TOP-SYSTM: Computerized
Systems
|
|
REV: 04/11/08SCOPE: The term "computerized systems" includes Trinity Forge's network, software, data, Internet access, personal computers, terminals and all related devices and services. This procedure describes the control and security of these computerized systems. Access to Systems The IT Manager ( IT= Information Technology") is responsible for protecting Trinity Forge's computerized systems against unauthorized access. All user accounts and all levels of access must be authorized by the IT Manager. All users must comply with any access requirements specified by IT Manager, such as password restrictions, virus protection, time-of-use, etc. The IT Manager maintains the Authorized Computer User List. Passwords Passwords, including PIN's and other "keys" to Trinity Forge's systems are not to be shared with other people. If you find that someone else lacks the access they need, tell the IT Manager, don't just tell them your password. If you think someone else knows your password, get it changed immediately! When you set a password, don't make it obvious - ideally use a mixture of letters and numbers. User Software Users may only put software on Trinity Forge's systems with permission by the IT Manager. Even seemingly harmless software like screen savers may conflict with other systems or breach network security, so unless you are preauthorized by the IT Manager for a particular piece of software, ASK FIRST. As in most of life, "When in doubt, don't ." System Changes Any user may request modifications or additions to Trinity Forge's computer systems, including hardware, software, or services. Such a request is made tother IT Manager, possibly via the user's manager. The IT Manager first verifies that a change is indicated (often a bit of training is all that's needed). In the case of a "bug" or very inexpensive enhancement the IT Manager may proceed directly with the changes. Larger changes must be approved by the Controller who may determine the need for a Resource Request (see TOP-RSRCE). The Controller sets the priorities. System Quality Assurance As new software is developed, acquired or requested, or as new versions become available for existing software, the IT Manager is responsible for assuring the quality of the software prior to its implementation in Trinity Forge systems. Specifically this assurance entails:
For critical software used for making decisions regarding the acceptability of product (e.g., product chemistry requirements, mill heat information and the routines that compare the two to approve release of inventory) the IT Manager must work with user management to develop a formal, written list of test scenarios, including raw data requirements and expected results, that the software must satisfy prior to implementation. This list becomes the Software Verification Record. The IT Manager must test the software for each case listed, verify the results are as expected, then sign and date the Software Verification Record prior to implementing the software. the IT Manager retains the Software Verification Record. Documentation The IT Manager is responsible for maintaining all documentation for computerized systems, including user-oriented documentation, technical documentation and documentation to prove licensure. Any user in procession of any system-related documentation is responsible for bringing it to the IT Manager's attention. The IT Manager is responsible for maintaining instructions for what to do and who to contact in the case of likely failures, posting the list in the main server area, and providing a copy of the list to the President for offsite back-up. The Controller is responsible for review, approval and maintaining of the list. Data Back-up All users are responsible for ensuring that any files or other data they maintain are known to the IT Manager so that they may be backed-up against system failure. Personal computer hard drives are nearly never under the back-up program. The IT Manager is responsible for maintaining a back-up and recovery program, with detailed instructions for both back-up and recovery posted in the main source area. A set of these instructions is provided to the President, as is a monthly set of back-ups, for offsite storage. The Controller is responsible for review, approval and maintaining of the back-up program. Back-up Strategy and Rotation
Storage
What-To-Do if System Fails Any user identifying any failure of Trinity forge's computerized system is responsible for immediately reporting the failure to the IT Manager, possibly via the user's manager. The IT Manager is responsible for seeing that the failure is corrected and the user manager is responsible for monitoring records of any manual transactions,recording them after the failure is corrected and verifying all data is correct. If there is a loss of computerized data, even if most can be restored from backup tapes, the IT Manager is responsible for explaining the scope of the problem to all affected user-department managers, and those managers are in turn responsible ensuring that all lost data has been successfully restored or re-created. In such a case, each manager is responsible for involving all computer users in the department in reviewing the data since many files may have been updated without the manager’s awareness. |
|
For information on a document or record, including definition, primary responsibility and retention, refer to the Document and Record Master List. Search this web site or the entire web: Documents are controlled only when viewed on-line in the original English -- printed copies or translations are not controlled documents.© 2008 Trinity Forge, Inc., +1 817-473-1515 |