Professional Documents
Culture Documents
IT Policy Documentation
IT Policy Documentation
IT Policy Documentation
SCOPE
Any user who uses PMS, Back office or distributed applications, Internet, electronic mail in the
Hotel.
AUTHORITY
The content of this policy and manipulation to that is in scope of IT department and is
responsible for enforcement.
POLICY
USER ID
Access privileges are set according to employee designation by making user a member of
predefined access group mentioned in User Account Application Form. Each access group
has access privileges relevant to employee work profile; therefore user access is limited to
relevant operations in application. Assignment of any additional privilege will be assigned
after dialogue with concerned department head.
PASSWORD
Password will be set temporary and forced to be changed during first login for every user.
Password is set on routine to be changed every month. ID remains unchanged.
A POP email account and password is created upon receiving of user email account
application form as mentioned above.
POP Account on hotel POP3 server is allocated storage quota as per sanction storage limit.
(Refer to Acceptable use of Email Policy). Head of department is informed upon activation
of the User ID.
PURPOSE
Removal of User Account from hotel application network.
SCOPE
Any user who uses PMS, Back office or distributed applications, Internet, electronic mail in the
Hotel.
AUTHORITY
The content of this policy and manipulation to that is in scope of IT department and is
responsible for enforcement.
POLICY
A User ID and Password for application is deleted immediately upon receipt of employee
clearance form by IT department.
User data in any form will be backed up and sealed with immediate effect.
Any personal and official data on the workstation hard drive or network user directory on
network storage drive will be compressed and archived.
System usage history or application usage log for the user will be compressed and archived
on server.
This data will be deleted after observation by IT administrator in 7 days period, however will
be persevered for future supporting any official need on authorized instruction from Human
Resource Department or EAM Operations.
PURPOSE
To standardize generation of strong and technically robust quality of passwords for applications
for various user accounts on the network.
SCOPE
All users on Hotel Internal network using distributed applications on workstations, Internet and
electronic mail.
AUTHORITY
The content of this policy and manipulation to that is in scope of IT department and is
responsible for enforcement.
POLICY
User of distributed applications and Hotel Internal Network is required to create password
defined as per below.
The password must not contain all or part of the user's account name.
The password cannot contain any common string alpha characters (e.g., a word in a
dictionary or person's given name).
PURPOSE
The purpose of this policy is to apply organisational confidentiality, privacy and security to
electronic mail and avoid disruption to hotel electronic mail service.
SCOPE
All hotel employees using electronic mail in the Hotel on Hotel workstations or hotel provided
notebooks.
AUTHORITY
The content of this policy and manipulation to that is in scope of IT department and is
responsible for enforcement.
POLICY
POLICY FOR POP MAIL ACCOUNT
All Department heads and their number 2s are entitled to have official email account on
hotel email server.
All incoming emails will be returned to sender or bounced beyond account size or storage
limit. E.g. exceeds storage limits.
This email account size is defined as per usage and data traffic on every POP account.
MD,VP,GM – 50 MB
HODs- 25 MB
AM-20 MB.
In events of huge data transfer, use of email service can be avoided and FTP service can be
used. IT department can be contacted for help.
Messages will be automatically archived when they reach 180 days old on server.
Messages will be automatically deleted from the server when they reach 240 days old.
Messages moved to the Trash folder will be automatically deleted after 7 days.
Warning messages will be sent by the mail server to an account when it reaches 90% of its
capacity.
Receiving and sending emails is performed through POP email account configured in Hotel
Workstation in Outlook only. Strictly no other client, application or program can be used
other than MS outlook to process official email communication.
Every incoming or outgoing email has to mandatorily pass virus check on email server
before delivery; however any damages to data caused by infected email will be merely
user’s liability. An infected email will be blocked by server and will not be delivered to
recipient however sender will receive notice from antivirus application on the contrary.
Under no circumstances will any hotel employee define ‘Auto Responders’ or ‘Out of Office
Reply’ for his/her account while going on leave. However, mail server administrator will
activate auto forwarding to other corresponding email address for given period of days.
