Trinity Operating Procedures - TOPs

TOP-SYSTM: Computerized Systems

Rev: 08/11/2020

Scope: The term "computerized systems" includes Trinity Forge's network, software, data, Internet access, computers, terminals and all related devices and services. This procedure describes the control and security of these computerized systems. 

Procedure:

Access to Systems

The IT Manager is responsible for protecting Trinity Forge's computerized systems against unauthorized access. All user accounts and all levels of access must be authorized by the IT Manager. All users must comply with any access requirements specified by the IT Manager, such as password restrictions, virus protection, time-of-use, etc. The IT Manager maintains the Authorized Computer User List.

Passwords

Passwords, including PIN's and other "keys" to Trinity Forge's systems are not to be shared with other people. If you find that someone else lacks the access they need, tell the IT Manager, don't just tell them your password. If you think someone else knows your password, get it changed immediately! When you set a password, don't make it obvious - passwords require a mixture of letters and numbers.

User Software

Users may only put software on Trinity Forge's systems with permission by the IT Manager. Even seemingly harmless software like screen savers may conflict with other systems or breach network security, so unless you are preauthorized by the IT Manager for a particular piece of software, ASK FIRST. As in most of life, "When in doubt, don't ."

System Changes

Any user may request modifications or additions to Trinity Forge's computer systems, including hardware, software, or services. Such a request is made to the IT Manager via the user's manager. The IT Manager first verifies that a change is necessary (often a bit of training is all that's needed). In the case of a "bug" or very inexpensive enhancement the IT Manager may proceed directly with the changes. Larger changes must be approved by the CFO who may determine the need for a Resource Request - see TOP-RSRCE.

System Quality Assurance

As new software is developed, acquired or requested, or as new versions become available for existing software, the IT Manager is responsible for assuring the quality of the software prior to its implementation in Trinity Forge systems. Specifically this assurance entails:

The software and other resources have been approved by appropriate management. The necessary hardware and support software resources are in place. There is compatibility with existing resources. Appropriate documentation is in place. Appropriate training has been provided. Appropriate safeguards are in place should there be viruses in the software. Appropriate functional testing has been performed.

For critical software used for making decisions regarding the acceptability of product (e.g., product chemistry requirements, mill heat information and the routines that compare the two to approve release of inventory) the IT Manager must work with user management to develop a formal, written list of test scenarios, including raw data requirements and expected results, that the software must satisfy prior to implementation. This list becomes the Software Verification Record. The IT Manager must test the software for each case listed, verify the results are as expected, then sign and date the Software Verification Record prior to implementing the software. The IT Manager retains the Software Verification Record.

Documentation

The IT Manager is responsible for maintaining all documentation for computerized systems, including user-oriented documentation, technical documentation and documentation to prove licensure . Any user in possession of any system-related documentation is responsible for bringing it to the IT Manager's attention. The IT Manager is responsible for maintaining System Recovery Instructions for what to do and who to contact in the case of likely failures, posting the System Recovery Instructions in the main server area, and providing a copy to the VP-Manufacturing for offsite back-up. The CFO is responsible for review, approval and maintaining of the System Recovery Instructions.

Data Backup

All users are responsible for ensuring that any files or other data they maintain are known to the IT Manager so that they may be backed-up against system failure. Personal computer hard drives are nearly never under the back-up program. The IT Manager is responsible for maintaining a backup and recovery program. The IT Manager is responsible for ensuring the integrity of  daily, weekly, and monthly backups. The VP Quality & Engineering is responsible for review, approval and maintaining of the backup program.

Backup Strategy and Rotation

1. All local backups are stored off-site in a secure facility. Backups are taken on three servers: TFIFS2, TFISTORAGE,  DBSERVER2. 
2. The backups are performed incrementally on a daily basis and a full backup on weekends to provide an up to date restore capability in the event of a failure.
3. Month-end backups are done on the first Friday of the new month. 
   
4. Weekly backups consist of a full backup job being run on Friday followed by incremental backups running Monday through Thursday. This applies to all the servers.
   
5. The SQL server is backed up by a full backup every day Monday through Saturday . This is to ensure that all database log files are "played" then purged recovering hard drive space.
   

What-To-Do if System Fails

Any user identifying any failure of Trinity Forge's computerized system is responsible for immediately reporting the failure to the IT Manager, possibly via the user's manager. The IT Manager is responsible for seeing that the failure is corrected and the user's manager is responsible for monitoring records of any manual transactions, recording them after the failure is corrected and verifying all data is correct. If there is a loss of computerized data, even if most can be restored from backup disks, the IT Manager is responsible for explaining the scope of the problem to all affected user-department managers, and those managers are in turn responsible for ensuring that all lost data has been successfully restored or re-created. In such a case, each manager is responsible for involving all computer users in the department in reviewing the data since many files may have been updated without the manager’s awareness.

User Guidelines for Computer Use

1. Remember to log off or lock your computer when you leave the area for more than a few minutes.
2. DO NOT EVER give your password to anyone else or allow another employee to use your account. If an employee needs a user account, please have your supervisor request one be created.
   
3. DO NOT EVER  user another employer's user account.
4. Remember to shut down the computer at the end of your shift. This will allow the system and security updates to install.
5. DO NOT install or download third party software on the computer without clearing it through IT Manager first. This helps protect the network and computers from viruses and malware that piggy-back into the system. You can install the Microsoft, Adobe, Java or software updates for programs that are already on the computer.
6. DO NOT use internet radio or stream video on company computers.
7. DO NOT download pictures or music from the internet onto company computers.
8. DO NOT try to set up any software that is on the computers that requires extra attention, such as emails or MicroEstimating. If you choose the incorrect settings, the program(s) may not work correctly or information may be lost, such as incorrect email settings.
9. DO NOT make copies of files in the Shared directories unless you are creating a backup that is stored in a backup location on the Shared network, ALWAYS use a shortcut. This is so that everyone is using the same files and if the original gets updated or changed, all shortcuts are updated as well. Copied files do not get updated with changes from the original, they are considered a separate file.
10. DO NOT save files to the hard drive of the computer; save them in a location in the Shared directories or on your personal U: drive. The computers themselves are not being backed up so in the event of the computer crashing, you would lose all files saved there.
11. DO NOT open emails that are from someone you do not know; if you receive an email and think that it may be legitimate Trinity business, forward it to the IT Manager to review and the IT Manager will forward the email to its proper recipient.
12. DO NOT open email attachments from emails unless you are 100% certain that the attachment are safe and/or is a file or files that you were already expecting.

1. Unplug the internet cable from the computer, get it off the network.
2. Turn the computer off; if you cannot do this from your login, then unplug it from the wall or if it's a laptop, take the battery out.
   
3. Contact IT Manager and explain what happened; i.e. what website you were on, what email or email attachment you opened, what program or file you downloaded. As much information as you can possibly give will help in correcting the problem.

Revision history: