Uploaded by kabjunior

IT FACILITY PROCEDURE

advertisement
— Uncontrolled printed Copy. For the latest revision, check UniSea YMS! —
Yinson Production
YMS-CO-0296
Approved: Revision 03 / 21.09.2023
Corporate governance and support functions • Support functions • IT
IT Facility Procedure
Table of contents:
1. Purpose
2. Scope
3. Responsibilities
4. Definitions and abbreviations
5. Email
6. Shared drives
7. Back up policy
8. Internet access policy
9. References
Attachments
----
1. Purpose
The objective of the document is to describe the IT facilities on the units and general guidelines and policies in using the IT facilities
on the units.
2. Scope
This applies to all FPSO Units and base offices.
3. Responsibilities
The IT Manager is responsible for the IT Policy and Procedures.
This policy applies to all employees and contractors who use the company’s IT systems on work time.
It applies no matter whether the network access takes place on company premises, while travelling for business or while working
from home.
4. Definitions and abbreviations
N/A
5. Email
General
Yinson Production makes e mail available to its employees where relevant and useful for their jobs.
This email section describes the rules governing email use at the company. It also sets out how staff members are expected to
behave when using email.
Email guidelines
Business email use
Page 1 of 7
Yinson Production recognises that email is a key communication tool. It encourages its employees to use email whenever
appropriate.
For instance, staff members may use email to:
Communicate with customers or suppliers
Market the company’s products
Distribute information to colleagues
Personal use of email
The company also recognises that email is an important tool in many people’s daily lives. As such, it allows employees to use their
company email account for personal reasons, with the following stipulations:
Personal email use should be of a reasonable level and restricted to non-work times, such as breaks and during lunch.
All rules described in this policy apply equally to personal email use. For instance, inappropriate content is always
inappropriate, no matter whether it is being sent or received for business or personal reasons.
Personal email use must not affect the email service available to other users. For instance, sending exceptionally large files by
email could slow access for other employees.
Users may access their own personal email accounts at work, if they can do so via our internet connection. For instance, a staff
member may check their Yahoo or Google Mail during their lunch break.
Authorised users
Only people who have been authorised to use email at Yinson Production may do so.
Authorisation is usually provided by an employee’s line manager or the company IT department. It is typically granted when a new
employee joins the company and is assigned their login details for the company IT systems.
Unauthorised use of the company’s email system is prohibited.
Employees who use company email without authorisation — or who provide access to unauthorised people — may have disciplinary
action taken against them.
Key Areas
Email security
Used inappropriately, email can be a source of security problems for the company. Users of the company email system must not:
Open email attachments from unknown sources, in case they contain a virus, Trojan, spyware or other malware.
Disable security or email scanning software. These tools are essential to protect the business from security problems.
Send confidential company data via email. The IT department can advise on appropriate tools to use instead.
Access another user’s company email account. If they require access to a specific message (for instance, while an employee
is off sick), they should approach their line manager or the IT department.
Staff members must always consider the security of the company’s systems and data when using email. If required, help and
guidance is available from line managers and the company IT department.
Users should note that email is not inherently secure. Most emails transmitted over the internet are sent in plain text. This means they
are vulnerable to interception.
Although such interceptions are rare, it’s best to regard email as an open communication system, not suitable for confidential
messages and information.
Inappropriate email content and use
The company email system must not be used to send or store inappropriate content or materials.
It is important employees understand that viewing or distributing inappropriate content via email is not acceptable under any
circumstances.
Users must not:
Write or send emails that might be defamatory or incur liability for the company.
Create or distribute any inappropriate content or material via email.
Inappropriate content includes: pornography, racial or religious slurs, gender-specific comments, information encouraging criminal
Page 2 of 7
skills or terrorism, or materials relating to cults, gambling and illegal drugs.
This definition of inappropriate content or material also covers any text, images or other media that could reasonably offend
someone on the basis of race, age, sex, religious or political beliefs, national origin, disability, sexual orientation, or any other
characteristic protected by law.
Use email for any illegal or criminal activities.
Send offensive or harassing emails to others.
Send messages or material that could damage Yinson Production’s image or reputation.
Any user who receives an email they consider to be inappropriate should report this to their line manager or supervisor.
Copyright
Yinson Production respects and operates within copyright laws. Users may not use company email to share any copyrighted
software, media or materials owned by third parties, unless permitted by that third party.
Employees must not use the company’s email system to perform any tasks that may involve breach of copyright law.
