Computer & Network Policies, Procedures and Forms

The IT Manual contains 40 procedures, 72 forms and over 170 activities, all provided in a thorough format including applicable references, checklists and exhibits. This manual covers various IT-related areas including IT administration, IT asset management, IT training and support, IT security and disaster, and software development. Use these documents to ensure smooth operations of your IT functions and alignment of your IT processes in your company.

Write Your Computer & IT Policies & Procedures Faster

The Computer and Network Policy, Procedures and Forms Manual discusses strategic IT management, control of computer and network assets, and includes a section on creating your own information systems manual along with a computer and IT security guide.

The computer, network and IT Policies, Procedures Manual helps you comply with Sarbanes Oxley, COBIT or ISO 17799 security and control requirements.

You get all the content in editable MS-Word files so you can easily customize the manual to fit your needs.

Fast, easy compliance with COBIT (Control Objectives for Information and related Technology), the latest ISO 17799:2005, which focuses on security and effective security planning, and Sarbanes-Oxley Act of 2002, now required by the SEC for all publicly traded companies.

The Computer and Network Policy, Procedures and Forms Manual covers the ten main sections of ISO 17799: security policy, security organization, asset classification and control, personnel security, physical and environmental security, communications and operations management, access control, systems development and maintenance, business continuity management, and compliance.

Prewritten "Best-Practices" IT Policies and Procedures

Available in hard copy and editable MS-Word files, the computer security policy manual is a valuable reference for Information Technology Businesses, IT Managers, IT Policy Experts and IT departments.

Who Needs IT Management Manual of IT Policies and Procedures?

The need to review information technology (IT) management concepts�the background, structure, IT standards and definitions�is greater now than it ever was and will continue to be so. Information technology solutions have become more robust, more specialized, and more varied with time. The rapid pace change continues, despite predictions over a decade ago that � Moore �s Law� had run its course.

This Computer, Network and IT Policies and Procedures Manual allows IT Managers, IT departments and IT executives to develop their own unique IT policy and procedures.

The IT Policies and Procedures in the Computer & IT Manual are divided into five sections (tabs). Most procedures include activities (sub processes) and/or supporting forms. Additional resources and references are listed where appropriate.

-Business Planning
-IT Department Objective Planning
-IT Plan Development
-IT Plan Implementation
-IT Plan Review
-IT Plan Update

Forms

-ITAD101-1 � Information Technology Plan
-ITAD101-2 � IT Plan Review Checklist

ITAD102 - IT Records Management Procedure

Activities

-Identification of Records
-Record Generation
-Record Management
-Technology Obsolescence
-Records Audit

Forms

-ITAD102-1 � Records Classification and Retention Guide
-ITAD102-2 � Records Management Database

ITAD103 - IT Document Management Procedure

Activities

-Planning Document Management
-Document Management Plan
-Document Management Plan Review
-Document Management Plan Update

Forms

-ITAD103-1 � Document Control List
-ITAD103-2 � Document Change Request Form
-ITAD103-3 � Document Change Control Form

ITAD104 - IT Device Naming Conventions Procedure

Activities

-Server Naming Conventions
-Network Host Naming Conventions
-Mainframe Naming Conventions
-Infrastructure Device Naming Conventions

ITAD105 - TCP/IP Implementation Standards Procedure

Activities

-TCP/IP Address
-Dynamic Host Configuration Protocol
-Network Address Translation
-Subnet Addressing Standards
-WAN Link Addressing Conventions

ITAD106 - Network Infrastructure Standards Procedure

Activities

-Network Infrastructure Standards Development
-Network Infrastructure Standards Implementation
-Network Infrastructure Standards Review

Forms

-ITAD106-1 � Network Infrastructure Standards List

ITAD107 - Computer and Internet Usage Policy

Activities

-Acceptable Use
-Inappropriate Use
-Internet and E-Mail Etiquette
-Security
-Penalties
-Conclusion
-User Compliance

ITAD108 - E-Mail Policy

Activities

-E-Mail Policy Development
-E-Mail Policy Implementation
-E-Mail Policy Review
-E-Mail Policy Changes