Hotel electronic mail services are to be used for official communication for official purpose
only and therefore under no circumstances could it be used for personal gain, conflict of
interest, copyright violations and illegal activities. In events of violations to this, disciplinary
actions can be initiated by human resource department.
DESCRIPTION ACCEPTABLE USE OF INTERNET POLICY
PURPOSE
The purpose of this policy is to ensure legitimate usage of wired or wireless Internet in Hotel
Network.
SCOPE
All users on hotel wired or wireless network using Internet on department workstations,
laptops and internet access devices. And the guest, using Internet on owned or hired laptops,
notebooks, palmtops and other internet access devices at any hotel location.
AUTHORITY
The content of this policy and manipulation to that is in scope of IT department and is
responsible for enforcement.
POLICY
An Internet user on hotel network wired or wireless; shall be bound to below policy rules.
Internet billing is handled by an automated billing interface between ISP server and PMS. In
instance of interface failure, bill shall be generated manually based on Hotel guest Internet
access tariff rates and be posted manually into PMS system. Manager on Duty can be
contacted in event of dispute. No Internet bill can be cancelled in any case without Front
office Manager’s approval.
Hotel shall not refund on unused hours to any user and will not accept any Internet usage
credit for any user.
Hotel shall not be responsible for congestion in data transfer during Video Conferencing,
Net-meetings and Webinars. Congestion has no relation to access speed over Hotel
Network. Application error or communication device error shall be in user’s clause.
Hotel does not hold liability to any damage to data or data transfer during Internet session
in hotel network nor does it guaranty intact data delivery to destination over the network.
The Internet connection is not to be used for unlawful or inappropriate purposes such as,
transferring or downloading of unauthorized software, offensive or unlawful content, and
try to violate copyrights. In such instance IT department can monitor and block user’s IP
address through internet firewall over hotel network.
By nature of the public Internet, user should have no expectation of privacy on content.
Hotel IT department has neither control on content or on privacy of the content
transmitted. In all cases, user will be solely liable for data being spoofed, sniffed, hacked or
eavesdropped.
Use of Internet network by hotel user should always be legal and ethical, reflect
professional honesty, and show restraint in the consumption of shared resources, network
devices, and files or folders on hotel network.
The Internet is to be used for appropriate purpose only. Using Internet for unlawful or
criminal purpose will be dealt with strict actions (legal) from Human Resource and Hotel
Security Department.
DESCRIPTION ACCEPTABLE USE OF IT RESOURCE POLICY
PURPOSE
The purpose of this policy is to ensure acceptable and legitimate usage of IT resources in the
Hotel.
SCOPE
All users in the hotel using computers and attached other hardware devices: wired or wireless.
AUTHORITY
The content of this policy and manipulation to that is in scope of IT department and is
responsible for enforcement.
POLICY
No user can (a) knowingly endanger or compromise the security of any Hotel computer,
network facility, or other computing resource or willfully interfere with others' authorized
computer usage, (b) attempt to circumvent data protection schemes, uncover security
loopholes, or decrypt secure data; (c) modify or reconfigure or attempt to modify or
reconfigure any software or hardware of any Hotel computer or network facility in any way,
unless specific authorization has been obtained; or (d) use Hotel computer resources and
communication facilities to attempt unauthorized access to or use of any computer or
network facility, no matter where located, or to interfere with others' legitimate use of any
such computing resource.
No user can attempt to access, copy, or destroy programs or files that belong to other users
or to the Hotel without prior authorization, nor shall anyone use Hotel computing resources
for unauthorized monitoring of electronic communications or data.
No user can create, run, install, or knowingly distribute a computer virus, Trojan horse, or
other surreptitiously destructive program, email, or data via any Hotel computer or network
facility, regardless of whether demonstrable harm results.
User can never knowingly or recklessly perform any act that will interfere with the normal
operation of computers, workstations, peripherals, or networks and shall not intentionally
waste or overload computing resources.
User must treat Hotel’s data, files maintained by other hotel users or departments as
confidential unless otherwise classified, pursuant to regulation, law or hotel policy. Users
shall not access files or documents belonging to others, without proper authorization or
unless pursuant to routine system administration.
