Bizmanualz Sample from the Computer & IT Policies and Procedures Manual includes
an example policy, procedure, a list of topics, forms and job descriptions.
The Computer and Network Policy, Procedures and Forms Manual discusses strategic IT management, control of computer and network assets, and includes a section on creating your own information systems manual along with a computer and IT security guide. The Computer & Network Manual helps you comply with Sarbanes Oxley, COBIT or ISO 27002 security and control requirements. This Computer and Network Manual allows IT Managers, IT departments and IT executives to develop their own unique IT policy and procedures.
Includes seven (7) modules:
1. Introduction and Table of Contents
2. Guide to preparing a well written manual
3. A Sample Manual covering common requirements and practices
4. 41 Policies and 75 corresponding forms
5. Software Development Supplement
6. IT Security Guide
7. 33 Job Descriptions covering every position referenced in the Manual
8. Complete Index.
1. SAMPLE POLICY FROM THE BUSINESS POLICIES AND PROCEDURES SAMPLER INCLUDES A LIST OF
Bizmanualz Sample from the Computer & IT Policies and Procedures Manual includes
an example policy, procedure, a list of topics, forms and job descriptions
Computer & IT Policies and Procedures Manual
The Computer and Network Policy, Procedures and Forms Manual
discusses strategic IT management, control of computer and network
assets, and includes a section on creating your own information systems
manual along with a computer and IT security guide. The Computer &
Network Manual helps you comply with Sarbanes Oxley, COBIT or ISO
27002 security and control requirements. This Computer and Network
Manual allows IT Managers, IT departments and IT executives to develop
their own unique IT policy and procedures
US$ 595.00
How to Order:
Online:
www.bizmanualz.com
By Phone: 314-384-4183
866-711-5837
Email: sales@bizmanualz.com
Includes seven (7) modules:
1. Introduction and Table of Contents
2. Guide to preparing a well written manual
3. A Sample Manual covering common
requirements and practices
4. 41 Policies and 75 corresponding forms
5. Software Development Supplement
6. IT Security Guide
7. 33 Job Descriptions covering every position
referenced in the Manual
8. Complete Index
• Instant download
• Available immediately
• (no shipping required)
Sample Policy from Computer & IT Policies and Procedures Manual
IT Asset Management Section: IT Asset Assessment
Document ID
ITAM104
Title
IT ASSET ASSESSMENT
Print Date
mm/dd/yyyy
Revision
0.0
Prepared By
Preparer’s Name/Title
Date Prepared
mm/dd/yyyy
Effective Date
mm/dd/yyyy
Reviewed By
Reviewer’s Name/Title
Date Reviewed
mm/dd/yyyy
Approved By
Final Approver’s Name/Title
Date Approved
mm/dd/yyyy
Policy: The Company shall assess (evaluate) its Information Technology assets for
conformance to Company requirements.
Purpose: To identify hardware and software (Information Technology assets) on the
Company Information Technology network, determine if those assets are
appropriate for the Company’s needs, determine if these assets are properly
licensed and versioned, and if they conform to Company standards.
Scope: All Information Technology assets that make up the Company’s Information
Technology system/network are subject to this procedure.
Responsibilities:
The Information Technology Asset Manager is responsible for supervising the
Information Technology asset assessment program.
2. SAMPLE POLICY FROM THE BUSINESS POLICIES AND PROCEDURES SAMPLER INCLUDES A LIST OF
Bizmanualz Sample from the Computer & IT Policies and Procedures Manual includes
an example policy, procedure, a list of topics, forms and job descriptions
The Tech Support Manager is responsible for conducting complete, detailed,
and objective Information Technology asset assessments, writing
nonconformance reports, and reporting findings of Information Technology
asset assessments.
Definitions: Network scan (or scan) – Scanning an Information Technology network (with
specialized software) to confirm the presence or absence of computer hardware
or software, check asset configurations, verify software versions, manage
software licenses, track lease and warranty information, detect network
vulnerabilities, etc. Commercial and open source software for conducting
Information Technology asset scans is readily available; see Additional Resource
A for guidance.
Information Technology Asset – Any computer hardware, software, Information
Technology-based Company information, related documentation, licenses,
contracts or other agreements, etc. In this context, Information Technology
assets may be referred to as just “assets”.
Nonconformance – A significant, material failure to conform to one or more
requirements; also referred to as a “nonconformity”. Moving a PC from one
desk/user to another without the knowledge or permission of the Information
Technology Asset Manager is one example of a nonconformance.
Procedure:
1.0 IT asset assessment PLAN
1.1 Information Technology asset assessments shall be conducted at regular intervals.
Assessments should be conducted annually, at a minimum. (See Reference A.)
