Beruflich Dokumente
Kultur Dokumente
CONTENTS
SECTION A :
SECTION B :
SIB/MIS/P/001
SIB/MIS/P/002
SIB/MIS/P/003
SIB/MIS/P/004
SECTION C :
Policy Statement
Information Technology Facilities
Usage
Electronic Mail
IT Equipment Lifecycle Policy
E-Mail Services
Computer Usage Procedure
SIB/MIS/PM/001
SIB/MIS/PM/002
INFORMATION TECHNOLOGY
POLICY
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
IINNFFOORRM
MAATTIIOONN TTEECCHHNNOOLLOOGGYY PPOOLLIICCYY
PPOOLLIICCYY SSTTAATTEEM
MEENNTT
DDDooocccuuum
m
meeennntttNNNooo..:.::
IIIsssssuuueeeNNNoo..:.::
RRReeevvv...NNNooo:::
DDDaaattteee :::
PPPaaagggeee :::
SSSIIIBBB///M
M
MIIISSS///IIITTTPPP///000000
111
111..0.00
000..0.00
111ssstt.t.M
Maaayyy222000000777
.M
111ooofff555
INTRODUCTION
1.1 GENERAL
1.1.1
Information System plays a major role in supporting the day-to-day activities of the
Company. The availability, reliability, confidentiality and data integrity of the Company
Information Systems are essential to success of company activities.
1.1.2
This manual outlines statements relating to the Information System Policies & Procedures
governing the employment of all employees in the Company. They relate to their use of
company-owned/ leased/ rented and onloan facilities, to all private systems, owned/
leased/ rented/ on-loan, when connected to the company network directly or indirectly to
all company-owned/ licensed data/ programs, be they on Company or on private systems,
and to all data/ programs provided to Company by external agencies or sponsors. It is
envisaged that by doing so, written policies and procedures will be interpreted equitably by
those in supervisory and management positions on regular basis within the Company.
1.1.3
The Company reserves the right to amend, delete, augment any policy or procedure or part
thereof as and when deemed necessary for any individual employee or group of
employees. The Senior Management and Managing Director shall approve all changes to
the policies and procedures.
1.1.4
The Information System Policies and Procedures in general may be reviewed at any time if
it needs to be reviewed. A task force shall be formed to review and make recommendation
on the revised policies or procedures. All revised policies and procedures shall require the
approval of the Senior Management and Managing Director Deviation from the approved
policies and procedures are to be notified to the Head of Department Management
Information System Department.
1.1.5
Head of Management Information System Department shall responsible for ensuring the
updating of this manual and communication any policy and procedure changes to
employees of the company. The head of subsidiaries or those assigned will be responsible
for disseminating the changes to employee. They shall notify the Head of Department
Management Information System whenever problems are encountered or when
improvements are to be made.
1.1.6
The Head of Department Management Information System of Sapura Industrial Berhad shall
be custodian of Information Technology Policies and Procedures.
1.1.7
This manual is assigned to all Head of Subsidiaries or any other personnel approved by
Senior Management of Sapura Industrial Berhad.
SIB/MIS/ITP/001
Page 1 of 5
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
IINNFFOORRM
MAATTIIOONN TTEECCHHNNOOLLOOGGYY PPOOLLIICCYY
PPOOLLIICCYY SSTTAATTEEM
MEENNTT
DDDooocccuuum
m
meeennntttNNNooo..:.::
IIIsssssuuueeeNNNoo..:.::
RRReeevvv...NNNooo:::
DDDaaattteee :::
PPPaaagggeee :::
SSSIIIBBB///M
M
MIIISSS///IIITTTPPP///000000
111
111..0.00
000..0.00
111ssstt.t.M
Maaayyy222000000777
.M
222ooofff555
Ensure that all of the Company computing facilities, programs, data, network and
equipment are adequately protected against loss, misuse or abuse.
Ensure that all users are aware of and fully comply with this Policy Statement and all
associated policies and are aware of and work in accordance with the relevant Code of
Practice.
Ensure that all users are aware of and fully comply with the relevant Malaysian legislation.
Create across the Company the awareness that appropriate security measures must be
implemented as part of the effective operation and support of Information Security.
Ensure that all uses understand their own responsibilities for protecting the confidentiality
and integrity of the data they handle.
No exception will be made to the policies and procedures without the written approval of
the Head of Department Management Information System of Sapura Industrial Berhad
(unless otherwise provided for in this manual) who is the custodian of Information
Technology Policies and Procedure. In the event you feel dissatisfied with the action or nonaction of those implementing the Policies and Procedures in the allowing or disallowing
any exception, a written explanation describing the deviation is to be forwarded to the
Head of Department Management Information System of Sapura Industrial Berhad.