User can be considerate in their use of shared resources and refrain from monopolizing
systems, overloading networks with excessive data, or wasting computer time, connection
time, disk space, printer paper, manuals and other resources.
User can not violate information technology law pertaining to electronic mailing of chain
letters and other unauthorized use of computing resources or network.
User cannot make or use illegal copies of copyrighted or patented software, store such
copies on Hotel systems, or transmit such software over Hotel network.
User can not access or connect privately owned component or devices such as, USB Mass
storage device, Notebook or laptop PC, Memory stick, Memory card reader, Speakers,
Headphones, Microphones, Joysticks, Palm tops, Bluetooth access device, CD ROM or DVD
over hotel workstation or network.
User cannot use, store, access or play animations, music, animated games, movies, motion
graphics, audio or video streams, mp3 or other music format, 3gp or other video format
from internet or external media device.
User can not manually change or alter and/or manually enforce or impose IP for wired or
wireless Internet access on workstation. Since Hotel network static IP pool for wired LAN
and dynamic IP pool for wired or wireless internet is domain of ISP and IT department, user
contravention is completely avoided.
ENFORCEMENT
IT administrator is responsible for protecting the system and users from abuses of this
policy. Pursuant to this duty, IT administrator may (1) formally or informally discuss the
matter with the offending user, (2) temporarily revoke or modify access privileges, or (3)
refer the matter to Hotel EAM Operations or human resource manager for further
legitimate actions.
Violation of this policy may result in the revocation or suspension of access privileges
and/or financial implication to the user against the damages done to hotel IT resources or
network. Imposition of such sanction or penalty is within the discretion of the Department
Head of Information Technology and Human Resource Department.
DESCRIPTION DATA BACKUP POLICY
PURPOSE
To ensure that both data and software are regularly and securely backed-up. This is essential to
protect against the loss of data and software and to facilitate rapid recovery from any IT failure.
SCOPE
The data backup element applies to all users who use IT devices and workstations on hotel
network and process or store information and data owned by hotel.
AUTHORITY
The content of this policy and manipulation to that is in scope of IT department and is
responsible for enforcement.
POLICY
The following backups are performed on application server in server room:
The normal storage media is TAPE. Occasionally CD/RW Discs are also used.
CATEGORIES OF BACKUP
All data, operating systems and utility files must be adequately and systematically backed
up including patches, fixes and updates.
At least three generations of back-up data must be retained at any point of time
(grandfather/father/son) however weekly full backup archive array is maintained in IT
department and kept in electronic safe.
The backup media must be precisely labelled and accurate records must be maintained of
backups done and to which back-up set they belong.
Copies of the back-up media, together with the back-up record, should be stored safely in
electronic safe, at sufficient distance away to escape any damage from a disaster at the
main site.
Regular tests of restoring data/software from the backup copies should be undertaken, to
ensure that they can be relied upon at times of emergency.
SCOPE
This policy applies to all users who use IT devices and workstations on hotel network and
process or store information and data owned by hotel.
AUTHORITY
The content of this policy and manipulation to that is in scope of IT department and is
responsible for enforcement.
POLICY
No other than hotel employee to work on hotel provided workstations. In no events any
personnel from outside to work or touch, see or communicate hotel sensitive data by sitting
on workstation and gaining access to hotel network. No exceptions entertained.
Department Head to involve and enforce this policy with help of IT administrator.
Any workstation that requires access to distributed application has to gain server access by
user authentication which is passed by server. User authentication is based on some
parameters defined by IT department during installation. No other workstation, privately
owned notebook, palmtops, laptops, wired or wireless devices can gain access to server
otherwise.
Hotel network static IP pool for wired LAN belongs to IT department. Therefore IP address
for hotel workstation cannot be defined on any privately owned laptop, palmtop, PC, and
wired or wireless device.
In no circumstances will the privately owned storage devices, CDs, DVDs, VCDs, cable
interfaces, USB mass storage devices be used by any user in the hotel. In case of usage of
such device observed more than 2 times, user has to undergo disciplinary actions from IT
department and Human Resource department.
