mis policy
Post on 24-Dec-2015
260 Views
Preview:
DESCRIPTION
TRANSCRIPT
INFORMATION TECHNOLOGY POLICY, CODE OF PRACTICE
& PROCEDURE MANUAL
CONTENTS
SECTION A : INFORMATION TECHNOLOGY POLICY 1. Policy Statement SIB/MIS/P/001 2. Information Technology Facilities SIB/MIS/P/002 Usage 3. Electronic Mail SIB/MIS/P/003 4. IT Equipment Lifecycle Policy SIB/MIS/P/004 SECTION B : INFORMATION TECHNOLOGY CODE OF PRACTICE 1. Physical Security of Information SIB/MIS/COP/001 2. Employment, Education & Training SIB/MIS/COP/002 SECTION C : INFORMATION TECHNOLOGY PROCEDURE MANUAL 1. E-Mail Services SIB/MIS/PM/001 2. Computer Usage Procedure SIB/MIS/PM/002
INFORMATION TECHNOLOGY POLICY
SSSAAA PPPUUU RRRAAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ... ::: SSS III BBB /// MMM III SSS /// III TTT PPP /// 000 000111
IIINNNFFFOOORRRMMMAAATTTIIIOOONNN TTTEEECCCHHHNNNOOOLLLOOOGGGYYY PPPOOOLLLIIICCCYYY III sss sss uuu eee NNN ooo ... ::: 111 ... 000
PPPOOOLLLIIICCCYYY SSSTTTAAATTTEEEMMMEEENNNTTT RRR eee vvv ... NNN ooo ::: 000 ... 000
DDD aaa ttt eee ::: 111 sss ttt... MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 111 ooo fff 555
SIB/MIS/ITP/001 Page 1 of 5
INTRODUCTION
1.1 GENERAL
1.1.1 Information System plays a major role in supporting the day-to-day activities of the Company. The availability, reliability, confidentiality and data integrity of the Company Information Systems are essential to success of company activities.
1.1.2 This manual outlines statements relating to the Information System Policies & Procedures
governing the employment of all employees in the Company. They relate to their use of company-owned/ leased/ rented and on–loan facilities, to all private systems, owned/ leased/ rented/ on-loan, when connected to the company network directly or indirectly to all company-owned/ licensed data/ programs, be they on Company or on private systems, and to all data/ programs provided to Company by external agencies or sponsors. It is envisaged that by doing so, written policies and procedures will be interpreted equitably by those in supervisory and management positions on regular basis within the Company.
1.1.3 The Company reserves the right to amend, delete, augment any policy or procedure or part
thereof as and when deemed necessary for any individual employee or group of employees. The Senior Management and Managing Director shall approve all changes to the policies and procedures.
1.1.4 The Information System Policies and Procedures in general may be reviewed at any time if
it needs to be reviewed. A task force shall be formed to review and make recommendation on the revised policies or procedures. All revised policies and procedures shall require the approval of the Senior Management and Managing Director “Deviation” from the approved policies and procedures are to be notified to the Head of Department Management Information System Department.
1.1.5 Head of Management Information System Department shall responsible for ensuring the
updating of this manual and communication any policy and procedure changes to employees of the company. The head of subsidiaries or those assigned will be responsible for disseminating the changes to employee. They shall notify the Head of Department Management Information System whenever problems are encountered or when improvements are to be made.
1.1.6 The Head of Department Management Information System of Sapura Industrial Berhad shall
be custodian of Information Technology Policies and Procedures.
1.1.7 This manual is assigned to all Head of Subsidiaries or any other personnel approved by Senior Management of Sapura Industrial Berhad.
SSSAAA PPPUUU RRRAAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ... ::: SSS III BBB /// MMM III SSS /// III TTT PPP /// 000 000111
IIINNNFFFOOORRRMMMAAATTTIIIOOONNN TTTEEECCCHHHNNNOOOLLLOOOGGGYYY PPPOOOLLLIIICCCYYY III sss sss uuu eee NNN ooo ... ::: 111 ... 000
PPPOOOLLLIIICCCYYY SSSTTTAAATTTEEEMMMEEENNNTTT RRR eee vvv ... NNN ooo ::: 000 ... 000
DDD aaa ttt eee ::: 111 sss ttt... MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 222 ooo fff 555
SIB/MIS/ITP/001 Page 2 of 5
1.2 POLICY OBJECTIVE
The objectives of the Policies are to:
• Ensure that all of the Company computing facilities, programs, data, network and equipment are adequately protected against loss, misuse or abuse.
• Ensure that all users are aware of and fully comply with this Policy Statement and all
associated policies and are aware of and work in accordance with the relevant Code of Practice.
• Ensure that all users are aware of and fully comply with the relevant Malaysian legislation.
• Create across the Company the awareness that appropriate security measures must be
implemented as part of the effective operation and support of Information Security. • Ensure that all uses understand their own responsibilities for protecting the confidentiality
and integrity of the data they handle.
1.3 EXCEPTION OF POLICIES
1.3.1 No exception will be made to the policies and procedures without the written approval of the Head of Department Management Information System of Sapura Industrial Berhad (unless otherwise provided for in this manual) who is the custodian of Information Technology Policies and Procedure. In the event you feel dissatisfied with the action or non-action of those implementing the Policies and Procedures in the allowing or disallowing any exception, a written explanation describing the deviation is to be forwarded to the Head of Department Management Information System of Sapura Industrial Berhad.
1.4 DEFINITIONS The following definitions shall apply in the manual unless expressly stated otherwise:
1.4.1 The “Company” shall mean Sapura Industrial Berhad Group’s of Companies. 1.4.2 “ Policy” shall mean the company’s specific standpoint or general of company goal
1.4.3 “Procedure” shall mean the methodology or specific steps used in the implementation of
the policy.
1.4.4 “Management’ shall mean Executive who have supervisory responsibilities and or accountable for the work performance of their subordinates.
1.4.5 “Supervisor” shall mean immediate supervisor, Head of Department, Head of Section or
Head of Unit.
