IT管理控制程序(中英文).pdf

ZAE-QP-007 Rev 0 文件名称：IT 管理控制程序管理控制程序 Document name:IT Management Control Procedure Page 1 of 10 文件编号及版本：Document Number and Revision ZAE-QP-007 Rev 0 文件题目：Document Title IT 管理控制程序管理控制程序 IT Management Control Procedure 批准（Approvals）Responsible（负责）Name （名字）Signature （签名）Date (日期)Originator （制作）Guglus Zhang Department Leader(部门负责人)Albert Yang Management Representative(管理者代表)Gianluca Paolazzi General Manager（总经理）Jimmy Lam 页码(Page 1 2 3 4 5 6 7 版本号.(Rev.No)0 0 0 0 0 0 0 页码(Page.8 9 10 版本号(Rev.0 0 0 生效日期 Effective date：Mar 1,2010 ZAE-QP-007 Rev 0 文件名称：IT 管理控制程序管理控制程序 Document name:IT Management Control Procedure Page 2 of 10 更改历史（Revision History）：更改（Revision）From To 日期（Date）更改内容 （Revision Description）更改人 （Changed by）复核人 （Checked by）0 Mar 1,2010 New Document Guglus Zhang Albert Yang ZAE-QP-007 Rev 0 文件名称：IT 管理控制程序管理控制程序 Document name:IT Management Control Procedure Page 3 of 10 目录（目录（CONTENTS）1.0 目的（PURPOSE）2.0 范围（SCOPE）3.0 定义（DEFINITION）4.0 参考文件（REFERENCE DOCUMENT）5.0 责任（RESPONSIBILITY）6.0 资格和培训（QUALIFICATION AND TRAINING）7.0 程序（PROCEDURE）7.1 个人电脑之使用 Personal Computer utilization 7.2 局域网之使用 LAN utilization 7.3 密码及服务访问管理 Password and service access management 7.4 电子邮件及互联网使用 E-mail and Internet utilization 7.5 电话系统使用 Telephone system utilization 7.6 数据备份作业 Backup the servers system data 8.0 记录（RECOR D）ZAE-QP-007 Rev 0 文件名称：IT 管理控制程序管理控制程序 Document name:IT Management Control Procedure Page 4 of 10 1.0 目的：目的：Purpose 通过预防未授权访问数据及滥用破坏丢失数据的发生，为 ZAE 创造良好的 IT 环境，以维护系统的数据安全性及保密性；To create an environment within ZAE that maintains system security,data integrity and privacy by preventing unauthorized access to data and by preventing misuse of,damage to,or loss of data.2.0 范围：范围：Scope 该文件适用于所有 ZAE 信息设备使用者，关于他们的授权范围，以及使用方法；Apply to users of the IT facilities as regards to their scope of authority,the kind of tool exploited and the way of its utilization in ZAE 3.0 定义：定义：Definition 无 None 4.0 参考文件：参考文件：Reference Document 无 None 5.0 责任：责任：Responsibility 5.1 行政部负责个人电脑使用的管控。AD responsible for the PC utilizations control and management.5.2 行政部负责局域网使用的管控。AD control and manage the LAN utilization 5.3 行政部负责密码及服务访问管理。AD manage the password and access service.5.4 行政部负责电子邮件及互联网使用的管控。AD responsible for the e-mail and Internet utilizations control and management.5.5 行政部负责电话系统使用的管控。AD control and manage the telephone system utilization.6.0 资格及培训：资格及培训：Qualification and Training 负责 IT 管理的人员须具有大学以上学历及两年以上相关工作经验；IT administrator should graduate from college with two years related working experience.7.0 程序：程序：Procedure 7.1 个人电脑之使用：Personal Computer utilization 7.1.1 公司直接或间接分配给职员的个人电脑，只能用于工作之用只能用于工作之用。不同目的的电脑工具使用皆可能是效率降低，维护成本，甚至安全威胁的诱因。电脑设备作为公司之资产应放置于良好环境状态中。（笔记本电脑尤其应小心保管）The company Personal Computer(PC),directly or indirectly assigned to the employee,must only be used for working purposes.The utilization of the computer tools for different aims may contribute to cause inefficiency,ZAE-QP-007 Rev 0 文件名称：IT 管理控制程序管理控制程序 Document name:IT Management Control Procedure Page 5 of 10 maintenance costs,and moreover security threats.The computer device must be kept in good condition(special care must be taken of the laptop-computer)being part of the company estate.7.1.2 所有电脑须由 ICT 技术员或外包商定期检查维护；All of the PCs are subject to a fixed-term check carried out whether by an ICT technician or by an external deputy in charge of the maintenance of the IT devices.7.1.3 登入电脑需输入密码，该密码由持有者妥善保管，不得告知任何他人。使用者 无系统管理员明确允许不得私自设置开机密码；Logging in to the computer is protected by a password,which must be kept secret by the holder with the best care.No one else but him is supposed to know the password.The user is not allowed to set a password at the initial boot(BIOS),without an explicit authorization of the system administrator.7.1.4 系统管理员为 IT 设备维护或确保其正常运行之目的，可以进入任何用户之数据，包括邮箱及其他任何信息，系统管理员应为所看到的个人数据严格保密；The system administrator has the faculty to enter the data of every user,including the email archive and whatsoever information needed for the maintenance and correct running of the IT devices.The sight of the personal data by the system administrator is strictly confidential and limited to the lowest necessary for the maintenance of the computer tools.7.1.5 电脑使用者严禁在电脑设备上私自安装任何软件。The user is not allowed to install any kind of software on the PC device.7.1.6 电脑使用者严禁私自更改电脑的原有设置，除非经系统管理员特别允许；The user is not allowed to change the original setting of his PC,unless specifically authorized by the system administrator.7.1.7 每天下班前或长时间离开办公室时须关闭电脑，以防已进入系统的电脑被他人滥 用。每台电脑都需启动屏幕保护程序并为其设置密码保护；The PC must be switched off every night before leaving the office and every time the user being away from the device for a relatively long time.Leaving an unattended logged in computer may allow a third party to use the PC improperly,without being possible afterward to ascertain the author of the abuse.For security reasons a screensaver protected by password must always be set.7.1.8 除非经系统管理员特别允许，电脑使用者严禁私自增加使用其他存储或通讯外设（如 modem,CD-RW 等）。任何掌握保密数据的使用者不允许用同一系统账号在不同电脑登入；ZAE-QP-007 Rev 0 文件名称：IT 管理控制程序管理控制程序 Do