Policy Procedure IACT 418 918 Autumn 2005 Gene

Policy & Procedure IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong

Network Managers as Fire Fighters? • Without a systematic process, you can spend your days chasing after problems • Being reactive instead of proactive • Wasting resources and time, patching holes instead of planning for growth and improved levels of service 2

The “Good Circle” • Preventative management reduces unforeseen problems Reduced Down Time • Reduced downtime means less effort needed to locate errors Preventative • Less time spent Decrease in Management Error Search searching for errors means more time available to do preventative management! 3

How to be preventative? • Establish policies and procedures to: – Prevent or minimise incorrect usage – Ensure maintenance of equipment – Provide smooth repair of problems when they arise – Get the most from your staff 4

Policy • OED: – an organised and established system – Prudent, expedient, or advantageous procedure • Websters: – a definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions – a high-level overall plan embracing the general goals and acceptable procedures 5

Policy • Rules or guidelines – often inflexible – Sets a standard • An organisation’s principles; – a commitment by which the organisation is held accountable • Sets out the way things are done • Creates a framework for the way work is done • Represents the organisations POSITION or STANDPOINT on an issue 6

Policies • Policy-making takes place under conditions of incomplete information and uncertainty • Policies at three interrelated levels: – General frames used to interpret a situation and select a principal course of action – Organizing concepts within which a policy problem is addressed – Operational level concepts used to design specific policy measures 7

Policies • Should be: – Written down – Approved by management – Checked by lawyers 8

Policy Documents • • Administrative service policies Rights and responsibilities of users Rights and responsibilities of sysadmins Guest account policy – Can you think of others? 9

EG: Acceptable Use Policy • • • 10 Account sharing Misuse of mail or WWW Pornography Defamation Industrial espionage Software installation or modification Software copying Misuse of network – file serving etc. A signature by the user that they have read, understood and agreed to the terms of the policy

Uo. W Polices • A list of polices that govern the use of IT services at Uo. W can be found at – http: //www. uow. edu. au/its/policies/ 11

Broad scale policies • Some issues have a larger scope than the local network group: – Handling security break-ins – Password selection criteria – Removals of logins for cause – Copyrighted material (MP 3, DVD etc) – Software piracy 12

Procedure • OED: – a set of instructions • Websters – a traditional or established way of doing things 13

Procedure • Guidelines – Sets a standard – Sets out HOW things are done – Can allow flexibility • Details the preferred, recommended or required process for performing a given task • A course of action developed to implement policy 14

Procedures • Should be: – Publicized to staff – training etc. – Easy to understand – Accessible when needed -how do you know which one to use? – Available both in print and on-line – Constantly updated • They need: – Open channels of communication, both vertical & horizontal – Trust and co-operation • Open hard to get an “expert” to reveal their ‘secrets’ 15

Procedures • Good for regular, repetitive tasks • Checklists to avoid errors or forgotten steps • It’s faster to work from a recipe • Changes are self-documenting • Written procedures provide a measurable standard of correctness 16

Examples • Common network tasks worth proceduralising – Adding a host – Adding a user – Localizing a machine – Setting up backups – Securing a new machine – Restarting a complex software application – Restarting/unjamming a printer – Upgrading the operating system – Emergency shutdowns – Software installation 17

Falling between the cracks • Some problems sit between policy & procedure. Eg: – Who can have an account? – What to do when they leave? 18

Which to use? • You must decide carefully which to use, policy, procedure or both. • Policies – Stronger – but often inflexible – Must be carefully written • Set and forget? – Enforceable? • Procedures – Weaker – More flexible & adaptable • Must be maintained – Can be built into staff training 19