UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY



Similar documents
How To Monitor A Municipality

Client Security Risk Assessment Questionnaire

UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

MSP Service Matrix. Servers

Security Policy for External Customers

Central Agency for Information Technology

Estate Agents Authority

NETWORK SECURITY GUIDELINES

mbits Network Operations Centrec

USM IT Security Council Guide for Security Event Logging. Version 1.1

IT Onsite Service Contract Proposal. For. <<Customer>> Ltd

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

Disaster Recovery Checklist Disaster Recovery Plan for <System One>

UMHLABUYALINGANA MUNICIPALITY

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Schedule 2Z Virtual Servers, Firewalls and Load Balancers

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

ICANWK406A Install, configure and test network security

UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY

CLOUD SERVICE SCHEDULE

Managed Service Plans

CLOUD SERVICES (INFRASTRUCTURE) SERVICE TERMS PART C - INFRASTRUCTURE CONTENTS

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

University of Kent Information Services Information Technology Security Policy

ACME Enterprises IT Infrastructure Assessment

Managed Security Services SLA Document. Response and Resolution Times

Service Specification Schedule For Fujitsu Cloud IaaS Trusted Public S5

Best Practices For Department Server and Enterprise System Checklist

Workflow Templates Library

UMHLABUYALINGANA MUNICIPALITY ANTIVIRUS MANAGEMENT POLICY

How To Ensure The C.E.A.S.A

Attachment E. RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive.

REDCENTRIC INFRASTRUCTURE AS A SERVICE SERVICE DEFINITION

IT Sr. Systems Administrator

Department of Information Technology Active Directory Audit Final Report. August promoting efficient & effective local government

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

University of Pittsburgh Security Assessment Questionnaire (v1.5)

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD

User Reports. Time on System. Session Count. Detailed Reports. Summary Reports. Individual Gantt Charts

Information Technology Solutions

INCIDENT RESPONSE CHECKLIST

LHRIC Network Support - Additional Service Features

HIPAA Security Alert

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Sentinel Platform/Managed IT Services Agreement Page 1 of Term of Agreement

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less

SERVICE SCHEDULE PULSANT ENTERPRISE CLOUD SERVICES

APPENDIX 3 TO SCHEDULE 3.3 SECURITY SERVICES SOW

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

1.1 SERVICE DESCRIPTION

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

INFRASTRUCTURE AS A SERVICE (IAAS) SERVICE SCHEDULE Australia

PC Proactive Solutions Technical View

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview

CompTIA Cloud+ 9318; 5 Days, Instructor-led

SERVICE SCHEDULE PUBLIC CLOUD SERVICES

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

Architecture Overview

Guide to Vulnerability Management for Small Companies

Regulations on Information Systems Security. I. General Provisions

Procedure Title: TennDent HIPAA Security Awareness and Training

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

Guardian365. Managed IT Support Services Suite

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

Network Instruments white paper

Information Security Office. Logging Standard

H.I.P.A.A. Compliance Made Easy Products and Services

Analyzing Logs For Security Information Event Management

Information Technology Security Procedures

N e t w o r k E n g i n e e r Position Description

Security Tool Kit System Checklist Departmental Servers and Enterprise Systems

SAN MATEO COUNTY OFFICE OF EDUCATION

Policy Document. Communications and Operation Management Policy

Analyzing Logs For Security Information Event Management

Miami University. Payment Card Data Security Policy

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Payment Card Industry Self-Assessment Questionnaire

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

University of Liverpool

Virtual Server Hosting Service Definition. SD021 v1.8 Issue Date 20 December 10

Security Audit Survivor How to Remain On the Island in the Wake of the Piedmont Audit

Policy Title: HIPAA Security Awareness and Training

OPERATIONAL SERVICE LEVEL AGREEMENT BETWEEN THE CLIENT AND FOR THE PROVISION OF PRO-ACTIVE MONITORING & SUPPORT SERVICES

PCI Requirements Coverage Summary Table

Data Network Security Policy

Network Security Guidelines. e-governance

CITY UNIVERSITY OF HONG KONG Network and Platform Security Standard

General Computer Controls

Information security controls. Briefing for clients on Experian information security controls

Information Security Policy Schedule A - Roles, Standards and Operational Procedures

A practical guide to IT security

PCI Requirements Coverage Summary Table

Transcription:

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

Originator: IT Performance and Capacity Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Recommended by Director of Corporate Services Recommended by EXCO Approved by Council Effective: Review Frequency: Once a year (i.e. Annually) Version Number: IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Page 2 of 12

