IT department provides and maintains technological products, services and facilities like

Personal Computers (PCs), peripheral equipment, servers, telephones, Internet and

application software to its employees for official use. The Information Technology (IT)
Policy of the organization defines rules, regulations and guidelines for proper usage and
maintenance of these technological assets to ensure their ethical and acceptable use
and assure health, safety and security of data, products, facilities as well as the people
using them. It also provides guidelines for issues like purchase, compliance, IT support
and grievance redressal of the employees pertaining to technological assets and
services used for office work.

1 IT Policy

1.1 Purchase

1) The Procurement Dept. procedures & guidelines need to be followed to purchase

new technological equipment, services or software for official purposes.

2) All approved equipment, services or software will be purchased through the

Procurement Dept., unless informed/permitted otherwise.

3) IT Dept. will assist the Procurement Dept. while evaluating best and most cost-
effective hardware or software to be purchased for a particular dept./project/purpose
based on the requirement. The IT Dept. will also make sure all hardware/software
standards defined in the IT Policy are enforced during such purchases.

4) Complete details related to purchase of technological equipment, services or

software can be found in the Procurement Policy Manual.

1.2 Compliance

1) All employees are expected to comply with the IT Policy rules and guidelines while
purchasing, using and maintaining any equipment or software purchased or provided by
the organization.

2) Any employee who notices misuse or improper use of equipment or software within
the organization must inform his/her Reporting Manager(s) immediately.

3) Inappropriate use of equipment and software by an employee will be subject to

disciplinary action as deemed fit by the Management Committee of the organization.

1.3 Employee Training

1) Basic IT training and guidance is provided to all new employees about using and
maintaining their Personal Computer (PC), peripheral devices and equipment in the
organization, accessing the organization network and using application software.
2) Employees can request and/or the Management Committee can decide to conduct
an IT training on a regular or requirement basis.

1.4 IT Support

1) IT department uses an online Ticket System to provide IT Support to its employees

and clients.

2) Employees may need hardware/software installations or may face technological

issues which cannot be resolved on their own. Employees are expected to get help from
the IT Dept. for such issues via the Ticket System or the IT Support Email ID only.

3) Any IT Support work informed or assigned via emails sent on employee email IDs,
chats or any other media except the Ticket System or the IT Support Email ID would be
not entertained.

4) For the sake of quick understanding, employees are expected to provide details of
their issue or help required in the Ticket raised or Support Email sent.

5) For major issues like PC replacement, non-working equipment, installation of

application software and more, it is mandatory for all employees to inform the IT Dept.

6) For any damage to Personal Computers, approval from Reporting Manager would be
required for PC replacements.

7) After raising a ticket in the Ticket System, employees should expect a reply from the
IT Dept. within 1 working day. The IT Dept. may ask the employee to deposit the
problematic equipment to the IT Dept. for checking and will inform the timeline for
repair/maintenance/troubleshooting/installations or the required work.

8) If there is no response in 1 working day, then the IT Dept. Designated Staff should be
asked for an explanation for the delay. If no response is obtained in 3 working days, a
complaint can be raised through an email to the employee’s Reporting Manager and IT
Dept. Designated Staff.

9) Tickets will be resolved on a First-Come-First-Served basis. However, the priority can

be changed on request at the sole discretion of the designated team in IT Dept.

2 Equipment Usage Policy

2.1 Objective

The Equipment Usage policy informs employees and managers about equipment
purchase, organizational and project-level inventory management, rules for allocating &
transferring equipment to employees, departments or projects and best practices for all
equipment usage and maintenance.

2.2 Equipment Purchase

1) The following equipment is purchased by the organization and provided to individual

employees, departments or projects for their official use. The list can be modified as and
when required.

a. Personal Computing Devices (Desktop, Laptop, Tablet)

b. Computer Peripherals (Printer, Scanner, Photocopier, Fax Machine, Keyboard,

Mouse, Web Camera, Speaker, Modem etc.)

c. Networking Equipment & Supplies (Router, Switch, Antenna, Wiring, etc.)

d. Cell phones e. Biometric Devices

2) The Procurement Dept. procedures & guidelines need to be followed to purchase

new equipment for official purposes. All approved equipment will be purchased through
the Procurement Dept., unless informed/permitted otherwise.

3) The Procurement Dept. will maintain a small inventory of standard PCs, software and
equipment required frequently to minimize delay in fulfilling critical orders.

2.3 Inventory Management

1) The Procurement Dept. is responsible for maintaining an accurate inventory of all

technological assets, software and tangible equipment purchased by the organization.

2) The following information is to be maintained for above mentioned assets in an

Inventory Sheet:

a. Item

b. Brand/ Company Name

c. Serial Number

d. Basic Configuration (e.g. HP Laptop, 120 GB HD, 2 GB RAM etc.)

e. Physical Location

f. Date of Purchase

g. Purchase Cost

h. Current Person In-Charge

3) Proper information about all technological assets provided to a specific department,
project or center must be regularly maintained in their respective Inventory Sheets by an
assigned coordinator from that dept., project or center on a regular basis. The
information thus maintained must be shared with the Procurement Dept. as and when
requested.

4) When an Inventory Sheet is updated or modified, the previous version of the

document should be retained. The date of modification should be mentioned in the
sheet.

5) All technological assets of the organization must be physically tagged with codes for
easy identification.

6) Periodic inventory audits will be carried out by the IT Dept. to validate the inventory
and make sure all assets are up-to-date and in proper working condition as required for
maximum efficiency and productivity.

2.4 Equipment Allocation, De-allocation & Relocation

1) Allocation of Assets:

a. New Employees may be allocated a personal computer (desktop or laptop) for office
work on the Day of Joining, as per work requirement.

b. If required, employees can request their Reporting Manager(s) for additional

equipment or supplies like external keyboard, mouse etc.

c. Allocation of additional assets to an employee is at the sole discretion of the

Reporting Manager(s).

d. No employee is allowed to carry official electronic devices out of office without

permission from Reporting Manager.

2) De-allocation of Assets: a. It is the Reporting Manager’s responsibility to collect all

allocated organizational equipment & other assets from an employee who is leaving the
organization. b. Updating the Inventory Sheet is mandatory after receiving back all
allocated equipment. c. The received assets must be returned back to the Admin. Dept.

2.5 Equipment Usage, Maintenance and Security

1) It is the responsibility of all employees to ensure careful, safe and judicious use of the
equipment & other assets allocated to and/or being used by them.

