IСT Policy and Server Room Proposal for a Small Firm

Last Updated: 01 Mar 2023
Pages: 9 Views: 637
Table of contents

Information and Communications Technology Policy addresses security issues and how to effectively apply and maintain information systems, thereby facilitating protection of critical, valuable and confidential information together with its associated systems. Most people are likely to recognise the impact and severity of the loss or theft of confidential designs for a new product.

However they do not always recognise the potential risk, and consequential result, of seemingly 'innocent' activities, such as copying software or copying the corporate database onto their laptop computer or not documenting changes made to their systems. The purchase and installation of hardware and software requires those involved to consider carefully the Information Security issues involved in this process. Careful consideration of the company's business needs is paramount, as it is usually expensive to make subsequent changes.

Analysis of user requirements versus the various benchmarks test results will establish the best choice of server/software to be purchased. Installation of new equipment must be properly considered and planned to avoid unnecessary disruption and to ensure that the IT & T Policy issues are adequately covered. The issue of IT consumables is looked into. These are expensive and should be properly controlled both from an expense perspective as well as an Information Security perspective. Valuable items should always be kept in a secure environment to avoid damage or loss.

Order custom essay IСT Policy and Server Room Proposal for a Small Firm with free plagiarism report

feat icon 450+ experts on 30 subjects feat icon Starting from 3 hours delivery
Get Essay Help

To develop an Information Communication Technology policy for KPLC Retirement Benefits Scheme that introduces efficient and effective use of IT systems and in turn facilitate the smooth running of the secretariat. To strive to provide nothing but the best means of data and telecommunications services to the secretariat as a whole. A set of rules, regulations, procedures and plans of action for administration of equipment, resources, and services in the ICT section. The aim of this document is to; ) Analyse procedures and practices that are in use currently and identify those that can be reinforced or changed. ii) Work out a time plan for the smooth transition from the use of KPLC systems and resources.



The telephone network for RBS consists of the public interconnected network using automatic branch exchanges (PABX) which connects us to the public network using telecommunication service providers and private branch network (PBX) which is housed in our commercial office premises which help us communicate in the premises through extension numbers.

Computer Data systems

These are composed of data network hubs and switches which make the Local Area Networks (LAN) and the routers which interconnect the LANs. Each LAN is composed of passive data networks, servers and PCs that use the network thus realised to exchange information and data throughout the enterprise.

System Software and Data System

System Software and Data System software is the general term used to describe the many software programs, drivers and utilities that together enable a computer system to operate. One of the main components of system software is the operating system of the computer e. g. Microsoft Windows XP Professional.


Data in the language of information technology means the individual elements that comprise the information and can be processed, formatted and re-presented, so that it gains meaning and thereby becomes information. Here we are concerned with the protection and safeguard of that data/information which, in its various forms can be identified as Business Assets or Information Assets. The term data and information can be used somewhat interchangeably; but, as a general rule, information always comprises data, but data is not always information.

ICT system is used for the administration of employee and employer contributions into the RBS Fund. It has a database for member details together with their dependants. This is used when benefits are to be calculated for deceased persons and withdrawing members. The system also has a pensioners payroll used to pay all pensioners whether retirees or widows and orphans. Group Life for all employees and the issue of Last Expense is also maintained and administered in the system.

The secretariat database is managed using ORACLE database management systems(DBMS). Oracle databases are relational, thus data is stored in them in row-column (table) format. All the company data is stored and managed using Oracle.

The Window NT environment operates in domains. A domain is a collection of computers and users defined by the administrator of a Windows NT Server network that share a common directory database. A domain provides access to the centralised user accounts and group accounts maintained by the domain administrator.

Each domain has a unique name. Window NT Environment In the current WAN model of KPLC there is a single master domain called KPLCSTIMA. The KPLCSTIMA is also the main account domain and KPLCNET as Internet resource domain. A child domain known as RBS. KPLCSTIMA will be created from the master domain and will have trust relationship with it. This is will give us more control of our systems and semi-autonomy from the KPLC systems.