Forms

-ITAD108-1 � Company E-Mail Policy Acknowledgement

ITAD109 - IT Outsourcing Procedure

Activities

-Identifying a Candidate Function for Outsourcing
-Selecting an IT Outsourcer
-Outsourcer Billings
-Arbitration
-Outsourcer Relationship Management

Forms

-ITAD109-1 � IT Outsourcer Due Diligence Checklist
-ITAD109-2 � IT Outsourcer Record

ITAD110 - IT Department Satisfaction Procedure

Activities

-General
-Post-Service Follow-Up
-User Survey
-User Satisfaction Review

Forms

-ITAD110-1 � IT Post-Service Satisfaction Report
-ITAD110-2 � User Satisfaction Survey

ITAM101 - IT Asset Standards Procedure

Activities

-IT Asset Standards Development
-IT Asset Standards Implementation
-IT Asset Standards Assessment

Forms

-ITAM101-1 � IT Asset Standards List
-ITAM101-2 � IT Asset Configuration Worksheet
-ITAM101-3 � IT Asset Standards Exception Request

ITAM102 - IT Asset Management Procedure

Activities

-IT Asset Planning
-IT Asset Acquisition
-IT Asset Inspection, Acceptance, & Distribution
-IT Asset Disposal
-IT Asset Verification

Forms

-ITAM102-1 � IT Asset Requisition/Disposal Form
-ITAM102-2 � IT Asset Acquisition List
-ITAM102-3 � Tech Support Receiving Log
-ITAM102-4 � Nonconforming IT Asset Form
-ITAM102-5 � IT Asset Inventory Database
-ITAM102-6 � IT Network Map

ITAM103 - IT Vendor Selection Procedure

Activities

-IT Vendor Evaluation
-Request For Proposal
-IT Vendor Selection
-IT Vendor Review
-IT Vendor Files

Forms

-ITAM103-1 � IT Vendor Notification Form
-ITAM103-2 � IT Vendor Survey
-ITAM103-3 � Approved IT Vendor Data Sheet
-ITAM103-4 � IT Vendor List
-ITAM103-5 � IT Vendor Disqualification Form

ITAM104 - IT Asset Assessment Procedure

Activities

-IT Asset Assessment Plan
-IT Asset Scan
-Documentation and Distribution
-Nonconformance Handling
-IT Asset Records Update

Forms

-ITAM104-1 � IT Asset Assessment Checklist
-ITAM104-2 � IT Asset Scan Summary

ITAM105 - IT Asset Installation Satisfaction Procedure

Activities

-IT User Satisfaction Plan
-IT Asset Installation Follow-Up
-User Satisfaction Data Review
-Corrective/Preventive Action
-Ongoing Evaluation

Forms

-ITAM105-1 � IT Asset Installation Follow-Up Report

-Planning System Administration
-System Administration Plan
-System Administration Plan Review
-System Administration Plan Update

Forms

-ITTS101-1 � System Administration Task List

ITTS102 - IT Support Center Procedure

Activities

-IT Support Center Overview
-IT Support Center Plan (Operations)
-IT Support Plan Review
-IT Support Plan Update

Forms

-ITTS102-1 � Tech Support Log
-ITTS102-2 � System Trouble Acknowledgement Form

ITTS103 - IT Server / Network Support Procedure

Activities

-Server / Network Support Planning
-Server / Network Support Plan
-Support Plan Review
-Support Plan Update

Forms

-ITTS103-1 � Server / Network Planning Checklist
-ITTS103-2 � Server / Network Support Plan

ITTS104 - IT Troubleshooting Procedure

Activities

-IT Troubleshooting � Planning
-IT Troubleshooting Plan
-IT Troubleshooting Plan Review
-IT Troubleshooting Plan Update

Forms

-ITTS104-1 � IT Troubleshooting Plan
-ITTS104-2 � User Troubleshooting Guide

ITTS105 - IT User-Staff Training Plan

Activities

-Planning IT User-Staff Training
-The IT User-Staff Training Plan-
-IT User-Staff Training Plan Evaluation (Review)
-IT User-Staff Training Plan Update

Forms

-ITTS105-1 � IT Training Requirements List
-ITTS105-2 � IT Training Log

-Threat and Risk Assessment � Introduction
-Threat Assessment Preparation
-Threat Assessment
-Threat/Risk Management Review

