Bizmanualz Sample from the Computer & IT Policies and Procedures Manual

SAMPLE POLICY FROM THE BUSINESS

POLICIES AND PROCEDURES SAMPLER
includes
INCLUDES
A
LIST
OF
an example policy, procedure, a list of topics, forms and job descriptions

Computer & IT Policies and Procedures Manual

The Computer and Network Policy, Procedures and Forms Manual
discusses strategic IT management, control of computer and network
assets, and includes a section on creating your own information systems
manual along with a computer and IT security guide. The Computer &
Network Manual helps you comply with Sarbanes Oxley, COBIT or ISO
17799 security and control requirements. This Computer and Network
Manual allows IT Managers, IT departments and IT executives to develop
their own unique IT policy and procedures
US$ 595.00

Includes seven (7) modules:

1.
2.

How to Order:
Online:
www.bizmanualz.com
By Phone: 314-384-4183
866-711-5837
Email:
sales@bizmanualz.com

3.
4.
5.
6.
7.
8.

Introduction and Table of Contents

Guide to preparing a well written
manual
A Sample Manual covering common
requirements and practices
41 Policies and 75 corresponding
forms
Software Development Supplement
IT Security Guide
33 Job Descriptions covering every
position referenced in the Manual
Complete Index

Instant download
Available immediately
(no shipping required)

Sample Policy from Computer & IT Policies and Procedures Manual

IT Asset Management Section: IT Asset Assessment

Document ID
ITAM104
Revision
0.0
Effective Date
mm/dd/yyyy

Title
IT ASSET ASSESSMENT
Prepared By
Preparers Name/Title
Reviewed By
Reviewers Name/Title
Approved By
Final Approvers Name/Title

Print Date
mm/dd/yyyy
Date Prepared
mm/dd/yyyy
Date Reviewed
mm/dd/yyyy
Date Approved
mm/dd/yyyy

Policy:

The Company shall assess (evaluate) its Information Technology

assets for conformance to Company requirements.

Purpose:

To identify hardware and software (Information Technology

assets) on the Company Information Technology network,
determine if those assets are appropriate for the Companys
needs, determine if these assets are properly licensed and
versioned, and if they conform to Company standards.

Scope:

All Information Technology assets that make up the Companys

Information Technology system/network are subject to this
procedure.

Responsibilities:
The Information Technology Asset Manager is responsible for
supervising the Information Technology asset assessment
program.

Bizmanualz Sample from the Computer & IT Policies and Procedures Manual

SAMPLE POLICY FROM THE BUSINESS

POLICIES AND PROCEDURES SAMPLER
includes
INCLUDES
A
LIST
OF
an example policy, procedure, a list of topics, forms and job descriptions
The Tech Support Manager is responsible for conducting
complete, detailed, and objective Information Technology asset
assessments, writing nonconformance reports, and reporting
findings of Information Technology asset assessments.
Definitions:Network scan (or scan) Scanning an Information Technology
network (with specialized software) to confirm the presence or
absence of computer hardware or software, check asset
configurations, verify software versions, manage software
licenses, track lease and warranty information, detect network
vulnerabilities, etc. Commercial and open source software for
conducting Information Technology asset scans is readily
available; see Additional Resource A for guidance.
Information Technology Asset Any computer hardware,
software, Information Technology-based Company information,
related documentation, licenses, contracts or other agreements,
etc. In this context, Information Technology assets may be
referred to as just assets.
Nonconformance A significant, material failure to conform to
one or more requirements; also referred to as a nonconformity.
Moving a PC from one desk/user to another without the
knowledge or permission of the Information Technology Asset
Manager is one example of a nonconformance.
Procedure:

1.0 IT asset assessment PLAN

1.1

Information Technology asset assessments shall be conducted at

regular intervals. Assessments should be conducted annually, at a
minimum. (See Reference A.)

1.2

Information Technology asset assessments should also be

conducted whenever a large turnover of assets (for example, a
large number of PC leases expires in a short time frame) occurs.

Prior to an assessment, the Information Technology Asset Manager

shall review ITAM104-1 IT ASSET ASSESSMENT CHECKLIST for possible
modifications. This checklist shall be used by the Tech Support
Manager as a guide to conducting Information Technology asset
assessments.