2) Proper guidelines or safety information must be obtained from designated staff in the
IT Dept. before operating any equipment for the first time.
3) Any observed malfunction, error, fault or problem while operating any equipment
owned by the organization or assigned to you must be immediately informed to the
designated staff in IT Dept.

4) Any repeated occurrences of improper or careless use, wastage of supplies or any

such offense compromising the safety or health of the equipment and people using
them will be subject to disciplinary action.

5) If your assigned computing device is malfunctioning or underperforming and needs to

be replaced or repaired, then written approval from your Reporting Manager is required
for the same. The malfunctioning device needs to be submitted to the IT Dept. for
checking, maintenance or repair. The IT Dept. staff person will give a time estimate for
repair/maintenance.

6) The Reporting Manager can be informed about excessive delay or dissatisfaction

about the repair or maintenance performed by the IT Dept. The issue will then be
resolved by the Reporting Manager in consultation with the IT Dept. Head. The
Management Committee can be consulted in terms of serious disputes or unresolved
issues.

2.6 Phone Usage Policy

1) Landline phone systems are installed in the organization’s offices to communicate

internally with other employees and make external calls.

2) The landline phones should be strictly used to conduct official work only. As far as
possible, no personal calls should be made using landline phones owned by the
organization.

3) Long distance calls should be made after careful consideration since they incur
significant costs to the organization.

4) The Admin. Dept. is responsible for maintaining telephone connections in offices. For
any problems related to telephones, they should be contacted.

5) Employees should remember to follow telephone etiquette and be courteous while

representing themselves and the organization using the organization’s phone services.

3 Personal Computer (PC) Standards

3.1 Objective

The main aim of this policy is to maintain standard configurations of PC hardware and
software purchased by the organization and provided to employees for official work. The
hardware standards will help maintain optimum work productivity, computer health &
security and provide timely and effective support in troubleshooting PC problems. The
software standards will ensure better system administration, effective tracking of
software licenses and efficient technical support.

3.2 General Guidelines

1) It is the responsibility of the IT Dept. to establish and maintain standard

configurations of hardware and software for PCs owned by the organization. The
standard, can however, be modified at any point in time as required by the IT Dept.
Head in consultation with the Management Committee.

2) Multiple configurations are maintained as per the different requirements of various

departments and projects in the organization, in consultation with the Dept. /Project
Head.

3) Only in exceptional cases, when none of the standard configurations satisfy the work
requirements, can an employee request a non-standard PC configuration. Valid reasons
need to be provided for the request and written approval of the Reporting Manager(s) is
required for the same.

3.3 Network Access

1) All PCs being used in the organization are enabled to connect to the organization’s
Local Area Network as well as the Internet.

2) Network security is enabled in all PCs through Firewall, Web Security and Email
Security software.

3) Employees are expected to undertake appropriate security measures as enlisted in

the IT Policy.

3.4 Data Backup Procedure

1) Data Backup is setup during installation of Operating System in a PC. As an

additional security measure, it is advised that employees keep important official data in
some external storage device also.

2) File Backup System:

a. Organization will be installing a file server for backing up data of all employees. All
employees are expected to keep official data on the file system.

b. Employee’s Reporting Manager or the Management Committee or the IT Manager

will have access to that data.

c. All employees will login to the file server through ADDC1 user ID and password.
3) Server backup:

a. IT Dept. is expected to maintain an incremental backup of all servers with at least 4

copies of all servers. At any time, 4 backups of all servers must be maintained.

b. Replica mode of all running servers will be offline and it should maintain half-hourly
backup.

c. The hard disk of every server should be in the Red5 mode.

3.5 Antivirus Software

1) Approved licensed antivirus software is installed on all PCs owned by the

organization.

2) Two configurations – Basic and Advanced are maintained for Antivirus software
installed on organization’s computers. The configurations are installed on PCs as per
work requirement of particular Dept. /Project.

3) Employees are expected to make sure their Antivirus is updated regularly. The IT
Dept. should be informed if the Antivirus expires.

4) Any external storage device like pen drive or hard disk connected to the PC needs to
be completely scanned by the Antivirus software before opening it and copying files
to/from the device.

3.6 PC Support

1) Guidance and tips given by the IT Dept. designated staff for maintaining the PC
should be remembered while using a PC.

2) The IT Dept. should be contacted via the IT Support Ticket System or IT Support
Email for any assistance with your PC hardware or software.

3) Technical support will not be provided for hardware devices or software which are
personally purchased, illegal or not included in the standard hardware/software list
developed by the IT Dept.

4) Software applications evaluated by the IT Dept. to cause problems with the

organization’s PCs will be removed. 1 ADDC - Active Directory Domain Controller

4 Internet Usage Policy

4.1 Objective
The Internet Usage Policy provides guidelines for acceptable use of the organization’s
Internet network so as to devote Internet usage to enhance work productivity and
efficiency and ensure safety and security of the Internet network, organizational data
and the employees.

4.2 General Guidelines

1) Internet is a paid resource and therefore shall be used only for office work.

2) The organization reserves the right to monitor, examine, block or delete any/all
incoming or outgoing internet connections on the organization’s network.

3) The organization has systems in place to monitor and record all Internet usage on the
organization’s network including each website visit, and each email sent or received.
The Management Committee can choose to analyze Internet usage and publicize the
data at any time to assure Internet usage is as per the IT Policy.

4) The organization has installed an Internet Firewall to assure safety and security of
the organizational network. Any employee who attempts to disable, defeat or circumvent
the Firewall will be subject to strict disciplinary action.

4.3 Internet Login Guidelines

1) All employees may be provided with a Username and Password to login to the
Internet network in the office and to monitor their individual usage.

2) An employee can also get a local static IP address for internet and intranet use. All
employees will be responsible for the internet usage through this local static IP.

3) Username and password for a new employee must be requested by the HR Dept.

4) Sharing the Username and Password with another employee, visitor or guest user is
prohibited.

5) A visitor or guest user who wants to use the office Internet will be given a Guest
Username and Password.

6) The IT Dept. will define guidelines for issuing new passwords or allowing employees
to modify their own passwords.

7) Any password security breach must be notified to the IT Dept. immediately.

8) Username and password allotted to an employee will be deleted upon

resignation/termination/retirement from the organization.

4.4 Password Guidelines

The following password guidelines can be followed to ensure maximum password
safety.