1.4 DEFINITIONS
The following definitions shall apply in the manual unless expressly stated otherwise:
1.4.1
1.4.2
Policy shall mean the companys specific standpoint or general of company goal
1.4.3
Procedure shall mean the methodology or specific steps used in the implementation of
the policy.
1.4.4
1.4.5
SIB/MIS/ITP/001
Page 2 of 5
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
IINNFFOORRM
MAATTIIOONN TTEECCHHNNOOLLOOGGYY PPOOLLIICCYY
PPOOLLIICCYY SSTTAATTEEM
MEENNTT
DDDooocccuuum
m
meeennntttNNNooo..:.::
IIIsssssuuueeeNNNoo..:.::
RRReeevvv...NNNooo:::
DDDaaattteee :::
PPPaaagggeee :::
1.4.6
SSSIIIBBB///M
M
MIIISSS///IIITTTPPP///000000
111
111..0.00
000..0.00
111ssstt.t.M
Maaayyy222000000777
.M
333ooofff555
The masculine gender He shall include the feminine gender unless otherwise expressly
stated. Words in the singular will include the plural except the text clearly indicated
otherwise.
The Managing Director is responsible for approving the Information System Policies and
Procedures and the associated policies and for ensuring that they are discharged to the
various subsidiaries, departments and staff through Heads of those units.
1.6.2
Head of Subsidiaries and Supervisor are required to implement the Policies with respect to
the systems that are operated by their Subsidiaries, Departments and Units. They are
responsible for ensuring that staff and anyone else authorized to use those systems are
aware of and comply with them and the associated Code of Practice. To assist them in this,
they are required to appoint a Custodian for each system operated by them, the duties of
which are set out in a Code of Practice associated with the Policies.
1.6.3
Custodians must periodically carry out a risk assessment of the system that they are
currently responsible for, including the Information System security control currently in
place. This is to take into account changes to operating systems changing Company
requirement and priorities and any changes in the relevant legislation, hence revisiting
their security arrangements accordingly.
1.8.2
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
IINNFFOORRM
MAATTIIOONN TTEECCHHNNOOLLOOGGYY PPOOLLIICCYY
PPOOLLIICCYY SSTTAATTEEM
MEENNTT
DDDooocccuuum
m
meeennntttNNNooo..:.::
IIIsssssuuueeeNNNoo..:.::
RRReeevvv...NNNooo:::
DDDaaattteee :::
PPPaaagggeee :::
SSSIIIBBB///M
M
MIIISSS///IIITTTPPP///000000
111
111..0.00
000..0.00
111ssstt.t.M
Maaayyy222000000777
.M
444ooofff555
The MIS Department will monitor network activity, reports from Malaysian Computer
Emergency Response Team (MyCERT) and other security agencies and take action/ make
recommendations consistent with maintaining the security of the Company Information
System.
1.9.2
Any Head of Subsidiaries suspecting that there has been, or likely to be breach of
Information System security should inform the Head of MIS Department immediately, who
will then advise the Company on what actions should be taken.
1.9.3
In the event of the suspected or actual breech of security, the Head of MIS Department may,
after consultation with the relevant Custodian or Head of Subsidiaries, make inaccessible/
remove any unsafe user/ login names, data and/or programs on the system from the
network.
1.9.4
Any breach of security of an Information System could lead to destruction or loss of security
of personal information. This would be an infringement of the Computer Crime Act 1977
and could lead to civil or criminal proceedings. It is vital, therefore that users of the
Companys Information Systems comply with the Policies.
1.9.5
The Managing Director or Chief Operating Officer has the authority to take whatever action
is deemed necessary to protect the Company against breaches of security.