2.0 IT Asset SCAN

2.1

The Information Technology Asset Manager shall ensure that the Tech
Support Manager has the current version of the following on hand prior
to conducting a network scan:

ITAM102-5 IT ASSET INVENTORY DATABASE;

ITAM102-6 IT NETWORK MAP; and

ITAM104-1 IT ASSET ASSESSMENT CHECKLIST.

2.2the Tech Support Manager shall run a scan on the Companys Information
Technology network to determine the status of all Information

Bizmanualz Sample from the Computer & IT Policies and Procedures Manual

SAMPLE POLICY FROM THE BUSINESS

POLICIES AND PROCEDURES SAMPLER
includes
INCLUDES
A
LIST
OF
an example policy, procedure, a list of topics, forms and job descriptions
Technology assets on the network and compare the results with the
documents listed in 2.1, looking for information such as:

2.3

What Information Technology hardware is on the network and who

are the registered owners;

Whether hardware is in use or not;

What software is installed on each computer, whether it is the

correct version, and whether it is a licensed copy; and/or

Whether unapproved/unauthorized software has been installed on

any PC.

If a nonconformance is found, the Tech Support Manager shall report it

in accordance with procedure ITSD109 IT INCIDENT HANDLING.

3.0 DOCUMENTATION AND DISTRIBUTION

3.1

The Tech Support Manager shall consolidate and summarize asset scan
results on ITAM104-2 IT ASSET SCAN SUMMARY.

3.2

The Tech Support Manager shall prepare and submit their findings
including forms ITAM104-1 and ITAM104-2 to the Information
Technology Asset Manager.

4.0 NONCONFORMANCE HANDLING

4.1

If a nonconformance is discovered in the course of an asset

assessment, the Information Technology Asset Manager shall write a
Corrective Action Request (CAR), in accordance with procedure
ITSD109 IT INCIDENT HANDLING.

4.2

The CAR shall be submitted to the Manager of the department where

the nonconformance occurred.

4.3

The Department Manager receiving the CAR shall submit a reply in

accordance with procedure ITSD109 IT INCIDENT HANDLING.

4.4

If a corrective action was taken, the Information Technology Asset

Manager should review the situation within three months to verify that
the corrective action was effective.

5.0 IT ASSET Records update

After the Information Technology asset assessment and subsequent
corrective actions, The Information Technology Asset Manager shall
ensure timely and accurate updates to ITAM102-5 IT ASSET INVENTORY
DATABASE and ITAM102-6 IT NETWORK MAP. (See Reference B.)
Forms:

ITAM104-1 IT ASSET ASSESSMENT CHECKLIST

ITAM104-2 IT ASSET SCAN SUMMARY

References:
A. ISO STANDARD 27002:2013 CODE OF PRACTICE FOR
INFORMATION SECURITY MANAGEMENT, CLAUSE 8 ASSET
MANAGEMENT

Bizmanualz Sample from the Computer & IT Policies and Procedures Manual

SAMPLE POLICY FROM THE BUSINESS

POLICIES AND PROCEDURES SAMPLER
includes
INCLUDES
A
LIST
OF
an example policy, procedure, a list of topics, forms and job descriptions
Clause 8 of the Standard is the Asset Management standard, which
deals with asset accountability and information classification.

ISO Standard 27002:2011 and its companion standards, ISO

27001:2011 and ISO 27005:2008, provide a comprehensive set
of controls comprising best practices in the field of information
security.
ISO 27002 was formerly known to ISO as 17799 and may
continue to be known that way in the business and Information
Technology world for some time. See
http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail
_ics.htm
B. SARBANES-OXLEY ACT OF 2002
Sarbanes-Oxley, passed by the U.S. Congress in 2002, is designed to
prevent manipulation, loss, or destruction of records within publiclyheld companies doing business in the U.S. Because virtually all
companies keep records electronically, Section 404 of the Act implies
that an adequate internal control structure is Information Technologybased.
Therefore, regular scanning of the Companys Information Technology
network, evidence of regular scanning, and keeping an up-to-date
Information Technology asset inventory are all evidence of adequate
internal controls.
Additional Resources:
A. There are many types of scans that may be conducted on a computer
network hardware scans, software scans, wireless and wired network
scans, security scans, etc. System Center 2012 R2 Configuration
Manager (http://www.microsoft.com/en-us/servercloud/products/system-center/2012-r2-configurationmanager/default.aspx#fbid=Xd6tQVcmWsT) is one form of asset
management software. Additional asset management software
providers and their products may be found by searching the Internet.
Revision History:
Revisi
on

