Beruflich Dokumente
Kultur Dokumente
I. T. Policy
Operational Procedures
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 1 of 50
Apna Microfinance Bank
Information Technology Department
Table of Contents
Page No.
A) Background
B) Procedures
4. Website Policy………………………………………………………..17
7. Dial-In-Access Policy…………………………………………………25
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 2 of 50
Apna Microfinance Bank
Information Technology Department
A. BACKGROUND:
Use of Information Technology (I.T.):
Increasing use of computers prompted by automation drive of AMBL has
changed the references of the organizational security aspects. It has become
essential to have a reference framework for the security and control for
Information Technology. Management and users should understand and
implement the controls to assure security of AMBL’s assets that use Information
Technology.
Security:
Security is old, older than computers. Security builds trust amongst customers,
employees and stakeholders. Security procedures are defined to avoid risk. Just
as bank uses the procedures of double-entry bookkeeping, internal audits, and
external audits to secure its financials, same way bank needs to use a series of
procedures to protect its I.T. assets, infrastructure, and networks.
I.T. Policy is first step towards building the security infrastructure for technology
based operations. I.T. Policy establishes guideline for everyone who uses I.T. in
one way or other. It is critical in different circumstances starting from planning to
disaster recovery. I.T. policy establishes rules and regulations like how, where,
when and which resources should be used in a given circumstance. With time,
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 3 of 50
Apna Microfinance Bank
Information Technology Department
B. GENERAL:
These I.T. policies and guidelines are designed to ensure that users of AMBL are
aware of their responsibilities and appropriate usage of computer
hardware/software.
These policies will be reviewed regularly to take into account the changing nature
of the I.T. and the laws surrounding its use.
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 4 of 50
Apna Microfinance Bank
Information Technology Department
C. SCOPE
Throughout this document, reference to the I.T. should be taken to include all
computing facilities including but not limited to computers, computer accessories,
software, online services including Network & Communication, World Wide Web,
e-mail,
Application servers, other servers, hosts and Internet connected devices. The
policies and guidelines apply to all users of the AMBL using computers, Local
and Wide area network and Internet Services. These users are defined for the
purposes of this document as:
all employees of AMBL, their contractors and sub- contractors
any other person using the AMBL computing facilities
D. POLICY OBJECTIVE
The objective of these policies and guidelines is to secure I.T.
environment, provide and maintain appropriate access to the computing
facilities to further business goals and objectives of AMBL.
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 5 of 50
Apna Microfinance Bank
Information Technology Department
1) Purpose:
2) General:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 6 of 50
Apna Microfinance Bank
Information Technology Department
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 7 of 50
Apna Microfinance Bank
Information Technology Department
3) Guidelines:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 8 of 50
Apna Microfinance Bank
Information Technology Department
(ii) Responsibilities:
(iii) Procedure:
(iv) Exceptions
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 9 of 50
Apna Microfinance Bank
Information Technology Department
1) Purpose:
2) Initial Steps:
e) Document what data to collect, why to collect it, and where and
when to collect it. Document how to conduct review of all collected
data. Because there is a large volume of system and network data
that can be collected, and because there are increasing demands
on an administrator’s time, it needs to be carefully determined.
3) Training:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 11 of 50
Apna Microfinance Bank
Information Technology Department
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 12 of 50
Apna Microfinance Bank
Information Technology Department
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 13 of 50
Apna Microfinance Bank
Information Technology Department
11) Monitoring:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 15 of 50
Apna Microfinance Bank
Information Technology Department
d) Prohibited Activities:
Gambling.
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 16 of 50
Apna Microfinance Bank
Information Technology Department
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 17 of 50
Apna Microfinance Bank
Information Technology Department
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 18 of 50
Apna Microfinance Bank
Information Technology Department
4 - Web–Site Policy
1) Purpose:
2) General
b) Make the AMBL website and those with official links from it
appear as consistent in format, inter-linkages, and functionality
as possible.
