24PinTech IT Policy

From 24PinTech Wiki
Revision as of 19:17, 16 April 2021 by OPerez (talk | contribs) (→‎Revisions)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


Overview

The IT policy of 24PinTech determines the fundamental aspects of security and guidelines on the 24pintech domain and environment. In this document are listed IT policies that we want to implement, policies that other teams part of 24PinTech want to implement, and preexisting IT policies. Each of the listed policies will include descriptions on what the policy is, its function, and the scope of it. The purpose of these IT policies is to provide users with the resources they need while protecting information from non-authorized individuals. The protection provided from these IT policies will extend over 24PinTech servers, computer equipment, network, software, operating systems, and more. The systems in place within 24PinTech are to be used for research and work purposes by authorized employees of 24PinTech.

Scope

The policies that are mentioned to be in effect in this document apply to any 24PinTech employees, teaching staff, students, or any authorized user by founder and CEO Brad Chamberlain. These policies also apply to any equipment owned by 24PinTech, MUSD #20, or any device accessing information on our data network.

24Pintech Employee Responsibilities

24PinTech members are responsible for:

  • Providing services to clients in need of troubleshooting/repair
  • Ensuring quality of service towards clients
  • Participate in required IT Technicians training and regular meetings as determined by management or Brad Chamberlain
  • Take precautions towards theft or damaged hardware and information
  • Treat information about, and information stored by, the network users in an appropriate manner and keep sensitive information confidential

In case of:

  • Data loss or theft;
  • Inappropriate systems or information access or use
  • Any other breach or violation of IT policies of which they become aware

Technicians are responsible for reporting these issues to management or founder and CEO Brad Chamberlain.

Necessary To Understand Definitions

Sensitive Information: Information that is sensitive includes information such as customer information submitted in the online 24PinTech ticket submission site.

Auditing: A process that examines in a retrospective manner the status and health of a system or policy. In the case of 24PinTech, servers are the focus for auditing to ensure continued server health.

Authorized and unauthorized users: Users on 24PinTech hardware, network, or software will be both from within or outside of 24PinTech. 24PinTech users will have access to more than an outside user. 24PinTech users are generally authorized in most regards with some exceptions such as server and group policy management. An unauthorized user is simply someone that is not granted access to certain aspects of 24PinTech.

Group Policy and IT Policy: Group policy is similar to the IT policy listed in this document. The key difference is to what extent they create policy, and how those policies are enforced. Group policy is more concerned with a server system, how they operate and the security of that server. Group policy dictates which users are allowed to access certain aspects, for how long, and Group policy is what determines password requirements. Group policy is enforced by the system directly and quickly denies or allows certain processes. IT Policy addresses 24PinTech as a whole, it sets the ground rules of what is expected, what is allowed and disallowed, and more. IT Policy helps dictate Group policy and itself is affected by federal/state law and MUSD policy. IT Policy is enforced by 24PinTech members and founder and CEO Mr. Chamberlain.

Administrators: Admins in 24PinTech is a loose definition. Admins generally are individuals within 24PinTech with access to certain privileges pertaining to server access. They are members that work on the servers and know how to use admin privileges and therefore are granted use of those privileges.

Acceptable Use Policy

General Use and Ownership

  • All authorized users should be aware that all data that they access and create on the 24PinTech network is the property of 24PinTech.
  • All authorized users are responsible for being acting professionals on all personal and team works.
  • Any uncertainties about 24PinTech policies should be directed to the Security engineer team or founder and CEO Mr. Chamberlain.
  • Access to 24PinTech and its resources is a privilege, it is on the user to use the resources responsibly and with understanding that they remain within the rules set out by the IT policies listed here, rules of the workplace, and the rules set out by Maricopa School District in the student handbooks.
  • 24PinTech does not accept responsibility for the loss or damage of devices not owned by 24PinTech.
  • For security purposes the monitoring by 24PinTech or MUSD (Maricopa Unified School District) on 24PinTech devices may occur. The auditing of networks and servers may also occur for security purposes.
  • Employees of 24PinTech are expected to make professional emails that contain their first and last name followed by [[1]].

Security

  • All authorized users of 24PinTech are granted permissions to access to the 24PinTech network having provided the correct sign in credentials.
  • Users are responsible for their own sign in information. Login information can be reset at the behest of the Security team or founder and CEO Mr. Chamberlain.
  • Users should not leave computers with access to 24PinTech within the possession of unauthorized users.
  • Authorized users are required to change their passwords every 42 days, group policy is designated that 24 passwords are remembered, minimum password length 5 characters.
  • All systems connected to the 24PinTech network are subject to regularly executed virus detecting software.
  • All users are to be aware that emails from unknown senders may have viruses such as a Trojan horse virus.
  • Admin level access to 24PinTech systems are only available to the founder and CEO Mr. Chamberlain and chosen individuals with lots of work experience within 24PinTech.
  • Authorized users may be given temporary admin access to complete tasks that require the access.

Sensitive and Confidential Information

  • When handling sensitive information all users must use precaution and diligence to ensure the security of that information. Authorized users and administrators are liable to the loss of data and information.
  • 24PinTech members must not disclose sensitive information to persons outside of 24PinTech who are not authorized to receive it.
  • Below are listed some areas of sensitive information:
    • Encrypted data
    • Password data
    • Physical devices in particular portable devices and devices with sensitive information.
    • Avoid using confidential customer information as identifiers. Use names and order numbers.
    • Do not transfer or download data to another device without authorization.
    • Contact an administrator or founder and CEO Mr. Chamberlain if you have any questions.

