Introduction
1. The Association “HERA-XXI” IT Policy and Procedure Manual provides guidelines for the
selection, use, and protection of IT within the organization. These policies and procedures
must be followed by all staff members. The manual also outlines the procedures to be
followed for administering these policies effectively.
2. Association “HERA-XXI” is committed to keeping all IT policies current and relevant. Therefore,
periodic modifications, amendments, or additions to the policies and procedures may be
necessary.
3. We value the input of our employees and welcome any suggestions, recommendations, or
feedback on the policies and procedures specified in this manual.
4. This policy and its associated procedures are applicable to all individuals associated with the
organization, including employees, members, contractors, volunteers, and any other
affiliated parties.
Information Technology Security
5. This section provides guidelines for the protection, use, and accessibility of information
technology assets and resources within the Association. Its purpose is to ensure the
integrity, confidentiality, and availability of data and assets.
Physical Security
5.1 The Association “HERA-XXI” insures renewal/upgrade of all electronic equipments in 5
years
5.2 The Association “HERA-XXI” insures surge protection for network equipment and
computers
5.3 Each person in the organization is responsible for the security and safety of portable
technology, such as laptops, notepads, iPads, etc., that are issued to them. The person
must ensure that these assets are kept safely at all times to protect their security.
5.4 In case of loss or damage, an assessment of the security measures will be conducted by
the designated authority to determine any necessary actions, which may include the
person’s responsibility to reimburse the organization for the incurred loss or damage.
Data Sharing and Accessibility
5.5 The Association will determine the information that can be shared with the public and
collaborating partners, including e-Health data management. Access controls and data
sharing agreements will be implemented to protect privacy, ensure compliance, and define
the responsibilities of all involved parties. Regular reviews will be conducted to align with
legal requirements and organizational needs.
Technology Access
5.6 Each individual within the organization (as required) will be assigned a unique identification
code for accessing the organization’s email and computers.
5.7 Email passwords are unique and must not be shared with any other individual within the
organization.
5.8 The Executive Director of the Association “HERA-XXI” is responsible for issuing the
identification codes and initial passwords to all individuals within the organization.
Email use:
5.9 The Association “HERA-XXI” provides email services to all individuals when relevant and
useful for their jobs.
5.10 Email is a standard and widely used communication method within the
organization. It is encouraged for appropriate communication among staff members,
volunteers, donors, partners, and others.
5.11 Examples of appropriate email use include: Communication with colleagues,
members, volunteers, donors, and partners. Distributing information to colleagues.
Sharing information about organization events and activities.
5.12 Users should exercise caution when making commitments or agreeing to purchases
via email.
Backup
6. This section is designed to protect data within the organization, ensuring it is not lost and
can be recovered in the event of equipment failure, intentional data destruction, or
disasters. This section applies to all equipment and data owned and operated by the
organization.
Definitions:
6.1 Backup: The process of saving files onto magnetic tape or other offline mass storage media to prevent data loss in case of equipment failure or destruction.
Timing:
6.2 Full backups will be performed after working hours from Monday to Friday. If backups
cannot be performed on Friday due to maintenance reasons, they shall be done on
Saturday or Sunday.
6.3 The IT personnel will perform regular backups and develop a procedure for testing
backups. They will also test the ability to restore data from backups on a monthly basis.
Data to be backed up
6.4 Data to be backed up includes user data stored on the hard drive. Systems to be backed
up include, but are not limited to: Work files on computers, File server and Mail data files.
Archive
6.5 Archives will be created at the end of every year in December. User account data
associated with file and mail servers will be archived one month after the employees
have left the organization.
File restoration
6.6 Users requiring file restoration must submit a request to the help desk, providing
information about the file’s creation date, name, last modification date, and the date and
time it was deleted or destroyed.
Disaster recovery
6.7 All efforts will be made to prevent or limit the impact of a disaster on the organization’s
information systems. The IT Disaster Recovery Plan may be implemented when
necessary. Key employees will be assigned responsibilities, including immediate response
to potential disasters, assessment of the extent and impact of the disaster, notification of
employees, and allocation of required responsibilities and activities.
INTERNET USE
7. The Association “HERA-XXI” provides internet access to its employees. However, it is crucial
to exercise responsible internet usage to prevent security problems that could
compromise the organization’s data and reputation.
8. Users are strictly prohibited from knowingly introducing any form of computer virus,
Trojan, spyware, or other malware into the organization’s network. In the event of a
software virus breach, it is imperative to report it immediately to the IT personnel.
9. The IT personnel are responsible for promptly addressing and mitigating any security breaches to minimize disruptions to the organization’s business operations. Any instances
of software virus breaches should be reported immediately to the IT personnel. The IT
personnel will take appropriate actions to resolve the security breach and minimize any
potential disruptions to the organization’s business operations.
Reviewed &approved Date: 2021