EXECUTIVE Summary: The primary objective of the APR-ICT Service is to support the ICT operation in Company office. In additional, APR-ICT will monitor the ICT operations in other branch offices within Asia Pacific, while the local-site ICT Staff (or delegated Staff) in each APR office is response to manage their routine ICT operation as well as their local out-source service. Global-ICT acts as a competency center to provide directive and also assist the operation in other regions. For the ERP Support model, APR-ICT will act as the first line support of any trouble shooting or software change request within APR region; those requests will be escalated to 2nd line support (i.e. Global-ICT or Consultancy Company) if necessary. Read More
Password Cracking Procedure
1 Introduction
1.1 Overview
Passwords are used in almost every interaction between users and information systems. Most forms of user authentication, as well as file and data protection, rely on user-supplied passwords. Since properly authenticated access is often not logged, or even if logged not likely to arouse suspicion, a compromised password is an opportunity to explore a system from the inside virtually undetected. As attacker would have complete access to any resources available to that user, and would be significantly closer to being able to access other accounts, nearby machines, and perhaps even administrative privileges. Despite this threat, accounts with bad or empty passwords remain extremely common and organizations with good password policy far too rare. The most common password vulnerabilities are that (a) user accounts have weak or non-existing passwords, (b) regardless of the strength of their passwords, users fail to protect it, and (c) the operating system or additional software creates administrative accounts with weak or non-existing passwords. Read More
Server Room Access Procedure
Scope
Define server room access procedure to have proper procedure for anyone. Server room is the place to host all our business critical and confidential information. This is applied to server rooms in all company sites. Read More
ERP System Survey Questionair
| Comment on ERP Usage related to your work | ||
| 1 | Which ERP module(s) you use currently: | |
| Inventory Control Module | yes/no | |
| Sales Module | yes/no | |
| Purchase Module | yes/no | |
| Manufacturing Module | yes/no | |
| MRP Planning Module | yes/no | |
| Accounting Module | yes/no | |
| 2 | How important of ERP system relative to your daily work | very important / less important / no comment |
| 3 | How important of ERP system affect your dept/whole company business operation | very important / less important / no comment |
| 4 | ERP can provide info to help better management decision-making | strongly agreed / not agreed / no comment |
| 5 | You can logon and use ERP anytime and anywhere, i.e. good system availability to users. | strongly agreed / not agreed / no comment |
| 6 | ERP can provide function to meet nowadays requirement as well as future business operation needs | strongly agreed / not agreed / no comment |
| Pls identify what system function need to be improved_______________________________ | ||
| Comment on Overall System Operation | ||
| 7 | ERP is easy for users to operate, i.e. very User-Friendly. | strongly agreed / not agreed / no comment |
| 8 | ERP response time for performing data update or report generation is acceptable. | strongly agreed / not agreed / no comment |
| 9 | ERP provides a very accurate management information, i.e. good data integrity. | strongly agreed / not agreed / no comment |
| 10 | ERP helps to decrease the workload of users significantly. | strongly agreed / not agreed / no comment |
| If you feel your productivity declined by using ERP, please give up to three reasons you feel this happened:
_______________________________________ |
||
| 11 | ERP user access right application is under well control, i.e. good authorization procedure. | strongly agreed / not agreed / no comment |
| 12 | Users aware their liability on the system usage, especially perform data update function, i.e. system increases users accountability. | |
| 13 | ERP provides sufficient logging report to check user action, i.e. good traceibiltiy function. | strongly agreed / not agreed / no comment |
| 14 | MFG/PRO system is protected from both internal and external hacker, i.e. high system security. | strongly agreed / not agreed / no comment |
| Comment on local/external consultant and training support: | ||
| 15 | Users clearly understand the ERP Helpdesk procedure to ask for support, e.g. who and how to request ERP support, | |
| 16 | Users clearly understand the ERP support organization, i.e. the responsibility of system owners, Dept expert/key users, the first and 2nd line technical support among HK, Shanghai and Shenzhen IT-Depts as well as external vendor consultant support. | |
| 17 | The function of ERP user group committee in Shanghai and Shenzhen factory is well recongized, i.e. each dept respesentatives activity participate the user group committee meeting to improve ERP operation and raise usefull request. | |
| 18 | Training document and operation manual for ERP are adequate and esay assessable. | strongly agreed / not agreed / no comment |
| Pls identify which missing operation document you need:_______ | ||
