fbpx

Information Technology Security and Recovery From Disaster

Information Technology Security and Recovery From Disaster

Asset Management and Planning
Download Now!

Purpose

  • Ensure all electronic data is secure and retrievable in the event of loss of working files from unauthorised access.
  • Protect ‘e’ data.
  • Quickly and fully recover from software loss or system crash
  • Establish Standard File System

Background

A significant exposure in any organisation is the potential of failure of electronic data.  This procedure addresses the need to protect and maintain electronic data through robust backups, virus protection and structure

Scope

All Management and staff

Procedure

Back-up

Daily Back-Up

  • All My Docs records are backed-up daily to CD burn.
  • All proprietary software (describe) records backed up daily to CD burn.

Monthly Back-Up

Accounting Software (describe) records are backed-up monthly to a CD.

Virus prevention

  • Where necessary, a virus check will be conducted before use.
  • Virus checks will be run as scheduled daily.
  • Immediately download updates when available.

Virus eradication

When a computer virus is detected:

  • Inform customers or other parties who may be affected
  • Seek professional advice from IT PROVIDER
  • Follow instructions for eradication
  • Re-run and test to ensure eradication
  • Run antivirus program
  • Re-commence normal operations
  • Advise customers and stakeholders of outcome.

Access control

Password/s:

Each staff member within the business is responsible for his or her own data security.  Data Security is a compliance issue related to Privacy Legislation. It is vital that all computer systems have a unique password security control.  Each staff member is responsible for ensuring that password security is engaged during extended absences from their computer.

Firewall Protection

Protect computers from intrusion from the Web and unauthorised access to the Web (by spyware/malware) by the use of a firewall such as a hardware firewall and/or a software program (DESCRIBE YOUR SOFTWARE OR FIREWALL SOLUTION IN GENERAL TERMS – BUT BE AWARE OF YOUR SECURITY IN DOING SO).

Email Access

Email access is available to all staff with access to a computer.  Care should be taken in the use of Business email for private purposes as the company may be liable for inappropriate emails sent by staff of this organisation.  From time to time the company may exercise its right to delete or archive old emails and to review all emails held on company computers to ensure that inappropriate material has not been sent  or accessed using company equipment.  Staff should be aware that in the event of termination, access to these emails and data will also be immediately terminated.  Ownership of emails and electronic data of all forms contained on company equipment rests with the company.

Disaster recovery

If a computer crashes, with loss of data and/or software, and/or system damage:

  • Obtain back-up disk
  • Contact (IT PROVIDER) for professional advice
  • Take action suggested by (IT PROVIDER) until the computer system returns to operational status.
  • Re-instate lost data
  • Run and test

Data recovery operation must not exceed 24 hours.

After system is back to normal:

  • Record the event on a CAR Form (Corrective Action Required Form)
  • Identify the underlying (root) causes
  • Identify preventive actions
  • Improve procedures
  • Inform all staff of reasons/causes of computer failure if identifiable.

Email set-up

Email folders should be established on each system in (Email Program such as Mozilla or Microsoft Outlook/Outlook Express) as follows:

  • Personal (if personal emails permitted)
    • subfolders according to personal preference
  • Business
    • customer Emails (customer specific)
    • General Business (Tax/Correspondence/General)
    • Promotions in (emails advertising information that you wish to retain – delete any that you don’t need or want)
    • Internal Emails (establish sub folders to this based on general forms of such emails)

Emails may be printed if necessary to be attached to the customers’ file. All attachments must be scanned for viruses immediately upon being downloaded.  If a virus exists, immediately power off the system and seek advice from (IT PROVIDER). 

Computer file management

The following identifies management of computer files and records:

  • Depending on your operating system (ie not available in Vista) reassign “My Documents” folder to separate physical HDD or Partition. (seek advice from your IT Provider especially if you have a separate file server)
  • Use File Save Name Format: <Descriptor> yy mm dd (eg “letter to client regarding portfolio performance 07 12 05”)
  • Create two sub-folders labelled “Personal” (if permitted) and “Business”
    • Customer Files (create sub-folders specific to normal generic files required by your business eg correspondence out, correspondence in etc)
    • Business Records
      • Tax Files
      • Minutes of meetings
      • correspondence out
      • invoices
      • other
    • Promotional Materials (designs for promotional materials such as ads and brochures etc)
      • Draft
      • Obsolete
      • Approved
    • Forms
      • Draft
      • Obsolete
      • Approved
    • Resources (from time to time you will come across items that are useful in your business and need somewhere to store them.  You will find however that unless you store them methodically you won’t use them and if you haven’t used them and converted them to your business use within 12 months – you probably won’t so have a process to delete them unless you really think you will)
      • Separate folder for each month (review data in each month after twelve months.  eg data stored in March 07 should be reviewed at the start of March 08 with a view to deleting anything not used – if it has been used it should be transferred either by being converted to eg promotional material or a procedure or the like)