SSSAAA PPPUUU RRRAAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ... ::: SSS III BBB /// MMM III SSS /// III TTT PPP /// 000 000111
IIINNNFFFOOORRRMMMAAATTTIIIOOONNN TTTEEECCCHHHNNNOOOLLLOOOGGGYYY PPPOOOLLLIIICCCYYY III sss sss uuu eee NNN ooo ... ::: 111 ... 000
PPPOOOLLLIIICCCYYY SSSTTTAAATTTEEEMMMEEENNNTTT RRR eee vvv ... NNN ooo ::: 000 ... 000
DDD aaa ttt eee ::: 111 sss ttt... MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 333 ooo fff 555
SIB/MIS/ITP/001 Page 3 of 5
1.4.6 The masculine gender “He” shall include the feminine gender unless otherwise expressly stated. Words in the singular will include the plural except the text clearly indicated otherwise.
1.5 POLICY APPROVAL
This Policies and Procedures have been approved by the Managing Director, Chief Operating Officer and Senior Management who has delegated the implementation of it to the Head of Management Information System.
1.6 RESPONSIBILITIES FOR INFORMATION SYSTEMS SECURITY
1.6.1 The Managing Director is responsible for approving the Information System Policies and Procedures and the associated policies and for ensuring that they are discharged to the various subsidiaries, departments and staff through Heads of those units.
1.6.2 Head of Subsidiaries and Supervisor are required to implement the Policies with respect to
the systems that are operated by their Subsidiaries, Departments and Units. They are responsible for ensuring that staff and anyone else authorized to use those systems are aware of and comply with them and the associated Code of Practice. To assist them in this, they are required to appoint a Custodian for each system operated by them, the duties of which are set out in a Code of Practice associated with the Policies.
1.6.3 It is the responsibility of each individual to ensure his understanding of and compliance
with the Policies and the associated Code of Practice. 1.7 COMPLIANCE WITH LEGISLATION
1.7.1 The Company has an obligation to abide by Malaysian legislation. Of particular importance in this respect is Computer Crimes Act 1997. The requirement for compliance devolves to all users defined in (1.1.2) above, who may be held personally responsible for any breach of the legislation.
1.8 RISK ASSESSMENT AND SECURITY REVIEW BY SUBSIDIARIES AND DEPARTMENT
1.8.1 Custodians must periodically carry out a risk assessment of the system that they are currently responsible for, including the Information System security control currently in place. This is to take into account changes to operating systems changing Company requirement and priorities and any changes in the relevant legislation, hence revisiting their security arrangements accordingly.
1.8.2 Head of Subsidiaries and Supervisor should establish effective Contingency Plans
appropriate to the outcome of any risk assessment. In addition, they are required to carry out an annual assessment of the security arrangements for their Information Systems and submit a report on this to MIS Department.
SSSAAA PPPUUU RRRAAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ... ::: SSS III BBB /// MMM III SSS /// III TTT PPP /// 000 000111
IIINNNFFFOOORRRMMMAAATTTIIIOOONNN TTTEEECCCHHHNNNOOOLLLOOOGGGYYY PPPOOOLLLIIICCCYYY III sss sss uuu eee NNN ooo ... ::: 111 ... 000
PPPOOOLLLIIICCCYYY SSSTTTAAATTTEEEMMMEEENNNTTT RRR eee vvv ... NNN ooo ::: 000 ... 000
DDD aaa ttt eee ::: 111 sss ttt... MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 444 ooo fff 555
SIB/MIS/ITP/001 Page 4 of 5
1.9 BREACHES OF SECURITY
1.9.1 The MIS Department will monitor network activity, reports from Malaysian Computer Emergency Response Team (MyCERT) and other security agencies and take action/ make recommendations consistent with maintaining the security of the Company Information System.
1.9.2 Any Head of Subsidiaries suspecting that there has been, or likely to be breach of
Information System security should inform the Head of MIS Department immediately, who will then advise the Company on what actions should be taken.
1.9.3 In the event of the suspected or actual breech of security, the Head of MIS Department may,
after consultation with the relevant Custodian or Head of Subsidiaries, make inaccessible/ remove any unsafe user/ login names, data and/or programs on the system from the network.
1.9.4 Any breach of security of an Information System could lead to destruction or loss of security
of personal information. This would be an infringement of the Computer Crime Act 1977 and could lead to civil or criminal proceedings. It is vital, therefore that users of the Company’s Information Systems comply with the Policies.
1.9.5 The Managing Director or Chief Operating Officer has the authority to take whatever action
is deemed necessary to protect the Company against breaches of security. 1.10 POLICY AWARENESS AND DISCIPLINARY PROCEDURES
1.10.1 The new members of staff will have a copy and /or explanations given by the Human Resource Department. Existing staff of the Company, authorized third parties and contractors given access to the Company network will be advised of the existence of this Policy Statement and the availability of the associated policies, codes of practice and procedures that are published on the Company Intranet.
1.10.2 Failure of an individual member of the staff to comply with the Policies my lead the
investigation of the relevant disciplinary procedures and in certain circumstances, legal action may be taken. Failure of the contractor to comply could lead to the cancellation of a contract.
1.11 SUPPORTING POLICIES, CODES OF PRACTICE AND PROCEDURES
1.11.1 The Supporting Policies, Code of Practice and Procedures associated with this Policy Statement are available on the Company Intranet. Staff and any third parties authorized to access the Company Intranet to use the systems and facilities identified in 1.1.2 of this Policy Statement, are required to familiarize themselves with these and to work in accordance with them.
SSSAAA PPPUUU RRRAAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ... ::: SSS III BBB /// MMM III SSS /// III TTT PPP /// 000 000111
IIINNNFFFOOORRRMMMAAATTTIIIOOONNN TTTEEECCCHHHNNNOOOLLLOOOGGGYYY PPPOOOLLLIIICCCYYY III sss sss uuu eee NNN ooo ... ::: 111 ... 000
PPPOOOLLLIIICCCYYY SSSTTTAAATTTEEEMMMEEENNNTTT RRR eee vvv ... NNN ooo ::: 000 ... 000
DDD aaa ttt eee ::: 111 sss ttt... MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 555 ooo fff 555
SIB/MIS/ITP/001 Page 5 of 5
1.12 STATUS OF THE INFORMATION SYSTES SECURITY POLICIES
1.12.1 The Policies do not form part of a formal contract of employment with the Company, but it is a condition of employment that employees will abide by the regulations and policies made by the Company from time to time.