Table of Contents 1. Introduction... 4 2. Policy Statement... 4 3. Roles And Responsibilities... 4 4. IT Operations Management... 5 5. Server Configuration Policy... 5 6. Monitor IT Infrastructure... 7 7. Appendices... 8 A. Daily Operations Task Checklist Document... 9 B. Monthly It Performance And Capacity Management... 11 IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Page 3 of 12

1. INTRODUCTION This policy applies to all employees of Umhlabuyalingana Municipality and all parties that interact with the information and systems of the municipality. The purpose of this document is to detail the correct performance and capacity management procedure that is to be followed for systems and applications utilised. 2. POLICY STATEMENT Umhlabuyalingana Municipality must define the functions and processes for technical support of infrastructure and/or applications. The objective of this policy is to ensure that the IT operational environment is well maintained to achieve stability of day-to-day processes and activities. All IT equipment must be monitored regularly and a uniform process for performance and capacity management must be established. Equipment used to run key applications should be monitored more regularly. 3. ROLES AND RESPONSIBILITIES Director Corporate Services: IT Officer: Users: Monitors compliance to the policy, and is accountable for ensuring that the IT Officer carries out the appropriate operational tasks. Accountable for ensuring that the municipality s IT Operations are well managed and provide for a stable IT environment. Responsible for carrying out operational duties to achieve stability of the operational environment. Ensures that operational policy and procedure documents are continuously updated. A user of information has the responsibility to: Use the information only for the purpose intended; Comply with all controls established by the municipality; Ensure that classified or sensitive information is not disclosed to anyone without permission; and Ensure that his/her individual passwords and/or physical access controls are not disclosed to, or used by anybody else. IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Page 4 of 12

4. IT OPERATIONS MANAGEMENT 4.1. A stable IT infrastructure must be designed and maintained. 4.2. The following areas must be managed at a minimum: 4.2.1. Server environments 4.2.2. Networks 4.2.3. Storage and archiving 4.2.4. Databases 4.2.5. Desktops 4.2.6. Backups 4.3. The execution of operational activities and events in the IT infrastructure must include audit logging and monitoring. 5. SERVER CONFIGURATION POLICY 5.1. Server equipment must be documented and the following information must be maintained at a minimum: 5.1.1. Host contact information and location of server equipment 5.1.2. Sever hardware and operating system version and serial numbers 5.1.3. Purpose/function of server equipment and applications 5.1.4. Password groups for privileged passwords 5.1.5. Configuration information (server name, IP Address, and application specific information) 5.2. Passwords on server equipment must be maintained in accordance with the municipality s IT Security Policy. 5.3. Any changes to existing server equipment must follow the municipality s IT Change Management Policy/Procedures and must be authorised by the IT Officer. 5.4. Server equipment and operating systems must only be installed by an approved source, i.e. IT Officer or third party. Server equipment must operate with only licensed versions of the operating system and software. 5.5. All critical and security related patches/hot-fixes released by vendor(s) must be installed. This must be installed in accordance with the Municipality s Patch Management Policy and Procedure. This applies to all services installed on the server equipment, even though those services may be temporarily or permanently disabled. IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Page 5 of 12

5.6. The IT Officer must ensure that controlled processes are in place in the server environment and that equipment remains current, with the appropriate patches/hot-fixes. 5.7. All services and applications that are unused or not serving business requirements must be disabled except where approved by the IT Officer. 5.8. Remote system administration (through privileged access) must be conducted using approved VPN secure solutions in accordance with the municipality s IT Security Policy. 5.9. All system, application and security related events on server equipment must be logged with log files archived regularly. Archival of server event logs must meet the following minimum (or better where compliance with specific legislation is required) practice: 5.9.1. All server event logs must be kept online for minimum of one week; 5.9.2. Daily backups of event logs must be retained for at least one month; 5.9.3. Weekly backups of event logs must be retained for at least one month; and 5.9.4. Monthly backups of event logs must be retained for a minimum of two years. 5.10. The IT Officer must complete the Daily Operations Tasks Checklist (Appendix A) and the Monthly Performance and Capacity Management Checklist (Appendix B). 5.11. Evidence of the completed and approved checklist(s) must be retained. 5.12. The IT Officer must ensure that the configuration of server equipment outsourced, colocated, or hosted by external/third-party service providers is defined in the contract with the service provider. At a minimum the definition must document: 5.12.1. Host contact information and location of server equipment; 5.12.2. Server hardware and operating system/version; 5.12.3. Purpose/function of server equipment and applications; 5.12.4. Configuration change management processes; 5.12.5. Back-up requirements; 5.12.6. Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO); and 5.12.7. Escalation procedures. 5.13. The IT Officer must isolate or otherwise disable any server equipment that has been compromised by an attacker or, otherwise places the municipality s systems, data, users, and clients at risk as stipulated in the municipality s IT Security Policy. 5.14. The IT Officer must ensure that servers are named in accordance with the server and device naming conventions used by the municipality, to ensure consistency. IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Page 6 of 12