Forms

-ITSD101-1 � IT Threat / Risk Assessment Report

ITSD102 - IT Security Plan

Activities

-Preparing The IT Security Plan
-Developing The IT Security Plan
-Implementing The IT Security Plan
-IT Security Plan Review
-IT Security Plan Update

Forms

-ITSD102-1 � IT Security Assessment Checklist
-ITSD102-2 � IT Security Plan
-ITSD102-3 � IT Security Plan Implementation Schedule

ITSD103 - IT Media Storage Procedure

Activities

-IT Storage Planning
-IT Storage Plan
-IT Storage Plan Review
-Updating The IT Storage Plan

Forms

-ITSD103-1 � Information Storage Plan

ITSD104 - IT Disaster Recovery Procedure

Activities

-IT Disaster Recovery Planning
-IT Disaster Recovery Plan
-IT Disaster Recovery Plan Review
-IT Disaster Recovery Plan Revision

Forms

-ITSD104-1 � IT Disaster Recovery Plan

ITSD105 - Computer Malware Procedure

Activities

-Malware Defense Planning
-Malware Defense Plan
-Malware Defense Plan Review
-Malware Defense Plan Update

ITSD106 - IT Access Control Procedure

Activities

Planning Access Control
-IT Access Control Plan
-IT Access Control Plan Review
-IT Access Control Plan Update

Forms

-ITSD106-1 � Access Control Plan
-ITSD106-2 � User Access Control Database
-ITSD106-3 � Access Control Log
-ITSD106-4 � User Account Conventions

ITSD107 - IT Security Audits Procedure

Activities

-IT Security Audit Planning
-IT Security Audit Plan
-IT Security Audit Review
-Corrective Action

Forms

-ITSD107-1 � IT Security Audit Report
-ITSD107-2 � IT Nonconformity Report
-ITSD107-3 � IT Security Audit Plan

ITSD108 - IT Incident Handling Procedure

Activities

-IT Incident Handling Preparation
-IT Incident Handling
-IT Incident Handling Review

Forms

-ITSD108-1 � IT Incident Report/Response Form

-IT Project Needs Identification
-IT Project Definition
-IT Project Definition Review
-IT Project Plan

Forms

-IEEE Software Engineering Standards List
-ITSW101-1 � IT Project Plan

ITSW102 - IT Project Management Procedure

Activities

-IT Project Setup
-IT Project Schedule
-IT Project Cycle Management
-IT Project Review

Forms

-ITSW102-1 � IT Project Development Database
-ITSW102-2 � IT Project Status Report
-ITSW102-3 � IT Project Team Review Checklist
-ITSW102-4 � IT Project Progress Review Checklist

ITSW103 - Systems Analysis Procedure

Activities

-Introduction
-System Requirements
-Information Flows Documentation
-Acceptance Test Plan
-Beta Test Plan
-Systems Analysis Review

ITSW104 - Software Design Procedure

Activities

-Introduction
-Software Design Specification
-Software Design Review

Forms

-ITSW104-1 � Design Review Checklist

ITSW105 - Software Programming

Activities

-Programming Standards
-Programming Tasks
-Software Development
-Programming Reviews

Forms

-ITSW105-1 � Work Product Review Checklist

ITSW106 - Software Documentation Procedure

Activities

-Software Assessment
-Documentation Production
-Final Review
-Documentation Release
-Document Revision
-Procedure and Work Instruction Format

Forms

-ITSW106-1 � Request for Document Change (RDC)
-ITSW106-2 � Document Change Control

ITSW107 - Software Testing Procedure

Activities

-Software Testing Overview
-Acceptance Testing
-Beta Testing
-Final Release Testing

Forms

-ITSW107-1 � Project Test Script
-ITSW107-2 � Project Test Checklist
-ITSW107-3 � Project Test Problem Report

ITSW108 - Design Changes During Development

Activities

-Introduction
-Design Change Review
-Design Change Implementation

Forms

-ITSW108-1 � Design Change Request Form

ITSW109 - Software Releases and Updates

Activities

-Introduction
-Version Control Standards
-Configuration Control Standards
-Release Control Standards
-Software License, Warranty, and Copyright