Portable Device User Policy

  • Employees that were issued laptops or any portable devices are responsible with those devices, they are also required to have their name filled in a sign out sheet with the identification of the device
  • All issued devices and accessories are expected to be returned in the condition that they were given.
  • 24PinTech is not responsible for any damage that happens to any devices that were signed out, the responsibility falls on the individual.

Revocation of Privileges

All access to 24PinTech information and servers may be revised or revoked in the case of a transfer of employees.

Unacceptable Use Policy

Unacceptable use

  • The use of plagiarized material in the work of 24PinTech employees is not permitted. One may quote and borrow from when proper reference is provided. The consequences of such actions are listed in the MUSD handbook.
  • No employee, student, or guest is authorized to engage in illegal activities, what constitutes as illegal can be found in Arizona and federal law.
  • Authorized users are not allowed to download, store, or display pornography, obscenity, or bad language.
  • Unauthorized attempts to circumvent to defeat mechanisms put in place by 24PinTech and MUSD is prohibited.

System and Network Activities

  • Introducing malicious programs into a computer, server, or network is prohibited.
  • All authorized users are not permitted to offer fraudulent products or services using 24PinTech assets.
  • Authorized users are not to engage in producing security breaches or disruptions of networking communications.

Email and Communications Activities

  • The sending of unwarranted emails to individuals who did not request such emails is prohibited. This includes emails, communications, and phone calls that relate to harassment.
  • Other examples of unwarranted emails
    • Sending Junk Mail
    • Advertising Material
    • Harassment material
    • Emails containing forgery

IT Technician Responsibilities

It is the responsibility of all members of 24PinTech to follow the policies laid out here in this document.  They also follow founder and CEO Mr. Chamberlain and all directions given by him. IT technicians have their designated responsibilities listed below.

  • Respond to requests for support, information, and assistance with all matters IT related.
  • Become familiar with 24PinTech IT policy.
  • Participate in all IT Technician training required by 24PinTech.
  • When prompted IT Technicians are expected to cooperate fully with other teams and with founder and CEO Mr. Chamberlain.
  • Comply with terms of all hardware and software licensing agreements.
  • IT technicians are to treat all user data in an appropriate manner.

Security Engineer Responsibilities

Along with IT Technicians, the Security Engineering team have their designated responsibilities listed below.

  • Investigate and discover any possible security flaws and holes within a network as well as create potential solutions to fix the potential security breach
  • Become familiar with IT policy.
  • Work with other teams to inform them on security changes and additions as well as gather information for any security projects that may need information.
  • Participate with all training required for a Security Engineer and regular meeting.
  • When prompted Security engineers are expected to cooperate fully with other teams and with founder and CEO Mr. Chamberlain with all projects.

System Administrators Responsibilities

System Administrators are responsible for all server maintenance. Keeping up to date servers and their functions through updating group policy and file systems.

  • Updating group policy to better reflect current 24PinTech system requirements.
  • Updating and attending to the servers and their functions.
  • Monitor servers and troubleshoot when necessary.
  • Responsible for updating the 24PinTech wiki and imaging computers.

Security Incidents

A security incident is any form of violation of 24PinTech policy which may result in one or many of the following.

  • Data Theft
  • Damage to data or an unauthorized change
  • The theft of 24PinTech IT physical assets.
  • Denial of Service
  • Misuse of services
  • Infiltration of servers by unauthorized user or software
  • Unauthorized changes to hardware or software

Response

If an IT Technician is aware of any security event from the ones listed above or any other that they feel is cause for concern they must notify founder and CEO Mr. Chamberlain. Other steps in response may include:

  • Suspension user access
  • Removal of computer device from network
  • Reactivation is only given upon CEO and founder Mr. Chamberlain.

The above mentioned procedures are only undertaken with permission by CEO and founder Mr. Chamberlain. Unless in the case of emergency an immediate response is authorized, they feel that they are able to solve the problem. In the case of an emergency with immediate response should be followed by as soon as possible notifying CEO and founder Mr. Chamberlain.

Monitoring

Files and Correspondence

Authorized users within 24PinTech are authorized to access all shared network files and files located on 24PinTech owned devices. 24PinTech users must take into consideration the confidential nature of files and/or communications of particular files, files in this nature will be identified. Any violations must be reported to an appropriate manager or CEO and founder Mr. Chamberlain.

Data Loss Prevention

Data Loss

To prevent a data loss disaster, 24PinTech employees need to protect customer PII (Personally Identifiable Information) and keep this information protected. Other aspects of 24PinTech that need to be protected include:

  • Passwords
  • Sensitive Documents
  • Group Policy
  • 24PinTech Wiki
  • Hosted Websites
  • Network Share drive
  • Server information

Data Loss Prevention Methods

The direct approach to making sure the desired data doesn't get lost is:

Purchasing

24PinTech is responsible for integrating any hardware or software into the existing network system and maintaining the inventory for hardware and software that comes through 24PinTech. If any hardware or software is taken from 24PinTech approval from founder and CEO Mr. Chamberlain.

Disposal of Technology Equipment

All technology must be disposed of in a fashion that complies with all State and Federal laws pertaining to disposal of electronic devices. All devices that can be properly recycled are given over to AZSTRUT. All device disposal and recycling are approved by founder and CEO Mr. Chamberlain.

Enforcement

Any members of 24PinTech who do not comply with any of the above listed policies may result in the suspension of privileges or the relocation to another class. In the case that State or Federal laws are broken by a member of 24PinTech then legal action will follow.

Revisions

24PinTech has the right to update, remove, and add any policies that better reflect 24PinTech policies at any time

Created by: Geric Kramarczyk & Omar Perez

Retrieved from "https://wiki.24pin.tech/index.php?title=24PinTech_IT_Policy&oldid=1237"