6. MONITOR IT INFRASTRUCTURE 6.1. Logging of infrastructure events must be maintained and due care must be taken in the protection, handling, and storage of all monitored data and logs. The IT Officer must ensure that logs record the following information on all business critical resources if the business requirements determine them to be relevant. 6.1.1. User IDs; 6.1.2. Dates/times and key events; and 6.1.3. Workstation identification and location. 6.2. The IT Officer must ensure that monitoring for the use of privileged operations occurs during the following instances: 6.2.1. Systems are started or stopped; 6.2.2. Input or output devices are attached or detached; and 6.2.3. Changes and attempts to change security setting and controls. 6.3. The IT Officer must ensure that monitoring for system alerts and failures capture the following details: 6.3.1. Alerts or messages from consoles; 6.3.2. Exceptions in system logs; 6.3.3. Alarms generated by network management devices or access control systems; and 6.3.4. Logs required by the municipality. 6.4. The IT Officer must ensure that monitoring for system access captures the following details: 6.4.1. The ID of the user; 6.4.2. The date / time of key events; 6.4.3. The type of event; 6.4.4. The files accessed and their type; and 6.4.5. The programs or utilities used during access. 6.5. Rules that identify and record threshold breaches and event conditions must be defined and implemented. A balance must be found between logging minor events and significant events so event logs are not logging unnecessary information, thus impacting data storage capacity. 6.6. The following IT infrastructure capacity planning elements must be monitored: 6.6.1. Server CPU utilisation - check if CPUs are running at full capacity or are they being under-utilised. By monitoring server CPU utilisation, you can monitor server IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Page 7 of 12

performance and restart a process or application to improve response time for the application; 6.6.2. Server Disk utilisation - Monitor the hard disk space utilised by the system and ensure critical processes on the server have sufficient system resources; 6.6.3. Server Process utilisation - Monitor memory and CPU utilisation of processes. This helps identify system processes or server applications using high Server Resources; 6.6.4. Network Availability to identify data bottlenecks or specific devices on the network using more resources than expected; 6.6.5. Network traffic and Bandwidth usage - Monitor Network Interface traffic on the server and understand how much network load is being handled; and 6.6.6. Network devices (routers, switches etc) Ensuring that network devices are functioning as required. 6.7. Event logs and key indicators for critical systems and applications must be monitored and signed-off by the IT Officer using the Daily Operations Task Checklist (Appendix A) and Monthly IT Performance and Capacity Management checklist (Appendix B). 6.8. Incidents must be logged, as per the Helpdesk and Incident Management Policy, in a timely manner when monitoring activities result in the identification of deviations and/or violations. 6.9. Infrastructure monitoring reporting must be provided by the Service Providers on a monthly basis to provide feedback. Areas that must be covered are: 6.9.1. Call logging statistics and statuses; 6.9.2. Reports on the LAN and WAN infrastructure (Routers, switches, WAN interfaces etc.); 6.9.3. Backup logs and reports; and 6.9.4. Incidents that occurred in any of the above areas. 7. APPENDICES A. Daily Operations Task Checklist document B. Monthly IT Performance and Capacity Management IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Page 8 of 12

Appendix A Daily Operation Tasks Checklist: Date: Network Network Availability Exceptions in system firewall logs Network traffic and Bandwidth usage Review alerts from antivirus console Virus Definitions updated for Antivirus Server Monitoring CPU utilisation Disk Space Process utilisation Backup Backup for all critical application/data was successful Independent review of Event Logs for Systems and Applications Review Application Logs for Error Events Review All System / Application Event Logs for Warnings Record Errors and/or Warnings Respond to Failures / Problems Systems are started or stopped Input or output devices attached or detached IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Page 9 of 12

Daily Operation Tasks Checklist: Date: Independent review of Security Logs Successful and unsuccessful system access attempts System configuration changes Privileged access use System and application utilities use Changes and attempts to change security setting and controls Sign-offs Performed by: Designation: Sign: Date: Where there any Security Incidents? (Yes/No). If yes, provide details and Incident No. and resolution Sign: Date: IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Page 10 of 12

Appendix B Monthly Performance and Capacity Management Checklist: Date: Server CPU Performance Hard Drive Free Space Memory Capacity Comments IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Page 11 of 12

Monthly Performance and Capacity Management Checklist: Date: Server CPU Performance Hard Drive Free Space Memory Capacity Comments Checked by: Designation: Sign: Month: IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Page 12 of 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information