SIB/MIS/ITP/001
Page 4 of 5
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
IINNFFOORRM
MAATTIIOONN TTEECCHHNNOOLLOOGGYY PPOOLLIICCYY
PPOOLLIICCYY SSTTAATTEEM
MEENNTT
DDDooocccuuum
m
meeennntttNNNooo..:.::
IIIsssssuuueeeNNNoo..:.::
RRReeevvv...NNNooo:::
DDDaaattteee :::
PPPaaagggeee :::
SSSIIIBBB///M
M
MIIISSS///IIITTTPPP///000000
111
111..0.00
000..0.00
111ssstt.t.M
Maaayyy222000000777
.M
555ooofff555
SIB/MIS/ITP/001
Page 5 of 5
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
IINNFFOORRM
MAATTIIOONN TTEECCHHNNOOLLOOGGYY PPOOLLIICCYY
FFAACCIILLIITTIIEESS UUSSAAGGEE
DDDooocccuuum
m
meeennntttNNNooo :::
IIIsssssuuueeeNNNoo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
SSSIIIBBB///M
M
MIIISSS///IIITTTPPP///000000
222
000111
000000
111ssstttM
M
Maaayyy222000000777
111ooofff444
1.0 PURPOSE
1.1 To establish a procedure of the Information Technology facilities usage of the Company
1.2 To clearly define the use of all network, computer systems, computer hardware, software and
internal access and computer codes in the Company.
2.0 SCOPE
The policy applies to all the Company employees (hereinafter referred to as users) whose access to
use IT facilities owned, leased, rented or on-loan by the Company.
3.0 DEFINITIONS
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
HR
MIS
CAPEX
PO
DO
LAN
IT
Company
Human Resources
Management Information System
Capital Expenditure
Purchasing Order
Delivery Order
Local Area Network
Information Technology
Sapura Industrial Berhad Group of Companies
4.0 PROCEDURES
4.1 The use of the Company computer hardware and software is for official purpose.
4.2 Workstations shall be located in a physically protected environment where access control
measures are in place and applied consistently.
4.3 The maintenance of hardware and software shall only be done by authorized contractors who
have the appropriate security clearances.
4.4. Procurement of Computer Equipment
4.4.1 In order to acquire computer equipment or software, procurement process needs to
follow standard guidelines of the Company Capital Expenditure (CAPEX) procedure.
MIS Department shall advise on the need and specification of purchase equipment.
4.4.2
Upon received, Purchaser must fill up the Computer Registration Form and submit
it to MIS Department within seven (7) days together with the copy of documents.
SIB/MIS/ITP/002
Page 1 of 4
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
IINNFFOORRM
MAATTIIOONN TTEECCHHNNOOLLOOGGYY PPOOLLIICCYY
FFAACCIILLIITTIIEESS UUSSAAGGEE
DDDooocccuuum
m
meeennntttNNNooo :::
IIIsssssuuueeeNNNoo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
SSSIIIBBB///M
M
MIIISSS///IIITTTPPP///000000
222
000111
000000
111ssstttM
M
Maaayyy222000000777
222ooofff444
The end-user breaks the law whenever he or she uses a program that has
been illegally copied from a floppy, compact disk, hard disk (or whatever
other means) on to a computer.
4.9.1.2
Copyright is infringed not only by the person who initiated the copying but
by all subsequent people using copied programs. In addition, if an end-user
makes use of a legitimate copy of a program contrary to the terms of the
license, or in a situation where there is no implied license, copyright is
being infringed.
SIB/MIS/ITP/002
Page 2 of 4
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
IINNFFOORRM
MAATTIIOONN TTEECCHHNNOOLLOOGGYY PPOOLLIICCYY
FFAACCIILLIITTIIEESS UUSSAAGGEE
DDDooocccuuum
m
meeennntttNNNooo :::
IIIsssssuuueeeNNNoo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
4.9.2.1
SSSIIIBBB///M
M
MIIISSS///IIITTTPPP///000000
222
000111
000000
111ssstttM
M
Maaayyy222000000777
333ooofff444
Whenever software packages are sold for use on a network, the number of
users is designated. As soon as an extra user is provided access to this
software, an infringement is constituted.
Screensavers may not be loaded by computer users. The reasons for this
are numerous, but the main reason is that many of these are "downloaded"
from the Internet and could contain "new" viruses which the latest virus
protection software cannot detect.
4.9.3.2
Secondly, some are not compatible with certain types of software and
cause endless problems (usually the computer "hangs" or "freezes" and all
unsaved work is lost when the computer has to be re-started), which is
unnecessary and unacceptable.
4.9.3.3
The user shall be held liable for any unlicensed software that is found in their possession,
and as such will take full responsibility of the consequences that might follow by
contravening the Malaysian Copyright Act.
4.13
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
IINNFFOORRM
MAATTIIOONN TTEECCHHNNOOLLOOGGYY PPOOLLIICCYY
FFAACCIILLIITTIIEESS UUSSAAGGEE
DDDooocccuuum
m
meeennntttNNNooo :::
IIIsssssuuueeeNNNoo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
SSSIIIBBB///M
M
MIIISSS///IIITTTPPP///000000
222
000111
000000
111ssstttM
M
Maaayyy222000000777
444ooofff444
4.13.3 Computer equipment should always be kept clean and dust free. Computer screens,
external casings, and keyboard keys can be cleaned with anti static cleaner and a
lint-free duster. Never use a dripping wet cloth to clean the equipment.
