

HOP LUN INFORMATION TECHNOLOGY POLICIES

INTRODUCTION
HOP LUN Information Technology team endeavors to provide total quality of service in the most
robust & consistent but flexible environment. We believe that success relies upon the close
partnership with every employee for continuous advancement, to increase competitive advantage
and customer satisfaction, as well as to maintain product leadership in the market.
Nevertheless, such policies, guidelines & procedures will change from time to time, subject to
business needs and new technologies. You will be notified of any new revisions or additions to
this manual through e-mail or bulletin board announcements.
About This Document
The full policies, guidelines and procedures document should be kept by the HR Manager(s) and
the IT Department. Included in this document is an Appendix A section that should be
distributed to each user, for use as follows:
1.

User Dos and Donts: Each user should have a copy of this page which summarizes all of
the basic policy principles.

2.

Disclaimers/Endorsement and Acceptance : This page must be signed by EVERY user

and returned to the IT department for control purposes. Each user that signs this document
confirms their compliance and acceptance of the policies.

3.

Definitions: Any reference to User, Employee, You, Your hereafter refers to HOP LUN
Employee. HR refers to HOP LUN Human Resources Department, and IT Department or
IT refers to HOP LUN IT Department. Reference to Computer system and Network refers
to the HOP LUN Computer System and HOP LUN computer network.

Auditing
Every user will be audited periodically to ensure compliance with the terms and conditions stated
in the IT Policies, guidelines and procedures document.
Termination
Any employee who has resigned or terminated his/her service with HOP LUN will have his/her
network login revoked immediately.
It is the responsibility of the HR Department to contact the IT department for the suspension of a
user from e-mail when the employee has left the company. The e-mail account will be reviewed
by HR and the Department head to ensure the account is removed within the agreed timeframe.

HOP LUN INFORMATION TECHNOLOGY POLICIES

A. SECURITY
Access To HOP LUN Computer Systems
Every employee is given access to HOP LUN Computer system in his or her course of duties. An
employee is given one user-id and one password into the computer system. You are
recommended to change the password every 120 days. This password will apply to most of our
computer systems such as the local area network and e-mail system.
Security Control Section
1.

Power On Password
Only valid for notebook users in order to avoid the disclosure of company information if the
notebook is stolen or lost.
This password must be assigned and maintained by the local IT Department during the
first installation and cannot be changed by the user. If the user needs to change this
password, it must be done by IT and recorded into the security database immediately.

2.

Computer, Network and e-mail Login & Password

The user name and its initial password are assigned by IT and the user can change it later.
Passwords should not be exchanged or shared between users.
The password must be at least 6 characters and expires every 120 days.
The user can change password anytime; a separate guide on how to change the
password is attached.

3.

Application User Name & Password (optional)

The user name and password of each application varies accordingly.

4.

If you have lost your user name or password, please fill in the IT REQUEST Form and then
submit it to IT Department for processing. You will be assigned a password, which you
should change later.

5.

To change your access rights for any computer system, please follow the procedure defined
in the IT REQUEST FORM.

6.

Every employee is given a WORKING DIRECTORY in the Network and based on the
departmental needs, a SHARED DIRECTORY may be created accordingly. This
arrangement has to be approved by the departmental head

7.

Administrator or Supervisor password accessing to HOP LUN servers are controlled by IT

Infrastructure Team. Only authorized IT personnel have access to these systems.

8.

Removal of all external media (Floppy disk, Zip disk, etc) and HOP LUN secure documents is
prohibited unless authorized by the local IT and local Management.

9.

