Information Technology Policy

Published Date: 1st January2018

Version No : 1


Introduction

The Digital Age Nepal Pvt. Ltd’s IT Policy and Procedure Manual provides the policies and procedures for selection and use of IT within the institution which must be followed by all staff. It also provides guidelines Digital Age Nepal Pvt. Ltd. will use to administer these policies, with the correct procedure to follow. 

Digital Age Nepal Pvt. Ltd. will keep all IT policies current and relevant. Therefore, from time to time it will be necessary to modify and amend some sections of the policies and procedures, or to add new procedures. 

Any suggestions, recommendations or feedback on the policies and procedures specified in this manual are welcome. 

These policies and procedures apply to all employees.

 

 

Technology Hardware Purchasing Policy

 

Policy Number: 1#01

Policy Date: 1 Jan 2020

 

Purpose of the Policy

This policy provides guidelines for the purchase of hardware for the institution to ensure that all hardware technology for the institution is appropriate, value for money and where applicable integrates with other technology of the institution. The objective of this policy is to ensure that there is minimum diversity of hardware within the institution.

Procedures

Purchase of Hardware

Purchasing desktop computer systems

The desktop computer systems purchased must run a MS Windows 10 and integrate with existing hardware HP Server

The desktop computer systems must be purchased as standard desktop system bundle and must be HP, Dell, Acer and or any third party Brand having minimum of One Year Standard Warranty.

All purchases of desktops must be supported by Minimum One Year warranty requirements and be compatible with the institution’s server system.

All purchases for desktops must be in line with the purchasing policy in the Financial policies and procedures manual.

Purchasing portable computer systems

The purchase of portable computer systems includes notebooks, laptops, tablets etc.

Portable computer systems purchased must run a Windows Operating System and integrate with existing hardware

The portable computer systems purchased must be HP, Dell, Acer, Apple and or third Party PCs and notebooks.

The portable computer system must include the following software provided:

  • Office 2013 or above, Adobe, Reader, Internet Explorer here

Any change from the above requirements must be authorised by Digital Age Management team and or Technical Team Leader and or IT Manager. 

All purchases of all portable computer systems must be supported by one year warranty and be compatible with the institution’s server system.

All purchases for portable computer systems must be in line with the purchasing policy in the Financial policies and procedures manual.

Purchasing server systems

Server systems shall be purchased by Digital Age Management team upon technical requirement and evaluation of different components.

Server systems purchased must be compatible with all other computer hardware in the institution.

All purchases for server systems must be in line with the purchasing policy in the Financial policies and procedures manual.

Purchasing computer peripherals

Computer system peripherals include printers, scanners, external hard drives etc.

Computer peripherals can only be purchased where they are not included in any hardware purchase or are considered to be an additional requirement to existing peripherals.

Computer peripherals purchased must be compatible with all other computer hardware and software in the institution.

All purchases for computer peripherals must be in line with the purchasing policy in the Financial policies and procedures manual.

Purchasing mobile telephones

A mobile phone will only be purchased once the eligibility criteria are met. Refer to the Mobile Phone Usage policy in this document.

 

 

Policy for Getting Software    

Policy Number: 1#02

Policy Date: 1 Jan 2020 

 

Purpose of the Policy

This policy provides guidelines for the purchase of software for the institution to ensure that all software used by the institution is appropriate, value for money and where applicable integrates with other technology for the institution. This policy applies to software obtained as part of hardware bundle or pre-loaded software.

Procedures

Request for Software

All software, including relevant other types of non-commercial other than software such as Visual Studio MSSQL, Server Postman, GIT others nuget sdks must be approved by Technical Team Leader and IT Manager prior to the use or download of such software.

Purchase of software

The purchase of all software must adhere to this policy. 

All purchased software must be purchased by Digital Age Nepal Management Team after approval from Technical Team Leader and IT Manager.

All purchased software must be purchased from relevant and reputable software suppliers / sellers.

All purchases of software must be supported by standard warranty and be compatible with the institution’s server and/or hardware system.