4.13.4 Practices such as eating, drinking and smoking should not be exercised whilst
working at a computer as cigarette ash and bits of food are invariably dropped or
spilt on the computers keyboard, resulting in damage.
4.14 Staff Leaving/ Staff Termination/ Resignation
4.14.1 When staff joining the Company, the subsidiary head arranges access to the
network on their behalf. It is therefore also the subsidiary heads responsibility to
ensure that when staff leaves the service that their user accounts are removed from
the network.
4.14.2 The subsidiary head or HR department must contact the MIS department and
provide the users particulars as well as instructions pertaining to the data that
resides in the users home directory on the network.
4.14.3 If this is not carried out, the ex-staff members user account will remain on the
network. Network security is therefore seriously breached as the ex-staff member
could easily gain access to data on the network and remove or manipulate it.
4.15 Asset Tracking & Recording
4.15.1 Upon delivery of the assets IT related hardware/software, purchasing department
shall submit copy of quotation/PO/DO/Invoice to MIS Department.
4.15.2 Purchasing/Account department inform the asset tagging, location & users name
for the asset.
4.15.3 Account department should inform for any transfer or dispose of assets.
SIB/MIS/ITP/002
Page 4 of 4
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
IINNFFOORRM
MAATTIIOONN TTEECCHHNNOOLLOOGGYY PPOOLLIICCYY
EELLEECCTTRROONNIICC M
MAAIILL
DDDooocccuuum
m
meeennntttNNNooo :::
IIIsssssuuueeeNNNoo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
SSSIIIBBB///M
M
MIIISSS///IIITTTPPP///000000
333
000111
000000
111ssstttM
M
Maaayyy222000000777
111ooofff444
1.0 PURPOSE
1.1
The purpose of this "Electronic Mail Policy" is to establish guidelines and minimum requirements
governing the acceptable use of the Company electronic mail (e-mail) services.
2.0. SCOPE
2.1
This policy applies to all the Company employees (hereinafter referred to as "users") whose access
to or use of e-mail services is funded by the Company or is available through equipment owned/
leased/ rented and on-loan facilities by the Company.
3.0 DEFINATIONS
3.1
3.2
Company
3.3
Virus
3.4 Encryption
4.0 RESPONSIBILITIES
4.1
The Company reserves the right to amend this policy from time to time at its discretion. In case of
amendments and revisions, users will be informed appropriately.
4.2
The management of the Company has the right to access or monitor the e-mail user contents of
massages and attached document.
4.3
The Company reserves the right to revoke or limit the Users access to this e-mail account and
address at any time. Common reasons for e-mail access revocation include the failure to comply
with the Company policies, and termination of the employees service with the Company.
SIB/MIS/ITP/003
Page 1 of 4
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
IINNFFOORRM
MAATTIIOONN TTEECCHHNNOOLLOOGGYY PPOOLLIICCYY
EELLEECCTTRROONNIICC M
MAAIILL
DDDooocccuuum
m
meeennntttNNNooo :::
IIIsssssuuueeeNNNoo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
SSSIIIBBB///M
M
MIIISSS///IIITTTPPP///000000
333
000111
000000
111ssstttM
M
Maaayyy222000000777
222ooofff444
E-mails that purport to come from an individual other than the user actually sending the
massage or with forged addresses (spoofing).
Material that advocates or condones, directly or indirectly, criminal activity or which may
otherwise damage the Companys activities in Malaysia or abroad.
Text or images to which a third party holds an intellectual property right, without the
express written permission of the copyright holder.
Material that is defamatory, libelous or threatening. Material that could be used in order to
breach computer security, or to facilitate unauthorized entry into computer systems.
Material that is likely to prejudice or seriously impede the course of justice in Malaysian
criminal or civil proceedings.
Material containing personal data about third parties, unless their permission has been
given explicitly.