Date

mm/dd/yy
yy

Description of Changes
Initial Release

Requested
By

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL INCLUDES
AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB DESCRIPTIONS

Form: ITAM104-1 IT ASSET ASSESSMENT CHECKLIST

Assessment #:

Date:

Area Evaluated:

Dept. Mgr.:

Lead Assessor:

Assessor:

IT Asset Accountability

Response and Comments

1) Is every IT asset hardware, software, and

related documentation accounted for?
2) Is an IT asset inventory maintained?
3) Is an IT asset classification scheme in place?
4) Does the inventory identify the owner and
location of each asset?
5) Does the company have a clear set of standards
for IT assets? Are the standards up to date?
How often are they reviewed? Do they conform
to industry standards and/or legal requirements?
6) Is the IT asset inventory reviewed regularly to
see the company does not risk having obsolete
IT assets in inventory?
7) Does every hardware asset conform to company
standards? Are they clearly and properly
identified?
8) Do all software assets conform to company
standards? Are they clearly and properly
identified?
9) Does the IT asset inventory thoroughly and
accurately account for software versions and
licenses?
10)
Is there an IT network diagram? Is it
accurate? Is it readily produced? When was it
last reviewed? How frequently is it reviewed?
Tech Support Area

Response and Comments

1) Are workers organized and scheduled?

2) Are adequate working areas provided for tasks?
3) Are drawings and schematics organized,
inventoried and readily accessible?
4) Are work instructions sufficient?
5) Are all items (new hardware/software, items
being repaired, etc.) inventoried?
6) Is there any obvious disorganization?

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL INCLUDES
AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB DESCRIPTIONS

Tools randomly scattered about?

Parts on benches disorganized?

Components or parts for other assemblies

present?

7) Are work areas (benches) clean?

8) Are parts organized and stored efficiently? Are
stores clearly marked?
9) Are staging areas organized?
Tech Support Equipment
Comments

Response and

1) Are tools properly inventoried? Are records

accurate and up-to-date?
2) Are tools properly stored when not in use?
3) Are tools in good working order?
4) Are tools requiring calibration being recalibrated
on a regular basis? Are calibration records
current?
Tech Support Records

Response and Comments

1) Are production records (installations, repairs,

etc.) maintained? Are they complete and up-todate? Are they readily accessible?
2) Are work pending and work in process
records included with the above? Are they
likewise complete and up-to-date? Are they also
readily accessible?
User Complaints

Response and Comments

1) Is there a log of user complaints and concerns?

Is it complete, up to date, organized, and readily
accessible?
2) What is the level of detail in the log file? Are
complaints/concerns classified clearly and
logically?
3) Is this complaint file periodically reviewed for
trends?
Authorization
Comments:

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL INCLUDES
AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB DESCRIPTIONS

Tech Support:

Date:

IT Asset Manager:

Date:

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL INCLUDES
AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB DESCRIPTIONS

ITAM104-2 IT ASSET SCAN SUMMARY

(Attach results from scanning software to this sheet.)
Hardware scan results:

Software scan results:

Nonconformities (discrepancies) found:

Other comments:

Tech Support:

Date:

IT Asset Mgr.:

Date:

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL INCLUDES
AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB DESCRIPTIONS

Computer and IT Policies and Procedures Manual:

41 Prewritten Policies and Procedures
IT Administration
1. Information Technology Management
2. IT Records Management
3. IT Document Management
4. IT Device Naming Conventions
5. TCP/IP Implementation Standards
6. Network Infrastructure Standards
7. Computer and Internet Usage Policy
8. E-Mail Policy
9. IT Outsourcing
10. IT Department Satisfaction
IT Asset Management
11. IT Asset Standards
12. PIT Asset Management
13. IT Vendor Selection
14. IT Asset Assessment
15. IT Asset Installation Satisfaction
IT Training and Support
16. IT System Administration
17. IT Support Center
18. IT Server / Network Support
19. IT Troubleshooting
20. IT User-Staff Training Plan