Turn off the system in the following sequence

Remove all floppy disks

HOP LUN INFORMATION TECHNOLOGY POLICIES

Shutdown the operating system

Turn off peripheral equipment e.g. modem, printer, monitor
B. WORKSTATION (PC) ENVIRONMENT
1. Non-HOP LUN purchased computers and peripherals are prohibited from use in the office,
whether standalone or connected to the network. Such equipment will not be maintained nor
supported by the IT department.
2. All new computer purchases must comply with the company standard configurations (See
section E & appendix B)
3. All workstation purchases must go through the IT Purchase Approval Procedures. IT Request
Form approval from Department Head must be obtained prior to purchasing any equipment.
See IT Purchase Approval Procedures for more details. (See section E & appendix B)
4. Each staff shall have at most one computer; either desktop or notebook that is determined by
Department Head.
5. In order to maintain the compatibility of software in the organization and not to violate
copyright infringement, all workstations contain the corporate standardized software. For all
other software, please go through IT Purchase Approval Procedures for the approval and
installation.
6. ONLY the local IT department and its approved support vendor will perform all software
installations.
7. Screen Savers, Wall Paper bitmaps, Utilities and others that DO NOT COME with packages of
Windows, Microsoft Office Applications or HOP LUN Standard Software are not allowed on
any computer system unless prior consent has been obtained
The IT department reserves the right :
a) Not to support these machines should a problem arise from the installation of unauthorized
software; and
b) To remove non-standard and unauthorized software from the workstation without prior
notification.
8. All data files can be stored in your home directory on the file server which is backed up daily
from Monday to Friday onto tapes. In the event of a system crash or file loss, data or system
recovery will take at least 12 hours.
9. All users are advised to backup their local data include email in their local C: drive periodically.
In the event of a system crash, faster recovery can be achieved. Please consult with IT
department for assistance and instructions.
10. All external storage media (source of file not originated here) e.g. diskettes, zip disks - are
required to go through the Virus Scan program to ensure they are virus safe before loading
into HOP LUN computer systems. Please consult with the IT Department.

HOP LUN INFORMATION TECHNOLOGY POLICIES

11. Should there be a computer or workstation problem, please call your local IT Helpdesk hotline
and IT will follow-up on problem resolution according to the priority of jobs. It is helpful to
describe the details of the problem and any corrective measures that you have already tried.
IT will fill in the Support Log Form - this form is an important part of the IT service process and
will ensure a log of problems and resolutions is kept on file.
Priority of service is determined by IT and based on the following: below priority list, IT
pending job list and urgency of a given situation. The below is a general guideline only. Users
will be advised of the expected service time.
High (Immediate) - affects the company as a whole e.g. network down, e-Mail Server down
Medium (< half day) - affects a group e.g. SHARED directory, department files sharing
Low (> half day) - affects a user e.g. e-Mail problem, printing problem, password
12. Workstations are prohibited INTERNET ACCESS except with the prior approval of the local
Department head. If you need INTERNET ACCESS, please submit the IT REQUEST FORM;
with Department head approval. During the installation of INTERNET services, IT will also
install INTERNET Anti-Virus Protection Software on the workstation.
13. All CD-ROMs and diskettes containing software/programs will be kept by the local IT
department and catalogued to ensure original licensed copies are purchased. All media must
be kept in secure locations at the affiliate site, such as in locked cabinets in the computer
room.
14. All manuals pertaining to hardware/software are to be kept by the user for reading purposes.
However these manuals should be readily available in event of troubleshooting.
15. Discard and destroy all unlicensed software (e.g. trial or evaluation copy software, CDROM
copied from unauthorized source). Any consequences, legal or otherwise, of violation of this
rule is the sole responsibility of the user.
16. No food or beverages close to the terminal area.
17. No illegal copying of software.
18. Downloading or uploading of any software by the user is not permitted.
19. Downloading or uploading of any unauthorized data by the user is not permitted.
20. Virus Protection:
Norton Anti-virus is the HOP LUN standard virus protection utility.
Anti-virus signature files will be updated and distributed on a daily basis automatically by
the local Anti-Virus Administrative Server or on the workstation itself.
Users must virus check all files that come from external sources, particularly from the
internet.
21. Every user is required to shutdown properly at the end of the day.

HOP LUN INFORMATION TECHNOLOGY POLICIES

22. IT Properties of HOP LUN (except for notebooks) are not to be removed from HOP LUN
premises unless prior knowledge or consent from IT is obtained.