It will be installed with Windows Server 2003 standard edition operating system which will provide the following services at RBS:

  1. File and Print sharing.
  2. Microsoft Exchange Services - host the resident Staff member’s mailboxes and enable efficient sending and receiving of internal/Internet mail and if need be provide also storage of the mailboxes.
  3. Anti-virus Software.
  4. Systems Management Server for Network management.
  5. Internet Browsing.
  6. To allow for faster downloads of the application updates.
  7. To enable the efficient installation and periodic updates of the PC anti-virus in the local area network.
  8. For faster and seamless primary logon of client PC’s to the network.

Our application i. e. RBS system is already running in a stand alone server and will continue that way to ensure system stability and integrity. The new system will also run on its own stand alone server for the same reason.

The primary domain controller (PDC) tracks changes made to domain accounts. Whenever an administrator makes a change to a domain account, the change is recorded in the directory database on the PDC. The PDC is the only domain server that receives these changes directly. A domain has one PDC. A backup domain controller (BDC) maintains a copy of the directory database. This copy is synchronised periodically and automatically with the PDC.

BDC’s also authenticate user logons, and a BDC can be promoted to function as the PDC. Multiple BDC’s can exist in a domain. Client PCs Currently there are four PCs and two laptops in the secretariat all running Windows XP as the desktop operating system and networked using Windows NT operating system of the KPLC master domain. All PCs have MS Office 2003 - 2007 as an office desktop application.

The PCs have between 256 and 512 MB RAM. All the PCs are running on Microsoft TCP/IP protocol and use USER LEVEL access on the network. Microsoft Exchange Server Microsoft Exchange Server is used for electronic messaging in and out of the organisation. Exchange is organised into entities called sites each consisting of one or more servers containing mailboxes and public folders. Mailboxes are where a user’s messages are kept, each user having a single mailbox whereas public folders are like notice - boards, containing information that is shared between multiple users.

Intra-site communication has to occur at high speed and with high reliability. Inter-site communication can occur at lower speeds. In addition to local messaging, there is Internet messaging, implemented via the Proxy Server. Anti-Virus Software McAfee’s Total Virus Defence Software is the current company guard against viruses. The software is loaded on all the Exchange server protects against viruses distributed. A group of computers and the server that manages them is called an Anti-virus Domain. The anti – virus server downloads new version automatically from McAfee Website on the Internet.

Once the new software version is downloaded, the system administrator configures it for distribution. It also alerts the system administrator to ‘pull’ the latest versions to the Anti-virus Server. Internet Microsoft Proxy Server provides an easy, secure way to bring Internet access to every desktop in an organisation. The proxy server is a gateway between the company’s network and the Internet. A gateway is special software, or a computer running special software, that enables two different networks to communicate.

The gateway acts as a barrier that allows you to make requests to the Internet and receive information, but does not allow access to your network by unauthorised users.

All purchases of new systems hardware or new components for existing systems must be made in accordance with Information Security and other organisation Policies, as well as technical standards. Such requests to purchase must be based upon a User Requirements Specification document and take account of longer-term organisational business needs. The purchase and installation of hardware requires those involved to consider carefully the Information Security issues involved in this process. This section covers the key areas to be considered.

The purchase of new computers and peripherals requires careful consideration of the business needs because it is usually expensive to make subsequent changes.

Installation of new equipment must be properly considered and planned to avoid unnecessary disruption and to ensure that the ICT Policy issues are adequately covered. All new hardware installations are to be planned formally and notified to all interested parties ahead of the proposed installation date. Information Technology and Security requirements for new installations are to be circulated for comment to all interested parties, well in advance of installation.

The equipment must be located in a suitable environment otherwise. Although a Non Disclosure Agreement paves the way for legal redress, it cannot protect you against actual commercial damage. Leaving tools, utilities and developer's kits on your new system. All new systems should be configured for maximum practical endangers the confidentiality and integrity of your data security by the removal of unnecessary utilities, developers'  programs, etc. a technique known as hardening.

Without an installation plan for the new equipment, disruption to|Ensure that all special pre-installation requirements (e. g. air operational systems is more likely conditioning) have been met. Identify the precise location for the equipment and ensure that the power and network cables are ready. Agree a detailed installation plan with the vendor. Anticipate what might go wrong and consider how to minimise the risks.

