信息系統(tǒng)管理程序(中英文)

信息系統(tǒng)管理程序.目的：Purpose:說明信息系統(tǒng)之采購、維護、管制，以確保對信息系統(tǒng)進行有效監(jiān)控，保障信息安全。Explainprocurement,maintenance,controlofinformationsystem,inordertocontroleffectivelyoftheinformationsystemandensuretheinformationsecurity,.適用范圍：Scope:公司現(xiàn)有信息系統(tǒng)。Company'sexistinginformationsystem公司外購之軟硬件及外包之各項信息服務。Theinformationserviceandoutsourcinghardwareandsoftware.3.信息管理制度Informationmanagementsystem3.1資產(chǎn)管理AssetManagement3.1.1采購Procurement3.1.1.1需求部門提出申購請求，并說明其要求，經(jīng)IT部統(tǒng)一確定具體配備后,方可進行采購。Demanddepartmentproposedpurchaserequest,andtherequest,theITdepartmenttodeterminethespecificequipment,andtopurchase.所有軟件及各項專業(yè)信息服務的采購應在相關部門配合下，由IT部主導負責。AllthesoftwareandallkindsofprofessionalinformationserviceFollowtheprincipleofstorage,andrequiresplanningproperly,makethefilehierarchy.3.3.2上網(wǎng)SurftheInternet3.3.2.1因業(yè)務需要，需上網(wǎng)用戶申請由公司高層授權后，由IT部為起開通InternetoIfneedanybusinessneeds,Internetusersneedtoapplytoauthorizedbythecompany,openbyITDept.3.3.2.2任何職員皆不得瀏覽黃色反動或其它內(nèi)容不健康的網(wǎng)站，更不得私自下載相關資料，以公司名義訂閱諸如免費郵件雜志之類的服務，違者重罰。Anymemberofthestaffarenotallowtobrowseyellowreactionaryorothercontentisnothealthy,cannotdownloadtherelatedinformationprivately,subscribetosuchfreemagazinesemailservicesinthenameofacompany.3.3.2.3防火墻是保護公司免受外界網(wǎng)絡偷襲的重要工具，IT部職員不得擅自改變其配置，如需改變，需經(jīng)部門主管同意。Firewallisanimportanttooltoprotectcompaniesfromoutsidenetworkattack,ITstaffshallnotarbitrarilychangetheconfiguration,ifneedtochange,needtheconsentofthedepartmenthead.3.3.3電腦設置的更改Changethecomputersettings3.3.3.1使用人員不得擅自改變原有電腦軟/硬件設置，所有設置的改動必須提出合理理由，并由信息管理人員負責更改。Theuseofpersonnelarenotallowedtochangetheoriginalcomputersoft/hardwaresettings,alltheconfigurationchangesmustbereasonablegrounds,andchangebytheinformationmanagementpersonnel.電腦設置更改所指的范圍：1)登錄表2)重要的ini文槽3)網(wǎng)絡4)打印機、上網(wǎng)裝置及其它外設5)其它將對系統(tǒng)性能有影響的改動。Thescopeofcomputersettingsreferto:1)loginTable2)importantinidocument3)network4)printer,Internetdevicesandotherperipherals5)otherchangeswillhaveanimpactonthesystemperformance.3.3.4其它other3.3.4.1嚴禁安裝，玩任何游戲。Donotinstall,playanygame.3.3.4.2下班之后，IT部須檢查相應設備并確認無隱患之后，鎖好相應設備及微機房，絕不允許任何人獨逗留在信息室。Afterwork,ITdepartmentshallcheckandconfirmthecorrespondingequipmenthiddentroublefree,lockthecorrespondingequipmentandcomputerroom,willneverallowanyonetoonlystayintheinformationroom.Informationmanagementsystem1.Purpose:Theinformationsystemoftheprocurement,maintenance,control,inordertoensureeffectivemonitoringofinformationsystems,theprotectionofinformationsecurity.2.Scope:1Company"sexistinginformationsystems.2.2outsourcingofhardware,softwareandoutsourcingservices.Informationmanagementsystem1AssetManagementProcurement1.1.1Demanddepartmentpurchaserequest,anditsrequirements,identifyingspecificwiththeITdepartmentunifiedbeforepurchasing.1.1.2Allsoftwareandprofessionalservicesprocurementincooperationwiththerelevantdepartments,ledbytheITdepartmentisresponsiblefor.3.1.2.3appraisalsoftwareandinformationservicesshouldfocusontotestitssafety,versatility,generalcompatibilitywithexistingsystemsandservicesResponsespeed,easeofuse.1.2Consuming1.2.1Inadditiontothecommonofficesoftware,andavarietyofothersoftwareinstalledbytheuserdepartmentstoapplyauditbytheITdepartmentandperformtheinstallation.1.2.2Ifacomputerdevicenolongerhasvalueinuse,butcanstillcontinuetouse,thedeviceshouldbehandedovertotheITdepartment,conductedbytheITdepartmentatManagement.routinemaintenancecomputerhardwareandsoftwarefailureoccurs,youshouldimmediatelyterminateyourcomputer'soperating,andnotifyITstaff,unlessthereisabsolutecertaintytroubleshootingNoShallnotrepairitself,soasnottoexpand.MaintenanceSystemcomputerusersisthedirectresponsibilityofmaintenancepeopleshouldtakegoodcareofyourcomputerandperipherals.shallnotpossessmobilecomputersandrelatedequipment,moreshallnotpossesspluggablerelatedequipment,dismantlingthecomputer,ifunusual,itistimelyNotifytheITdepartment.1.4.3shouldpayattentiontomaintainingthecleanlinessofcomputerappearanceoftenwipenotusethecomputertoturnoffthepower.Powerswitch,usingthekeyboard,mouseNeedlesstovigorouslystandard,andotherperipherals.2DatasecuritymanagementVirusPreventionThe3.2.1.1sourceofthevirus,mainlyinthefollowingseveralways:floppydisks,Internetdownloads,e-mail.2.1.2Allcomputer,suchasnon-specialneedsarenotreservedtothefloppydiskdriveandCD-ROMdrive.Externaldisks(includingfloppydiskandCD-ROM)3.2.1.3shallnotbebroughtintothecompany,moremaynotbediskwithfactory.2.1.4Allsourcesunknownprogram,arenotallowedtoinstallanduse,ifitprovesnecessary,theauditbytheITdepartmentandconfirmbeforeusenon-toxicafter.2.1.5assignedmailbox,receiveasuspiciouse-mail,shouldnotifytheITdepartmentforthefirsttimeforprocessing.2.1.6principle,eachcomputerarerequiredtoinstalltheanti-drugprogrambytheITstaffresponsibleforupdatingtheviruscode,andtheneedtoexecutetheprogramautomatically.2.1.7Donotuse,writeyourowntheillegalharmbusinessdatasecurityofallkindsofprocedures.VirusTreatment2.2.1assuspiciousphenomenonshouldimmediatelystoptheworkandnotifytheITdepartmentforthefirsttime,tofacilitatetheITdepartmentdealtwithaccordingly.2.2.2ITMinistryreceivedtherelevantalerts,needanti-virusbeforetherelatedimportantbusinessdatabackupanddisconnectassociatedwiththecompany'snetworkConnection.2.2.3,ifany,cannotsolvethevirus,youshouldnoticetheuseofpersonnelexposedtocomputer,andorderedthatitshouldnotusethecomputer,andhasBillionGarment(Guangzhou)Limitedinformationmanagementsystemversionnumber:1.0Effectivedate:2010-8-2Pages:23Preparation:Kingdomredandapproval:Backupimportantdataonthecomputerafterthecomputerdiskformattingorpayprofessionalinformationcompanyrmationconfidential3.2.3.1diskusageThe.1companyinformationleaksNetwork,documentcopying,printing,theft,impersonatinganotherpersonlogin.3.2.3.1.2copydatarequireddiskcannotuseourowndisk,youneedtobeobtainedfromtheITdepartmentordesignatedmanagementdepartment.Beforeuse,requiredbytheITMinistryconfirmednon-toxic.Afterthecompletionofthework,theITstaffsupervision,thecopyofthefileonthediskdatadeleted,andthusBankconfirmedregistration,thediskcrosstheITdepartmentordesignatedmanagementdepartment.3.2.3.1.3ownUdiskintotheplantorportableUdiskfactoryisstrictlyprohibited.3.2.3.2Internetuse3.2.3.2.1AlluseofthecomputertotheInternet