Forms

-ITSW109-1 � Product License Agreement
-ITSW109-2 � Limited Warranty
-ITSW109-3 � Copyright Notice

ITSW110 - Software Support Procedure

Activities

-Support Overview
-Support Services Management
-Free Basic Support Services
-Extended Support Services
-User Group Support
-Phone Support Services

ITSW111 - Software Consulting Services

Activities

-Introduction
-Cost Estimates
-Enhancements and Customizations
-Software Problems
-Consulting Services Review

Forms

-ITSW111-1 � Consulting Agreement
-ITSW111-2 � Statement of Work
-ITSW111-3 � Customer Support Log

ITSW112 - Software Training Procedure

Activities

-Introduction
-Standard Training Courses
-Customized Training Courses
-Teaching Training Courses

Forms

-ITSW112-1 � Software Training Evaluation Form

-The Computer and IT Manual includes 72 forms that accompany the procedures.

IT Administration

-ITAD101-1 � Information Technology Plan
-ITAD101-2 � IT Plan Review Checklist
-ITAD102-1 � Records Classification And Retention Guide
-ITAD102-2 � Records Management Database
-ITAD103-1 � Document Control List
-ITAD103-2 � Document Change Request Form
-ITAD103-3 � Document Change Control Form
-ITAD106-1 � Network Infrastructure Standards List
-ITAD108-1 � Company E-Mail Policy Acknowledgement
-ITAD109-1 � IT Outsourcer Due Diligence Checklist
-ITAD109-2 � IT Outsourcer Record
-ITAD110-1 � IT Post-Service Satisfaction Report
-ITAD110-2 � User Satisfaction Survey

IT Asset Management

-ITAM101-1 � IT Asset Standards List
-ITAM101-2 � IT Asset Configuration Worksheet
-ITAM101-3 � IT Asset Standards Exception Request
-ITAM102-1 � IT Asset Requisition/Disposal Form
-ITAM102-2 � IT Asset Acquisition List
-ITAM102-3 � Tech Support Receiving Log
-ITAM102-4 � Nonconforming IT Asset Form
-ITAM102-5 � IT Asset Inventory Database
-ITAM102-6 � IT Network Map
-ITAM103-1 � IT Vendor Notification Form
-ITAM103-2 � IT Vendor Survey
-ITAM103-3 - Approved IT Vendor Data Sheet
-ITAM103-4 � IT Vendor List
-ITAM103-5 � IT Vendor Disqualification Form
-ITAM104-1 � IT Asset Assessment Checklist
-ITAM104-2 � IT Asset Scan Summary
-ITAM105-1 � IT Asset Installation Follow-Up Report

IT Training & Support

-ITTS101-1 � System Administration Task List
-ITTS102-1 � Tech Support Log
-ITTS102-2 � System Trouble Acknowledgement Form
-ITTS103-1 � Server / Network Planning Checklist
-ITTS103-2 � Server / Network Support Plan
-ITTS104-1 � IT Troubleshooting Plan
-ITTS104-2 � User Troubleshooting Guide
-ITTS105-1 � IT Training Requirements List
-ITTS105-2 � IT Training Log

IT Security & Disaster Recovery

-ITSD101-1 � IT Threat / Risk Assessment Report
-ITSD102-1 � IT Security Assessment Checklist
-ITSD102-2 � IT Security Plan
-ITSD102-3 � IT Security Plan Implementation Schedule
-ITSD103-1 � Information Storage Plan
-ITSD104-1 � IT Disaster Recovery Plan
-ITSD106-1 � Access Control Plan
-ITSD106-2 � User Access Control Database
-ITSD106-3 � Access Control Log
-ITSD106-4 � User Account Conventions
-ITSD107-1 � IT Security Audit Report
-ITSD107-2 � IT Nonconformity Report
-ITSD107-3 � IT Security Audit Plan
-ITSD108-1 � IT Incident Report/Response Form