• Information Technology asset assessments should also be conducted whenever a
large turnover of assets (for example, a large number of PC leases expires in a short
time frame) occurs.
1.2 Prior to an assessment, the Information Technology Asset Manager shall review
ITAM104-1 IT ASSET ASSESSMENT CHECKLIST for possible modifications. This checklist
shall be used by the Tech Support Manager as a guide to conducting Information
Technology asset assessments.
2.0 IT Asset SCAN
2.1 The Information Technology Asset Manager shall ensure that the Tech Support Manager
has the current version of the following on hand prior to conducting a network scan:
• ITAM102-5 IT ASSET INVENTORY DATABASE;
• ITAM102-6 IT NETWORK MAP; and
• ITAM104-1 IT ASSET ASSESSMENT CHECKLIST.
2.2 the Tech Support Manager shall run a scan on the Company’s Information Technology
network to determine the status of all Information Technology assets on the network
and compare the results with the documents listed in 2.1, looking for information such
as:
3. SAMPLE POLICY FROM THE BUSINESS POLICIES AND PROCEDURES SAMPLER INCLUDES A LIST OF
Bizmanualz Sample from the Computer & IT Policies and Procedures Manual includes
an example policy, procedure, a list of topics, forms and job descriptions
• What Information Technology hardware is on the network and who are the
registered “owners”;
• Whether hardware is in use or not;
• What software is installed on each computer, whether it is the correct version, and
whether it is a licensed copy; and/or
• Whether unapproved/unauthorized software has been installed on any PC.
2.3 If a nonconformance is found, the Tech Support Manager shall report it in accordance
with procedure ITSD109 IT INCIDENT HANDLING.
3.0 DOCUMENTATION AND DISTRIBUTION
3.1 The Tech Support Manager shall consolidate and summarize asset scan results on
ITAM104-2 IT ASSET SCAN SUMMARY.
3.2 The Tech Support Manager shall prepare and submit their findings – including forms
ITAM104-1 and ITAM104-2 – to the Information Technology Asset Manager.
4.0 NONCONFORMANCE HANDLING
4.1 If a nonconformance is discovered in the course of an asset assessment, the Information
Technology Asset Manager shall write a Corrective Action Request (CAR), in accordance
with procedure ITSD109 IT INCIDENT HANDLING.
4.2 The CAR shall be submitted to the Manager of the department where the
nonconformance occurred.
4.3 The Department Manager receiving the CAR shall submit a reply in accordance with
procedure ITSD109 IT INCIDENT HANDLING.
4.4 If a corrective action was taken, the Information Technology Asset Manager should
review the situation within three months to verify that the corrective action was
effective.
5.0 IT ASSET Records update
After the Information Technology asset assessment and subsequent corrective actions,
The Information Technology Asset Manager shall ensure timely and accurate updates to
ITAM102-5 IT ASSET INVENTORY DATABASE and ITAM102-6 IT NETWORK MAP. (See
Reference B.)
Forms:
• ITAM104-1 IT ASSET ASSESSMENT CHECKLIST
• ITAM104-2 IT ASSET SCAN SUMMARY
References:
A. ISO STANDARD 27002:2013 – CODE OF PRACTICE FOR INFORMATION SECURITY
MANAGEMENT, CLAUSE 8 ASSET MANAGEMENT
Clause 8 of the Standard is the Asset Management standard, which deals with asset
accountability and information classification.
4. SAMPLE POLICY FROM THE BUSINESS POLICIES AND PROCEDURES SAMPLER INCLUDES A LIST OF
Bizmanualz Sample from the Computer & IT Policies and Procedures Manual includes
an example policy, procedure, a list of topics, forms and job descriptions
ISO Standard 27002:2011 and its companion standards, ISO 27001:2011 and ISO
27005:2008, provide a comprehensive set of controls comprising best practices
in the field of information security.
ISO 27002 was formerly known to ISO as “17799” and may continue to be known
that way in the business and Information Technology world for some time. See
http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm
B. SARBANES-OXLEY ACT OF 2002
Sarbanes-Oxley, passed by the U.S. Congress in 2002, is designed to prevent
manipulation, loss, or destruction of records within publicly-held companies doing
business in the U.S. Because virtually all companies keep records electronically, Section
404 of the Act implies that “an adequate internal control structure” is Information
Technology-based.
Therefore, regular scanning of the Company’s Information Technology network,
evidence of regular scanning, and keeping an up-to-date Information Technology asset
inventory are all evidence of adequate internal controls.
