WPT IT User Management Policy

Contents

1. Introduction

2. Purpose

3. Scope

4. Statement of policy

5. Responsibility for information systems

6. Request for access to IT resources

7. Action upon request for access to IT resources

8. User account details

9. Non staff access to IT resources

9. Access to workstations

10. Access to data

11. Policy maintenance

1. Introduction

Wizard Publishing and Training has a growing dependency on its information systems, data, and information processing capabilities. The management of users is an important process that ensures employees have correct access to information to carry out their duties as required.

For the purposes of this policy the following definitions are assumed:

  • Data — this is any information stored on electronic media or sourced through network connections;
  • Information — in most cases interchangeable with data but also includes reports generated from Wizard Publishing and Training systems; and
  • Information systems — this includes all hardware, software, applications, source code, network equipment and communications equipment.

2. Purpose

This document provides Wizard Publishing and Training with the procedures to be followed for the management of users requiring access to the organisational information systems, data and information. This document also defines roles and responsibilities relating to user management.

3. Scope

This procedures document applies to all Wizard Publishing and Training employees, whether on a permanent, temporary or volunteer basis and covers all Wizard Publishing and Training IT infrastructure including Hardware, Software, Firmware and Communications.

4. Statement of policy

This procedures document shall be applied in conjunction with the Wizard Publishing and Training IT policy.

5. Responsibility for information systems

The overall responsibility for IT systems and infrastructure resides with the Chief Executive Officer and senior management.

The IT Department will be responsible for the establishment, maintenance and deletion of user accounts for access to IT resources within the organization.

6. Request for access to IT resources

The IT department will be promptly notified by Human Resources of every employee commencement, transfer or termination of service in order to ensure that information systems access privileges are adjusted or revoked as needed.

The IT department will be notified by Wizard Publishing and Training department managers of changes to employees’ job functions that require changes to existing access rights.

The notifications and request to the IT department will be carried out in writing using methods approved by the IT Department Manager.

Staff who require access to data owned by another department require the approval of the manager of that department.

7. Action upon request for access to IT resources

Following the receipt of notification for user access, the IT Department will acknowledge the receipt to the originator. The request will be scrutinized for any security concerns. If no concerns are found the request will be implemented. The originator will be informed and, if required, user credentials for network access will be securely delivered to the user.

Account terminations will involve the archiving of any user generated data and audit logs for that account. The account will then be deleted. This action must be taken within the same day of notification of employee termination.

8. User account details

No one can access Wizard Publishing and Training information systems without an authorised UserlD.

User accounts will use the following naming convention of InitalSurnameX where X is an incremental value for duplicate names. For example Tom Smith =tsmith, other Tom Smiths will be tsmith1, tsimth2, etc.

User will be forced to set a password on first logon. The password must be minimum 8 characters.

Refer to IT General policy for any other required account policies.

9. Non staff access to IT resources

User accounts may be created for use of non Wizard Publishing and Training employees to access the organisational resources. These accounts include training accounts and contracted staff accounts. Request for these accounts will follow the above request for access procedure but needs to include the expected duration for these accounts to remain active.

These non staff accounts will only be enabled whilst the users of these accounts are on site and will be disabled whilst accounts are not used. Following the period of contract or training the accounts will be deleted according to procedures.

9. Access to workstations

All individual departments are responsible for controlling physical access to their respective department.

The IT department is responsible for the technical setup of all workstations within Wizard Publishing and Training. It is the IT Department’s responsibility to configure desktops as required by departments and users, controlling access and providing adequate protection to information systems resources.

Only authorised Wizard Publishing and Training staff and authorised non-Wizard Publishing and Training personnel will be provided access to information systems equipment resources. This authorisation is granted by Department managers and the IT Department Manager.

10. Access to data

Wizard Publishing and Training information systems shall be programmed to control which UserlDs can read and which ones can write to any given file. These permission levels will be determined by the Department Manager and Data Owners.

This access is set by the IT Department as indicated by Request for Access.

11. Policy maintenance

The IT Manager has the authority to initiate recommendations for revisions to these procedures. Any requests for amendments to this document should be forwarded to the IT Manager. Changes to the document will then be evaluated and implemented as stated above. All staff will then be advised of the amendments at the earliest opportunity.

Install and maintain a server: WPT IT User Management Policy1