Software Development

-ITSW102-1 � IT Project Development Database
-ITSW102-2 � IT Project Status Report
-ITSW102-3 � IT Project Team Review Checklist
-ITSW102-4 � IT Project Progress Review Checklist
-ITSW104-1 - Design Review Checklist
-ITSW105-1 � Work Product Review Checklist
-ITSW106-1 � Request For Document Change (Rdc)
-ITSW106-2 � Document Change Control
-ITSW107-1 � Project Test Script
-ITSW107-2 � Project Test Checklist
-ITSW107-3 � Project Test Problem Report
-ITSW108-1 � Design Change Request Form
-ITSW109-1 � Product License Agreement
-ITSW109-2 � Limited Warranty
-ITSW109-3 � Copyright Notice
-ITSW111-1 � Consulting Agreement
-ITSW111-2 � Statement Of Work
-ITSW111-3 � Customer Support Log
-ITSW112-1 � Software Training Evaluation Form

The Computer, Network & IT Procedures Manual also includes a sample IT Manual.

The IT manual establishes and states the policies governing The Company�s IT standards and practices. These policies define management�s arrangements for managing operations and activities in accordance with computer industry practices. These top-level policies represent the plans or protocols for achieving and maintaining the confidentiality, integrity and availability of all IT Assets.

Sample IT Manual Table of Contents

Table of Figures

List of Referenced Procedures

Purpose

Scope
Responsibility
Exclusions

Management Responsibility
IT Organization
Management Commitment
Management IT Policy
Planning
Responsibility, Authority, and Communication
Management Reporting
Business Conduct

IT Management System
Objectives
Requirements
Transactions
Documentation
Security

Processes and Controls
IT Administration
Asset Management
IT Training and Support
IT Security and Disaster Recovery
Software Development

Resource Management
Provision of Resources
Human Resources
Infrastructure
Work Environment

Information Security is vital for any organization. IT security is all about securing and protecting your IT assets and information is likely your most prized asset. IT is pretty much a commodity these days, but your information is your business. Failure to secure information could have legal, economic or physical ramifications for your organization.

Why Information Security?

-A Brief History of Information Security
-What Is At Risk?
-Why Company Executives Should Read These Guidelines
-A Final Word on Considering IT Security Issues
-Introductory Security Checklist

Assessing Your Needs

-Introduction to Risk Assessment
-Commonly Asked Questions
-Components of Risk
-Dealing with Risk
-Guidelines for Risk Assessment
-Closing Thoughts on Risk Assessment
-Risk Assessment Checklist

Information Security Policy: Development and Implementation

-Why Do You Need a Security Policy?
-Commonly Asked Questions
-How to Develop Policy
-From Board Room to Break Room: Implementing Security Policy
-Closing Thoughts on Policy
-Policy Development and Implementation Checklist

Information Security Management

-Introduction to Security Management
-Commonly Asked Questions
-Nurturing Support within the Organization
-Planning for the Unexpected
-Testing and Review
-Implementation and Day-to-Day Maintenance
-IT Security Management Checklist

Protecting Your System: Physical Security

-Introduction to Physical Security
-Commonly Asked Questions
-Policy Issues
-Physical Security Checklist

Protecting Your System: Information Security

-Introduction to Information Security
-Commonly Asked Questions
-Policy Issues
-Information Threats
-Information Security Countermeasures
-Information Security Checklist

Protecting Your System: Software Security

-Introduction to Software Security
-Commonly Asked Questions
-Policy Issues
-Software Threats (Examples)
-Software Security Countermeasures
-Software Security Checklist

Protecting Your System: User Access Security

-Introduction to User Access Security
-Commonly Asked Questions
-Policy Issues
-User Access Threats (Examples)
-User Access Security Countermeasures
-User Access Security Checklist

Protecting Your System: Network (Internet) Security

-Introduction to Network Security
-Commonly Asked Questions
-Policy Issues
-Network Threats (Examples)
-Network Security Countermeasures
-Closing Thoughts on Network Security
-Network Security Checklist

Training: A Necessary Investment in People

-Introduction to Training
-Commonly Asked Questions
-Targeting Training Efforts
-How Does Security Affect the Workplace?
-Training Goals
-A Sample Training Outline
-Training Frequency
-Closing Thoughts on Security Training
-Security Training Checklist
-Reference Materials