Any changes from the above requirements must be authorised by Digital Age Nepal Management Team, Technical Team Leader and IT Manager.

All purchases for software must be in line with the purchasing policy in the Financial policies and procedures manual.

Obtaining open source or freeware software

Open source or freeware software can be obtained without payment and usually downloaded directly from the internet. 

In the event that open source or freeware software is required, approval fromDigital Age Nepal Management Team, Technical Team Leader and IT Manager must be obtained prior to the download or use of such software.

All open source or freeware must be compatible with the institution’s hardware and software systems.

Any change from the above requirements must be authorised by Digital Age Nepal Management Team, Technical Team Leader and IT Manager.

 

Policy for Use of Software

Policy Number: 1#03

Policy Date: 1 Jan 2020 

Purpose of the Policy

This policy provides guidelines for the use of software for all employees within the institution to ensure that all software use is appropriate. Under this policy, the use of all open source and freeware software will be conducted under the same procedures outlined for commercial software.

Procedures

Software Licensing 

All computer software copyrights and terms of all software licences will be followed by all employees of the institution. 

Where licensing states limited usage i.e. number of computers or users etc., then it is the responsibility of all the resources and or employees to ensure these terms are followed.

The Management team and Technical Team Leader and IT Manger of the organization are responsible for completing a software audit of all hardware once a year to ensure that software copyrights and licence agreements are adhered to.

Software Installation

All software must be appropriately registered with the supplier where this is a requirement.

Digital Age Nepal Pvt. Ltd. is to be the registered owner of all software.

Only software obtained in accordance with the getting software policy is to be installed on the institution’s computers.

All software installation is to be carried out by assigned technical team and or employee of the organisation.

A software upgrade shall not be installed on a computer that does not already have a copy of the original version of the software loaded on it.

Software Usage 

Only software purchased in accordance with the getting software policy is to be used within the institution.

Prior to the use of any software, the employee must receive instructions on any licensing agreements relating to the software, including any restrictions on use of the software.

All employees must receive training for all new software. This includes new employees to be trained to use existing software appropriately. This will be the responsibility of technical team members of the organization.

Employees are prohibited from bringing software from home and loading it onto the institution’s computer hardware.

Unless express approval from Technical team lead and IT manger is obtained, software cannot be taken home and loaded on employees’ home computer

Where an employee is required to use software at home, an evaluation of providing the employee with a portable computer should be undertaken in the first instance. Where it is found that software can be used on the employee’s home computer, authorization from Digital Age Nepal Management Team and Technical Team Lead and IT Manager is required to purchase separate software if licensing or copyright restrictions apply. Where software is purchased in this circumstance, it remains the property of the institution and must be recorded on the software register by Digital Age Nepal and its team lead.

Unauthorised software is prohibited from being used in the institution. This includes the use of software owned by an employee and used within the institution.

The unauthorised duplicating, acquiring or use of software copies is prohibited. Any employee who makes, acquires, or uses unauthorised copies of software will be referred to Digital Age Nepal and its technical team lead for consequence here, such as further consultation, reprimand action etc. The illegal duplication of software or other copyrighted works is not condoned within this institution and Management Team of Digital Age Nepal is authorised to undertake disciplinary action where such event occurs.

Breach of Policy

Where there is a breach of this policy by an employee, that employee will be referred to relevant job title for respective case consequence such as further consultation, reprimand action etc.

Where an employee is aware of a breach of the use of software in accordance with this policy, they are obliged to notify Management Team and the team leader immediately. In the event that the breach is not reported and it is determined that an employee failed to report the breach, then that employee will be referred to Management Team and the team lead for consequence, such as further consultation, reprimand action etc.

 

 

  • Will delete all data held on the device upon termination of the employee. The terminated employee can request personal data be reinstated from back up data
  • Has the right to deregister the device for institution use at any time.