1) Select a Good Password:

a. Choose a password which does not contain easily identifiable words (e.g. your
username, name, phone number, house location etc.).

b. Use 8 or more characters.

c. Use at least one numeric and one special character apart from letters.

d. Combine multiple unrelated words to make a password.

2) Keep your Password Safe:

a. Do not share your password with anyone.

b. Make sure no one is observing you while you enter your password.

c. As far as possible, do not write down your password. If you want to write it down, do
no display it in a publicly visible area.

d. Change your password periodically (every 3 months is recommended).

e. Do not reuse old passwords. If that is difficult, do not repeat the last 5 passwords.

3) Other Security Measures:

a. Ensure your computer is reasonably secure in your absence.

b. Lock your monitor screen, log out or turn off your computer when not at desk.

4.5 Online Content Usage Guidelines

1) Employees are solely responsible for the content accessed and downloaded using
Internet facility in the office. If they accidentally connect to a website containing material
prohibited by the organization, they should disconnect from that site immediately.

2) During office hours, employees are expected to spend limited time to access news,
social media and other websites online, unless explicitly required for office work.

3) Employees are not allowed to use Internet for non-official purposes using the Internet
facility in office.

4) Employees should schedule bandwidth-intensive tasks like large file transfers, video
downloads, mass e-mailing etc. for off-peak times.
4.6 Inappropriate Use

The following activities are prohibited on organization’s Internet network. This list can be
modified/updated anytime by the Management Committee as deemed fit. Any
disciplinary action considered appropriate by the Management Committee (including
legal action or termination) can be taken against an employee involved in the activities
mentioned below:

1) Playing online games, downloading and/or watching games, videos or entertainment

software or engaging in any online activity which compromises the network speed and
consumes unnecessary Internet bandwidth

2) Downloading images, videos and documents unless required to official work

3) Accessing, displaying, uploading, downloading, storing, recording or distributing any

kind of pornographic or sexually explicit material unless explicitly required for office work

4) Accessing pirated software, tools or data using the official network or systems

5) Uploading or distributing software, documents or any other material owned by the

organization online without the explicit permission of the Management Committee

6) Engaging in any criminal or illegal activity or violating law

7) Invading privacy of coworkers

8) Using the Internet for personal financial gain or for conducting personal business

9) Deliberately engaging in an online activity which hampers the safety & security of the
data, equipment and people involved.

10) Carrying out any objectionable, frivolous or illegal activity on the Internet that shall
damage the organization’s reputation

5 Information Security Policy

5.1 Objective Information security means protection of the organization’s data,

applications, networks and computer systems from unauthorized access, alteration and
destruction. The Information Security Policy provides guidelines to protect data integrity
based on data classification and secure the organization’s information systems.

5.2 General Guidelines

1. Various methods like access control, authentication, monitoring and review will be
used to ensure data security in the organization.
2. Security reviews of servers, firewalls, routers and monitoring systems must be
conducted on a regular basis. These reviews should include monitoring of access logs
and intrusion detection software logs.

3. Appropriate training must be provided to data owners, data users, and network &
system administrators to ensure data security.

5.3 Data Classification

1. The organization classifies data into three categories:

a. High Risk: i. It includes information assets which have legal requirements for
disclosure and financial penalties imposed for disclosure. ii. E.g. Payroll, personnel,
financial, biometric data

b. Medium Risk: i. It includes confidential data which would not impose losses on the
organization if disclosed, but is also not publicly available. ii. E.g. Agreement
documents, unpublished reports, etc.

c. Low Risk: i. It includes information that can be freely disseminated. ii. E.g. brochures,
published reports, other printed material etc.

2. Different protection strategies must be developed by the IT department for the above
three data categories. Information about the same must be disseminated appropriately
to all relevant departments and staff.

3. High risk data must be encrypted when transmitted over insecure channels.

4. All data must be backed up on a regular basis as per the rules defined by the IT Dept.
at that time.

5.4 Access Control

1. Access to the network, servers and systems in the organization will be achieved by
individual logins and will require authentication. Authentication includes the use of
passwords, biometrics or other recognized forms of authentication.

2. All users of systems which contain high or medium risk data must have a strong
password as defined in the IT Policy.

3. Default passwords on all systems must be changed after installation.

4. Where possible and financially feasible, more than one person must have full rights to
any organization-owned server storing or transmitting high risk and medium risk data.

5.5 Virus Prevention

1. Virus prevention for personal computers and email usage has been described
previously.

2. Apart from that, all servers and workstations that connect to the network must be
protected with licensed anti-virus software recommended by the vendor. The software
must be kept up-to-date.

3. Whenever feasible, system/network administrators must inform users when a virus/

other vulnerability has been detected in the network or systems.

5.6 Intrusion Detection

1. Intrusion detection must be implemented on all servers and workstations containing

high and medium risk data.

2. Operating system and application software logging process must be enabled on all
systems.

3. Server, firewall and critical system logs must be reviewed frequently.

6 Email & Chat Policy

6.1 Objective

This policy provides information about acceptable usage, ownership, confidentiality and
security while using electronic messaging systems and chat platforms provided or
approved by the organization. The policy applies to all electronic messages sent or
received via the above mentioned messaging systems and chat platforms by all official
employees of the organization.

6.2 General Guidelines

1) The organization reserves the right to approve or disapprove which electronic

messaging systems and chat platforms would be used for official purposes. It is strictly
advised to use the pre-approved messaging systems and platforms for office use only.

2) An employee who, upon joining the organization, is provided with an official email
address should use it for official purposes only.

3) Any email security breach must be notified to the IT Dept. immediately.

4) Upon termination, resignation or retirement from the organization, the organization

will deny all access to electronic messaging platforms owned/provided by the
organization.
5) All messages composed and/or sent using the pre-approved messaging systems and
platforms need to comply with the company policies of acceptable communication.

6) Electronic mails and messages should be sent after careful consideration since they
are inadequate in conveying the mood and context of the situation or sender and might
be interpreted wrongly.

7) All email signatures must have appropriate designations of employees and must be
in the format approved by the Management Committee.

6.3 Ownership

1) The official electronic messaging system used by the organization is the property of
the organization and not the employee. All emails, chats and electronic messages
stored, composed, sent and received by any employee or non-employee in the official
electronic messaging systems are the property of the organization.

2) The organization reserves the right to intercept, monitor, read and disclose any
messages stored, composed, sent or received using the official electronic messaging
systems.

3) The organization reserves the right to alter, modify, re-route or block messages as
deemed appropriate.