C. ELECTRONIC COMMUNICATION
Electronic Mail
Principles
This policy applies to all HOP LUN employees and all HOP LUN computers, networks, and
information which may be used to access and utilize HOP LUN Email system and Internet network
resources.
Internet network resources is defined as computers, computer networks, information, electronic
mail, and such services which may be accessed via the worldwide public Internet and which are
external to HOP LUN Enterprise.
HOP LUN Email system and its contents are solely owned by the company. Email has been
implemented and is maintained only for HOP LUN business-related communications among HOP
LUN employees and between HOP LUN employees and authorized non-HOP LUN users, such as
customers, suppliers, consultants, attorneys and accountants. It is not to be used for personal
communications.
From time to time individuals may permit other people (e.g. their team members) to access their
personal mailboxes. Users should take this fact into consideration when determining whether to
communicate sensitive or confidential information via Email. Company Confidential data, must
be transmitted with caution
Email communications are legal records of HOP LUN. They are legally equivalent to written
documents, and the Email system is part of HOP LUN official files. HOP LUN thus has a legal
responsibility to delineate the appropriate use of Email and the retention and destruction of Email
communications, in order to ensure that such use, retention and destruction are consistent and in
compliance with this and other applicable HOP LUN policies and procedures. It is equally
important that HOP LUN employees comply at all times with this Policy, since the creation,
retention and/or destruction of Email communications may have legal consequences for the
Company. To assure employee compliance with this Policy, the Company reserves the right and
intends periodically to review Email communications.
Conditions of Use
1. Email messages should be clear, concise business communications. HOP LUN will not
routinely monitor employees Email messages. The Email system is Company property,
however, as a result, HOP LUN reserves the right, in its sole discretion, to access, review
and disclose Email communications.
2. Any unauthorized access to, disclosure or destruction of, Email data or facilities is strictly
prohibited both internally (within Hoplun companies) and externally (any outside
companys email systems).

HOP LUN INFORMATION TECHNOLOGY POLICIES

3. Email to be transmitted to others should not be altered by any person other than the
author. Any person should make no alteration to an already disseminated Email
communication without the knowledge and prior agreement of all affected parties,
including all persons identified as recipients of the communication. The fact that an
Email communication has been modified should be noted on the message itself.
4. The creation, dissemination, maintenance and destruction of information via Email must
be accomplished using the same considerations and following the same policies and
procedures as are applicable to the collection, distribution, use, disclosure, retention and
disposal of hard copy mail. As one example, the distribution of copyrighted material by
Email is subject to applicable copyright laws.
5. Email may not be used to communicate commercial material not related to HOP LUN
business, or personal messages or any inappropriate information, including but not
limited to libelous statements, offensive comments, or gossip.
6. The use of Email for distribution of chain letters is strictly prohibited.
7. Any communication requiring a signature should NOT be sent via Email unless agreed to
in advance by all parties to such communication.
8. Personnel not employed by HOP LUN (such as customers, suppliers, consultants,
attorneys and accountants) who may be given access to HOP LUN Email system should
be informed of and instructed that they are expected to abide by this Policy. To assure
that Email links to third parties are appropriate and cost-effective, no HOP LUN
employee should establish an Email relationship (even if for only a single communication)
with any
third party without the prior written approval of the appropriate affiliate
manager.
9. It is prohibited to use the HOP LUN Email system to send the following:
- Threatening, obscene or harassing materials
- Unsolicited advertisements, including those pertaining to personal gain
or profit
- Computer viruses or Trojan horses
- Any communications for illegal purposes
10. Keep mail received and copies of sent messages organized in your Outlook & backup

your own Email regularly. (Contact IT Dept for assistant)If inappropriate material is
received repeatedly, ask the sender to have your name removed from the email copy list or
contact IT Dept.

11. Recognize that once you have entered your password, anyone passing by can send
messages under your email address so make sure to logout when email is not in use
12.

Exercise caution when sending confidential or sensitive messages through email. As a

general rule of thumb, do not send any highly confidential messages through email, unless
absolutely necessary and urgent.