| 19 | Training or consultant support from your supervisor is adequate | strongly agreed / not agreed / no comment |
| 20 | Training or consultant support within users dept’s expert/key user is adequate | strongly agreed / not agreed / no comment |
| 21 | Training or consultant from IT dept is adequate | strongly agreed / not agreed / no comment |
| 22 | Training or consultant from external vendor consultant is adequate | strongly agreed / not agreed / no comment |
| Comment on Problem Handling | ||
| 23 | Users clearly understand the error handling procedure to solve any ERP error, i.e. who and how to report ERP error. | strongly agreed / not agreed / no comment |
| 24 | Users satisfy the software quality of MFG/PRO in term of mininal program bug and data update error. | strongly agreed / not agreed / no comment |
| 25 | Users satisfy the error handling procedure as well as the response time to error and fix. | strongly agreed / not agreed / no comment |
| 26 | IT Dept and external vendor consultant support are technical enough to solve error. | strongly agreed / not agreed / no comment |
| Comment on further System Development | ||
| 27 | IT Dept and vendor consultant support are technical enough to provide professional advice on system development. | strongly agreed / not agreed / no comment |
| 28 | ERP system is flexibility enough to build/enhance function to meet new requirement. | strongly agreed / not agreed / no comment |
| 29 | Company allocates sufficient internal IT man-power resource on ERP function enhancement | strongly agreed / not agreed / no comment |
| 30 | Company reserves sufficient funding for external vendor on ERP function enhancement | strongly agreed / not agreed / no comment |
| 31 | The development progress on function enhancement by IT Dept is under well control | strongly agreed / not agreed / no comment |
| 32 | The development progress on function enhancement by vendor consultant is under well control | strongly agreed / not agreed / no comment |
| 33 | The project management/monitor on function enhancement by IT Dept is well performed | strongly agreed / not agreed / no comment |
| 34 | Cost of function charge by external consultant is high | strongly agreed / not agreed / no comment |
| 35 | Your Overall rating to ERP System | Excellent / Not Acceptable / no comment |
Incident Management
1 Scope
This document describes the Incident Management Process as implemented in Company ICT Department.
The Service Desk/Incident Management Process ensures a quick recovery of service degradations to the agreed service level for all Europe/Headquarters employees. The Service Desk carries out the first-line activities and provides a single point of contact for all these customers. Read More
IT Shared Service Center Document
A. General
1. Background
For cost saving and improve service quality, it is recommended to centralize several IT service supports by IT Shared Services Center (IT SCC), such as providing infrastructure support to all company sites. All services shall be provided under a Service Level Agreement between IT-SSC and the sites, and corresponding tariffs shall be imposed for the delivery of such services. Read More
Proposal of Firewall Implementation
1. Background
According to security improvement, our company decided to install a firewall within our computer network system in order to protect the network system from outside hacking. The firewall should be able to regulate outbound and inbound network traffic between the LAN and WAN network. Read More
IT Outsource Service Document
Introduction
This Statement of Work (“SOW”) defines the End User Care (“EUC”) Support Services to be performed by Outsource Subcontractor for the Client Company. The services and tasks as described in the SOW will be performed in either Client Company and/or Outsource Subcontractor. Read More
IT Security Operation Checklist
Objective:
The IT Security Operation Checklist provides guidelines for IT professionals to perform the daily, weekly, and monthly maintenance and administrative tasks required to keep your infrastructure components and application systems performing optimally. In addition, a checklist is available to help IT to prepare for disaster recovery efforts, and it helps to keep an IT system operation smoothly. The checklist divides into three sections: 1) IT Infrastructure Components Security Operation Schedule, 2) Servers Backup Operation Log, 3) MFGPRO ERP Operation Log. Take reference to the following checklists as a sample, or adapt them to suit your company’s specific needs. Read More
War-Dialing PROCEDURE
1. INTRODUCTION
The presence of unsecured or mis-configured modems attached to computers on the network can undermine a well thought-out security plan. Persons unaware of the risks may set up modems on their computers that can be accessed with either non password or an easily guessed password. These modems are then vulnerable to computer criminals who “war dial,” or call numbers systematically until they find a phone number that connects to an unsecured dialup.
If a computer with an unsecured modem is connected to our network, anyone with a little computer skill and malicious intent can use that unsecured modem as a “back door” into our network. Firewalls don’t protect a network against this type of attack because the intruder comes in over phone lines, rather than over the Internet, bypassing firewalls. Read More