4) IT Administrator can change the email system password and monitor email usage of
any employee for security purposes.

6.4 Information Security

1) Proprietary, confidential and sensitive information about the organization or its

employees should not be exchanged via electronic messaging systems unless pre-
approved by the Reporting Manager(s) and/or the Management Committee.

2) Caution and proper judgment should be used to decide whether to deliver a message
in person, on phone or via email/electronic messaging systems.

3) Before composing or sending any message, it should be noted that electronic

messages can be used as evidence in a court of law.

4) Unauthorized copying and distributing of copyrighted content of the organization is

prohibited.

6.5 Email Security

1) Anti-Virus:
a. Anti-virus software pre-approved by the Dept. Head - IT should be installed in the
laptop/desktop provided to a new employee after joining the organization.

b. All employees in the organization are expected to make sure they have anti-virus
software installed in their laptops/desktops (personal or official) used for office work.

c. Organization will bear responsibility for providing, installing, updating and maintaining
records for one anti-virus per employee at a time for the official laptop provided by the
organization. The employee is responsible for installing good quality anti-virus software
in their personal laptop/desktop used for office work.

d. Employees are prohibited from disabling the anti-virus software on organization

provided laptops/desktops.

e. Employees should make sure their anti-virus is regularly updated and not out of date.

2) Safe Email Usage: Following precautions must be taken to maintain email security:

a. Do not to open emails and/or attachments from unknown or suspicious sources

unless anticipated by you.

b. In case of doubts about emails/ attachments from known senders, confirm from them
about the legitimacy of the email/attachment.

c. Use Email spam filters to filter out spam emails.

6.6 Inappropriate Use

1) Official Email platforms or electronic messaging systems including but not limited to
chat platforms and instant messaging systems should not be used to send messages
containing pornographic, defamatory, derogatory, sexual, racist, harassing or offensive
material.

2) Official Email platforms or electronic messaging systems should not be used for
personal work, personal gain or the promotion or publication of one’s religious, social or
political views.

3) Spam/ bulk/junk messages should not be forwarded or sent to anyone from the
official email ID unless for an officially approved purpose. 6.4 Confidentiality

7 Software Usage Policy

7.1 Objective
The Software Usage Policy is defined to provide guidelines for appropriate installation,
usage and maintenance of software products installed in organization-owned
computers.

7.2 General Guidelines

1) Third-party software (free as well as purchased) required for day-to-day work will be
preinstalled onto all company systems before handing them over to employees. A
designated person in the IT Dept. can be contacted to add to/delete from the list of pre-
installed software on organizational computers.

2) No other third-party software – free or licensed can be installed onto a computer

system owned or provided to an employee by the organization, without prior approval of
the IT Dept.

3) To request installation of software onto a personal computing device, an employee

needs to send a written request via the IT Ticket System or IT Support Email.

4) Any software developed & copyrighted by the organization belongs to the

organization. Any unauthorized use, storage, duplication or distribution of such software
is illegal and subject to strict disciplinary action.

7.3 Compliance

1) No employee is allowed to install pirated software on official computing systems.

2) Software purchased by the organization or installed on organizational computer

systems must be used within the terms of its license agreement.

3) Any duplication, illegal reproduction or unauthorized creation, use and distribution of

licensed software within or outside the organization is strictly prohibited. Any such act
will be subject to strict disciplinary action.

4) The Procurement Dept. procedures & guidelines need to be followed to purchase

new software (commercial or shareware) for official purposes. All approved software will
be purchased through the Procurement Dept., unless informed/permitted otherwise.

5) Any employee who notices misuse or improper use of software within the
organization must inform his/her Reporting Manager(s).

7.4 Software Registration

1) Software licensed or purchased by the organization must be registered in the name

of the organization with the Job Role or Department in which it will be used and not in
the name of an individual.
2) After proper registration, the software may be installed as per the Software Usage
Policy of the organization. A copy of all license agreements must be maintained by the
IT Dept.

3) After installation, all original installation media (CDs, DVDs, etc.) must be safely
stored in a designated location by the IT Dept.

7.5 Software Audit

1) The IT Dept. will conduct periodic audit of software installed in all company-owned
systems to make sure all compliances are being met.

2) Prior notice may or may not be provided by the IT Dept. before conducting the
Software Audit.

3) During this audit, the IT Dept. will also make sure the anti-virus is updated, the
system is scanned and cleaned and the computer is free of garbage data, viruses,
worms or other harmful programmatic codes.

4) The full cooperation of all employees is required during such audits.

Introduction

The Bhilosa IT Policy and Procedure Manual provides the policies and procedures for
selection and use of IT within the institution which must be followed by all staff. It also
provides guidelines Bhilosa will use to administer these policies, with the correct
procedure to follow.

Bhilosa will keep all IT policies current and relevant. Therefore, from time to time it will
be necessary to modify and amend some sections of the policies and procedures, or to
add new procedures.

Any suggestions, recommendations or feedback on the policies and procedures

specified in this manual are welcome.

These policies and procedures apply to all employees.

Technology Hardware Purchasing Policy

Guidance: This policy should be read and carried out by all staff. Edit this policy so it
suits your needs.
Computer hardware refers to the physical parts of a computer and related devices.
Internal hardware devices include motherboards, hard drives, and RAM. External
hardware devices include monitors, keyboards, mice, printers, and scanners.

Purpose of the Policy

This policy provides guidelines for the purchase of hardware for the institution to ensure
that all hardware technology for the institution is appropriate, value for money and
where applicable integrates with other technology for the institution. The objective of this
policy is to ensure that there is minimum diversity of hardware within the institution.

Procedures

Purchase of Hardware

Guidance: The purchase of all desktops, servers, portable computers, computer

peripherals and mobile devices must adhere to this policy. Edit this statement to cover
the relevant technology needed.

Purchasing desktop computer systems

The desktop computer systems purchased must run a {insert relevant operating system
here e.g. Windows} and integrate with existing hardware {insert names of existing
technology such as the institution server}.

The desktop computer systems must be purchased as standard desktop system bundle
and must be {insert manufacturer type here, such as HP, Dell, Acer etc.}.