Where the installation plan does not include safeguards against. Agree a detailed installation plan and document it. To protect all parties never allow engineers to work unattended. Breaches of Health and Safety regulations endanger the well being|Ensure Health and Safety regulations are followed when locating of your staff and your organisation’s commercial activities. the equipment, peripherals and cables. A periodic visual inspection is beneficial also.

Newly Installed Systems and Equipment Hardware should be tested when new to verify it is working correctly, and then further tests applied periodically to ensure continued effective functioning.

All equipment must be fully and comprehensively tested and formally accepted by users before being transferred to the live environment or user sites. All such tests should be in accordance with a documented test plan. Inadequate testing can threaten the integrity and availability of|Check the test outputs to confirm the results. Ensure that the test plan simulates realistic work patterns live conditions, the results of such testing cannot be relied upon.

Poor security procedures during equipment testing can compromise. Ensure that Non Disclosure Agreement have been obtained from all the confidentiality of your data. Third party staff involved in testing the equipment. Verify that the required security configuration and safeguards have been implemented for the new hardware. If live data is used in the testing process for the new hardware, ensure that it is closely controlled.

Explanatory notes NT servers The analysis of user requirements (client base and mail sizes expected) versus the various benchmarks test results will establish the best choice of server to be purchased. For file and print server only disk space is a key requirement.

Cabling, UPS, Printers and Modems Cabling

For best of cabling the following international standards should be incorporated when carrying voice/data-cabling works. Different vendors have preferred methods of rolling out active devices try this method: Develop  high-level process flow diagram for deploying new solutions , solution hardware requirements, solution management platforms, solution validation by pilot project, full solution deployment, document all related information for management, maintenance and future extensions

ICT consumables are expensive and should be properly controlled both from an expense perspective as well as an Information Security perspective. This section deals with the Information Security aspects of IT consumables.

Consumables Policy Statement IT Consumables must be purchased in accordance with the organisation’s approved purchasing procedures with usage monitored to discourage theft and improper use. They must be kept in a well-designated store away from working area. Explanatory Notes Examples of consumables are printer forms, stationery, printer paper, toner & ink, ribbons, disks, diskettes, bar-code labels and other accessories.

Pilfering of your consumables results in increased organisational. Keys to be kept by the supervisor’s office. Consumables may be stolen with the intent to defraud your. Take special measures to protect potentially valuable pre-printed organisation or customers.

Laptops, Portables, Palmtops -or even electronic 'organisers', which connect to and store your organisation’s data - are included within this topic. Throughout this topic we refer to them collectively as 'laptops' Policy Statement Line management must authorise the issue of portable computers.

Guidelines for Issuing Portable Computing Equipment

Those responsible for issuing portable computer equipment must ensure that the following is complied with before issuing such equipment to employees.

  • Ensure that adequate insurance cover is provided for the portable equipment for use in the home country and abroad. Ensure that suitable virus scanning software is present on the equipment.
  • Supply suitable network connections and ensure that access procedures are applied if the equipment is to be connected to a network.
  • Ensure that adequate capacity (hard disk and memory size) is available on the equipment to support business processing.
  • Ensure that adequate backup and restore facilities and procedures are in place.
  • Ensure that compatible versions of application software are in place.
  • Ensure that software encryption and/or physical locking devices are in place.
  • Ensure that adequate records of the equipment are maintained, and that the issue is authorised and receipted. Ensure that authorization for use of portable computing equipment is received
  • Ensure that the Terms of Use are issued and signed.

All ICT systems shall be maintained regularly as per manufacture's recommendations. Where system are placed in harsh environments, system maintenance will be carried out as deemed by the systems administrator. Explanatory notes All system maintenance should be done in house as much as possible.

Cite this Page

IСT Policy and Server Room Proposal for a Small Firm. (2018, Feb 25). Retrieved from https://phdessay.com/ict-policy-and-server-room-proposal-for-a-small-firm/

Don't let plagiarism ruin your grade

Run a free check or have your essay done for you

plagiarism ruin image

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

Save time and let our verified experts help you.

Hire writer