Commission on Audit Region V

Information Technology
Policy

Jayson P. Arevalo
 The importance of IT policy
• It is no understatement to say that IT is the
key driver in any business. These days,
virtually every business operates out of
computers and Internet. Companies should
realise that proper usage of IT not only
ensures data confidentiality, but can also offer
competitive advantages (The Importance of IT
Policy, 2017).
 An IT policy protects against threats
• With such widespread usage, computer
networks can pose a danger to the integrity of
a business. An organisation without clear rules
and guidelines in the usage of computers,
emails, and the Internet risks is vulnerable to a
variety of serious threats (The Importance of
IT Policy, 2017).
 An IT policy protects against threats
• The proper management of IT use within the
organisation can eliminate many such risks. In
implementing an IT policy, organisations gain
protection from external threats and help
prevent internal IT & security breaches (The
Importance of IT Policy, 2017).
 An IT policy improves transparency
and efficiency
• Implementing and enforcing an IT policy not only
protects an organisation from online threats - it
can also improve transparency & efficiency in its
business (The Importance of IT Policy, 2017).
• With a clear IT policy, employees understand how
to organise information in a standardised format.
This facilitates workflow and raises overall
business efficiency (The Importance of IT Policy,
2017).
 Characteristics of a good IT policy
• An IT policy is only as effective as the degree
to which it is practised within the
organisation. Therefore, a good policy is one
which is easily and clearly understood. Policies
should also be flexible and open to changes as
requirements, capabilities and environments
evolve. It is also important for policies to be
up-to-date so as to remain relevant (The
Importance of IT Policy, 2017).
Commission on Audit Region V
Information Technology
Policy and Procedure Manual
 Introduction
• The Commission on Audit IT Policy and
Procedure Manual provides the policies and
procedures for selection and use of IT within
the business which must be followed by all
staff. It also provides guidelines Commission
on Audit will use to administer these policies,
with the correct procedure to follow.
• Commission on Audit will keep all IT policies
current and relevant. Therefore, from time to
time it will be necessary to modify and amend
some sections of the policies and procedures,
or to add new procedures.
• Any suggestions, recommendations or
feedback on the policies and procedures
specified in this manual are welcome.
• These policies and procedures apply to all
employees.
List of Policies
 Technology Hardware Purchasing
Policy
• Computer hardware refers to the physical
parts of a computer and related devices.
Internal hardware devices include
motherboards, hard drives, and RAM. External
hardware devices include monitors,
keyboards, mice, printers, and scanners.
 Purpose
• This policy provides guidelines for the
purchase of hardware for the business to
ensure that all hardware technology for the
business is appropriate, value for money and
where applicable integrates with other
technology for the business. The objective of
this policy is to ensure that there is minimum
diversity of hardware within the business.
 Policy for Getting Software
• Computer hardware refers to the intangible
parts of a computer and related devices.
Examples are Antivirus, Database,
Spreadsheet, Word processor etc..
 Purpose
• This policy provides guidelines for the
purchase of software for the business to
ensure that all software used by the business
is appropriate, value for money and where
applicable integrates with other technology
for the business. This policy applies to
software obtained as part of hardware bundle
or pre-loaded software.
 Policy for Use of Software
• This policy provides guidelines for the use of
software for all employees within the business
to ensure that all software use is appropriate.
Under this policy, the use of all open source
and freeware software will be conducted
under the same procedures outlined for
commercial software.
 Bring Your Own Device Policy
• This policy provides guidelines for the use of
personally owned notebooks, smart phones,
tablets etc. for business purposes. All staff
that use or access Commission on Audit's
technology equipment and/or services is
bound by the conditions of this Policy.
Information Technology Security Policy
• This policy provides guidelines for the
protection and use of information technology
assets and resources within the business to
ensure integrity, confidentiality and
availability of data and assets.
 Information Technology
Administration Policy
• This policy provides guidelines for the
administration of information technology
assets and resources within the business.
 Website Policy
• This policy provides guidelines for the
maintenance of all relevant technology issues
related to the COA Region 5 website.
 Hardware Maintenance and Repair
Policy
• This policy provides guidelines for the
maintenance and repair of IT equipment and
hardware issued by the Commission on Audit
Region 5.
• The objective of this policy is to ensure that all
IT equipment and hardware issued by the
office are properly working, maintained or
replaced if necessary.
 Network/Internet Acess Policy
• This policy provides guidelines in connecting
the network and internet of the office.
• The objective of this policy is to ensure that
each employee is given a reasonable access to
the network and the internet.
 IT Service Agreements Policy
• This policy provides guidelines for all IT service
agreements entered into on behalf of the
Commission on Audit.
 Emergency Management of
Information Technology
• This policy provides guidelines for emergency
management of all information technology
within the business.