The desktop computer system bundle must include:

Desktop tower

Desktop screen of {insert screen size here}

 Keyboard and mouse You may like to consider stating if these are to be wireless

 {insert name of operating system, e.g. Windows 7, and software e.g. Office 2013
here}

 {insert other items here, such as speakers, microphone, webcam, printers etc.}

The minimum capacity of the desktop must be:

 {insert speed of computer size (GHz -gigahertz)here}

 {insert memory (RAM) size here}

 {insert number of USB ports here}

 {insert other specifications for desktop here, such as DVD drive, microphone port,
etc.}

Any change from the above requirements must be authorized by {insert relevant job title
here}

All purchases of desktops must be supported by {insert guarantee and/or warranty

requirements here} and be compatible with the institution’s server system.

All purchases for desktops must be in line with the purchasing policy in the Financial
policies and procedures manual.

Purchasing portable computer systems

The purchase of portable computer systems includes {insert names of portable devices
here, such as notebooks, laptops, tablets etc.}

Portable computer systems purchased must run a {insert relevant operating system
here e.g. Windows} and integrate with existing hardware { insert names of existing
technology such as the institution server}.

The portable computer systems purchased must be {insert manufacturer type here,
such as HP, Dell, Acer, etc.}.

The minimum capacity of the portable computer system must be:

 {insert speed of computer size (GHz -gigahertz)here}

 {insert memory (RAM) size here}{insert number of USB ports here}

 {insert other specifications for portable device here, such as DVD drive, microphone

port, webcam, speakers, etc.}

The portable computer system must include the following software provided:

 {insert names of software e.g. Office 2013, Adobe, Reader, Internet Explorer here}

 {insert names of software e.g. Office 2013, Adobe, Reader, Internet Explorer here}

 {insert names of software e.g. Office 2013, Adobe, Reader, Internet Explorer here}

 Any change from the above requirements must be authorized by {insert relevant job
title here}
All purchases of all portable computer systems must be supported by {insert guarantee
and/or warranty requirements here} and be compatible with the institution’s server
system.

All purchases for portable computer systems must be in line with the purchasing policy
in the Financial policies and procedures manual.

Purchasing server systems

Server systems can only be purchased by {insert relevant job title here, recommended
IT specialist}.

Server systems purchased must be compatible with all other computer hardware in the
institution.

All purchases of server systems must be supported by {insert guarantee and/or

warranty requirements here} and be compatible with the institution’s other server
systems.

Any change from the above requirements must be authorized by {insert relevant job title
here}

All purchases for server systems must be in line with the purchasing policy in the
Financial policies and procedures manual.

Purchasing computer peripherals

Computer system peripherals include {insert names of add-on devices such as printers,
scanners, external hard drives etc. here}

Computer peripherals can only be purchased where they are not included in any
hardware purchase or are considered to be an additional requirement to existing
peripherals.

Computer peripherals purchased must be compatible with all other computer hardware
and software in the institution.

The purchase of computer peripherals can only be authorized by {insert relevant job title
here, recommended IT specialist or department manager}.

All purchases of computer peripherals must be supported by {insert guarantee and/or

warranty requirements here} and be compatible with the institution’s other hardware and
software systems.

Any change from the above requirements must be authorized by {insert relevant job title
here}
All purchases for computer peripherals must be in line with the purchasing policy in the
Financial policies and procedures manual.

Purchasing mobile telephones

A mobile phone will only be purchased once the eligibility criteria is met.

The purchase of a mobile phone must be from {insert names authorized suppliers here.}
to ensure the institution takes advantage of volume pricing based discounts provided by
{insert names authorized suppliers here.}. Such discounts should include the purchase
of the phone, the phone call and internet charges etc.

The mobile phone must be compatible with the institution’s current hardware and
software systems.

The mobile phone purchased must be {insert manufacturer type here, such as IPhone,
Blackberry, Samsung, etc.}.

The request for accessories (a hands-free kit etc.) must be included as part of the initial
request for a phone.

The purchase of a mobile phone must be approved by {insert relevant job title here}
prior to purchase.

Any change from the above requirements must be authorized by {insert relevant job title
here}

All purchases of all mobile phones must be supported by {insert guarantee and/or
warranty requirements here}.

All purchases for mobile phones must be in line with the purchasing policy in the
Financial policies and procedures manual.

Additional Policies for Purchasing Hardware

Guidance: add, link or remove the policies listed below as required.

Purchasing Policy

Mobile phone policy

Policy for Getting Software

Policy Number: {insert unique number}

Policy Date: {insert date of policy}

Guidance: This policy should be read and carried out by all staff. Edit this policy so it
suits your needs.

Purpose of the Policy

This policy provides guidelines for the purchase of software for the institution to ensure
that all software used by the institution is appropriate, value for money and where
applicable integrates with other technology for the institution. This policy applies to
software obtained as part of hardware bundle or pre-loaded software.

Procedures

Request for Software

All software, including {insert relevant other types of non-commercial software such as
open source, freeware, etc. here} must be approved by {insert relevant job title here}
prior to the use or download of such software.

Purchase of software

The purchase of all software must adhere to this policy.

All purchased software must be purchased by {insert relevant job title here}

All purchased software must be purchased from {insert relevant suppliers names or the
words ‘reputable software sellers’ here}

All purchases of software must be supported by{insert guarantee and/or warranty

requirements here} and be compatible with the institution’s server and/or hardware
system.

Any changes from the above requirements must be authorized by {insert relevant job
title here}

All purchases for software must be in line with the purchasing policy in the Financial
policies and procedures manual.

Obtaining open source or freeware software

Open source or freeware software can be obtained without payment and usually
downloaded directly from the internet.

In the event that open source or freeware software is required, approval from {insert
relevant job title here} must be obtained prior to the download or use of such software.
All open source or freeware must be compatible with the institution’s hardware and
software systems.

Any change from the above requirements must be authorised by {insert relevant job title
here}

Additional Policies for Obtaining Software

Guidance: add, link or remove the policies listed below as required.

Purchasing Policy

Use of Software policy

Policy for Use of Software

Policy Number: {insert unique number}

Policy Date: {insert date of policy}

Guidance: This policy should be read and carried out by all staff. Edit this policy so it
suits your needs.

Purpose of the Policy This policy provides guidelines for the use of software for all
employees within the institution to ensure that all software use is appropriate. Under this
policy, the use of all open source and freeware software will be conducted under the
same procedures outlined for commercial software.

Procedures

Software Licensing

All computer software copyrights and terms of all software licences will be followed by
all employees of the institution.

Where licensing states limited usage (i.e. number of computers or users etc.), then it is
the responsibility of {insert relevant job title here} to ensure these terms are followed.

{insert relevant job title here} is responsible for completing a software audit of all
hardware twice a year to ensure that software copyrights and licence agreements are
adhered to.