HOP LUN INFORMATION TECHNOLOGY POLICIES

Message Retention
Regular purging of messages is essential to assure that sufficient computer capacity is available
for all HOP LUN users and applications. The HOP LUN Email system is not intended as a
permanent filing system.
1.

Every normal message (with file attachments) must be less than 3 Megabytes. Any file
which is larger than 3MB must be compressed, using WINZIP. Contact IT for help to
compress/zip files. Any messages that are expected to slow down or hinder the email
sending/receiving process, will be deleted and forwarded back to the originating user for
alternative means of distribution
Messages with file attachments that are larger than 3 MB cannot be sent
via email without consulting with the Affiliate IT Department.

2.

Users should refrain from sending large attachments to Mobile users. If it is not urgent,
please consider sending the attachments to their secretaries/colleagues who are connected
via the network.

3.

In order to prevent corruption of the email database, users must use ARCHIVES instead of
FOLDERS, particularly for long-term message filing. Archives store email messages as a file
on the network or local hard drive (mobile users only). Use folders only for short term
temporary storage of files.

4.

The server will automatically disallow users to send messages when the mail database of the
user is of over 500 MB in total. User shall contact IT department to archive the mail
database.

5.

All ARCHIVES must be stored in your home directory (e.g. H:\ELAINEWONG) which will be
backed up daily. Mobile users are advised to save their ARCHIVES onto a local drive and
make a backup copy to the Home directory on the network periodically.

6.

Email databases for mobile users should be periodically backed up to the network in the
event of a system crash.

Internet Access
Principles
This policy applies to all HOP LUN employees and all HOP LUN computers, networks, and
information which may be used to access and utilized Internet network resources.
Internet network resources is defined to be computers, computer networks, information,
electronic mail, and such services which may be accessed via the worldwide public Internet and
which are external to HOP LUN Enterprise.
HOP LUN provided Internet privileges, like computer systems and networks, are considered HOP
LUN resources and are intended to be used for business purposes only. Internet usage is
subject to monitoring for security and/or network management reasons.
Email sent via the Internet is not considered secure and may be intercepted and viewed by parties
other than the intended recipient while in transit over the public network. Internal HOP LUN

HOP LUN INFORMATION TECHNOLOGY POLICIES

communications (i.e. communications originating and terminating at an HOP LUN affiliate) must
be transmitted via the HOP LUN corporate encrypted network, and not via the public Internet
without encryption.
Internet information considered to be HOP LUN Proprietary and Confidential must be treated as
such and should never be disclosed or transmitted in any form via the Internet. Examples of
such internal information include, but are not limited to, the following:
Financial information
New business and product ideas
Marketing strategies and plans
Databases and the information contained therein
Customer lists and/or business relationships
Technical product information
Computer source code
Computer and/or network access codes
Conditions of Use
Users accessing the Internet are responsible for using due care and judgement when accessing
information from Internet resources. It is prohibited to visit Internet-based sites that contain any
material that can be construed as obscene, hateful, defamatory in nature, or that is intended to
annoy, harass or intimidate any other person or group of individuals.
Employees who are granted the privilege of accessing and utilizing Internet network resources are
expected to act in a professional business manner. This includes not sending or receiving
messages, documents, chain letters, graphics or other communications which involve
inappropriate language, humor, images, or audio; communications which are for personal
entertainment; or communications which are deemed to be discriminatory, threatening, or
constitute sexual harassment.
HOP LUN reserves the right to monitor Internet usage, and may restrict access to those topics that
are not business related or are deemed offensive or inappropriate to the HOP LUN business
environment. It is prohibited to intentionally interfere with the normal operation of the
network. This includes the propagation of computer viruses or the execution of any program
that may cause sustained or high-volume network traffic.
It is prohibited to send the following communications, either by Internet-based Email or by posting
in a public forum:
Threatening, obscene or harassing materials
Unsolicited advertisements, including those pertaining to personal gain or profit
Computer viruses or Trojan horses
Any communications for illegal purposes
In addition, it is prohibited to send or post any comment or document using an Internet
resource in which the user represents his or her personal opinion as that of HOP LUN.
Downloaded Files
When files are downloaded from an Internet resource, due care must be taken to ensure the
validity of the files. All downloaded files must be scanned for viruses with HOP LUN approved
anti-virus software before the launching of the file in the users computing environment.