Keeping mobile devices secure

The following must be observed when handling mobile computing devices (such as notebooks and iPads):

  • Mobile computer devices must never be left unattended in a public place, or in an unlocked house, or in a motor vehicle, even if it is locked. Wherever possible they should be kept on the person or securely locked away
  • Cable locking devices should also be considered for use with laptop computers in public places, e.g. in a seminar or conference, even when the laptop is attended
  • Mobile devices should be carried as hand luggage when travelling by aircraft.

Exemptions

This policy is mandatory unless Management team of the organization grants an exemption. Any requests for exemptions from any of these directives, should be referred to the the concerned job titles in minute.

Breach of this policy

Any breach of this policy will be referred to management team who will review the breach and determine adequate consequences, which can include consequences here such as confiscation of the device and or termination of employment.

Indemnity

Digital Age Nepal Pvt. Ltd.bears no responsibility whatsoever for any legal action threatened or started due to conduct and activities of staff in accessing or using these resources or facilities. All staff indemnifies Digital Age Nepal Pvt. Ltd.against any and all damages, costs and expenses suffered by Digital Age Nepal Pvt. Ltd. arising out of any unlawful or improper conduct and activity, and in respect of any action, settlement or compromise, or any statutory infringement. Legal prosecution following a breach of these conditions may result independently from any action by Digital Age Nepal Pvt. Ltd.

Information Technology Security Policy

Policy Number: 1#04

Policy Date: 1 Jan 2020 

 

Purpose of the Policy

This policy provides guidelines for the protection and use of information technology assets and resources within the institution to ensure integrity, confidentiality and availability of data and assets.

Procedures

Physical Security

For all servers, mainframes and other network assets, the area must be secured with adequate ventilation and appropriate access through relevant security measure, such as keypad, lock etc.

It will be the responsibility of the management team and the technical team to ensure that this requirement is followed at all times. Any employee becoming aware of a breach to this security requirement is obliged to notify to the relevant job title immediately.

All security and safety of all portable technology, relevant types such as Servers, PCs, laptop, notepads will be the responsibility of the employee who has been issued with the relevant Pcs, laptop, notepads etc. Each employee is required to use proper locks, passwords, etc. and to ensure the asset is kept safely at all times to protect the security of the asset issued to them. 

In the event of loss or damage, the relevant job title will assess the security measures undertaken to determine if the employee will be required to reimburse the institution for the loss or damage.

All PCs, laptop, notepads when kept at the office desk is to be secured by relevant security measure such as keypad, lock etc. provided by the technical team leader and or IT Manager.

Information Security

All relevant data to be backed up– either general such as sensitive, valuable, or critical institution data or provide a checklist of all data to be backed up are to be backed-up.

It is the responsibility of the management team and the Technical Team Lead and IT Manager to ensure that data back-ups are conducted with adequate back-ups and the backed up data is kept.

All technology that has internet access must have anti-virus software installed. It is the responsibility of Management Team to install all anti-virus software and ensure that this software remains up to date on all technology used by the institution.

All information used within the institution is to adhere to the privacy laws and the institution’s confidentiality requirements.

Technology Access

Every employee will be issued with a unique identification code to access the institution technology and will be required to set a password for access every changes.

Each password is to be created using 2 Special Characters 2 Capital Letter and 2 small Letter having 8 characters max and is not to be shared with any employee within the institution.

IT Manager is responsible for the issuing of the identification code and initial password for all employees. 

Where an employee forgets the password or is ‘locked out’ after 3 attempts, then IT manager is authorised to reissue a new initial password that will be required to be changed when the employee logs in using the new initial password.

To access the development tools following authorized way:-

User

Access Granted

Dibya Dali (Dibyswory Dali)

Administrator

Sumendra Pandey

Write access

Sagar Phuyal

Read access

Yogesh

Write access

Sunil Karki

Write acces

 

The following table provides the authorisation of access and is variable depending upon the user level at the Digital Age Nepal.