Software Installation

All software must be appropriately registered with the supplier where this is a
requirement.
Bhilosa is to be the registered owner of all software.

Only software obtained in accordance with the getting software policy is to be installed
on the institution’s computers.

All software installation is to be carried out by {insert relevant job title here}

A software upgrade shall not be installed on a computer that does not already have a
copy of the original version of the software loaded on it.

Software Usage

Only software purchased in accordance with the getting software policy is to be used
within the institution.

Prior to the use of any software, the employee must receive instructions on any
licensing agreements relating to the software, including any restrictions on use of the
software.

All employees must receive training for all new software. This includes new employees
to be trained to use existing software appropriately. This will be the responsibility of
{insert relevant job title here}

Employees are prohibited from bringing software from home and loading it onto the
institution’s computer hardware.

Unless express approval from {insert relevant job title here} is obtained, software cannot
be taken home and loaded on a employees’ home computer

Where an employee is required to use software at home, an evaluation of providing the

employee with a portable computer should be undertaken in the first instance. Where it
is found that software can be used on the employee’s home computer, authorization
from {insert relevant job title here} is required to purchase separate software if licensing
or copyright restrictions apply. Where software is purchased in this circumstance, it
remains the property of the institution and must be recorded on the software register by
{insert relevant job title here}

Unauthorized software is prohibited from being used in the institution. This includes the
use of software owned by an employee and used within the institution.

The unauthorized duplicating, acquiring or use of software copies is prohibited. Any

employee who makes, acquires, or uses unauthorized copies of software will be
referred to {insert relevant job title here} for {insert consequence here, such as further
consultation, reprimand action etc.}. The illegal duplication of software or other
copyrighted works is not condoned within this institution and {insert relevant job title
here} is authorized to undertake disciplinary action where such event occurs.

Breach of Policy

Where there is a breach of this policy by an employee, that employee will be referred to
{insert relevant job title here} for {insert consequence here, such as further consultation,
reprimand action etc.}

Where an employee is aware of a breach of the use of software in accordance with this
policy, they are obliged to notify {insert relevant job title here} immediately. In the event
that the breach is not reported and it is determined that an employee failed to report the
breach, then that employee will be referred to {insert relevant job title here} for {insert
consequence here, such as further consultation, reprimand action etc.}

Additional Policies for Use of Software

Guidance: add, link or remove the policies listed below as required.

Technology Hardware Policy

Obtaining Software policy

Bring Your Own Device Policy

Policy Number: {insert unique number}

Policy Date: {insert date of policy}

Guidance: Edit this policy so it suits your needs.

At Bhilosa, we acknowledge the importance of mobile technologies in improving

institution communication and productivity. In addition to the increased use of mobile
devices, staff members have requested the option of connecting their own mobile
devices to {Municipality Name}'s network and equipment. We encourage you to read
this document in full and to act upon the recommendations. This policy should be read
and carried out by all staff.

Purpose of the Policy

This policy provides guidelines for the use of personally owned notebooks, smart
phones, tablets and {insert other types of mobile devices} for institution purposes. All
staff who use or access {Municipality Name}'s technology equipment and/or services
are bound by the conditions of this Policy.

Procedures
Current mobile devices approved for institution use

The following personally owned mobile devices are approved to be used for institution
purposes:

 {insert type of approved mobile devices such as notebooks, smart phones, tablets,
iPhone,removable media etc.}

 {insert type of approved mobile devices such as notebooks, smart phones, tablets,
iPhone, removable media etc.}

 {insert type of approved mobile devices such as smart phones, tablets, iPhone etc.}

 {insert type of approved mobile devices such as notebooks, smart phones, tablets,
iPhone, removable media etc.}.

Registration of personal mobile devices for institution use

Guidance: You will need to consider if the institution is to have any control over the
applications that are used for institution purposes and/or used on the personal devices.

Employees when using personal devices for institution use will register the device with
{insert relevant job title or department here}.

{insert relevant job title or department here} will record the device and all applications
used by the device.

Personal mobile devices can only be used for the following institution purposes:

 {insert each type of approved use such as email access, institution internet access,
institution telephone calls etc.}

 {insert each type of approved use such as email access, institution internet access,
institution telephone calls etc.}

 {insert each type of approved use such as email access, institution internet access,
institution telephone calls etc.}

Each employee who utilizes personal mobile devices agrees:

 Not to download or transfer institution or personal sensitive information to the device.

Sensitive information includes {insert types of institution or personal information that you
consider sensitive to the institution, for example intellectual property, other employee
details etc.}
 Not to use the registered mobile device as the sole repository for {Municipality
Name}'s information. All institution information stored on mobile devices should be
backed up

 To make every reasonable effort to ensure that {Municipality Name}'s information is

not compromised through the use of mobile equipment in a public place. Screens
displaying sensitive or critical information should not be seen by unauthorized persons
and all registered devices should be password protected

 To maintain the device with {insert maintenance requirements of mobile devices such
as current operating software, current security software etc.}

 Not to share the device with other individuals to protect the institution data access
through the device

 To abide by {Municipality Name}'s internet policy for appropriate use and access of
internet sites etc.

 To notify {Municipality Name} immediately in the event of loss or theft of the registered
device

 Not to connect USB memory sticks from an untrusted or unknown source to

{Municipality Name}'s equipment.

All employees who have a registered personal mobile device for institution use
acknowledge that the institution:

 Owns all intellectual property created on the device

 Can access all data held on the device, including personal data

 Will regularly back-up data held on the device

 Will delete all data held on the device in the event of loss or theft of the device

 Has first right to buy the device where the employee wants to sell the device

 Will delete all data held on the device upon termination of the employee. The
terminated employee can request personal data be reinstated from back up data

 Has the right to deregister the device for institution use at any time.

Keeping mobile devices secure

The following must be observed when handling mobile computing devices (such as
notebooks and iPads):
 Mobile computer devices must never be left unattended in a public place, or in an
unlocked house, or in a motor vehicle, even if it is locked. Wherever possible they
should be kept on the person or securely locked away

 Cable locking devices should also be considered for use with laptop computers in
public places, e.g. in a seminar or conference, even when the laptop is attended

 Mobile devices should be carried as hand luggage when travelling by aircraft.

Exemptions

This policy is mandatory unless {insert relevant job title or department here} grants an
exemption. Any requests for exemptions from any of these directives, should be
referred to the {insert relevant job title or department here}.