User must take reasonable precautions to reduce the risk of loss of critical IT resources that
reside on user’s workstation or on the file server, i.e. backup of critical documents, or
schedule to back up documents to remote storage device.
User in no events to perform installation or un-installation, activation or deactivation,
schedule or alter configuration of antivirus application, backup application, systems
services, device interface application such as mobile, network application such as tracers or
file transfer application service and installation of games or arcade application. In case of
occurrence of such application on hotel workstation, user has to undergo disciplinary
actions from IT department and Human Resource department.
User can never uninstall, disable, or deactivate antivirus, firewall and system application
settings on hotel workstation. In events of challenge or performance issue, technical
assistance can be obtained from IT department.
User never issue, copy or disclose application passwords, application settings, reports, logs,
hotel sensitive data, application sensitive data, network configuration settings, layouts,
designs or scanned images, films, media-clips of hotel or images related to official work, in
oral, written, documented or electronic form inside or outside of hotel.
User never carry Hotel IT resources such as, CD-ROM, CD-RW, DVD, USB mass storage
device, memory cards, hard drives, pointing device, keyboards, hardware peripherals, palm
top, Cat5/Cat6 patch cable, laptop, workstation, printer, copier, scanner, fax, web camera,
telephone instrument, telephone accessory etc. in inter-departments or outside of hotel
without proper authorization from department head and security department.
In events of intentional transfer or theft of IT devices without proper authorization, user will
be dealt with strict disciplinary actions by HR department. In case of damages due to
accidents, financial implications will also be imposed by HR department and security
department to the user.
User can not hack or alter workstation password or workstation settings in the network and
cannot launch dictionary attack or denial of service attack into hotel network to break user
passwords or halt server services. Any user who is found directly or indirectly involved in
such events will be dealt with strict actions by IT department and HR department.
User can never enter in to server room or IT room and touch, change, or alter server or
application settings on server. User entry into Server room without authorization of IT
department and security department will be strictly restricted. In offense, security
department will undertake strict actions against the user.
DESCRIPTION VIRUS RESPONSE POLICY
PURPOSE
To ensure prompt response generated against virus attack in the network and to get control
over infection before it can spread and damage systems. To survive IT disaster caused by virus
infection at workstation and network level.
SCOPE
All users connected to Hotel wired and wireless network working on Hotel provided
workstations and laptops.
AUTHORITY
The content of this policy and manipulation to that is in scope of IT department and is
responsible for enforcement.
POLICY
In events of virus infection at workstation and server level, following emergency response
action is undertaken.
User to log or note possible virus message displayed on screen and report present working
status of system to IT support.
User to not to open any application in such event as it might spread infection further to
other applications.
User to not to try to access network or network resource as it can spread infection over the
network.
User to take LAN connection patch cord out from the jack, leave system unattended and
wait for IT supports to reach on site.
IT support, to perform full systems scan through latest updated antivirus kit on external
media.
IT support, to perform online scans or comprehensive scans through external media for
restoring original hardware configuration in case if it is damaged.
IT support, to call OEM support for further help or move workstation for recovery in IT
department if comprehensive damage.
IT supports, to restore application environment, user files from workstation emergency
backup set after successful removal or repair of the virus infection.
IT support, to send down-time alerts to WEB CRS, VPN Interface, Reservations, and user
department.
IT support, to perform full server scan through latest updated antivirus kit on external
media.
IT support, to perform online scan or comprehensive scan through external media for
restoring original hardware configuration in case if it is damaged.
IT support, to call OEM support, online, telephonic or personnel for further help if hardware
or software damage is not repairable or recoverable. Hotel IT network to stand-by in such
event and General manger, Security Department and user departments to be informed
regarding the IT disaster.
IT support to restore Application database, application environment, user files from latest
backup set or emergency backup set after successful removal or repair of the virus
infection.
IT support to communicate operation restore to user departments, WEB users, VPN, CRS.