Additional Resources:
A. There are many types of scans that may be conducted on a computer network –
hardware scans, software scans, wireless and wired network scans, security scans, etc.
System Center 2012 R2 Configuration Manager (http://www.microsoft.com/en-
us/server-cloud/products/system-center/2012-r2-configuration-
manager/default.aspx#fbid=Xd6tQVcmWsT) is one form of asset management software.
Additional asset management software providers and their products may be found by
searching the Internet.
Revision History:
Revision Date Description of Changes Requested By
0 mm/dd/yyyy Initial Release
5. SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL INCLUDES AN EXAMPLE
PROCEDURE, A LIST OF TOPICS, FORMS AND JOB DESCRIPTIONS
Form: ITAM104-1 IT ASSET ASSESSMENT CHECKLIST
Assessment #: Date:
Area Evaluated: Dept. Mgr.:
Lead Assessor: Assessor:
IT Asset Accountability Response and Comments
1) Is every IT asset – hardware, software, and related
documentation – accounted for?
2) Is an IT asset inventory maintained?
3) Is an IT asset classification scheme in place?
4) Does the inventory identify the owner and location of each
asset?
5) Does the company have a clear set of standards for IT
assets? Are the standards up to date? How often are they
reviewed? Do they conform to industry standards and/or
legal requirements?
6) Is the IT asset inventory reviewed regularly to see the
company does not risk having obsolete IT assets in
inventory?
7) Does every hardware asset conform to company standards?
Are they clearly and properly identified?
8) Do all software assets conform to company standards? Are
they clearly and properly identified?
9) Does the IT asset inventory thoroughly and accurately
account for software versions and licenses?
10) Is there an IT network diagram? Is it accurate? Is it readily
produced? When was it last reviewed? How frequently is it
reviewed?
Tech Support Area Response and Comments
1) Are workers organized and scheduled?
2) Are adequate working areas provided for tasks?
3) Are drawings and schematics organized, inventoried and
readily accessible?
4) Are work instructions sufficient?
5) Are all items (new hardware/software, items being
repaired, etc.) inventoried?
6) Is there any obvious disorganization?
6. SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL INCLUDES AN EXAMPLE
PROCEDURE, A LIST OF TOPICS, FORMS AND JOB DESCRIPTIONS
▪ Tools randomly scattered about?
▪ Parts on benches disorganized?
▪ Components or parts for other assemblies present?
7) Are work areas (benches) clean?
8) Are parts organized and stored efficiently? Are stores
clearly marked?
9) Are staging areas organized?
Tech Support Equipment Response and Comments
1) Are tools properly inventoried? Are records accurate and
up-to-date?
2) Are tools properly stored when not in use?
3) Are tools in good working order?
4) Are tools requiring calibration being recalibrated on a
regular basis? Are calibration records current?
Tech Support Records Response and Comments
1) Are production records (installations, repairs, etc.)
maintained? Are they complete and up-to-date? Are they
readily accessible?
2) Are “work pending” and “work in process” records included
with the above? Are they likewise complete and up-to-
date? Are they also readily accessible?
User Complaints Response and Comments
1) Is there a log of user complaints and concerns? Is it
complete, up to date, organized, and readily accessible?
2) What is the level of detail in the log file? Are
complaints/concerns classified clearly and logically?
3) Is this “complaint file” periodically reviewed for trends?
Authorization
Comments:
Tech Support: Date:
IT Asset Manager: Date:
7. SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL INCLUDES AN EXAMPLE
PROCEDURE, A LIST OF TOPICS, FORMS AND JOB DESCRIPTIONS
ITAM104-2 IT ASSET SCAN SUMMARY
(Attach results from scanning software to this sheet.)
