ORC 4 ‐ Procedure & policy Wiki - michaelthielemans/ProjectHosting GitHub Wiki

Employer Policy and Procedures Wiki

Section 4: Operations Report Card

1. Onboarding New Employees

Orientation Schedule:

Day 1: Welcome and Introduction

  • 09:00 AM: Arrival and Welcome Coffee
  • 09:30 AM: Company Overview Presentation by HR
  • 10:30 AM: Office Tour with Team Lead
  • 11:30 AM: IT Setup and Email Account Creation
  • 12:30 PM: Lunch with Assigned Mentor
  • 01:30 PM: Introduction to Company Culture and Values
  • 02:30 PM: Health and Safety Briefing
  • 03:30 PM: Q&A Session with HR
  • 04:30 PM: End of Day Debrief with Mentor

Day 2-5: Departmental Training and Integration

  • Mornings: Department-Specific Training Sessions
  • Afternoons: Hands-On Work with Mentor
  • Daily: End of Day Check-In with HR

Training Program:

  • Week 1: Introduction to Web Hosting Basics and Company Tools
  • Week 2-4: In-Depth Training on Company Services, Customer Support Protocols, and Technical Troubleshooting
  • Week 5-8: Shadowing Experienced Team Members and Handling Guided Tasks
  • Ongoing: Monthly Training Workshops on New Technologies and Best Practices

Access Provisioning:

  • System Access: HR will initiate the creation of user accounts on the first day.
  • VPN Access: IT department will provide VPN access credentials by the end of the first day.
  • Security Training: Mandatory security training must be completed before full system access is granted.

Documentation:

  • Employee Handbook: Must be read and acknowledged.
  • Non-Disclosure Agreement (NDA): To be signed to protect company information.
  • Code of Conduct: Agreement to be signed to uphold company standards.
  • Emergency Contact Form: To be filled out for safety protocols.

2. Offboarding Employees

Exit Interview:

  • Scheduling: HR will schedule an exit interview within the last week of employment.
  • Conducting: A member of HR will conduct the interview to gather feedback on the employee's experience.
  • Documentation: The employee's insights and suggestions will be documented for company improvement.

Access Revocation:

  • Immediate Action: IT department is notified on the day of departure to begin revoking access.
  • System Accounts: All user accounts associated with the departing employee will be deactivated.
  • VPN and Email: Access to VPN and company email will be terminated on the last working day.

Asset Return:

  • Inventory Checklist: An inventory of all company property issued to the employee will be provided.
  • Return Process: The employee must return all items to HR during their last week.
  • Final Check: IT will perform a final check to ensure all digital assets are returned or deleted.

3. Employee Termination

Immediate Actions:

  • Notification: HR must be notified immediately to initiate the termination process.
  • Meeting: Arrange a confidential meeting with the employee to communicate the decision.
  • Documentation: Complete all necessary termination paperwork, including the termination letter.

Communication:

  • Team Notification: Inform the team of the termination in a manner that respects the privacy of the individual.
  • Record Update: Update all company records to reflect the termination status.
  • External Communication: If necessary, prepare a statement for clients or partners regarding the change in personnel.

Security Measures:

  • Access Revocation: IT department must immediately revoke all digital access, including email and VPN.
  • Physical Access: Collect any physical keys or access cards from the employee.
  • Monitoring: Monitor systems for any unusual activity following the termination.

4. Installing New Machines

Installation Checklist:

  1. Unboxing and Inspection:

    • Carefully unbox the machine and inspect for any physical damage.
    • Verify all components and accessories are included as per the packing list.

  2. Physical Setup:

    • Follow the manufacturer's instructions to set up the machine physically.
    • Ensure the machine is placed in a secure, well-ventilated area.

  3. Network Connection:

    • Connect the machine to the network using the provided guidelines.
    • Assign a static IP address and update the network inventory.

  4. Hardware Configuration:

    • Install any additional hardware components such as extra RAM or storage drives.

  5. BIOS/UEFI Setup:

    • Enter the BIOS/UEFI settings to configure boot order and system settings.

Configuration Standards:

  • Operating System: Install the approved version of the operating system.
  • Security Software: Install the latest antivirus and firewall software.
  • System Updates: Apply all critical system updates and patches.
  • Standard Applications: Install standard company applications and tools.
  • Backup Systems: Configure backup systems and schedule regular backups.

Testing:

  1. Initial Boot:

    • Power on the machine and ensure it boots to the operating system without errors.

  2. Connectivity Tests:

    • Test network connectivity, internet access, and inter-system communication.

  3. Performance Benchmarking:

    • Run benchmarking software to ensure the machine meets performance standards.

  4. Security Audit:

    • Perform a security audit to check for vulnerabilities.

  5. User Acceptance Testing (UAT):

    • Have a designated staff member perform UAT to confirm the machine is ready for production use.

  6. Documentation:

    • Document the entire setup process, configurations, and test results in the system inventory.

5. Decommissioning Machines

Data Backup

Before decommissioning any machine, it is crucial to ensure that all important data is backed up. This includes system files, user data, and application data. The backup process should be:

  1. Identify Critical Data: Review and list all data that needs to be preserved.
  2. Choose Backup Methods: Decide whether to use cloud storage, external hard drives, or other backup solutions.
  3. Execute Backup: Perform the backup, ensuring that all selected data is successfully copied.
  4. Verify Backup: Check the integrity of the backup data to confirm that it is complete and uncorrupted.
  5. Secure Backup: Store the backup in a secure location, with restricted access to authorized personnel only.

Wipe Procedures

To securely wipe the machine, follow these steps:

  1. Deauthorize Accounts: Log out and deauthorize any connected user accounts and services.
  2. Use Wiping Software: Employ certified data destruction software to overwrite all data on the machine's storage devices.
  3. Physical Destruction: For highly sensitive data, consider physical destruction of the storage device as an additional measure.
  4. Document Process: Keep a record of the wiping process, including the software used and the methods applied.

Disposal

The physical disposal of the machine should adhere to environmental regulations and company policies:

  1. Inventory Check: Record the machine's serial number and any other identifying information before disposal.
  2. Choose Disposal Method: Depending on company policy, options may include recycling, selling, or donating the machine.
  3. Certified Recycler: If recycling, ensure the machine is disposed of through a certified e-waste recycler.
  4. Data Protection: Confirm that all data has been wiped before handing over the machine for disposal.
  5. Documentation: Maintain a log of the disposal process, including the date, method, and recipient of the machine.

6. VPN Service Management

Adding a User

To add a new user to the VPN service, follow these instructions:

  1. User Information: Collect the necessary information from the user, including full name, department, and reason for VPN access.
  2. Approval: Obtain authorization from the department head or IT security officer.
  3. Create Account: In the VPN management console, select 'Add User' and enter the user's information.
  4. Configure Access: Assign the appropriate access level and permissions based on the user's role.
  5. Set Credentials: Generate a unique username and a strong, secure password.
  6. Provide Instructions: Send the VPN setup instructions and credentials to the new user via a secure method.
  7. Verify Setup: Ensure the user can connect to the VPN and access the necessary resources.

Deleting a User

To remove a user from the VPN service, the steps are as follows:

  1. Identify User: Locate the user's account in the VPN management console.
  2. Review Activity: Check the user's recent activity for any pending tasks or data that needs to be secured.
  3. Revoke Access: Select 'Remove User' or 'Delete Account' and confirm the action.
  4. Notify User: Inform the user that their VPN access has been revoked and provide the reason if appropriate.
  5. Documentation: Update the VPN service records to reflect the removal of the user.
  6. Audit: Periodically review the list of active users to ensure all accounts are valid and necessary.

7. RAID System Maintenance

Disk Replacement

When a disk in the RAID system fails or needs replacement, follow this procedure:

  1. Identify Failed Disk: Use the RAID management software to identify the failed disk by its ID.
  2. Prepare for Replacement: If hot-swappable, ensure the system is in a state that allows for disk replacement without powering down.
  3. Remove Failed Disk: Carefully remove the failed disk from the RAID array.
  4. Insert New Disk: Insert the new disk into the slot of the removed disk.
  5. Rebuild RAID: Configure the RAID controller to rebuild the array using the new disk.
  6. Monitor Rebuild: Keep an eye on the rebuild progress through the RAID management software.
  7. Verify Disk Status: Once the rebuild is complete, check the status of the new disk to ensure it is functioning properly.
System Check

After replacing a disk in the RAID system, perform a system check:

  1. RAID Integrity Check: Run a RAID integrity check to ensure all disks are communicating correctly and the data is intact.
  2. Performance Monitoring: Observe the system's performance to detect any irregularities that may indicate issues.
  3. Review Logs: Check system logs for errors or warnings that could suggest problems with the new disk or the RAID array.
  4. Backup Verification: Confirm that backups are running as expected and that data can be restored if necessary.
  5. Documentation: Update maintenance records with the details of the disk replacement and system check.

8. Root Password Management

Password Change Protocol

Changing the root password across all machines is a sensitive operation that must be handled with care. Follow these steps:

  1. Schedule Downtime: Inform all users of the planned downtime required for the password change.
  2. Authentication: Ensure that you have the current root password and the necessary privileges to change it.
  3. Change Password:
    • Log into the machine as root.
    • Use the passwd command to initiate the password change process.
    • Enter the new password twice when prompted to do so.
  4. Propagation: If using a centralized management system, propagate the new password to all machines.
  5. Test Access: Verify that the new password works and that root access is functional on all machines.
  6. Notify Users: Once the change is successful, inform users that maintenance is complete.

Record Keeping

Documenting the root password change is essential for security audits:

  1. Change Log: Create an entry in the password change log, noting the date, time, and reason for the change.
  2. Secure Storage: Store the new password in a secure password manager accessible only to authorized personnel.
  3. Audit Trail: Maintain an audit trail that records who changed the password and who authorized the change.
  4. Review Process: Regularly review the password change protocol to ensure it meets current security standards.