Tech Policy and Procedure Manual

Tech Policy and Procedure Manual

Tingdene Parks Limited, Tingdene Marinas Limited, Tingdene Boat Sales Limited and Tingdene Holiday Parks Limited

Table of Contents

Introduction 3

Technology

Introduction

This Tingdene Parks Limited, Tingdene Marinas Limited, Tingdene Boat Sales Limited and Tingdene Holiday Parks Limited IT Policy and Procedure Manual provides the policies, procedures and guidelines for the selection, use & disposal of IT equipment and the applicable systems within the business which must be followed by all employees

There may from time to time be a requirement to modify and amend some sections of these policies and procedures. If adjustments are required the IT department will ensure that those adjustments are filtered to those the policy affects

This Policy and Procedures Manual should be read in conjunction with the Employee Handbook, Specifically Policies “F” & “U”

Technology Hardware Purchasing and Disposal Policy

Purpose of the Policy

This policy provides guidelines for the purchase of hardware for the business to ensure that all hardware technology for the business is appropriate, value for money and where applicable integrates with other technology for the business. The objective of this policy is to ensure that there is minimum diversity of hardware within the business. This policy also covers the safe and secure disposal of technology hardware.

Purchase of Hardware

All hardware should be agreed and purchased via the IT department prior to an order being placed

Disposal of Hardware

All hardware must be sent to the IT Department for stripping and disposal using a licensed waste disposal company. Hardware that is to be sent for secure destruction includes (but is not limited to):

• Desktop and Portable Computer Systems

• Mobile Devices

• Networking Devices (Routers, Switches, etc)

• Storage Devices (USB Keys, External Hard Drives, etc)

• Computer Monitors and Peripherals

• IT Cables (Monitor Leads, Network Cables, Power Cables)

Those disposing with the equipment should liaise with the IT department directly to arrange the fully disposal process.

Purchasing desktop computer systems

All desktop computer systems purchased must run a current Windows based operating system (Professional Version) and integrate with the company’s Windows Server Domain and all other company IT systems. Desktop computer systems must have a minimum of 1-year business level warranty.

For security reasons, desktop computer systems must be joined to the company Windows Server Domain by the IT Department

Only desktop computer systems approved by the IT Department may be purchased and utilised for company business.

Purchasing portable computer systems

All portable computer systems (laptops) purchased must run a current Windows based operating system (Professional Version) and integrate with the company’s Windows Server Domain and all other company IT systems. Portable computer systems must have a minimum of 1-year business level warranty.

For security reasons, portable computer systems must be joined to the company Windows Server Domain by the IT Department.

Only portable computer systems approved by the IT Department. may be purchased and utilised for company business.

Purchasing server systems

Server systems are only to be purchased by the company IT Department once approved by a Company Director

Server systems purchased must be compatible with all other computer hardware and software in the business except where an upgrade project is underway

All purchases of server systems must have a minimum of 3 years enterprise level warranty.

Purchasing computer peripherals

Computer system peripherals include Keyboards, Mice, External Storage (HDD, USB, Flash, CD, DVD Blu-Ray) Screens, Speakers, Microphones and Webcams.

Computer peripherals can only be purchased where they are not included in any hardware purchase or are considered to be an additional requirement to existing peripherals.

Computer peripherals purchased must be compatible with all other computer hardware and software in the business.

The purchase of computer peripherals can only be authorised by Line Managers, The IT Department, or a Company Director.

All purchases of computer peripherals must be supported by manufactures warranty and be compatible with the business’s other hardware and software systems

Purchasing mobile telephones

The purchase of a company mobile phone must be via the IT Department

The mobile phone must be compatible with the business’s current hardware and software systems.

All mobile phones must be supported by the Manufacturer’s Warranty.

Downloading or Installing Software Policy

Purpose of the Policy

This policy provides guidelines for the purchase of software for the business to ensure that all software used by the business is appropriate, achieves value for money and where applicable integrates with other technology for the business. This policy applies also to software obtained as part of hardware bundle or pre-loaded software.

Request for Software

All software, including non-commercial software such as open source, freeware, and 3rd party software applications must be approved by the IT Department prior to the installation or use of such software.

Purchase of software

The purchase of all software must adhere to this policy.

All purchased software must be purchased and installed by the IT Department.

All purchases of software must be compatible with the business’s server and/or hardware systems

Obtaining open source or freeware software

Open source or freeware software can be obtained without payment and usually downloaded directly from the internet.

In the event that open source or freeware software is required, approval from the IT Department must be obtained prior to the installation and use of such software

All open source or freeware must be compatible with the business’s hardware and software systems.

Use of Software Policy

Purpose of the Policy

This policy provides guidelines for the use of software for all employees within the business to ensure that all software use is appropriate. Under this policy, the use of all open source and freeware software will be conducted under the same procedures outlined for commercial software.

Software Licensing

All computer software copyrights and terms of all software licences will be followed by all employees of the business.