SSSAAA PPPUUU RRRAAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// III TTT PPP /// 000 000222
IIINNNFFFOOORRRMMMAAATTTIIIOOONNN TTTEEECCCHHHNNNOOOLLLOOOGGGYYY PPPOOOLLLIIICCCYYY III sss sss uuu eee NNN ooo ... ::: 000 111
FFFAAACCCIIILLLIIITTTIIIEEESSS UUUSSSAAAGGGEEE RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 111 ooo fff 444
SIB/MIS/ITP/002 Page 1 of 4
1.0 PURPOSE 1.1 To establish a procedure of the Information Technology facilities usage of the Company
1.2 To clearly define the use of all network, computer systems, computer hardware, software and
internal access and computer codes in the Company.
2.0 SCOPE
The policy applies to all the Company employees (hereinafter referred to as “users”) whose access to use IT facilities owned, leased, rented or on-loan by the Company.
3.0 DEFINITIONS
3.1 HR - Human Resources 3.2 MIS - Management Information System 3.3 CAPEX - Capital Expenditure 3.4 PO - Purchasing Order 3.5 DO - Delivery Order
3.6 LAN - Local Area Network 3.7 IT - Information Technology 3.8 “Company” - Sapura Industrial Berhad Group of Companies 4.0 PROCEDURES
4.1 The use of the Company computer hardware and software is for official purpose. 4.2 Workstations shall be located in a physically protected environment where access control measures are in place and applied consistently. 4.3 The maintenance of hardware and software shall only be done by authorized contractors who have the appropriate security clearances.
4.4. Procurement of Computer Equipment
4.4.1 In order to acquire computer equipment or software, procurement process needs to follow standard guidelines of the Company Capital Expenditure (CAPEX) procedure. MIS Department shall advise on the need and specification of purchase equipment.
4.4.2 Upon received, Purchaser must fill up the “Computer Registration Form” and submit
it to MIS Department within seven (7) days together with the copy of documents.
SSSAAA PPPUUU RRRAAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// III TTT PPP /// 000 000222
IIINNNFFFOOORRRMMMAAATTTIIIOOONNN TTTEEECCCHHHNNNOOOLLLOOOGGGYYY PPPOOOLLLIIICCCYYY III sss sss uuu eee NNN ooo ... ::: 000 111
FFFAAACCCIIILLLIIITTTIIIEEESSS UUUSSSAAAGGGEEE RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 222 ooo fff 444
SIB/MIS/ITP/002 Page 2 of 4
4.5 Computer Security
4.5.1 Every computer must be protected by a password. The password must consist of at least five (5) letters or/and numbers. It needs to be changed within three (3) months interval or when necessary.
4.6 Unlicensed/Unauthorized Software (Anti-Piracy)
4.6.1 No unlicensed software, privately owned software, games, public domain software or pornographic material shall be installed or loaded on official computer equipment.
4.7 Piracy
4.7.1 This involves the blatant copying of computer programs and the making of copies on disks for distribution to others. Regardless of what is done with the copies, the action of copying is against the law.
4.7.2 It is deemed an infringement even if copies are made for the copyist's own domestic use, unless this is specifically allowed by the copyright owner under a "home use" policy or the copies are legitimate back-up copies.
4.7.3 Whilst there may be a moral difference between people copying software to sell to others and those copying for personal use, there is no legal distinction between the two – both are illegal.
4.8 Dealer Infringement
4.8.1 Dealers who load software packages on hardware that is then supplied to a client are clearly infringing copyright. Providing reproductions of manuals to go with illicit software is also an infringement.
4.9 End-user Infringement
This typically occurs in one of the following forms:-
4.9.1 Use of Infringing Copies
4.9.1.1 The end-user breaks the law whenever he or she uses a program that has been illegally copied from a floppy, compact disk, hard disk (or whatever other means) on to a computer.
4.9.1.2 Copyright is infringed not only by the person who initiated the copying but by all subsequent people using copied programs. In addition, if an end-user makes use of a legitimate copy of a program contrary to the terms of the license, or in a situation where there is no implied license, copyright is being infringed.
4.9.2 Use in a Local Area Network (LAN)
SSSAAA PPPUUU RRRAAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// III TTT PPP /// 000 000222
IIINNNFFFOOORRRMMMAAATTTIIIOOONNN TTTEEECCCHHHNNNOOOLLLOOOGGGYYY PPPOOOLLLIIICCCYYY III sss sss uuu eee NNN ooo ... ::: 000 111
FFFAAACCCIIILLLIIITTTIIIEEESSS UUUSSSAAAGGGEEE RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 333 ooo fff 444
SIB/MIS/ITP/002 Page 3 of 4
4.9.2.1 Whenever software packages are sold for use on a network, the number of users is designated. As soon as an extra user is provided access to this software, an infringement is constituted.
4.9.3. Use of Unauthorized Screen Savers
4.9.3.1 Screensavers may not be loaded by computer users. The reasons for this are numerous, but the main reason is that many of these are "downloaded" from the Internet and could contain "new" viruses which the latest virus protection software cannot detect.
4.9.3.2 Secondly, some are not compatible with certain types of software and cause endless problems (usually the computer "hangs" or "freezes" and all unsaved work is lost when the computer has to be re-started), which is unnecessary and unacceptable.
4.9.3.3 All screen-savers are memory resident (they are automatically activated after a pre-determined period of time when the computer is not being used) and this tends to slow the processing time of the computer down.
4.10 Pornographic Material
Persons found with any form of pornographic or offensive material within their directories or on the hard-drives of their computers, or it is found that they are distributing this material by whatever means (e-mail, diskettes, placing it on the computer network etc.), will be formally charged with misconduct and, depending on the severity of the matter, handed over to the Malaysian Police Services for prosecution.