Breach of this policy

Any breach of this policy will be referred to {insert relevant job title} who will review the
breach and determine adequate consequences, which can include { insert
consequences here such as confiscation of the device and or termination of
employment.}

Indemnity

{Municipality Name} bears no responsibility whatsoever for any legal action threatened
or started due to conduct and activities of staff in accessing or using these resources or
facilities. All staff indemnify {Municipality Name} against any and all damages, costs and
expenses suffered by {Municipality Name} arising out of any unlawful or improper
conduct and activity, and in respect of any action, settlement or compromise, or any
statutory infringement. Legal prosecution following a breach of these conditions may
result independently from any action by {Municipality Name}.

Additional Policies for Institution Mobile Phone Use

Guidance: add, link or remove the policies listed below as required.

Technology Hardware Purchasing Policy

Use of Software policy

Purchasing Policy

Information Technology Security Policy

Policy Number: {insert unique number}

Policy Date: {insert date of policy}

Guidance: This policy should be read and carried out by all staff. Edit this policy so it
suits your needs.

Purpose of the Policy This policy provides guidelines for the protection and use of
information technology assets and resources within the institution to ensure integrity,
confidentiality and availability of data and assets.

Procedures

Physical Security

For all servers, mainframes and other network assets, the area must be secured with
adequate ventilation and appropriate access through {insert relevant security measure
here, such as keypad, lock etc.}

It will be the responsibility of {insert relevant job title here} to ensure that this
requirement is followed at all times. Any employee becoming aware of a breach to this
security requirement is obliged to notify {insert relevant job title here} immediately.

All security and safety of all portable technology, {insert relevant types here, such as
laptop, notepads, iPad etc.} will be the responsibility of the employee who has been
issued with the {insert relevant types here, such as laptop, notepads, iPads, mobile
phones etc.}. Each employee is required to use {insert relevant types here, such as
locks, passwords, etc.} and to ensure the asset is kept safely at all times to protect the
security of the asset issued to them.

In the event of loss or damage, {insert relevant job title here} will assess the security
measures undertaken to determine if the employee will be required to reimburse the
institution for the loss or damage.

All {insert relevant types here, such as laptop, notepads, iPads etc.} when kept at the
office desk is to be secured by {insert relevant security measure here, such as keypad,
lock etc.} provided by {insert relevant job title here}

Information Security

All {insert relevant data to be backed up here – either general such as sensitive,
valuable, or critical institution data or provide a checklist of all data to be backed up } is
to be backed-up.

It is the responsibility of {insert relevant job title here} to ensure that data back-ups are
conducted {insert frequency of back-ups here} and the backed up data is kept {insert
where back up data is to be kept e.g. cloud, offsite venue, employees home etc. here}
All technology that has internet access must have anti-virus software installed. It is the
responsibility of {insert relevant job title here} to install all anti-virus software and ensure
that this software remains up to date on all technology used by the institution.

All information used within the institution is to adhere to the privacy laws and the
institution’s confidentiality requirements. Any employee breaching this will be {insert
relevant consequence here}

Technology Access

Every employee will be issued with a unique identification code to access the institution
technology and will be required to set a password for access every {insert frequency
here}

Each password is to be {insert rules relating to password creation here, such as number
of alpha and numeric etc.} and is not to be shared with any employee within the
institution.

{insert relevant job title here} is responsible for the issuing of the identification code and
initial password for all employees.

Where an employee forgets the password or is ‘locked out’ after {insert a number here
e.g. three attempts}, then {insert relevant job title here} is authorized to reissue a new
initial password that will be required to be changed when the employee logs in using the
new initial password.

The following table provides the authorization of access:

Technology – Hardware/ Software Persons authorized for access

Technology – Hardware/ Software Persons authorized for access

{insert name or type of technology here} {insert authorized persons or job titles here}
{insert name or type of technology here} {insert authorized persons or job titles here}
{insert name or type of technology here} {insert authorized persons or job titles here}
{insert name or type of technology here} {insert authorized persons or job titles here}

Employees are only authorized to use institution computers for personal use {insert
when this is allowable and what they can personally use it for here, such as internet
usage etc.}

It is the responsibility of {insert relevant job title here} to keep all procedures for this
policy up to date.

Additional Policies for Information Technology Security

Guidance: add, link or remove the policies listed below as required.

Emergency Management of Information Technology Policy

Information Technology Administration Policy

Information Technology Administration Policy

Policy Number: {insert unique number}

Policy Date: {insert date of policy}

Guidance: This policy should be read and carried out by all staff. Edit this policy so it
suits your needs.

Purpose of the Policy

This policy provides guidelines for the administration of information technology assets
and resources within the institution.

Procedures

All software installed and the licence information must be registered on the {insert
where these records are to be kept}. It is the responsibility of {insert relevant job title
here} to ensure that this registered is maintained. The register must record the following
information:

 What software is installed on every machine

 What licence agreements are in place for each software package

 Renewal dates if applicable.

{insert relevant job title here} is responsible for the maintenance and management of all
service agreements for the institution technology. Any service requirements must first
be approved by {insert relevant job title here}.

{insert relevant job title here} is responsible for maintaining adequate technology spare
parts and other requirements including {insert specific technology requirements here,
such as toners, printing paper etc.}

A technology audit is to be conducted {insert frequency here e.g. annually} by {insert

relevant job title here} to ensure that all information technology policies are being
adhered to.

Any unspecified technology administration requirements should be directed to {insert

relevant job title here}
Additional Policies for Information Technology Administration

Guidance: add, link or remove the policies listed below as required.

IT Service Agreements Policy

Purchasing Policy

Website Policy

Policy Number: {insert unique number}

Policy Date: {insert date of policy}

Guidance: This policy should be read and carried out by all staff. Edit this policy so it
suits your needs.

Purpose of the Policy This policy provides guidelines for the maintenance of all
relevant technology issues related to the institution website.

Procedures

Website Register

The website register must record the following details:

• List of domain names registered to the institution

• Dates of renewal for domain names

• List of hosting service providers

• Expiry dates of hosting

{insert any other records to be kept in relation to your institution website here}.

The keeping the register up to date will be the responsibility of {insert relevant job title
here}.

{insert relevant job title here} will be responsible for any renewal of items listed in the
register.