 

Technology – Hardware/ Software

Persons authorised for access

Server Access Development Server

Dibya Dali(Dibyswory Dali) MD, Sumendra Pandey Team lead , Rajesh Maharjan Manager

Super admin application access

Sumendra Pandey Team lead , Rajesh Maharjan Manager

Database access

Sumendra Pandey Team lead , Rajesh Maharjan Manager

 

Employees are only authorized to use institution computers for official personal use if users are in Customer support, client meeting and showing demo to customers.

For internet and social media usage, refer to the Human Resources Manual.

It is the responsibility of Dibyswory Dali, MD to keep all procedures for this policy up to date.

 

 

 

 

 

 

 

 

 

 

 

 

Information Technology Administration Policy

Policy Number: 1#05

Policy Date: 1 Jan 2020 

 

Purpose of the Policy

This policy provides guidelines for the administration of information technology assets and resources within the institution.

Procedures

All software installed and the licence information must be registered on the subjective PSs. It is the responsibility of IT Manager to ensure that this registered is maintained. The register must record the following information:

  • What software is installed on every machine 
  • What licence agreements are in place for each software package 
  • Renewal dates if applicable.

A technology audit is to be conducted annually by the management team to ensure that all information technology policies are being adhered to.

Any unspecified technology administration requirements should be directed to the management team.

 

 

 

 

 

 

Website Policy

Policy Number: 1#06

Policy Date: 1 Jan 2020 

Purpose of the Policy

This policy provides guidelines for the maintenance of all relevant technology issues related to the institution website.

Procedures

Website Register

The website register must record the following details:

  • List of domain names registered to the institution  - Digitalagenepal.com
  • Dates of renewal for domain names 
  • List of hosting service providers  - Rojeko Host.com
  • Expiry dates of hosting 

 

The keeping the register up to date will be the responsibility of the management team. 

Management team will be responsible for any renewal of items listed in the register.

Website Content

All content on the institution website is to be accurate, appropriate and current. This will be the responsibility of management team

All content on the website must follow relevant institution requirements where applicable, institution or content plan etc.

The content of the website is to be reviewed frequently.

The assigned person and or office authorized by the management team are authorised to make changes to the institution website.

Basic branding guidelines must be followed on websites to ensure a consistent and cohesive image for the institution.

All data collected from the website is to adhere to the Privacy Act.

 

Computer, E-mail and Internet Usage Policy

Policy Number: 1#07

Policy Date: 1 Jan 2020 

 

Purpose of the Policy

This policy provides guidelines for the maintenance of all relevant technology issues related to the institution Email.

Policy brief & purpose

Digital Age Nepal recognizes that use of the Internet and e-mail is necessary in the workplace, and employees are encouraged to use the Internet and e-mail systems responsibly, as unacceptable use can place Digital Age Nepal and others at risk. This policy outlines the guidelines for acceptable use of Digital Age Nepal 's technology systems.

Scope

This policy must be followed in conjunction with other policies governing appropriate workplace conduct and behavior. Any employee who abuses the company-provided access to e-mail, the Internet, or other electronic communications or networks, including social media, may be denied future access and, if appropriate, be subject to disciplinary action up to and including termination. Digital Age Nepal complies with all applicable federal, state and local laws as they concern the employer/employee relationship, and nothing contained herein should be misconstrued to violate any of the rights or responsibilities contained in such laws.

Questions regarding the appropriate use of Digital Age Nepal's electronic communications equipment or systems, including e-mail and the Internet, should be directed to your supervisor or the information technology (IT) department.

Policy

Digital Age Nepal has established the following guidelines for employee use of the company's technology and communications networks, including the Internet and e-mail, in an appropriate, ethical and professional manner.  

Confidentiality and Monitoring

All technology provided by Digital Age Nepal, including computer systems, communication networks, company-related work records and other information stored electronically, is the property of Digital Age Nepal and not the employee. In general, use of the company's technology systems and electronic communications should be job-related and not for personal convenience. Digital Age Nepal reserves the right to examine, monitor and regulate e-mail and other electronic communications, directories, files and all other content, including Internet use, transmitted by or stored in its technology systems, whether onsite or offsite.