4.10. System Security
The used of system utility programs (e.g. monitoring/sniffing tools), that might be capable of overriding system and application controls, is prohibited. Where an employee might want to load such software for whatever reason, a written request for the loading of the software must be submitted to the Head of the MIS Department, stating the reasons for the loading of the software and the duration that it will be required. It is the responsibility of each user to ensure that no unauthorized software is installed on the computer systems allocated to them.
4.12. The user shall be held liable for any unlicensed software that is found in their possession, and as such will take full responsibility of the consequences that might follow by contravening the Malaysian Copyright Act.
4.13 General Care of Computer Equipment
4.13.1 Potted plants, coffee mugs, water decanters etc. must not be placed on computers as any form of liquid can potentially damage the equipment and will most certainly leave unsightly stains on the external casing.
4.13.2 Computer equipment must also not be “decorated” with anything non removable, e.g.: stickers, graffiti etc., as such things reduce the value of the equipment significantly.
SSSAAA PPPUUU RRRAAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// III TTT PPP /// 000 000222
IIINNNFFFOOORRRMMMAAATTTIIIOOONNN TTTEEECCCHHHNNNOOOLLLOOOGGGYYY PPPOOOLLLIIICCCYYY III sss sss uuu eee NNN ooo ... ::: 000 111
FFFAAACCCIIILLLIIITTTIIIEEESSS UUUSSSAAAGGGEEE RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 444 ooo fff 444
SIB/MIS/ITP/002 Page 4 of 4
4.13.3 Computer equipment should always be kept clean and dust free. Computer screens, external casings, and keyboard keys can be cleaned with anti static cleaner and a lint-free duster. Never use a dripping wet cloth to clean the equipment.
4.13.4 Practices such as eating, drinking and smoking should not be exercised whilst working at a computer as cigarette ash and bits of food are invariably dropped or spilt on the computer’s keyboard, resulting in damage.
4.14 Staff Leaving/ Staff Termination/ Resignation
4.14.1 When staff joining the Company, the subsidiary head arranges access to the network on their behalf. It is therefore also the subsidiary head’s responsibility to ensure that when staff leaves the service that their user accounts are removed from the network.
4.14.2 The subsidiary head or HR department must contact the MIS department and provide the user’s particulars as well as instructions pertaining to the data that resides in the user’s home directory on the network.
4.14.3 If this is not carried out, the ex-staff member’s user account will remain on the network. Network security is therefore seriously breached as the ex-staff member could easily gain access to data on the network and remove or manipulate it.
4.15 Asset Tracking & Recording
4.15.1 Upon delivery of the assets IT related hardware/software, purchasing department shall submit copy of quotation/PO/DO/Invoice to MIS Department.
4.15.2 Purchasing/Account department inform the asset tagging, location & user’s name for the asset.
4.15.3 Account department should inform for any transfer or dispose of assets.
SSSAAA PPPUUU RRRAAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// III TTT PPP /// 000 000333
IIINNNFFFOOORRRMMMAAATTTIIIOOONNN TTTEEECCCHHHNNNOOOLLLOOOGGGYYY PPPOOOLLLIIICCCYYY III sss sss uuu eee NNN ooo ... ::: 000 111
EEELLLEEECCCTTTRRROOONNNIIICCC MMMAAAIIILLL RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 111 ooo fff 444
SIB/MIS/ITP/003 Page 1 of 4
1.0 PURPOSE
1.1 The purpose of this "Electronic Mail Policy" is to establish guidelines and minimum requirements governing the acceptable use of the Company electronic mail (e-mail) services.
2.0. SCOPE
2.1 This policy applies to all the Company employees (hereinafter referred to as "users") whose access
to or use of e-mail services is funded by the Company or is available through equipment owned/ leased/ rented and on-loan facilities by the Company.
3.0 DEFINATIONS
3.1 E-mail - Electronic Mail refers to the electronic transfer of information, in
the form of electronic messages, memorandum and attached documents from a sending party to one or more receiving parties via an intermediate telecommunications system. Stated differently, e-mail is a means of sending messages between computers using a computer network.
3.2 “Company” - Sapura Industrial Berhad Group of Companies. 3.3 Virus - A virus is a piece of computer code that attacks itself the program
or file, so it can spread from computer to computer, infecting as it travels. Viruses can damage your software, hardware and files.
3.4 Encryption - A method of “scrambling” data using a cryptographic algorithm
based on a secret key that is known only to the originating system and the destination system.
4.0 RESPONSIBILITIES
4.1 The Company reserves the right to amend this policy from time to time at its discretion. In case of amendments and revisions, users will be informed appropriately.
4.2 The management of the Company has the right to access or monitor the e-mail user contents of
massages and attached document.
4.3 The Company reserves the right to revoke or limit the User’s access to this e-mail account and address at any time. Common reasons for e-mail access revocation include the failure to comply with the Company policies, and termination of the employee’s service with the Company.
SSSAAA PPPUUU RRRAAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// III TTT PPP /// 000 000333
IIINNNFFFOOORRRMMMAAATTTIIIOOONNN TTTEEECCCHHHNNNOOOLLLOOOGGGYYY PPPOOOLLLIIICCCYYY III sss sss uuu eee NNN ooo ... ::: 000 111
EEELLLEEECCCTTTRRROOONNNIIICCC MMMAAAIIILLL RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 222 ooo fff 444
SIB/MIS/ITP/003 Page 2 of 4
5.0 APPROPRIATE USE OF COMPANY E-MAIL RESOURCES Use of e-mail facilities is subject to all the same laws, policies and codes of practice that apply to the use
of other means of communications and shall comply with the Company policy on Facilities Usage. Access to the publication of information on the Web shall also subject to this policy.
5.1 Users may not use Company resources and facilities to transmit:
• Commercial material unrelated to illegitimate business of the Company, including the transmission of bulk e-mail advertising (spamming).
• Bulk non-commercial-mail unrelated to the legitimate business activities of the Company
that is likely to cause offence or inconvenience to those receiving it. This includes the use e-mail exploders (i.e. list servers) at the Company and elsewhere, where the e-mail sent is unrelated to the stated purpose for which the relevant e-mail exploder was to be used (spamming).