5.2 Whilst the Company provides staff with access to e-mail systems for the conduct of Companyrelated business, incidental and occasional personal use of e-mails is permitted so long as such
use does not disrupt or distract the individual from the conduct of Company business (i.e. due to
SIB/MIS/ITP/003
Page 2 of 4
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
IINNFFOORRM
MAATTIIOONN TTEECCHHNNOOLLOOGGYY PPOOLLIICCYY
EELLEECCTTRROONNIICC M
MAAIILL
DDDooocccuuum
m
meeennntttNNNooo :::
IIIsssssuuueeeNNNoo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
SSSIIIBBB///M
M
MIIISSS///IIITTTPPP///000000
333
000111
000000
111ssstttM
M
Maaayyy222000000777
333ooofff444
volume, frequency or time expended) or restrict the use of those systems to other legitimate
users.
6.0 PENALTIES FOR IMPROPER USE OF E-MAIL FACILITIES
6.1 Failure to comply with this e-mail policy could result in access to the facility being withdrawn or,
in more serious cases, to disciplinary action being taken.
6.2 The Head of MIS Department shall be the final arbiter of whether e-mail messages are in breach
of this e-mail policy or not.
7.0 PRIVACY
7.1 Data users must assume that all e-mail by default is not secure and thus, they should not send
via e-mail any information that is confidential, private or sensitive in nature. The use of e-mail
encryption technologies such as PGP (Pretty Good Privacy) will improve the confidentiality of
the e-mail, although they are by no means perfect.
7.2 Users may not under any circumstances, monitor and intercept or browse other users e-mail
messages unless authorized to do so.
7.3 In all other circumstances, monitoring, interception and reading of other users e-mail by
network and computer operations personnel or system administrators may only occur with the
permission of the Head of MIS Department.
7.4 The Company reserves the right to access and disclose the contents of a users e-mail
massages, in accordance with its legal and audit obligations and for legitimate operational
purposes. The Company reserves the right to demand those encryption keys, where used, is
made available so that it is able to fulfill its right of access to a users e-mail messages in such
circumstances.
8.0 BEST PRACTICES
8.1 The Company considers e-mail as an important means of communication and recognizes the
importance of proper e-mail content and speedy replies in conveying a professional image and
delivering good customer services. Users should take same care in drafting an-email as they
would for any other communication. Therefore the Company wishes users to adhere to the
following guidelines:
8.1.1 Writing e-mails:
The Company style is informal. This means that sentences can be short and to the
point. The use of internet abbreviations and characters such as smiley however, is
not encouraged.
SIB/MIS/ITP/003
Page 3 of 4
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
IINNFFOORRM
MAATTIIOONN TTEECCHHNNOOLLOOGGYY PPOOLLIICCYY
EELLEECCTTRROONNIICC M
MAAIILL
DDDooocccuuum
m
meeennntttNNNooo :::
IIIsssssuuueeeNNNoo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
8.1.2
SSSIIIBBB///M
M
MIIISSS///IIITTTPPP///000000
333
000111
000000
111ssstttM
M
Maaayyy222000000777
444ooofff444
Signatures must include you name, job title and company name. and should follow
company branding guideline.
User must spell check all mails prior to transmission.
Do not use cc. or bcc: fields unless the cc: or bcc: recipient is aware that you will be
copying a mail to him/ her and knows what action, if any to take.
If you forward mails, state clearly what action you expect the recipient to take.
Only send e-mails of which the content could be displayed on a public notice board.
If they cannot be displayed publicly in their current state, consider rephrasing the email, using other means of communication or protecting information by using a
password.
Replying to e-mails:
E-mails should be answered within at least eight (8) working hours, but users must
endeavor to answer priority e-mails within four (4) hours.
Priority e-mails are emails from existing customers and business partner.
SIB/MIS/ITP/003
Page 4 of 4
INFORMATION TECHNOLOGY
CODE OF PRACTICE
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
DDDooocccuuum
m
meeennntttNNNooo :::
IIIssssssuuueeeNNNooo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
SSIIIBBB///M
M
MIIISSS///CCCOOOPPP///000000
11
00111
00000
11ssstt.t..M
M
Maaayyy222000000777
11 ooofff333
PURPOSE
To maintain the physical security of the hardware used to store and process information as it is to
ensure the security of information contained within the Company information systems.
2.0 SCOPE
2.1 Specific code of practice covering: physical security of Information System.
3.0
DEFINATIONS
3.1
4.0
PIN
PROCEDURES
4.1
SECURITY OF PREMISES
4.1.1
Security of Premises
While it is difficult to make premises in accompany completely secure, buildings
and offices are now equipped with strong locks that provide a good level of
protection against opportunist intrudes so long as they are used intelligently and
correctly by those who have a right of access.
In order to reduce the risk of theft, the following rules should be adhered to:
4.1.1.1 Offices or rooms that house valuable equipment should not be left
unattended with the door unlocked or with window open.