Internal and external e-mail, voice mail, text messages and other electronic communications are considered business records and may be subject to discovery in the event of litigation. Employees must be aware of this possibility when communicating electronically within and outside the company.

Appropriate Use

Digital Age Nepal employees are expected to use technology responsibly and productively as necessary for their jobs. Internet access and e-mail use is for job-related activities; however, minimal personal use is acceptable.

Employees may not use Digital Age Nepal Internet, e-mail or other electronic communications to transmit, retrieve or store any communications or other content of a defamatory, discriminatory, harassing or pornographic nature. No messages with derogatory or inflammatory remarks about an individual's race, age, disability, religion, national origin, physical attributes or sexual preference may be transmitted. Harassment of any kind is prohibited.

Disparaging, abusive, profane or offensive language and any illegal activities—including piracy, cracking, extortion, blackmail, copyright infringement and unauthorized access to any computers on the Internet or e-mail—are forbidden.

Copyrighted materials belonging to entities other than Digital Age Nepal may not be transmitted by employees on the company's network without permission of the copyright holder.

Employees may not use Digital Age Nepal's computer systems in a way that disrupts its use by others. This includes sending or receiving excessive numbers of large files and spamming (sending unsolicited e-mail to thousands of users).

Employees are prohibited from downloading software or other program files or online services from the Internet without prior approval from Mamagement and Tram Leader and or IT Manager. All files or software should be passed through virus-protection programs prior to use. Failure to detect viruses could result in corruption or damage to files or unauthorized entry into company systems and networks.

Every employee of Digital Age Nepal is responsible for the content of all text, audio, video or image files that he or she places or sends over the company's Internet and e-mail systems. No e-mail or other electronic communications may be sent that hide the identity of the sender or represent the sender as someone else. Digital Age Nepal's corporate identity is attached to all outgoing e-mail communications, which should reflect corporate values and appropriate workplace language and conduct.

 

 

Remote Connectivity Policy

Firewall &or Security Policy

Privacy Policy

Information Disclosure Policy

Policy Number: 1#08

Policy Date: 1 Jan 2020 

Purpose of the Policy

This policy provides guidelines for Remote Connection Policy, Firewall and or Security Policy, Privacy Policy, Information Disclosure Policy of all information technology within the institution. 

Procedures

Digital Age Nepal employees are expected to use Remote Connection only when there is no other option than physical support and or for the development of the solution. During the Remote Connection to support the customers, the employee must send an email request for remote connection to the concerned with an estimated timeframe for the support and must send back email to the customer cc Digital Age Nepal team@digitalagenepal.com address about the work done during the remote connection.

No other job apart from the requested task shall be done while remote connection to Digital Age Nepal and its customers’ Server.

Similarly, the employees are instructed and committed to keep confidential regarding Digital Age Nepal’s all Solution logics and it’s customers data and any other sources links to keep confidential and not to disclose to any third party apart from Digital Age Nepal existing team members (who are on a active status of employment) within the organization.

Breach of Policy

Where there is a breach of this policy by any employee, that employee will be referred to relevant job title for respective case consequence such as further consultation, reprimand action etc. 

Where an employee is aware of a breach of the use of remote connection in accordance with this policy, they are obliged to bear the legal action bounding the act of Nepal Cyber Law and Nepal ETA 2063 & International, NRB & Digital Age Nepal’s Policy

Emergency Management of Information Technology

Policy Number: 1#09

Policy Date: {insert date of policy} 

 

Purpose of the Policy

This policy provides guidelines for emergency management of all information technology within the institution. 

Procedures

IT Hardware Failure

Where there is failure of any of the institution’s hardware, this must be referred to management team immediately.

It is the responsibility of management team to relevant actions that should be undertaken immediately in the event of IT hardware failure.

It is the responsibility of the management team to undertake tests on planned emergency procedures as recommended yearly to ensure that all planned emergency procedures are appropriate and minimize disruption to institution operations.

 

Nepal ETA 2063 & International, NRB Guidelines and Digital Policy are bound with Digital Age Nepal’s Policy.