• Unsolicited e-mail messages requesting other users, at the Company of elsewhere, to
continue forwarding such e-mail messages to others, where those e-mail messages have no business information purpose (chain e-mails).
• E-mails that purport to come from an individual other than the user actually sending the
massage or with forged addresses (spoofing). • Material that is sexist, racist, homophobic, xenophobic, pornographic, pedophilic or
similarly discriminatory and or offensive. • Material that advocates or condones, directly or indirectly, criminal activity or which may
otherwise damage the Company’s activities in Malaysia or abroad. • Text or images to which a third party holds an intellectual property right, without the
express written permission of the copyright holder. • Material that is defamatory, libelous or threatening. Material that could be used in order to
breach computer security, or to facilitate unauthorized entry into computer systems. • Material that is likely to prejudice or seriously impede the course of justice in Malaysian
criminal or civil proceedings. • Material containing personal data about third parties, unless their permission has been
given explicitly.
5.2 Whilst the Company provides staff with access to e-mail systems for the conduct of Company-related business, incidental and occasional personal use of e-mails is permitted so long as such use does not disrupt or distract the individual from the conduct of Company business (i.e. due to
SSSAAA PPPUUU RRRAAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// III TTT PPP /// 000 000333
IIINNNFFFOOORRRMMMAAATTTIIIOOONNN TTTEEECCCHHHNNNOOOLLLOOOGGGYYY PPPOOOLLLIIICCCYYY III sss sss uuu eee NNN ooo ... ::: 000 111
EEELLLEEECCCTTTRRROOONNNIIICCC MMMAAAIIILLL RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 333 ooo fff 444
SIB/MIS/ITP/003 Page 3 of 4
volume, frequency or time expended) or restrict the use of those systems to other legitimate users.
6.0 PENALTIES FOR IMPROPER USE OF E-MAIL FACILITIES
6.1 Failure to comply with this e-mail policy could result in access to the facility being withdrawn or, in more serious cases, to disciplinary action being taken.
6.2 The Head of MIS Department shall be the final arbiter of whether e-mail messages are in breach
of this e-mail policy or not.
7.0 PRIVACY
7.1 Data users must assume that all e-mail by default is not secure and thus, they should not send via e-mail any information that is confidential, private or sensitive in nature. The use of e-mail encryption technologies such as PGP (Pretty Good Privacy) will improve the confidentiality of the e-mail, although they are by no means perfect.
7.2 Users may not under any circumstances, monitor and intercept or browse other users e-mail
messages unless authorized to do so.
7.3 In all other circumstances, monitoring, interception and reading of other users e-mail by network and computer operations personnel or system administrators may only occur with the permission of the Head of MIS Department.
7.4 The Company reserves the right to access and disclose the contents of a user’s e-mail
massages, in accordance with its legal and audit obligations and for legitimate operational purposes. The Company reserves the right to demand those encryption keys, where used, is made available so that it is able to fulfill its right of access to a user’s e-mail messages in such circumstances.
8.0 BEST PRACTICES 8.1 The Company considers e-mail as an important means of communication and recognizes the
importance of proper e-mail content and speedy replies in conveying a professional image and delivering good customer services. Users should take same care in drafting an-email as they would for any other communication. Therefore the Company wishes users to adhere to the following guidelines:
8.1.1 Writing e-mails:
• Write well-structure e-mails and use short, descriptive subject. • The Company style is informal. This means that sentences can be short and to the
point. The use of internet abbreviations and characters such as smiley however, is not encouraged.
SSSAAA PPPUUU RRRAAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// III TTT PPP /// 000 000333
IIINNNFFFOOORRRMMMAAATTTIIIOOONNN TTTEEECCCHHHNNNOOOLLLOOOGGGYYY PPPOOOLLLIIICCCYYY III sss sss uuu eee NNN ooo ... ::: 000 111
EEELLLEEECCCTTTRRROOONNNIIICCC MMMAAAIIILLL RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 444 ooo fff 444
SIB/MIS/ITP/003 Page 4 of 4
• Signatures must include you name, job title and company name. and should follow company branding guideline.
• User must spell check all mails prior to transmission.
• Do not send unnecessary attachments. Compress attachments larger than 1MB before sending them.
• Do not write e-mails in capitals.
• Do not use cc. or bcc: fields unless the cc: or bcc: recipient is aware that you will be copying a mail to him/ her and knows what action, if any to take.
• If you forward mails, state clearly what action you expect the recipient to take.
• Only send e-mails of which the content could be displayed on a public notice board.
If they cannot be displayed publicly in their current state, consider rephrasing the e-mail, using other means of communication or protecting information by using a password.
• Only mark e-mails as important if they really are important.
8.1.2 Replying to e-mails: • E-mails should be answered within at least eight (8) working hours, but users must
endeavor to answer priority e-mails within four (4) hours.
• Priority e-mails are emails from existing customers and business partner.
9.0 WRITTEN AGREEMENT REQUIRED
Users having access to state-provided e-mail services are advised that all such network activity is the property of the group, and therefore, they should not consider any activity to be private. All users of e-mail services are required to acknowledge acceptance of and intention to comply with this "Electronic Mail Policy" by signing the Company E-Mail Request Form.
INFORMATION TECHNOLOGY CODE OF PRACTICE
SSSAAA PPP UUURRR AAA III NNNDDD UUUSSSTTTRRR IIIAAA LLL BBBEEERRR HHHAAADDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// CCC OOO PPP /// 000 000111
CCCOOODDDEEE OOOFFF PPPRRRAAACCCTTTIIICCCEEE III sss sss uuu eee NNN ooo ... ::: 000 111
PPPHHHYYYSSSIIICCCAAALLL SSSEEECCCUUURRRIIITTTYYY OOOFFF IIINNNFFFOOORRRMMMAAATTTIIIOOONNN
RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt ... MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 111 ooo fff 333
SIB/MIS/COP/001 Page 1 of 3
PURPOSE
To maintain the physical security of the hardware used to store and process information as it is to
ensure the security of information contained within the Company information systems.