4.1.1.2 Keep an eye open for anyone who appears to be loitering in the vicinity of
locked door, challenge him or her and report any suspicions to the
authorize personnel:
4.1.1.3 Where buildings/offices are secured by card controlled doors or keypads
looks, do not lend your card to anyone or give away details of PIN/ keypad
number;
SIB/MIS/COP/001
Page 1 of 3
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
DDDooocccuuum
m
meeennntttNNNooo :::
IIIssssssuuueeeNNNooo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
SSIIIBBB///M
M
MIIISSS///CCCOOOPPP///000000
11
00111
00000
11ssstt.t..M
M
Maaayyy222000000777
22 ooofff333
Security of People
In order to ensure your personal safety and that of your colleagues:
4.1.2.1 Challenge anyone who you suspect has no right to be on the premises in a
friendly way by offering to help them find the location they are looking for.
4.1.2.2 Avoid confrontation and conflict with anyone who reacts aggressively and
contact your authorize personnel/ security lodge immediately.
4.1.2.3 Do not take any action that may endanger you or other members of the
Company by causing a potential or actual thief.
4.1.3
Security of Equipment
In order to ensure that you computing equipment itself is secure:
4.1.3.1 All computers and other equipment with a value of more than RM300.00
must be clearly marked as company property, security tagged and recorder
on company inventory. This should be done as soon as possible after the
installation and set-up of the equipment.
4.1.3.2 All computers, others equipments including hardware and software
marked as company property must be insured.
4.1.3.3 Carry out a risk assessment in relation to the cost of the replacing the
equipment and the value of the data stored on it in order to determine
what additional security measures need to be taken, such as marking, cable
restraint, lockdown fixtures, alarms and arrange fitting as soon as possible;
4.1.3.4 Dispose of any computer packaging as quickly as discretely as possible in
order not to advertise the arrival of new equipment.
SIB/MIS/COP/001
Page 2 of 3
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
DDDooocccuuum
m
meeennntttNNNooo :::
IIIssssssuuueeeNNNooo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
SSIIIBBB///M
M
MIIISSS///CCCOOOPPP///000000
11
00111
00000
11ssstt.t..M
M
Maaayyy222000000777
33 ooofff333
Security of Data
4.1.4.1 Any media containing data that has been backed up should be held
securely i.e. in a locked container, drawer or cupboard and placed in
allocation commensurate with a departments procedures for ensuring
business continuity i.e. away from the area where that data is normally
processed.
Before disposing of computing equipment ensure that any data held on the hard
disk is destroyed by fully reformatting the hard disk, or using special tools to
overwrite the hard disks contents with random, useless data.
SIB/MIS/COP/001
Page 3 of 3
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
EEM
MPPLLOOYYM
MEENNTT,, EEDDUUCCAATTIIOONN
AANNDD TTRRAAIINNIINNGG
DDDooocccuuum
m
meeennntttNNNooo :::
IIIssssssuuueeeNNNooo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
SSIIIBBB///M
M
MIIISSS///CCCOOOPPP///000000
22
00111
00000
11ssstt.t..M
M
Maaayyy222000000777
11 ooofff222
PURPOSE
To address the new staff on information security at the recruitment stage.
2.0 SCOPE
2.1 Specific code of practice covering: on relevant security responsibilities.
3.0
DEFINATIONS
3.1
3.2
4.0
IS
IT
Information System
Information Technology
PROCEDURES
4.1
4.2
RECRUITMENT SCREENING
Applications for employment should be screened if the job involves access to the company
Information Systems for handling of commercially or otherwise sensitive information, as
identified by the relevant Custodian. The checks should include obtaining two (2) character
references, checking the accuracy of CVs confirmation of academic or professional
qualifications and carrying out identification check.
4.3
CONFIDENTIALITY AGREEMENT
When signing acceptance of conditions of employment, user of IT facilities will be required
to agree to respect the confidentiality of any information that they encounter in their work.
Confidentiality agreements should be reviewed when there are changes to the terms of
employment or when contracts are due to be renewed..
4.4
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
EEM
MPPLLOOYYM
MEENNTT,, EEDDUUCCAATTIIOONN
AANNDD TTRRAAIINNIINNGG
DDDooocccuuum
m
meeennntttNNNooo :::
IIIssssssuuueeeNNNooo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
SSIIIBBB///M
M
MIIISSS///CCCOOOPPP///000000
22
00111
00000
11ssstt.t..M
M
Maaayyy222000000777
22 ooofff222
New users of IT facilities and staff should be instructed on the Company policies and codes
of practice relating to information security and given training on the procedures relating to
the security requirements of the particular work they are to undertake and on the correct
use of the Company IT facilities in general before access to IT services is granted They
should be made aware of the reporting procedures to be adopted in respect of different
types of incident (security breach, threat, weakness or malfunction) which might affect the
security of information they are handling, as set out in Information System Security Policies.