,arerequiredtogothroughthefirewalltotheInternet,nopersonshallsecretlysetupaproxyIP.networkfilesystem3.2.3.3.1departmentsofcomputeruseprocessingbusinessdatamustbestoredonanetworkfileserver,andspecificstoragepathbyITpersonnelspecified.3.2.3.3.2apasswordsystemshouldbeproperlyformulated,non-informationofficerassignedpasswordstoothers,non-peep,decipher,guessothersPasswordDonotstealotherpeople'saccountslogincorporatenetwork..3Todeleteimportantbusinessdocuments,shouldbecareful.Deleted,youshouldimmediatelygotothe〃RecycleBin〃view,inwhichBecompletelydeleted.3.2.3.4Encryption.1Forthecompanydataisencrypted,mustbereportedbythedepartmentheadapprovalandpasswordinformthespecifiedmanagementdepartmentandITdepartment,PasserspasswordchangeshallagainreportedtothedesignatedmanagementdepartmentandtheITdepartment.3.2.3.4.2employeesleaveortransfer,shouldbedonetothehandoverofthepassword.Thishandoverisrequiredbyitsdepartmentdirectorormanagerforverificationtoconfirm.3.2.3.5Other3.2.3.5.1allowedtobeinstalledusinganytheeavesdroppingnetworkorremoteproceduresmanipulatingotherscomputers,withoutwrittenconsentoftheITdepartment,Themachineresourcesmaynotbesharedwithothers.3.2.3.5.2Whentousepersonnelneedtoleaveyourcomputer,suchasthetimeofdeparturelessthan15minutes,shouldclosebusinessdata.3.2.3.5.3Whethertoleavetheworkplace,howlongisrequiredprintoutsandotherdatauptonotallowlong-termexposuretothetabletocontributetoreducingthenumberAccordingpeekprobability,importantdocumentswillnotoutputtothetootherdepartmentsprinterprintoutputifitprovesnecessarytootherdepartmentsprinterinAftertheprintjobisimmediatelytotheprinterwherethedepartmenttorecoverintimeprints.3.2.4DataSecurityofthesamedocumentname,maynothavemultipledifferentversionsofcontent.Whenthesamedatacontent,shouldnothavemoredifferentfromthenameofthedocument.3.2.4.2ITDepartmentshouldduplicatebackupofcompanydataeveryday,astoreontheservermachine,theothershouldbestoredonanotherserverOn.3.2.4.3'simportantbusinessapplications,suchasEmailandWebservermustbethefocusofregulatorydiligentbackup.3.3Othermanagementsystem3.3.1ComputerContent3.3.1.1Private3.3.1.1.1privatedatacannotbestoredonthecompany'sserver..2privatedatashallnothaveanyintroductiondisturbingcontent,andmaynotbeprinted.3.3.1.2CompanyProfile.1storeneedtofollowdistinctaforementionedrelatedstorageprinciplesandrequirementsforproperplanning,sothefilelevel.BillionGarment(Guangzhou)Limitedinformationmanagementsystemversionnumber:1.0Effectivedate:2010-8-2Pages:3of3Preparation:Kingdomredandapproval:3.3.2Internetduetobusinessneeds,youneedInternetuserapplicationauthorizedbycompanyexecutives,fromtheopeningoftheInternetbytheITdepartment.3.3.2.2anystaffaremaybrowsethewebsiteyellowreactionaryorotherunhealthycontents,shallnotpossesstodownloadtherelevantinformation,thenameofthecompanySubscriberssuchasfreee-mailmagazinelikeservices,andoffendersaresubjecttoheavypenalties.3.3.2.3firewallisanimportanttooltoprotectthecompanyfromtheoutsidenetworkattack,theITdepartmentstaffarenotallowedtochangeitsconfiguration,Forachange,theneedtoBydepartmentheadsagree.3.3.3computersettingschanges3.3.3.1useofpersonnelwillbeallowedtochangetheoriginalcomputerhardware/softwaresettings,allsettingchangesmustbereasonablegroundsbytubeThemanagementpersonnelresponsibleforthechange.3.3.3.2computerssettochangewithinthemeaningoftherange:1)Login2)importantinidocument3)network4)printers,Internetaccessdevicesandotherperipherals5)Otherchangeswillaffectsystemperformance.3.4Othertononinstallation,playanygame.afterwork,ITmustchecktheappropriateequipmentandtheappropriateequipmentandcomputerroomsafterconfirmingthatnohidden,locked,andneverallowanyonetosingleAlonestayintheinformationcurementshouldbewiththecoordinationoftherelevantdepartments,theMinistryresponsibleforIT.考核軟件及信息服務時，應重點檢驗其安全性、通用性、一般性，與現(xiàn)有系統(tǒng)的兼容性及服務的響應速度，使用上的易用性。Evaluationofsoftwareandinformationservice,shouldbethefocusofinspectionofitssafety,general,responsespeedandcompatibilityandserviceoftheexistingsystem,easeofuse.3.1.2領用use3.1.2.1除常用辦公軟件外，其它各種軟件的安裝，需由使用部門提出申請，由IT部審核并執(zhí)行安裝。Besidesthecommonofficesoftware,othersoftwareinstallation,needtoapplybytheuseofdepartment,performedbytheITdepartmenttoexamineandinstall.若某電腦設備已不再具有使用價值，但仍可繼續(xù)使用，應將該設備移交至IT部，由IT部進行處理。Ifacomputerequipmenthasnousevalue,butcancontinuetobeused,theequipmentshouldbehandedovertotheITdepartment,processedbyIT.3.1.3日常維護routinemaintenance3.1.3.1電腦發(fā)生軟硬件故障時，應立即終止電腦作業(yè)，并通知IT人員，除非有絕對把握解決故障，否則不得自行修理，以免使問題擴大。Computersoftwareandhardwarefault,shouldimmediatelystopthecomputeroperation,andnotifytheITpersonnel,unlessthereissuretosolvethefault,otherwisecan"trepairbyself,sothattheexpansion.Toavoidtheproblemsexpand3.1.4保養(yǎng)制度MaintenanceSystem3.1.4.1電腦使用者是直接的保養(yǎng)責任人，應愛護電腦及外圍設備。Computerusersareresponsibleformaintenancedirectly,shouldcareforthecomputerandperipheralequipment.不得私自移動電腦及其相關設備，更不得私自插撥相關設備，拆卸電腦，如有異常問題，應及時通知IT部。staffarenotallowedtomovethecomputerandrelatedequipment,morecannotplugequipment,removethecomputer,ifabnormal,shouldinformtheITdepartment.應注意保持電腦外表潔凈，時常擦拭，不用電腦時要關閉電源。開啟電源開關、使用鍵盤、鼠標及其它外設時勿需大力。Attentionshouldbepaidtomaintainthecomputerkeepclean,oftenwipe,computerneedtoshutoffthepowerwhendon'tneedtouse.Turnonthepowerswitch,theuseofkeyboard,mouseandotherperipheralswithoutvigorously.3.2數(shù)據(jù)安全管理Datasecuritymanagement3.2.1病毒防范VirusPrevention3.2.1.1病毒的來源，主要有以下幾條途徑：軟磁盤、Internet下載、電子郵件。Thesourceofthevirus,mainlyinthefollowingways:floppydisk,Internetdownload,email.所有電腦，如非特別需要，皆不得保留軟磁盤驅(qū)動器及光盤驅(qū)動器。Allthecomputer,withnonspecialneeds,arenotallowedtoretainthefloppydiskdriveandCD-ROMdrive.不得將外部磁盤(包括軟盤及光盤)帶進公司，更不得將公司磁盤帶出廠。Shallnotbringtheexternaldisk(includingthefloppydiskandCD-ROM)intothecompany,andbringoutoffthecompany.1.4所有來源不明程序，均不得安裝使用，如確需使用，需由IT部審核，并確認無毒之后方可使用。Alltheunknownsourceprocedures,arenotallowedtoinstallanduse,useasneeded,requiredbytheITdepartmenttoexamine,andconfirmthenon-toxicbeforeuse.2.1.5公司分配的郵箱，如收到可疑郵件，應于第一時間通知IT部進行處理。Themailboxdistributebycompany,ifreceivedsuspiciousmail,shouldnoticetheITprocessingthefirsttime.1.6原則上，每臺電腦皆須安裝反毒程序，由IT人員負責更新病毒代碼，并需自動執(zhí)行該程序。Inprinciple,eachcomputermustinstallantivirusprogram,ITpersonnelresponsibleforupdatingtheviruscode,andautomaticexecutionoftheprogram.3.2.1.7嚴禁使用，自行編寫違害公司業(yè)務數(shù)據(jù)安全的各類程序。