INFORMATION ACCESS CONTROL POLICY AND PROCEDURE

 Information access control policy and procedure

01. At the end of each month important computer data to be kept in the central file server located in Head Office

 

02. At the end of each month important computer's data to be kept written in CD and stored in the factory

 

03. Factory IT Officers will investigate any kind of misuse of computers, unauthorized access, and modification and note the events in a register periodically.

 

04. Every computer of all factories must be under password protection.

 

05. Computer's password must be changed after every 30 days.

 

06. There should be a policy implemented on all computers so that computer users are bound to change passwords. Otherwise, they cannot access that computer.

 

07. There should be a policy implemented in all the computers so that if anybody tries to access in the computer with an invalid password, immediately the account will be suspended or locked for a certain period.

 

08. Factory IT Officer will determine which user requires E-mail accounts and send a request to Head Office System Administrator to open an account for the concerned user.

 

09. In the factory there are three (03) types of documents:

(a) Confidential documents: Confidential documents are that correspondence and documents, the leakage of which will embarrass the company such as salary increment, promotion, show cause, performance appraisal letters et. Only the factory Chief, AGM, DGM, GM, HRM, Admin Officer/Manager, and the IT Officers are allowed to access those documents.

 

(b) Restricted documents: Restricted documents: Restricted documents are those records, correspondences; leakage of which may pose some degree of difficulty on the factory such as company policy, different types of reports, etc. Only the factory Chief, AGM, DGM, GM, HRM, and Admin Officer/Manager are allowed to access those documents.

 

(c) Common documents: Common documents are correspondence, leakage of which will not pose any problem for the company but it is desirable that distribution should be restricted with the specified officials such as office circulars.

 

10. Only the production accountant, factory manager, production manager, and factory chief are allowed to access the shipping/cargo movement data.

 

11. Windows firewall should be configured in all computes to protect outside hackers, intruders.

 

12. There should be a computer that will act as a server to detect unauthorized access to any computer.

 

13. All the computers should be under a local network system

 

14. Unannounced audit on Information Access Control System must be conducted by the Head Office IT personnel every month.

 

15. In case of any failure of computer the factory IT officer will take the below mentioned steps to restore data:

(a) Inform the Head Office IT personnel

(b) Head Office IT personnel will go to the spot and solve the problem and restore the data from CDs. If required he may re-install Windows.

(c) To retrieve the current data the H/O IT person may use data recovery software

(d) The factory IT Officer will ensure that the computer is now in the previous state as it was before the crash.