Users should keep in mind that the copyright on letters, files and other documents attached to emails may be owned by the email
sender, or by a third party. Forwarding such emails on to other people may breach this copyright.
Contracts and liability
Users must be careful about making commitments or agreeing to purchases via email.
An email message may form a legally-binding contract between Yinson Production and the recipient — even if the user has not
obtained proper authorisation within the company.
All questions about email marketing should be directed to the marketing manager.
Policy Enforcement
Monitoring email use
The company email system and software are provided for legitimate business use.
The company therefore reserves the right to monitor employee use of email.
Any such examinations or monitoring will only be carried out by authorised staff.
Additionally, all emails sent or received through the company’s email system are part of official Yinson Production records. The
company can be legally compelled to show that information to law enforcement agencies or other parties.
Users should always ensure that the business information sent via email is accurate, appropriate, ethical, and legal.
Potential sanctions
Knowingly breaching this email use policy is a serious matter. Users who do so will be subject to disciplinary action.
Employees, contractors and other users may also be held personally liable for violating this policy.
Where appropriate, the company will involve the police or other law enforcement agencies in relation to breaches of this policy.
6. Shared drives
Yinson Production provides a shared network drive to facilitate information sharing and collaboration among employees.
This guideline outlines good practice for managing information on shared staff network drives, throughout the information lifecycle.
The guideline aligns with the following principles
information resources are managed as valuable assets
information should be easy to find, access and use
information is created, collected and organized in a manner that ensures its integrity, quality and security.
Access to shared drives
Yinson Production provides 2 mapped drive for all employees:
U: drive. This drive is provided for the personal electronic working files.
Page 3 of 7
W: drive. This drive is provided for all electronic working personal file.
Access to some folders in W: drive are restricted and will need the Folder’s owner / Line manager approval.
Requests to access the restricted folders in W: drive should be submitted to the IT department along with the line manager/folder
owner’s approval
Key Areas
The following are general guidelines when using the shared folders:
Do not store personal files (for e.g., pictures and music files)
Do not store third party copyrighted files in the shared drives. Examples of copyright files are AutoCAD designs, media files
and music files.
Be mindful of the folder structure in the shared drive, and follow the convention in storing working files
The maximum character length that a file name can accommodate is up to 256 characters. Any folder name that is longer than
256 character have a higher possibility of being corrupted.
Policy Enforcement
Knowingly breaching this use policy is a serious matter. Users who do so will be subject to disciplinary action.
Employees, contractors and other users may also be held personally liable for violating this policy.
Where appropriate, the company will involve the police or other law enforcement agencies in relation to breaches of this policy.
7. Back up policy
Scope and Purpose
The Purpose of the policy is as follows:
To provide secure storage for data assets critical to the work of the business
To prevent loss of data in the case of accidental deletion / corruption of data, system failure, or disaster
To permit timely restoration of archived data in the event of a disaster or system failure.
This applies to all the W: share drive and U: share located on all computers (both laptops and desktops)
Back up policy are NOT meant for the following purposes:
Personal data such as photos, videos, music, and non-Yinson Production e-mail accounts
Programs (i.e., applications) of any type (personal or officially supported)
Backup and Recovery policy
Data
The following resources are made available to backup critical files pertaining to official business:
U: share drive
W: share drive
E-mail
By default, each user has been given 50GB of e-mail storage space. E-mail is backed up by Veeam back up software.
Backup Schedule and retention.
The Veeam backup system is utilized to retain data for 4 weeks or 28 days. A combination of incremental and full backups is
executed on the dataset. A full backup is performed every Friday with incremental backups thereafter. This creates a scenario where
Yinson Production IT can restore a folder to a single point in time in the past up to a maximum of 30 days.
Verification
If configured properly, Veeam will perform a verification against a backup set after every job to protect against corrupted data. No
other form of verification is scheduled or performed.
Page 4 of 7
Data Restoration
Emergency recovery: IT will make every attempt to recover data within a business day. However, in the event of a catastrophic event
such as fire damage, services and data maybe unavailable for an extended period of time.
Non-emergency recovery: These restorations will be performed on a time available basis, and will occur within the next five business
days.
Required information: Employees that needs files restored must contact a member of the IT department. The detail of the request
should include information about the file creations date, the name of the file, the last time it was changed, and the date and time it
was deleted.
8. Internet access policy
General
Yinson Production makes internet access available to its employees where relevant and useful for their jobs.
This internet use policy describes the rules governing internet use at the company. It also sets out how staff members are expected to
behave when using the internet.