Where licensing states limited usage (i.e. number of computers or users etc.), then it is the responsibility of the IT Department to ensure these terms are followed

The IT Department is responsible for completing a software audit twice a year to ensure that software copyrights and licence agreements are adhered to.

Software Installation

All software must be appropriately registered with the supplier where this is a requirement. Tingdene Parks Limited, Tingdene Marinas Limited, Tingdene Boat Sales Limited and Tingdene Holiday Parks Limited (as appropriate) is to be the registered owner of all software.

Only software obtained in accordance with the downloading or installing software policy is to be installed on the business’s computers.

All software installation is to be carried out by The IT Department

Software Usage

Only software purchased in accordance with the downloading or installing software policy is to be used within the business.

All employees must seek training for all new software. This includes new employees to be trained to use existing software appropriately. This will be the responsibility of their line manager to arrange.

Employees are prohibited from bringing software from home and loading it onto the business’s computer hardware without approval from the IT Department

Unless express approval from the IT Department. is notified, software cannot be taken home and loaded on an employees’ home computer

Where an employee is required to use software at home, an evaluation of providing the employee with a portable computer will be undertaken in the first instance. Where it is found that software can be used on an employee’s home computer, authorisation from the IT Department is required to purchase separate software if licensing or copyright restrictions apply. Where software is purchased in this circumstance, it remains the property of the business and must be recorded on the software register by the IT Department

The unauthorised duplicating, acquiring or use of software copies is prohibited. Any employee who makes, acquires, or uses unauthorised copies of software will be referred to their line manager for further consultation, such action may result in the company instigating its disciplinary policy

Bring Your Own Device Policy

Purpose of the Policy

This policy provides guidelines for the use of personally owned notebooks, smart phones, tablets for business purposes. All staff who use or access Tingdene Parks Limited, Tingdene Marinas Limited, Tingdene Boat Sales Limited and Tingdene Holiday Parks Limited technology equipment and/or services are bound by the conditions of this Policy.

Procedures

Registration of personal mobile devices for business use

Employees when using personal devices for business use will need to register the device with the IT Department before use.

Each employee who utilises personal mobile devices agrees:

• Not to use the registered mobile device as a repository for company information.

• To make every reasonable effort to ensure that company information is not compromised through the use of mobile equipment in a public place. Screens displaying sensitive or critical information should not be seen by unauthorised persons and all registered devices should be password protected.

• To secure the device with IT Department approved paid firewall and anti-virus, free editions of security software are not adequate for our security

• Not to share the device with other individuals to protect the business data access through the device

• To notify the IT Department immediately in the event of loss or theft of the registered device

• To allow the IT Department to install company management software called Maas360.

All employees who have a registered personal mobile device for business use acknowledge that the business:

• Owns all intellectual property created on the device

• Can access all data held on the device, including personal data

• Will regularly back-up data held on the device

• Will delete all data held on the device in the event of loss or theft of the device

• Has the right to deregister the device for business use at any time.

Keeping mobile devices secure

The following must be observed when handling mobile computing devices (such as notebooks and iPads):

• Mobile computer devices must never be left unattended in a public place, or in an unlocked house, or in a motor vehicle, even if it is locked. Wherever possible they should be kept on the person or securely locked away

• Cable locking devices should also be considered for use with laptop computers in public places, e.g. in a seminar or conference, even when the laptop is attended

• Mobile devices should be carried as hand luggage when travelling by aircraft.

Breach of this policy

Any breach by an employee will be referred to their Line Manager who may consult the IT Department to ask for a review of the breach. Action may then be taken to instigate the Company’s Disciplinary Procedure

Indemnity

The company bears no responsibility whatsoever for any legal action threatened or started due to conduct and activities of staff in accessing or using these resources or facilities. All staff indemnify the company against any and all damages, costs and expenses suffered by the company arising out of any unlawful or improper conduct and activity, and in respect of any action, settlement or compromise, or any statutory infringement. Legal prosecution following a breach of these conditions may result independently from any action by the company

Emergency Management of Information Technology

Purpose of the Policy

This policy provides guidelines for emergency management of all information technology within the business.

IT Hardware Failure

Where there is failure of any of the business’s hardware, this must be referred to IT Department immediately.

It is the responsibility of the IT Department to undertake tests on planned emergency procedures quarterly to ensure that all planned emergency procedures are appropriate and minimise disruption to business operations.

Point of Sale Disruptions

In the event that point of sale (POS) system is disrupted, the following actions must be immediately undertaken:

• POS provider to be notified.

• All POS transactions to be taken using an alternative site PDQ machine or a spare located at the site experiencing issues.

• For all manual POS transactions, customer signatures must be verified.

Virus or other security breach

In the event that the business’s information technology is compromised by software virus, malware and denial of service attacks, that such breaches are to be reported to the IT Department immediately.

The IT Department is responsible for ensuring that any security breach is dealt with within in the most efficient manner possible to minimise disruption to business operations.

Website Disruption

In the event that business website is disrupted, the IT Department are to be notified immediately. The IT Department will take effective action to resolve the issues in the most efficient manner possible to minimise disruption to business operations.