Information Technology is a vast and growing array of computing and electronic data communications facilities and services which are used to create, access, examine, store, and distribute material in multiple media and formats. Information Technology plays an integral part in the fulfillment of WSSP’s day to day operations.
The Information Technology System comprises of computers, terminals, printers, networks, online and offline storage media and related equipment, software, and data files that are owned, managed, or maintained by WSSP. IT Systems include Enterprise resource planning software, email servers, desktop computers, and Data Servers.
Technology changes very rapidly and needs are constantly shifting. While balancing the costs associated with reliability, efficiency and availability of technology, IT function of WSSP shall be provided with the most useful solutions available. Objectives of WSSP IT function are:
- To develop and implement support strategies and methodologies of effective use of information technology, with efficiently managed WSSP resources.
- To update and implement policies and procedures necessary to ensure effective, secure, and appropriate use of the information resources and services.
- To efficiently manage IT procurement, and coordinate all requests to integrate new technologies, acquire new hardware or software, and replace obsolete equipment or services to meet an ever-changing environment.
- To maintain reliable technological infrastructures, and provide continuous improvement and technical support to all departments of WSSP.
- To plan, organize and provide training that will enhance staff’s IT knowledge and skills that are increasingly fundamental for employees.
Information Technology policies and standards are needed for efficient IT Management and to provide both access and reasonable security at an acceptable cost. The use of modern Information Technology entails both benefit and risk. These policies are designed to reduce those risks to an acceptable level and to maximize the benefits to all users and to ensure the following for all its members:
- Integrity – IT Security will ensure that all electronic information and transactions are free of errors and irregularities of any kind.
- Availability – IT Security will ensure that all information resources and data are available and protected from disruptions.
- Confidentiality – IT Security will ensure that all information resources are protected from unauthorized use or accidental disclosures, errors, fraud, sabotage, privacy infringement, and other actions that may cause harm.
Policies & Procedures
General IT Controls
General controls are those that control the design, security, and use of computer programs and the security of data files in general throughout the organization. On the whole, general controls apply to all computerized applications and consist of a combination of system software and manual procedures that create an overall control environment. General controls include the following:
- Controls over the system implementation process.
- Software controls.
- Physical hardware controls.
- Computer operations controls.
- Data security controls.
- Administrative controls.
IT Function of WSSP shall ensure that effective general IT controls are established in order to establish effective information technology system. The general IT controls includes the policies and procedure on the following
- Technology Hardware Purchasing Policy
- Policy for Obtaining and Use Software
- Policy for Use of Software
- Information Technology Security Policy
- Information Technology Administration Policy
- Data backup
- Disaster Recovery
Application controls are specific controls within each separate computer application, such as payroll or order processing. They include both automated and manual procedures that ensure that only authorized data are completely and accurately processed by that application.
In order to ensure smooth running of WSSP daily operations, IT Dept. shall ensure that effective application controls are established and the staff is educated of controls. The following application controls will be included:
- Maintenance of Network
- Emails and Internet Policy
- Threat management and use of Antiviruses
- Data privacy