HOP LUN INFORMATION TECHNOLOGY POLICIES

Users must comply with all license agreements that are included with downloaded software
including all shareware.
Much of the content provided by Internet resources is copyrighted. Users must comply with the
copyright laws regarding the downloading, copying, translating and use of copyrighted information
either belonging to parties outside of HOP LUN or HOP LUN itself.
Activity Log on Internet
Type of information logged by HOP LUN on Internet Usage includes the following
Host sites visited
Time connected to the Internet
Bytes uploaded
Bytes downloaded
Files downloaded by name and type
Internet applications used

D. PURCHASE OF INFORMATION SYSTEM PRODUCTS

IT will be responsible for the purchase and inventory control of all microcomputer hardware
(desktop, laptop, peripherals, etc that connects into the HOP LUN computer network) and
software acquisitions. IT will also assist users with any future hardware and software
requirements, and should be attuned to users' expected needs.
Purchase applications for computer hardware, software and service or consulting contracts are
forwarded to the Department Head who approves the purchase requisition. Based on the
amount of the purchase, IT department will coordinate with different people for review and
approval.
To ensure the compatibility of all hardware and software in the company, only IT department is
authorized to purchase computer equipment (hardware or software) based on the approved IT
request form.
E.

IT PURCHASE APPROVAL PROCEDURE

1. For All IT purchase user shall complete and forward an IT Request Form (ITRF) to IT
Dept for technical recommendation.
2. IT Dept shall get at least two (2) quotations and complete the ITRF for the respective
Departmental head and IT Manager for final review and approval.
3. IT shall then proceed with the purchase, try to get the requested items within a
reasonable period of time, and inform User and Dept head about the expected delivery
date accordingly.

10

HOP LUN INFORMATION TECHNOLOGY POLICIES

APPENDIX

User Dos And Donts

The following is a summarized list of Dos and Donts taken from the IT Policies and Procedures
Document, which all HOP LUN employees are required to follow. Anyone found violating any of
the policies may be subject to disciplinary action, as deemed appropriate by Management. All
users are required to sign the Endorsement and Acceptance statement.
1. Access to servers, e-Mail message queues, computer rooms and any other secure
equipment/system will be kept by IT personnel only.
2. All e-Mail messages shall be archived when the mail database is over 500Mbytes.
3. All files downloaded must be scanned for viruses.
4. All workstation purchases must have an approved Corporate IT Purchase Requisition Form
prior to purchase.
5. Do fill in the appropriate forms for requesting IT purchases and Application security access.
6. Do follow all hardware and software standards set by Group IT Team.
7. Do keep passwords confidential. Change them regularly, with at least 6 characters.
8. Do keep PC workstations in good condition and dont expose notebooks to harsh conditions
when travelling (e.g. sun, extreme heat).
9. Do pass all computer media (CD-ROMs, diskettes) to IT for asset control.
10. Do request for additional software through the proper channels only Local IT Department.
11. Do save all files in your home directory on the network, for backup and security.
12. Do shutdown all systems properly at the end of each day and turn off all power.
13. Dont access the internet at home using HOP LUN internet accounts, unless for authorized
business purposes. Usage will be monitored by the IS department.
14. Dont change the windows desktop environment.
15. Dont use or copy illegal software.
16. Dont download/upload software or unauthorized data.
17. Dont forward chain letters, jokes and other inappropriate material. E-mail of this nature
should be immediately deleted.
18. Dont install ANY software on your own. Always have IT perform the installation.
19. Dont keep food and beverages close to the PC workstation area.
20. Dont send a large file containing graphical pictures (e.g. scanned pictures) to Mobile users.
Instead, create a version of the file without the pictures and then send.
21. Dont send e-Mail messages with attachments greater than 5MBytes.
22. Dont use any files/programs (on diskettes, zip disks) unless they have been virus scanned.
23. Dont use equipment in the office that is not purchased by HOP LUN.
24. Dont use the internet for non-business related information. It is prohibited to visit
internet-based sites that contain material construed as obscene, hateful, defamatory in nature,
or that is intended to annoy, harass or intimidate any person or group of individuals.
25. Only authorized HOP LUN standard software will be installed by the local IT department.
(Refer to HOP LUN standard desktop/laptop software list)
26. Only the IT Department is authorized to purchase computer hardware/software.
27. Software such as screensavers, wallpaper, utilities, etc will not be installed or kept on PCs.

11

HOP LUN INFORMATION TECHNOLOGY POLICIES

Your Responsibilities
You are legally liable for any self-installed software and are responsible for any consequences,
legal or otherwise that may result from your actions. All software must be installed by the local IT
department after getting appropriate approvals. Any unauthorized software deemed to have
interfered with computer operations may be removed at the discretion of the local IT department.
You are responsible to maintain all HOP LUN Information Systems hardware equipment and
software in good condition.
Disclaimers
Users who violate any of the guidelines set in this policy may be subject to disciplinary action
including, but not limited to, written warnings, revocation of access privileges or employee
termination. The company also retains the right to report any illegal violations to the appropriate
authorities.
Access to HOP LUN IT systems is a privilege granted by HOP LUN to the employee. The
employee is responsible for using this access for business-related purposes only.
The distribution of any information through the Internet, HOP LUN computer-based services,
Email and messaging systems is subject to the scrutiny of HOP LUN. HOP LUN reserves the
right to determine the suitability of the use of these systems.
HOP LUN Reserves the right to amend, revoke, interpret or apply this policy at any time, with or
without notice to employees.
HOP LUN & its IT Dept shall not be liable for any damage whatsoever arising out of its employees
Internet access & email.
Endorsement And Acceptance
I have read and understood fully the terms and conditions as outlined in the Information Systems
Policies and Procedures Guidelines and hereby agree to be subjected to any disciplinary action as
a result of violation of any of the abovementioned policies and procedures and/or any legal
consequences resulting from misuse of any services provided by HOP LUN IT.

Department: __________________
Name : __________________
Signature :

12

__________________ Date : ___________________

HOP LUN INFORMATION TECHNOLOGY POLICIES

Appendix B - Desktop & Notebook PC Hardware & Software Configuration

Configuration(basic requirement)

Desktop

Tower Case
- P4 1.8Ghz Processor
- 128MB RAM
- 40GB HDD
- CD Rom
- 10/100 ethernet card
- Windows XP Professional (Eng Edition)
Eng Office XP SB OEM License

Notebook

- P3 or above
- 256Mb memory
- 30GB Harddisk or above
- Built in 56k modem, 10/100 Ethernet Lan card
- Built-in CDRW
- PCMCIA wireless LAN card 802.11a compatiable
(3com band highly recommend for compatiability with
acess point)
MS Windows Professional
MS Office XP SB OEM License

Vendor

13

Software

Rel./Ver.

Adobe
Microsoft
Microsoft
Microsoft
Microsoft
Symantec
WinZip

Acrobat Reader
Office XP Professional
Windows XP Professional
Internet Explorer
Outlook
Norton Anti-Virus Enterprise
WinZip

5.01
SR1

Optional:
Adobe
Visio
Microsoft

Photoshop
Visio
Project

6.0 or above
2000 or above
2000 or above

6.0
2000 or above
7.6 or above
8.0 or above

HOP LUN INFORMATION TECHNOLOGY POLICIES

Appendix C IT Request Form

HOP LUN (HK) LTD.

IT Request Form

Ref. No.

Application Date

New Pu rchases

Country

Loan (Return date

Company

Dept. /Code

Name

Expected Completion Date

Request

HK

INT'L

Reason for request :

Total Cost :

Applicant Signature

Name :
Handle by :

14

Approved by Dept. Head

Name :

Approved by IT Manager

Name :

Other