It serves to:
Reduce the online security risks faced by Yinson Production
Let employees know what they can and can’t do online
Ensures employees do not view inappropriate content at work
Helps the company satisfy its legal obligations regarding internet use
Internet Guidelines
Internet use is encouraged
Yinson Production recognises that the internet is an integral part of doing business. It therefore encourages its employees to use of
the internet whenever such use supports the company’s goals and objectives.
For instance, staff members may use the internet to:
Purchase office supplies
Book business travel
Identify potential suppliers or partners
There are many valid reasons for using the internet at work and the company certainly allows its employees to explore and take
advantage of the internet’s many advantages.
Personal internet use
The company also recognises that the internet is embedded in many people’s daily lives. As such, it allows employees to use the
internet for personal reasons, with the following stipulations:
Personal internet use should be of a reasonable level and restricted to non-work times, such as breaks and during lunch.
All rules described in this policy apply equally to personal internet use. For instance, inappropriate content is always
inappropriate, no matter whether it is being accessed for business or personal reasons.
Personal internet use must not affect the internet service available to other people in the company. For instance, downloading
large files could slow access for other employees.
Authorised users
Only people who have been authorised to use the internet at Yinson Production may do so.
Authorisation is usually provided by an employee’s line manager or the company IT department. It is typically granted when a new
employee joins the company and is assigned their login details for the company IT systems.
Unauthorised use of the company’s internet connection is prohibited.
Employees who use the internet without authorisation — or who provide access to unauthorised people — may have disciplinary
action taken against them
Key Areas
Page 5 of 7
Internet security
Used unwisely, the internet can be a source of security problems that can do significant damage to the company’s data and
reputation.
Users must not knowingly introduce any form of computer virus, Trojan, spyware or other malware into the company.
Employees must not gain access to websites or systems for which they do not have authorisation, either within the business or
outside it.
Company data should only be uploaded to and shared via approved services. The IT department can advise on appropriate
tools for sending and sharing large amounts of data.
Employees must not steal, use, or disclose someone else’s login or password without authorisation.
Staff members must always consider the security of the company’s systems and data when using the internet. If required, help and
guidance is available from line managers and the company IT department.
Inappropriate content and uses
There are many sources of inappropriate content and materials available online. It is important for employees to understand that
viewing or distributing inappropriate content is not acceptable under any circumstances.
Users must not:
Take part in any activities on the internet that could bring the company into disrepute.
Create or transmit material that might be defamatory or incur liability for the company.
View, download, create or distribute any inappropriate content or material.
Inappropriate content includes: pornography, racial or religious slurs, gender-specific comments, information encouraging criminal
skills or terrorism, or materials relating to cults, gambling and illegal drugs.
This definition of inappropriate content or material also covers any text, images or other media that could reasonably offend
someone on the basis of race, age, sex, religious or political beliefs, national origin, disability, sexual orientation, or any other
characteristic protected by law.
Use the internet for any illegal or criminal activities.
Send offensive or harassing material to others.
Broadcast unsolicited personal views on social, political, religious or other non-business related matters.
Send or post messages or material that could damage Yinson Production’s image or reputation
Policy Enforcement
Monitoring internet use
Company IT and internet resources — including computers, smart phones and internet connections — are provided for legitimate
business use.
The company therefore reserves the right to monitor use of the internet, to examine systems and review the data stored in those
systems.
Any such examinations or monitoring will only be carried out by authorised staff.
Additionally, all internet data written, sent or received through the company’s computer systems is part of official [company name]
records. The company can be legally compelled to show that information to law enforcement agencies or other parties.
Users should always ensure that the business information sent over or uploaded to the internet is accurate, appropriate, ethical, and
legal.
Potential sanctions
Knowingly breaching this internet use policy is a serious matter. Users who do so will be subject to disciplinary action, up to and
including termination of employment.
Employees, contractors and other users may also be held personally liable for violating this policy.
Where appropriate, the company will involve the police or other law enforcement agencies in relation to breaches of this policy.
9. Business Applications
Page 6 of 7
Yinson Production makes use of applications to maintain operational efficiency for the operational processes.
The following applications are available for offshore personnel:
S/N Application Name
Purpose
1
IFS (CMMS)
Maintenance System
2
Microsoft Office 365
Office productivity software
3
Unisea
Management System for Offshore
Units
4
Seagull
Computer Based Training System
5
IFS (Document Control) Document Management System
Attachments
N/A
No references
Exported by: DCS Technician OCTP/Yinson @ 2024-05-10T18:45:04.558Z
Page 7 of 7
Download