2.0 SCOPE
2.1 Specific code of practice covering: physical security of Information System.
3.0 DEFINATIONS 3.1 PIN - Personal Identification Number 4.0 PROCEDURES 4.1 SECURITY OF PREMISES
4.1.1 Security of Premises
While it is difficult to make premises in accompany completely secure, buildings
and offices are now equipped with strong locks that provide a good level of
protection against opportunist intrudes so long as they are used intelligently and
correctly by those who have a right of access.
In order to reduce the risk of theft, the following rules should be adhered to:
4.1.1.1 Offices or rooms that house valuable equipment should not be left
unattended with the door unlocked or with window open.
4.1.1.2 Keep an eye open for anyone who appears to be loitering in the vicinity of
locked door, challenge him or her and report any suspicions to the
authorize personnel:
4.1.1.3 Where buildings/offices are secured by card controlled doors or keypads
looks, do not lend your card to anyone or give away details of PIN/ keypad
number;
SSSAAA PPP UUURRR AAA III NNNDDD UUUSSSTTTRRR IIIAAA LLL BBBEEERRR HHHAAADDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// CCC OOO PPP /// 000 000111
CCCOOODDDEEE OOOFFF PPPRRRAAACCCTTTIIICCCEEE III sss sss uuu eee NNN ooo ... ::: 000 111
PPPHHHYYYSSSIIICCCAAALLL SSSEEECCCUUURRRIIITTTYYY OOOFFF IIINNNFFFOOORRRMMMAAATTTIIIOOONNN
RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt ... MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 222 ooo fff 333
SIB/MIS/COP/001 Page 2 of 3
4.1.1.4 Valuable equipment or equipment storing valuable data should not be
located in a vulnerable location such as just beside the fire escape door or
beside the window that can see from the outside.
4.1.2 Security of People
In order to ensure your personal safety and that of your colleagues:
4.1.2.1 Challenge anyone who you suspect has no right to be on the premises in a
friendly way by offering to help them find the location they are looking for.
4.1.2.2 Avoid confrontation and conflict with anyone who reacts aggressively and
contact your authorize personnel/ security lodge immediately.
4.1.2.3 Do not take any action that may endanger you or other members of the
Company by causing a potential or actual thief.
4.1.3 Security of Equipment
In order to ensure that you computing equipment itself is secure:
4.1.3.1 All computers and other equipment with a value of more than RM300.00
must be clearly marked as company property, security tagged and recorder
on company inventory. This should be done as soon as possible after the
installation and set-up of the equipment.
4.1.3.2 All computers, others equipments including hardware and software
marked as company property must be insured.
4.1.3.3 Carry out a risk assessment in relation to the cost of the replacing the
equipment and the value of the data stored on it in order to determine
what additional security measures need to be taken, such as marking, cable
restraint, lockdown fixtures, alarms and arrange fitting as soon as possible;
4.1.3.4 Dispose of any computer packaging as quickly as discretely as possible in
order not to advertise the arrival of new equipment.
SSSAAA PPP UUURRR AAA III NNNDDD UUUSSSTTTRRR IIIAAA LLL BBBEEERRR HHHAAADDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// CCC OOO PPP /// 000 000111
CCCOOODDDEEE OOOFFF PPPRRRAAACCCTTTIIICCCEEE III sss sss uuu eee NNN ooo ... ::: 000 111
PPPHHHYYYSSSIIICCCAAALLL SSSEEECCCUUURRRIIITTTYYY OOOFFF IIINNNFFFOOORRRMMMAAATTTIIIOOONNN
RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt ... MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 333 ooo fff 333
SIB/MIS/COP/001 Page 3 of 3
4.1.4 Security of Data
4.1.4.1 Any media containing data that has been backed up should be held
securely i.e. in a locked container, drawer or cupboard and placed in
allocation commensurate with a department’s procedures for ensuring
business continuity i.e. away from the area where that data is normally
processed.
Before disposing of computing equipment ensure that any data held on the hard
disk is destroyed by fully reformatting the hard disk, or using special tools to
overwrite the hard disk’s contents with random, useless data.
SSSAAA PPP UUURRR AAA III NNNDDD UUUSSSTTTRRR IIIAAA LLL BBBEEERRR HHHAAADDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// CCC OOO PPP /// 000 000222
CCCOOODDDEEE OOOFFF PPPRRRAAACCCTTTIIICCCEEE III sss sss uuu eee NNN ooo ... ::: 000 111
EEEMMMPPPLLLOOOYYYMMMEEENNNTTT,,, EEEDDDUUUCCCAAATTTIIIOOONNN AAANNNDDD TTTRRRAAAIIINNNIIINNNGGG
RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt ... MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 111 ooo fff 222
SIB/MIS/COP/02 Page 1 of 2
PURPOSE
To address the new staff on information security at the recruitment stage.
2.0 SCOPE
2.1 Specific code of practice covering: on relevant security responsibilities.
3.0 DEFINATIONS 3.1 IS - Information System 3.2 IT - Information Technology 4.0 PROCEDURES 4.1 SECURITY IN JOB DESCRIPTIONS
Security roles and responsibilities as laid down in the Company IS Security Policies should
be included in the job descriptions, where appropriate. These should include any general
responsibilities for implementing the security policies as well as any specific responsibilities
for implementing the security policies as well as specific responsibilities for the protection
of particular assets, or for the execution of particular security processes of activities.
4.2 RECRUITMENT SCREENING
Applications for employment should be screened if the job involves access to the company
Information Systems for handling of commercially or otherwise sensitive information, as
identified by the relevant Custodian. The checks should include obtaining two (2) character
references, checking the accuracy of CV’s confirmation of academic or professional
qualifications and carrying out identification check.
4.3 CONFIDENTIALITY AGREEMENT
When signing acceptance of conditions of employment, user of IT facilities will be required
to agree to respect the confidentiality of any information that they encounter in their work.
Confidentiality agreements should be reviewed when there are changes to the terms of
employment or when contracts are due to be renewed..