Remove software that presents a security risk. E.g. ODBC application, adware, malware,
software updates, and workbook macros.
Avoid visiting heavy multimedia pages, games pages while Internet browsing.
Avoid using or downloading applications from Internet which do not have valid certificates.
PURPOSE
To ensure prompt response generated against software or hardware system failure or crash. To
survive IT disaster caused by such failure or crash in distributed application.
SCOPE
All users connected to Hotel wired and wireless network using software and hardware systems
on workstations.
AUTHORITY
The content of this policy and manipulation to that is in scope of IT department and is
responsible for enforcement.
POLICY
User to call IT department on system or application failure, including strange application
behavior or unsteady system.
User to log or note possible memory fault message, fatal alert or error message displayed
on screen.
User to take LAN connection patch cord out from the jack, leave system unattended and
wait for IT support to reach at site.
IT support, to inform crisis response team about the crash event taken place.
IT support, to set emergency-alert to CRS, VPN, Reservations, and user departments before
committing server downtime in case of application server crash such as PMS or Micros.
Crisis response team leader to decide on server down-time and application recovery time. IT
support, to communicate the same across, after primary emergency alert.
IT support, to take full backup of server system before proceeding and develop crash time
full data backup array.
IT support, to call OEM support, possibly online, telephonic or personnel from HP or Micros
or other vendors for further help if hardware or software damage is not repairable or
recoverable.
IT support to restore server files, and full data back up from crash time full backup array or
emergency backup set after recovery.
IT support, to activate server operation, test data and then communicate crash recovery
locally and enable normal operations in CRS, VPN, Reservations and user departments.
IT support to activate and set normal operation with IT support, to log crash event, note
causes and employ procedure to restrict that in further.
PURPOSE
To establish policy to regulate and control the Hotel Voice and Data services.
SCOPE
This policy applies to all Hotel Managers, Administrators, Supervisors, Employees, Staff,
contractual employees in hotel using Hotel telecommunication infrastructure.
AUTHORITY
The content of this policy and manipulation to that is in scope of IT department and is
responsible for enforcement.
POLICY
Calls made from hotel telephones are totally at the discretion of the employee and it is the
responsibility of each employee to ensure calls are appropriate to their work and are
conducted expeditiously.
Private calls are permitted without charge to the employees provided they are conducted in
an expeditious manner and do not tie up lines required for Hotel business. However, private
calls are allowable provided the appropriate supervisor/administrator/department head has
had approved it and the identified cost subsequently paid by the employee to accounts
department as per agreed rates.
MOBILE SERVICES
Postpaid Mobile SIM-cards to employees at hotel billing will be issued following appropriate
Head of Department and EAM Operations’ approval. The billing address and liability is of
the hotel itself.
Those employees, who make business calls on their individual mobile phone on an
alternating basis, may submit an expense claim for the cost of those calls. Individual Mobile
invoices can be obtained from Hotel Finance Department during working hours. Mobile
phone invoices are to be reviewed and approved by a senior manager or delegate within a
department.
PURPOSE
To ensure response generated against telecom disaster or failure in hotel. To survive telecom
disaster caused by such failure or crash in the hotel.
SCOPE
All department users, all hotel guests and visitors making use of hotel telephone infrastructure
in either guest rooms or other hotel areas.
AUTHORITY
The content of this policy and manipulation to that is in scope of IT department and is
responsible for enforcement.
POLICY
All telephone instruments, digital and analog, in Guest rooms and hotel area.
Digital circuits for data communications for Hotel Internet computing and software
interface of 512 kbps located in IT room.
Significant failure or break down in any of above mentioned instruments and their services
and/or routine function is considered as telecommunication disaster in hotel.
Maintenance Contract Vendor is called on site for rectification if the communication is not
restored after initial observation. The service downtime is communicated to GM and user
departments.
In disaster or failure of telecom service, hotel communication to route through direct lines
configured in PABX.
After service recovery confirmation from engineering, telephone billing interface restart
launched. Secondly, voice mail interface restart launched.
Recovery confirmation to be passed to front office, engineering and General Manager and
security department.