SIB/MIS/COP/02
Page 2 of 2
INFORMATION TECHNOLOGY
PROCEDURE MANUAL
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
PPRROOCCEEDDUURREE M
MAANNUUAALL
EE-- M
MAAIILL SSEERRVVIICCEESS
DDDooocccuuum
m
meeennntttNNNooo :::
IIIssssssuuueeeNNNooo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
SSSIIIBBB///M
M
M
M///000000
MIIISSS///PPPM
111
000111
000000
111ssstttM
M
Maaayyy 222000000777
111ooofff222
1.0 PURPOSE
1.1
To establish and maintain the procedure or guidelines and minimum requirements governing the
acceptable use of the Company electronic mail (e-mail) services.
2.0. SCOPE
2.1
This policy applies to all SIB Group employees whose access to or use of e-mail services is funded
by the Group or is available through equipment owned or leased by the Company.
3.0 DEFINATIONS
3.1
Company
32
3.3 MIS
4.0 RESPONSIBILITIES
4.1
5.0 ATTACHMENTS
5.1
5.2
6.0 PROCEDURES
6.1
All E-mail address requested to be initiated by raising of E-mail Services Form and the step as
follows:
i.
ii.
iii.
iv.
SIB/MIS/PM/001
Page 1 of 2
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
PPRROOCCEEDDUURREE M
MAANNUUAALL
EE-- M
MAAIILL SSEERRVVIICCEESS
DDDooocccuuum
m
meeennntttNNNooo :::
IIIssssssuuueeeNNNooo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
6.2
SSSIIIBBB///M
M
M
M///000000
MIIISSS///PPPM
111
000111
000000
111ssstttM
M
Maaayyy 222000000777
222ooofff222
All the E-mail Services Form shall clearly specify the requirement which my include the
followings:
i.
ii.
6.3
The MIS Department shall determine the availability of e-mail accounts allocation and suitability
of desired e-mail ID.
6.4
E-mail account shall be created for the requester subject to availability of E-mail account and
notify the requester default password and the e-mail user shall be guided by MIS representative
to set an E-mail on Outlook Express and how to access E-mail trough Web Mail.
6.5
The representative of MIS Department shall inform the requester within five (5) working days
receipt of the application form if they require any additional information or ready to
commencement the e-mail account.
6.6
Copy of successful E-mail application form shall be sent to SIB Group Account/ Finance
Department for charges preparation.
6.7
Human Resources Department shall be notify MIS Department within five (5) working days on any
employee tendering their resignation or termination from his services or for temporary block
account/reactivated disabled due to his disciplinary action taken by the company.
SIB/MIS/PM/001
Page 2 of 2
department :
designation
desired e-mail id
1.
company
2.
tel no./ext
(e.g: name@sapuraindustrial.com.my)
date of requested
2. Detail of Request
New Account
Effective Date:
Justification
Reactivate Disabled / Blocked Account
Justification
Effective Date:
Effective Date:
Applicant Particulars
I have read, understood and acknowledge receipt of Acceptable E-mail policy below. I hereby agree to comply with the rules and regulations as stated
in the policy and understand the falure to comply will result in severe diascplinary action.
name
signature
date
signature
date
created by
initial password
effective date:
approved by
charge to
date approved
Introduction
Sapura Industrial Berhad Group of Companies provides staff with Internet access and e-mail communication services as required for the performance
and fulfill of job responsibilities. These services are for purpose of increasing productivity and not for non-business activities.
Use Policy
Occasional and reasonable personnel use of SIB Group Internet & e-mail services is permitted, provided that this does not interfere with work performance
These services may be used outside of scheduled hours of work, provided that such use is consistent with professional conduct.
Users should have no expectation of privacy while using company-owned or company-leased equipment. Information passing through or stored on
company equipment can and will be monitored.
Violations of internet and e-mail use include, but are not limited to, accessing, downloading, uploading, saving, receiving or sending material that
includes sexually explicit content or other material using vulgar, sexist, racist, threatening, violent or defamatory language. Users should not use
SIB Group services to disclose corporate information without prior authorization. Gambling and illegal activities are prohibited on company resources.