4.4 INFORMATION SECURITY EDUCATION AND TRAINING
SSSAAA PPP UUURRR AAA III NNNDDD UUUSSSTTTRRR IIIAAA LLL BBBEEERRR HHHAAADDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// CCC OOO PPP /// 000 000222
CCCOOODDDEEE OOOFFF PPPRRRAAACCCTTTIIICCCEEE III sss sss uuu eee NNN ooo ... ::: 000 111
EEEMMMPPPLLLOOOYYYMMMEEENNNTTT,,, EEEDDDUUUCCCAAATTTIIIOOONNN AAANNNDDD TTTRRRAAAIIINNNIIINNNGGG
RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt ... MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 222 ooo fff 222
SIB/MIS/COP/02 Page 2 of 2
New users of IT facilities and staff should be instructed on the Company policies and codes
of practice relating to information security and given training on the procedures relating to
the security requirements of the particular work they are to undertake and on the correct
use of the Company IT facilities in general before access to IT services is granted They
should be made aware of the reporting procedures to be adopted in respect of different
types of incident (security breach, threat, weakness or malfunction) which might affect the
security of information they are handling, as set out in Information System Security Policies.
INFORMATION TECHNOLOGY PROCEDURE MANUAL
SSSAAA PPP UUURRR AAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// PPP MMM /// 000 000111
PPPRRROOOCCCEEEDDDUUURRREEE MMMAAANNNUUUAAALLL III sss sss uuu eee NNN ooo ... ::: 000 111
EEE--- MMMAAAIIILLL SSSEEERRRVVVIIICCCEEESSS RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 111 ooo fff 222
SIB/MIS/PM/001 Page 1 of 2
1.0 PURPOSE
1.1 To establish and maintain the procedure or guidelines and minimum requirements governing the acceptable use of the Company electronic mail (e-mail) services.
2.0. SCOPE
2.1 This policy applies to all SIB Group employees whose access to or use of e-mail services is funded
by the Group or is available through equipment owned or leased by the Company. 3.0 DEFINATIONS
3.1 “Company” - Sapura Industrial Berhad Group of Companies 32 E-mail - Electronic Mail refers to the electronic transfer of information, in
the form of electronic messages, memorandum and attached documents from a sending party to one or more receiving parties via an intermediate telecommunications system. Stated differently, e-mail is a means of sending messages between computers using a computer network.
3.3 MIS - Management Information System 4.0 RESPONSIBILITIES
4.1 User and MIS Department
5.0 ATTACHMENTS
5.1 E-Mail Services Form 5.2 E-Mail Services Process Flow
6.0 PROCEDURES
6.1 All E-mail address requested to be initiated by raising of E-mail Services Form and the step as follows:
i. New E-mail Account fill-up by requester ii. Reactivated Disabled/ Blocked Account fill-up by Human Resources Department
representative. iii. Approved by Head of Subsidiaries/ General Manager iv. Submit to MIS Department trough Human Resource Department
SSSAAA PPP UUURRR AAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// PPP MMM /// 000 000111
PPPRRROOOCCCEEEDDDUUURRREEE MMMAAANNNUUUAAALLL III sss sss uuu eee NNN ooo ... ::: 000 111
EEE--- MMMAAAIIILLL SSSEEERRRVVVIIICCCEEESSS RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 222 ooo fff 222
SIB/MIS/PM/001 Page 2 of 2
6.2 All the E-mail Services Form shall clearly specify the requirement which my include the
followings:
i. Desired e-mail ID (e.g. name@sapuraindustrial.com.my) , nick name are strongly avoided. ii. Justification and effective date.
6.3 The MIS Department shall determine the availability of e-mail accounts allocation and suitability of desired e-mail ID.
6.4 E-mail account shall be created for the requester subject to availability of E-mail account and
notify the requester default password and the e-mail user shall be guided by MIS representative to set an E-mail on Outlook Express and how to access E-mail trough Web Mail.
6.5 The representative of MIS Department shall inform the requester within five (5) working days
receipt of the application form if they require any additional information or ready to commencement the e-mail account.
6.6 Copy of successful E-mail application form shall be sent to SIB Group Account/ Finance
Department for charges preparation.
6.7 Human Resources Department shall be notify MIS Department within five (5) working days on any employee tendering their resignation or termination from his services or for temporary block account/reactivated disabled due to his disciplinary action taken by the company.
SIB/ MIS / EMS/ 01-01
E-Mail Services Form1. User Particulars
name : designation :
department : desired e-mail id : 1.
company : 2.
tel no./ext : (e.g: name@sapuraindustrial.com.my)
date of requested :
2. Detail of Request
New Account Effective Date:
Justification
Reactivate Disabled / Blocked Account Effective Date: Justification
Delet Exsiting Account Effective Date:
Justification
Applicant Particulars I have read, understood and acknowledge receipt of Acceptable E-mail policy below. I hereby agree to comply with the rules and regulations as stated in the policy and understand the falure to comply will result in severe diascplinary action.
name signature date
Approval by General Manager
name signature date
MIS Use Only date received:
e-mail account created by
initial password effective date:
SIB Account/ Finance Use
received date approved by
charge to date approved
3. Acceptable Internet & E-Mail Use PolicyIntroductionSapura Industrial Berhad Group of Companies provides staff with Internet access and e-mail communication services as required for the performance and fulfill of job responsibilities. These services are for purpose of increasing productivity and not for non-business activities.
Use PolicyOccasional and reasonable personnel use of SIB Group Internet & e-mail services is permitted, provided that this does not interfere with work performance These services may be used outside of scheduled hours of work, provided that such use is consistent with professional conduct.
Users should have no expectation of privacy while using company-owned or company-leased equipment. Information passing through or stored on company equipment can and will be monitored.
Violations of internet and e-mail use include, but are not limited to, accessing, downloading, uploading, saving, receiving or sending material that includes sexually explicit content or other material using vulgar, sexist, racist, threatening, violent or defamatory language. Users should not useSIB Group services to disclose corporate information without prior authorization. Gambling and illegal activities are prohibited on company resources.
Infringements of this policy will investigated on a case by-case basis.