IT Security and Disaster Recovery

21. IT Threat And Risk Assessment
22. IT Security Plan
23. IT Media Storage
24. IT Disaster Recovery
25. Computer Malware
26. IT Access Control
27. IT Security Audits
28. IT Incident Handling
29. BYOD Policy
Software Development
30. IT Project Definition
31. IT Project Management
32. Systems Analysis
33. Software Design
34. Software Programming
35. Software Documentation
36. Software Testing
37. Design Changes During Development
38. Software Releases and Updates
39. Software Support
40. Software Consulting Services
41. Software Training

SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL INCLUDES
AN EXAMPLE PROCEDURE, A LIST OF TOPICS, FORMS AND JOB DESCRIPTIONS

75 Corresponding Forms and Records

IT Administration
1. Information Technology Plan
2. IT Plan Review Checklist
3. Records Classification and Retention Guide
4. Records Management Database
5. Document Control List
6. Document Change Request Form
7. Document Change Control Form
8. Network Infrastructure Standards List
9. Company Computer and Internet Usage Policy
10. Company E-Mail Policy Acknowledgement
11. IT Outsourcer Due Diligence Checklist
12. IT Outsourcer Record
13. IT Post-Service Satisfaction Report
14. User Satisfaction Survey
15. BYOD Policy & Acknowledgement
IT Asset Management
16. IT Asset Standards List
17. IT Asset Configuration Worksheet
18. IT Asset Standards Exception Request
19. IT Asset Requisition/Disposal Form
20. IT Asset Acquisition List
21. Tech Support Receiving Log
22. Nonconforming IT Asset Form
23. IT Asset Inventory Database
24. IT Network Map
25. IT Vendor Notification Form
26. IT Vendor Survey
27. Approved IT Vendor Data Sheet
28. IT Vendor List
29. IT Vendor Disqualification Form
30. IT Asset Assessment Checklist
31. IT Asset Scan Summary
32. IT Asset Installation Follow-Up Report
IT Training and Support
33. System Administration Task List
34. Tech Support Log
35. System Trouble and Acknowledgement Form
36. Server/Network Planning Checklist
37. IT Server/Network Support Plan

38.
39.
40.
41.

IT Troubleshooting Plan
User Troubleshooting Guide
ITS Training Requirements List
ITS Training Log

IT Security and Disaster Recovery

42. It Threat/Risk Assessment Report
43. IT Security Assessment Checklist
44. IT Security Plan
45. IT Security Plan Implementation Schedule
46. Information Storage Plan
47. IT Disaster Recovery Plan
48. Access Control Plan
49. User Access Control Database
50. Access Control Log
51. User Account Conventions
52. IT Security Audit Report
53. IT Nonconformity Report
54. IT Security Audit Plan
55. IT Incident Report
56. BYOD Policy & Acknowledgements
Software Development
57. IT Project Plan
58. IT Project Development Database
59. IT Project Status Report
60. IT Project Team Review Checklist
61. IT Project Progress Review Checklist
62. Design Review Checklist
63. Work Product Review Checklist
64. Request For Document Change (RDC)
65. Software Project Test Script
66. Software Project Test Checklist
67. Software Project Test Problem Report
68. Design Change Request Form
69. Software License Agreement
70. Software Limited Warranty
71. Software Copyright Notice
72. Software Consulting Agreement
73. Statement Of Work
74. Software Consulting Customer Support Log
75. Software Training Evaluation Form

Job Descriptions: A complete job description is included for each of the 33 positions referenced in the
Computer & IT Policies and Procedures Manual. Each position includes a summary description of the position,
essential duties and responsibilities, organizational relationships, a list of the procedures where the position is
referenced, specific qualifications, physical demands of the position, and work environment.
Beta Test Coordinator
Board Member
Chief Executive Officer (CEO
Director of Quality
Document Manager
Financial Manager
Help Desk Technician
Human Resources Manager
Internal Audit Team Leader
IT Asset Manager
IT Disaster Recovery Coordinator

Information Technology Manager

IT Project Manager
IT Security Manager
IT Storage Librarian
IT Support Center Manager
LAN Administrator
Network & Computer Systems
Administrator
President
Product Manager
Project Manager
Purchasing Manager

Quality Manager
Shipping/ Receiving Clerk
Software Designer
Software Support Analyst
Software Trainer
Systems Analyst
Technical Support Manager
Technical Support Specialist
Technical Writer
Telecommunications Manager
Training Manager