Hardware scan results:
Software scan results:
Nonconformities (discrepancies) found:
Other comments:
Tech Support: Date:
IT Asset Mgr.: Date:
8. SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL INCLUDES AN EXAMPLE
PROCEDURE, A LIST OF TOPICS, FORMS AND JOB DESCRIPTIONS
Computer and IT Policies and Procedures Manual:
41 Prewritten Policies and Procedures
IT Administration
1. Information Technology Management
2. IT Records Management
3. IT Document Management
4. IT Device Naming Conventions
5. TCP/IP Implementation Standards
6. Network Infrastructure Standards
7. Computer and Internet Usage Policy
8. E-Mail Policy
9. IT Outsourcing
10. IT Department Satisfaction
IT Asset Management
11. IT Asset Standards
12. PIT Asset Management
13. IT Vendor Selection
14. IT Asset Assessment
15. IT Asset Installation Satisfaction
IT Training and Support
16. IT System Administration
17. IT Support Center
18. IT Server / Network Support
19. IT Troubleshooting
20. IT User-Staff Training Plan
IT Security and Disaster Recovery
21. IT Threat And Risk Assessment
22. IT Security Plan
23. IT Media Storage
24. IT Disaster Recovery
25. Computer Malware
26. IT Access Control
27. IT Security Audits
28. IT Incident Handling
29. BYOD Policy
Software Development
30. IT Project Definition
31. IT Project Management
32. Systems Analysis
33. Software Design
34. Software Programming
35. Software Documentation
36. Software Testing
37. Design Changes During Development
38. Software Releases and Updates
39. Software Support
40. Software Consulting Services
41. Software Training
9. SAMPLE FROM THE COMPUTER & IT POLICIES AND PROCEDURES MANUAL INCLUDES AN EXAMPLE
PROCEDURE, A LIST OF TOPICS, FORMS AND JOB DESCRIPTIONS
75 Corresponding Forms and Records
IT Administration
1. Information Technology Plan
2. IT Plan Review Checklist
3. Records Classification and Retention Guide
4. Records Management Database
5. Document Control List
6. Document Change Request Form
7. Document Change Control Form
8. Network Infrastructure Standards List
9. Company Computer and Internet Usage Policy
10. Company E-Mail Policy Acknowledgement
11. IT Outsourcer Due Diligence Checklist
12. IT Outsourcer Record
13. IT Post-Service Satisfaction Report
14. User Satisfaction Survey
15. BYOD Policy & Acknowledgement
IT Asset Management
16. IT Asset Standards List
17. IT Asset Configuration Worksheet
18. IT Asset Standards Exception Request
19. IT Asset Requisition/Disposal Form
20. IT Asset Acquisition List
21. Tech Support Receiving Log
22. Nonconforming IT Asset Form
23. IT Asset Inventory Database
24. IT Network Map
25. IT Vendor Notification Form
26. IT Vendor Survey
27. Approved IT Vendor Data Sheet
28. IT Vendor List
29. IT Vendor Disqualification Form
30. IT Asset Assessment Checklist
31. IT Asset Scan Summary
32. IT Asset Installation Follow-Up Report
IT Training and Support
33. System Administration Task List
34. Tech Support Log
35. System Trouble and Acknowledgement Form
36. Server/Network Planning Checklist
37. IT Server/Network Support Plan
38. IT Troubleshooting Plan
39. User Troubleshooting Guide
40. ITS Training Requirements List
41. ITS Training Log
IT Security and Disaster Recovery
42. It Threat/Risk Assessment Report
43. IT Security Assessment Checklist
44. IT Security Plan
45. IT Security Plan Implementation Schedule
46. Information Storage Plan
47. IT Disaster Recovery Plan
48. Access Control Plan
49. User Access Control Database
50. Access Control Log
51. User Account Conventions
52. IT Security Audit Report
53. IT Nonconformity Report
54. IT Security Audit Plan
55. IT Incident Report
56. BYOD Policy & Acknowledgements
Software Development
57. IT Project Plan
58. IT Project Development Database
59. IT Project Status Report
60. IT Project Team Review Checklist
61. IT Project Progress Review Checklist
62. Design Review Checklist
63. Work Product Review Checklist
64. Request For Document Change (RDC)
65. Software Project Test Script
66. Software Project Test Checklist
67. Software Project Test Problem Report
68. Design Change Request Form
69. Software License Agreement
70. Software Limited Warranty
71. Software Copyright Notice
72. Software Consulting Agreement
73. Statement Of Work
74. Software Consulting Customer Support Log
75. Software Training Evaluation Form
Job Descriptions: A complete job description is included for each of the 33 positions referenced in the
Computer & IT Policies and Procedures Manual. Each position includes a summary description of the position,
essential duties and responsibilities, organizational relationships, a list of the procedures where the position is
referenced, specific qualifications, physical demands of the position, and work environment.
Beta Test Coordinator
Board Member
Chief Executive Officer (CEO
Director of Quality
Document Manager
Financial Manager
Help Desk Technician
Human Resources Manager
Internal Audit Team Leader
IT Asset Manager
IT Disaster Recovery Coordinator
Information Technology Manager
IT Project Manager
IT Security Manager
IT Storage Librarian
IT Support Center Manager
LAN Administrator
Network & Computer Systems
Administrator
President
Product Manager
Project Manager
Purchasing Manager
Quality Manager
Shipping/ Receiving Clerk
Software Designer
Software Support Analyst
Software Trainer
Systems Analyst
Technical Support Manager
Technical Support Specialist
Technical Writer
Telecommunications Manager
Training Manager