Itisprohibitedtouse,writetheirownbreachofsecurityservicedataagainstcompaniesofvariousprocedures.3.2.2病毒處理VirusTreatment3.2.2.1如發(fā)現(xiàn)可疑現(xiàn)象，應立即停止該項工作，并于第一時間通知IT部，以利IT部作相應處理。Iffindsuspiciousphenomenon,shouldimmediatelystopthework,andinformtheITdepartmentinthefirsttime,sothattheITdepartmentcanmakecorrespondingprocessing.3.2.2.2IT部在接到相關警訊后，在殺毒之前需對相關重要業(yè)務數(shù)據(jù)進行備份,并斷開與公司網(wǎng)絡的聯(lián)接。ITDept,afterreceivingthewarningrelated,inanti-virusbeforetheneedforbackupofimportantdata,anddisconnecttheconnectionwiththecompanynetwork.3.2.2.3如有不能解決的病毒，應通知該染毒電腦的相關使用人員，命其不應再使用該電腦，并在已將該電腦上重要數(shù)據(jù)備份之后，將該電腦磁盤作格式化或交專業(yè)信息公司處理。Iftheviruscannotsolve,noticetherelevantpersonnelwhosecomputerwasinfected,askthemdonotusethecomputer,andafterthebackupofimportantdataonthecomputer,thecomputerneedtodiskformatsorhandovertoprofessionalInformationCompany.3.2.3資料保密informationconfidential3.2.3.1磁盤使用diskusage公司資料泄密的主要途徑是網(wǎng)絡、文檔復制、打印、偷竊、仿冒他人登錄。Themainwayofcompanyinformationdisclosureisthenetwork,copy,print,theft,counterfeitotherlogin.拷貝數(shù)據(jù)所需磁盤，不能使用自有之磁盤，需向IT部或指定管理部門索取。使用前，需由IT部確認無毒。完成工作之后，須在有IT人員監(jiān)督的情況下，將該磁盤上所抄的檔案數(shù)據(jù)刪除，并進行相關確認登記工作后，該磁盤交IT部或指定管理部門.diskforcopyneededdata,cantuseitsowndisk,needtobeobtainedtotheITdepartmentordesignatedmanagementdepartment.Beforeuse,needtoconfirmednon-toxicbyITDepartment.Havingfinishedwork,mustdeletedatacopyofthefilesonthisdiskunderthesupervisionofITpersonnel,andconfirmtheregistrationworkbyrelatedrecord,givethedisktoITdepartmentordesignatedmanagementdepartment.3.2.3.1.3嚴禁自帶U盤入廠或攜帶U盤出廠。ForbiddentobringUdiskintothefactoryorcarryingtheUdiskoutoffthefactory.3.2.3.2Internet使用Internetuse3.2.3.2.1所有使用Internet之電腦，皆須經(jīng)過防火墻來上網(wǎng)，任何人不得私自設置代理IPoAlluseInternetcomputer,musttothroughafirewalltosurftheInternet,nooneisallowedtosettheproxyIP.3.2.3.3網(wǎng)絡文件系統(tǒng)Networkfilesystem3.2.3.3.1各部門的電腦使用人員所處理的業(yè)務數(shù)據(jù)均需存放在網(wǎng)絡文件服務器上，具體存放路徑由IT人員指定。Thebusinessdataofvariousdepartmentsusethecomputerprocessingshallbestoredonthenetworkfileserver,specificstoragepathspecifiedbytheITstaff.應妥善制定密碼制度，嚴禁將信息人員分配的密碼告知他人，嚴禁偷看、破譯、猜測他人密碼，嚴禁盜用他人的賬戶登錄公司網(wǎng)絡。Shouldbeproperlysetpasswordsystem,noinformationpersonnelassignedtothepasswordtoothers,nopeeking,decipher,guessotherspassword,isstrictlyprohibitedtostealotherpeople'saccounttologinnetworkofcompany.3.2.3.3.3如需刪除重要業(yè)務文件，應謹慎從事。刪除之后，應立即轉(zhuǎn)到“資源回收筒”查看，并在其中將其徹底刪掉。Todeleteanimportantbusinessdocuments,shouldbecautious.Afterthedeletion,Shouldimmediatelygotothe"RecycleBin〃andcheck,andcompletelydeletedit.3.2.3.4加密Encryption3.2.3.4.1如需對公司數(shù)據(jù)進行加密，需報經(jīng)部門主管批準，并將密碼告知指定管理部門及IT部，中途須對密碼進行更改時，須再次報指定管理部門及IT部.Ifyouneedtoencryptdata,needtobereportedtotheapprovaloftheDepartmentManager,andgiveapasswordtoadesignatedmanagementdepartmentandITdepartment,makechangesinhalf-way,shallbereportedagainspecifiedmanagementdepartmentandITdepartment.3.2.3.4.2員工離職或調(diào)職時，需做好密碼的交接工作。此交接工作需由其部門主任或經(jīng)理驗證確認。Employeeturnoverortransfer,needtotransfergoodpasswordswork.Thehandoverworkrequiredbythedirectorormanageroft