Infringements of this policy will investigated on a case by-case basis.
Your signature indicate that you have read SIB Group internet and e-mail use policy. By signing this document means that you agree to
abide by the regulations set in this policy.
DOC NUM :
PFC/SIB/MIS/EMS/01-02
DATE ESTABLISH :01/04/07
REV : 0.0
PAGES : 1 of 1
PROCESS FLOW
RECEIVED APPLICATION
FORM
WHO
OUTPUT
DESCRIPTION
ASST. SYS.
APPLICATION
Completed
Form
- Approved by GM of company
STOP
VERIFY
HEAD OF MIS
NO
YES
EVALUATE REQUISITION
MIS TECHNICIAN
E-mail Account
Created
ASST. SYS.
APPLICATION
REQUESTER RECEIVED
E-MAIL ACC.
TEST RUN
REQUESTER
NO
REQUESTER
OK
END
INFORM SIB
ACC. DEPT.
ASST. SYS.
APPLICATION
E-MAIL TERMINATION
INPUT
PROCESS FLOW
RECEIVED APPLICATION
FORM HR
WHO
OUTPUT
DESCRIPTION
ASST. SYS.
APPLICATION
Completed
Form
- Approved by GM of company
STOP
E-Mail Termination Form
VERIFY
HEAD OF MIS
NO
YES
E-Mail Termination Form
EVALUATE REQUISITION
INFORM
ACC. DEPT.
ASST. SYS.
APPLICATION
MIS TECHNICIAN
ASST. SYS.
APPLICATION
E-MAIL ACC.
TERMINATION
END
SSAAPPUURRAAIINNDDUUSSTTRRIIAALLBBEERRHHAADD
PPRROOCCEEDDUURREE M
MAANNUUAALL
CCOOM
MPPUUTTEERR UUSSAAGGEE PPRROOCCEEDDUURREE
DDDooocccuuum
m
meeennntttNNNooo :::
IIIssssssuuueeeNNNooo... :::
RRReeevvvNNNooo... :::
DDDaaattteee :::
PPPaaagggeee :::
SSSIIIBBB///M
M
M
M///000000
MIIISSS///PPPM
222
000111
000000
111ssstttM
M
Maaayyy222000000777
111ooofff111
1.0 PURPOSE
1.1
To ensure new employee have access to Information Technology resources and services should
dedicated to legitimate group business and is governed by rules of conduct.
2.0. SCOPE
2.1
3.0 DEFINATIONS
3.1
Nil
4.0 RESPONSIBILITIES
4.1
5.0 ATTACHMENTS
5.1
5.2
6.0 PROCEDURES
6.1
The Human Resource Manager or its appointee and the immediate superior shall responsible for
filling the Information Technology User Declaration Agreement as part of Employee Orientation
Checklist has to submit to Human Resource Department within five (5) working days of
completion.
6.2
Human Resources Department Manager or its appointee shall be explaining the contents of
Information Technology User Declaration Agreement to the newly appointed staff.
6.3
The completed declaration agreement shall keep safely in his personal file.
SIB/MIS/PM/002
Page 1 of 1
SIB/MIS/CUP/02-01
I will refrain from monopolizing systems, overloading networks with excessive data, or wasting computer
time, connect time, disk space, printer paper, or other information technology resources. I will report to SIB
management any observations of attempted security violations or illegal activities. I will report to SIB
management if I receive or obtain information to which I am not entitled.
By signing this agreement, I certify that I understand and accept responsibility for adhering to the policies,
procedures, and additional Sapura Industrial Berhad Group terms and conditions listed above. I also
acknowledge my understanding that any misuse on my part may result in disciplinary action including, but
not limited to, termination of my access privileges.
_______________________
Date:
_______________
Head of Section/Subsidiary:
Name:
______________________________
Signature:
__________________________
Date:
__________________
DOC NUM :
PFC/SIB/MIS/ITDA/0
DATE ESTABLISH :01/05/07
REV : 0.0
PAGES : 1 of 1
INFORMATION TECHNOLOGY
DECLARATION AGREEMENT FLOW CHART
INPUT
Information Technology
Declaration Agreement Form
Information Technology
Declaration Agreement Form
Information Technology
Declaration Agreement Form
PROCESS FLOW
RECEIVED IT DECLARATION
AGREEMENT FORM
APPROVAL
WHO
OUTPUT
HR DEPT.
Completed
Form
HEAD OF
SUBSIDIARIES /
DESCRIPTION
- Approved by GM of company
GENERAL
MANAGER
FILLING
END
HR DEPT.