Website Content

All content on the institution website is to be accurate, appropriate and current. This will
be the responsibility of {insert relevant job title here}
All content on the website must follow {insert relevant institution requirements here
where applicable, such as a institution or content plan etc.}

The content of the website is to be reviewed {insert frequency here}

The following persons are authorized to make changes to the institution website:

{insert relevant job title here}

{insert relevant job title here}

{insert relevant job title here}

Basic branding guidelines must be followed on websites to ensure a consistent and

cohesive image for the institution.

All data collected from the website is to adhere to the Privacy Act

Additional Policies for Website Policy

Guidance: add, link or remove the policies listed below as required.

Information Technology Security Policy

Emergency Management of Information Technology policy

Electronic Transactions Policy

Policy Number: {insert unique number}

Policy Date: {insert date of policy}

Guidance: This policy should be read and carried out by all staff. Edit this policy so it
suits your needs.

Purpose of the Policy

This policy provides guidelines for all electronic transactions undertaken on behalf of the
institution.

The objective of this policy is to ensure that use of electronic funds transfers and
receipts are started, carried out, and approved in a secure manner.

Procedures

Electronic Funds Transfer (EFT)

It is the policy of Bhilosa that all payments and receipts should be made by EFT where
appropriate.

All EFT payments and receipts must adhere to all finance policies in the Financial
policies and procedures manual.

All EFT arrangements, including receipts and payments must be submitted to {insert
relevant department of the institution here, e.g. finance department}.

EFT payments must have the appropriate authorization for payment in line with the
financial transactions policy in the Financial policies and procedures manual.

EFT payments must be appropriately recorded in line with finance policy in the Financial
policies and procedures manual.

EFT payments once authorized, will be entered into the {insert title of payment system
here e.g. NAB online system} by {insert relevant job title here}

EFT payments can only be released for payment once pending payments have been
authorized by {insert relevant job title here}

For good control over EFT payments, ensure that the persons authorizing the payments
and making the payment are not the same person.

All EFT receipts must be reconciled to customer records {insert frequency here e.g.
once a week etc.}

Where EFT receipt cannot be allocated to customer account, it is responsibility of {insert

relevant job title here} to investigate. In the event that the customer account cannot be
identified within {insert length of time here, such as one month} the receipted funds
must be {insert action here such as allocated to suspense account or returned to source
etc.}. {insert relevant job title here} must authorize this transaction.

It is the responsibility of {insert relevant job title here} to annually review EFT
authorizations for initial entry, alterations, or deletion of EFT records, including supplier
payment records and customer receipt records.

Electronic Purchases

All electronic purchases by any authorized employee must adhere to the purchasing
policy in the Financial policies and procedures manual.

Where an electronic purchase is being considered, the person authorizing this

transaction must ensure that the internet sales site is secure and safe and be able to
demonstrate that this has been reviewed.
All electronic purchases must be undertaken using institution credit cards only and
therefore adhere to the institution credit card policy in the Financial policies and
procedures manual.

Additional Policies for Electronic Transactions Policy

Guidance: add, link or remove the policies listed below as required.

Information Technology Security Policy

Finance Policies

IT Service Agreements Policy

Policy Number: {insert unique number}

Policy Date: {insert date of policy}

Guidance: This policy should be read and carried out by all staff. Edit this policy so it
suits your needs.

Purpose of the Policy This policy provides guidelines for all IT service agreements
entered into on behalf of the institution.

Procedures

The following IT service agreements can be entered into on behalf of the institution:

Guidance: Insert the acceptable IT services for your institution – the following dot points
will assist.

 Provision of general IT services

 Provision of network hardware and software

 Repairs and maintenance of IT equipment

 Provision of institution software

 Provision of mobile phones and relevant plans

 Website design, maintenance etc.

 {insert type of IT service here}.

All IT service agreements must be reviewed by {insert who should review,

recommended lawyer or solicitor} before the agreement is entered into. Once the
agreement has been reviewed and recommendation for execution received, then the
agreement must be approved by {insert relevant job title here}

All IT service agreements, obligations and renewals must be recorded {insert where the
agreements are to be recorded here}

Where an IT service agreement renewal is required, in the event that the agreement is
substantially unchanged from the previous agreement, then this agreement renewal can
be authorised by {insert relevant job title here}. Where an IT service agreement renewal
is required, in the event that the agreement has substantially changed from the previous
agreement, {insert who should review, recommended lawyer or solicitor} before the
renewal is entered into. Once the agreement has been reviewed and recommendation
for execution received, then the agreement must be approved by {insert relevant job title
here}

In the event that there is a dispute to the provision of IT services covered by an IT

service agreement, it must be referred to {insert relevant job title here} who will be
responsible for the settlement of such dispute.

Additional Policies for IT Services Policy

Guidance: add, link or remove the policies listed below as required.

Technology Hardware Purchasing Policy

Emergency Management of Information Technology

Policy Number: {insert unique number}

Policy Date: {insert date of policy}

Guidance: This policy should be read and carried out by all staff. Edit this policy so it
suits your needs.

Purpose of the Policy This policy provides guidelines for emergency management of
all information technology within the institution.

Procedures

IT Hardware Failure

Where there is failure of any of the institution’s hardware, this must be referred to {insert
relevant job title here} immediately.

It is the responsibility of {insert relevant job title here} to {insert relevant actions that
should be undertaken here} in the event of IT hardware failure.
It is the responsibility of {insert relevant job title here} to undertake tests on planned
emergency procedures {insert frequency here, recommended quarterly} to ensure that
all planned emergency procedures are appropriate and minimise disruption to institution
operations.

Point of Sale Disruptions

In the event that point of sale (POS) system is disrupted, the following actions must be
immediately undertaken:

Guidance: Insert the actions required for your institution – the following dot points will
assist.

 POS provider to be notified

 {insert relevant job title here} must be notified immediately

 All POS transactions to be taken using the manual machine located below the counter

 For all manual POS transactions, customer signatures must be verified

 {insert other relevant emergency actions here}

 {insert other relevant emergency actions here}.

Virus or other security breach

In the event that the institution’s information technology is compromised by software

virus or {insert other relevant possible security breaches here} such breaches are to be
reported to {insert relevant job title here} immediately.

{insert relevant job title here} is responsible for ensuring that any security breach is dealt
with within {insert relevant timeframe here} to minimise disruption to institution
operations.

Website Disruption

In the event that institution website is disrupted, the following actions must be
immediately undertaken:

Guidance: Insert the actions required for your institution – the following dot points will
assist.

 Website host to be notified

 {insert relevant job title here} must be notified immediately

 {insert other relevant emergency actions here}

 {insert other relevant emergency actions here}