Your signature indicate that you have read SIB Group internet and e-mail use policy. By signing this document means that you agree toabide by the regulations set in this policy.
INPUT PROCESS FLOW WHO OUTPUT DESCRIPTION
Completed
Form - Approved by GM of company
NO
YES
- Evaluation base on company
e-mail allocation.
E-mail Account - creat E-mail account base
Created on desired e-mail idMIS TECHNICIAN
E-Mail Request Form
E-Mail Request Form
HEAD OF MIS
ASST. SYS. APPLICATION
E-Mail Request Form
E-Mail Request Form
ASST. SYS. APPLICATION
DOC NUM : PFC/SIB/MIS/EMS/01-02DATE ESTABLISH :01/04/07REV : 0.0PAGES : 1 of 1E-MAIL SERVICES FLOW CHART
PROCESS FLOW CHART
RECEIVED APPLICATIONFORM
PREPARE FOR E-MAIL INSTALLATION
EVALUATE REQUISITION
VERIFY
STOP
NO
OK
- copy form send to SIB Acct.for
charges.
REQUESTER
ASST. SYS. APPLICATION
APPLICATION
REQUESTERREQUESTER RECEIVED
E-MAIL ACC.
INFORM SIBACC. DEPT.
TEST RUN
END
INPUT PROCESS FLOW WHO OUTPUT DESCRIPTION
Completed
Form - Approved by GM of company
NO
YES
- copy form send to SIB Acct.
E-mail Account - E-mail account terminated base
Terminated on HR application.
E-Mail Termination Form
ASST. SYS. APPLICATION
HEAD OF MIS
E-Mail Termination Form
E-Mail Termination FormASST. SYS.
APPLICATION
E-Mail Termination Form MIS TECHNICIAN
ASST. SYS. APPLICATION
DOC NUM : PFC/SIB/MIS/DATE ESTABLISH : 01/04/07REV : 0PAGES : 1 of 1E-MAIL TERMINATION
PROCESS FLOW CHART
RECEIVED APPLICATIONFORM HR
PREPARE FOR E-MAIL TERMINATION
EVALUATE REQUISITION
E-MAIL ACC. TERMINATION
VERIFY
STOP
INFORM ACC. DEPT.
END
SSSAAA PPP UUURRR AAA IIINNN DDDUUU SSSTTT RRRIII AAALLL BBB EEERRRHHHAAA DDD DDD ooo ccc uuu mmm eee nnn ttt NNN ooo ::: SSS III BBB /// MMM III SSS /// PPP MMM /// 000 000222
PPPRRROOOCCCEEEDDDUUURRREEE MMMAAANNNUUUAAALLL III sss sss uuu eee NNN ooo ... ::: 000 111
CCCOOOMMMPPPUUUTTTEEERRR UUUSSSAAAGGGEEE PPPRRROOOCCCEEEDDDUUURRREEE RRR eee vvv NNN ooo ... ::: 000 000
DDD aaa ttt eee ::: 111 sss ttt MMM aaa yyy 222 000 000 777
PPP aaa ggg eee ::: 111 ooo fff 111
SIB/MIS/PM/002 Page 1 of 1
1.0 PURPOSE
1.1 To ensure new employee have access to Information Technology resources and services should dedicated to legitimate group business and is governed by rules of conduct.
2.0. SCOPE
2.1 Every time are made to newly appointed staff.
3.0 DEFINATIONS 3.1 Nil
4.0 RESPONSIBILITIES
4.1 The Human Resource Department Managers of subsidiaries or its appointed nominee.
5.0 ATTACHMENTS
5.1 Information Technology User Declaration Agreement. 5.2 Process Flow Information Technology User Declaration Agreement.
6.0 PROCEDURES
6.1 The Human Resource Manager or its appointee and the immediate superior shall responsible for filling the Information Technology User Declaration Agreement as part of Employee Orientation Checklist has to submit to Human Resource Department within five (5) working days of completion.
6.2 Human Resources Department Manager or its appointee shall be explaining the contents of
Information Technology User Declaration Agreement to the newly appointed staff.
6.3 The completed declaration agreement shall keep safely in his personal file.
SIB/MIS/CUP/02-01
SAPURA INDUSTRIAL GROUP OF COMPANIES
INFORMATION TECHNOLOGY USER DECLARATION AGREEMENT
Access to information technology resources and services has been granted to me, as a privilege, for performing job duties and responsibilities for my Directorate. I have read and agree to abide by the policies and procedures which govern my use of these services: COMPUTER, E-MAIL AND INTERNET ACCEPTABLE Usage Statement USE POLICY I will refrain from monopolizing systems, overloading networks with excessive data, or wasting computer time, connect time, disk space, printer paper, or other information technology resources. I will report to SIB management any observations of attempted security violations or illegal activities. I will report to SIB management if I receive or obtain information to which I am not entitled.
By signing this agreement, I certify that I understand and accept responsibility for adhering to the policies, procedures, and additional Sapura Industrial Berhad Group terms and conditions listed above. I also acknowledge my understanding that any misuse on my part may result in disciplinary action including, but not limited to, termination of my access privileges. Employee Name (Print): __________________________ Signature: _______________________
Date: _______________
Head of Section/Subsidiary: Name: ______________________________ Signature: __________________________ Date: __________________
INPUT PROCESS FLOW WHO OUTPUT DESCRIPTION
Completed
Form
- Approved by GM of company
- Document keep in the Employee
Personnel File
HEAD OF SUBSIDIARIES /
Information Technology Declaration Agreement Form
E-Mail Request Form
GENERAL MANAGER
HR DEPT.
Information Technology Declaration Agreement Form
HR DEPT.
Information Technology Declaration Agreement Form
DOC NUM : PFC/SIB/MIS/ITDA/0DATE ESTABLISH :01/05/07REV : 0.0PAGES : 1 of 1
INFORMATION TECHNOLOGYDECLARATION AGREEMENT FLOW CHART
PROCESS FLOW CHART
RECEIVED IT DECLARATION AGREEMENT FORM
APPROVAL
END
FILLING
top related