1) DESIGN GUIDELINES:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 20 of 50
Apna Microfinance Bank
Information Technology Department
6) Content Guidelines:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 21 of 50
Apna Microfinance Bank
Information Technology Department
7) Website Hosting:
9) Hyperlink Procedures:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 22 of 50
Apna Microfinance Bank
Information Technology Department
A profile of company;
- They shall not take any action that would impair the
value or goodwill associated with the Marks or AMBL’s
image or reputation and in particular they shall not use
the Marks in any way that might be misleading or seek
to promote any goods or services not certified by the
AMBL.
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 23 of 50
Apna Microfinance Bank
Information Technology Department
1) Purpose:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 25 of 50
Apna Microfinance Bank
Information Technology Department
1) Purpose:
e. Does not use root when a non-privileged account will do the job.
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 26 of 50
Apna Microfinance Bank
Information Technology Department
4. Monitoring
All security related events on critical or sensitive systems must be logged and
Audit trails saved as follows:
a. All security related logs will be kept online for a minimum of 1 week
5) Compliance
b. The audit & inspection division in accordance with the Audit Policy
will manage audit.
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 27 of 50
Apna Microfinance Bank
Information Technology Department
1) Purpose
2) Guidelines:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 28 of 50
Apna Microfinance Bank
Information Technology Department
1) Purpose:
2) Scope:
3) Guidelines:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 29 of 50
Apna Microfinance Bank
Information Technology Department
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 30 of 50
Apna Microfinance Bank
Information Technology Department
4) Expunge:
5) Physical Security:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 31 of 50
Apna Microfinance Bank
Information Technology Department
1) Purpose:
2) General Guidelines:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 32 of 50
Apna Microfinance Bank
Information Technology Department
4) Environment Controls:
d) Make sure the above are regularly tested and that maintenance
contracts are signed.
5) Workstations:
6) Wiring:
7) Servers:
8) Electrical Security:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 33 of 50
Apna Microfinance Bank
Information Technology Department
a) All servers will be fitted with UPS’s that also condition the
power supply.
9) Inventory Management:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 34 of 50
Apna Microfinance Bank
Information Technology Department
1) Purpose:
2) Guidelines:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 35 of 50
Apna Microfinance Bank
Information Technology Department
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 36 of 50
Apna Microfinance Bank
Information Technology Department
1) Objective
The evaluation process and criteria as well as the testing that will
be conducted on evaluation copies of the proposed software
product, if any.
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 37 of 50
Apna Microfinance Bank
Information Technology Department
In case of bids invited, the closing date and exact time and
location of opening sealed bids.
Notification that bids received after the closing date and time
will not be considered.
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 38 of 50
Apna Microfinance Bank
Information Technology Department
a) Off-the-shelf item.
4) Sole-Source/Sole-Brand Exceptions:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 39 of 50
Apna Microfinance Bank
Information Technology Department
1) Objective:
2) Application Development:
Design stage
Development stage
Deployment stage.
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 40 of 50
Apna Microfinance Bank
Information Technology Department
User Catalogue
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 41 of 50
Apna Microfinance Bank
Information Technology Department
User Requirements
3) Design Stage:
Database structure/dictionary
Approved FS.
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 42 of 50
Apna Microfinance Bank
Information Technology Department
4) Development Stage:
Application testing:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 43 of 50
Apna Microfinance Bank
Information Technology Department
Developed Application
c) Deployment Stage:
Data entry testing by users to ensure that all fields accept valid
input]
The respective users and their in charge must sign off all input
screens, and reports generated by the system during UAT.
Data Conversion:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 46 of 50
Apna Microfinance Bank
Information Technology Department
1) Purpose:
2) Guidelines:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 47 of 50
Apna Microfinance Bank
Information Technology Department
1) Purpose:
2) Background:
3) Guidelines:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 48 of 50
Apna Microfinance Bank
Information Technology Department
I.T. Department will identify the applications and systems that support
critical business processes; and for each application and system,
following information must be collected and procedures documented,
to properly define the BCP&DR:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 49 of 50
Apna Microfinance Bank
Information Technology Department
15 – Documentation Policy
1) General:
2) Documentation Guidelines:
_____________________________________________________________
Information Technology Division
I.T. Policy – 2012 Page 50 of 50