Policy Version I Export Processing Zones Authority P.O. Box 50563 00200 Nairobi Te! 25" 020 2#$2%0$&6 'ax! 25" 020 2#$3#0" ( 2005 copyright EPZA )une 2005 1 2 Introduction *n+or,ation an- .o,,unication Technoogies /*.T0 is a -ri1ing +orce o+ a acti1ities. *t pays a crucia roe o+ i,pro1ing co,,unication2 in+or,ation processing an- in+or,ation ,anage,ent. The Authority protects its Assets /3ar-4are2 5o+t4are an- Net4or6s0 an- other reate- acti1ities through 1arious poicies an- proce-ures2 4hich ha1e to be +oo4e- by each an e1ery sta++ ,e,ber in the organi7ation. ICT Mission Statement The *.T section 4i -e1eop an- i,pe,ent e++ecti1e an- e++icient *.T poicy an- pro1i-e sustainabe technoogica in+rastructure an- support +or the reai7ation o+ Export Processing Zones Authority ,ission 3 1! Computer "ard#are$ Peripherals and other e%uipment .o,puter har-4are2 peripheras an- other e8uip,ent 4i incu-e a the co,puter reate- har-4are 4hich is o4ne- by EPZA. These 4i incu-e an- not i,ite- to Persona .o,puters an- its accessories2 9aptops2 :P5s2 Printers2 existing cabing in+rastructure etc. $.$ Purchasing an- *nstaing o+ har-4are A the *.T e8uip,ent sha be purchase- a+ter reco,,en-ation by the *.T section. :ser re8uiring *.T e8uip,ent sha contact their respecti1e ,anagers 4ho 4i in turn +or4ar- to the *.T section 4ho 4i consi-er the re8uest -epen-ing on +easibiity2 suitabiity an- bu-get. $.$.$ .o,puters an- aptops Purchases o+ co,puter har-4are an- aptops sha be restricte- to incu-e ony bran-e- co,puters incu-ing an- not i,ite- to .o,pa82 3P2 *B;2 an- <e $.$.2 .abing .abing re+ers to the 4iring 4hich has been set up to support 9oca Area Net4or6 /9AN0 an- the teephone syste, at a the EPZA pre,ises. 5tructure- cabing sha be a-opte- an- a the o++ices sha ha1e net4or6 points to pro1i-e +or the access to the 9AN an- +or use in the teephone ser1ices. $.$.3 :ninterruptibe Po4er 5uppy /:P50 units These are the po4er surge protectors an- reguators. A the co,puters an- ree1ant e8uip,ent ,ust be protecte- +ro, po4er reate- probe,s by use o+ a :P5. $.$." Printers A the co,puters sha be accessibe to a printer 4hich is either connecte- -irecty or through the net4or6. $.$.5 ;o-e,s Ony co,puters +or -iaup access sha be +itte- 4ith ,o-e, as sha be reco,,en-e- by the *.T section hea-. 4 $.2 E8uip,ent *n1entory EPZA *.T section sha ,aintain the in1entory o+ a the *.T e8uip,ent an- a-1ice the ,anage,ent on ac8uisition an- -isposa o+ the sa,e $.3 :se o+ e8uip,ent A the *.T e8uip,ent sha be use- 4ithin the EPZA o++ices. Non EPZA ,e,bers o+ sta++ are prohibite- +ro, using an- accessing the *.T e8uip,ent. $." .onsu,abes *.T consu,abes sha be procure- by the procure,ent o++icer in iaison 4ith the *.T section $.5 =or6ing o++ pre,ises an- using outsource->Externa e8uip,ent Any e8uip,ent re8uire- +or use outsi-e the o++ice sha be sub?ect to reease by the *.T section Outsource- >Externa e8uip,ent such as aptop2 .<s2 <is6ettes2 9.< pro?ectors +or use 4ithin EPZA pre,ises sha be sub?ect to appro1a by *.T section. $.6 5er1icing an- ,aintenance 5er1icing an- ,inor repairs o+ *.T e8uip,ent sha be -one internay. ;a?or repairs sha be outsource- to outsi-e co,pany as sha be -eter,ine-. $.# @etiring o+ obsoete e8uip,ent The *.T section sha +ro, ti,e to ti,e a-1ice the Authority on e8uip,ent 4hich are obsoete an- re8uire -isposa. 5 &! 'ocal Area (et#or) 2.$ ;anage,ent 2.2 .ontro an- Access 2.3 Net4or6 Printer 6 *! Soft#are Systems 3.$ Procure,ent o+ so+t4are Procure,ent o+ any so+t4are sha be coor-inate- by the user -epart,ent an- the *.T section 4ho sha pro1i-e the technica a-1ice. 5o+t4are can be bought either o++&the&she+ or -e1eope-. 3.$.$ O++ the she+ 5o+t4are The Authority sha buy ,ost o+ the generic syste,s +ro, the ,ar6et +or on4ar- custo,i7ation to ta6e a-1antage o+ their resiience an- the +act that they ha1e been taste- in the ,ar6et 3.$.2 <e1eope- so+t4are /*n&house an- taior&,a-e0 5o+t4are -e1eop,ent co,pany 4i be contracte- to -e1eop taior&,a-e so+t4are +or the Authority incase the sai- so+t4are is not a1aiabe o++&the&she+. This 4i be coor-inate- by the user -epart,ent an- the *.T section. 5yste,s -e1eope- internay /*n&house0 by the ,e,bers o+ sta++ sha be +or s,a scae use by the -e1eopers>users to ease processing o+ -ata or per+or,ing o+ certain +unctions. 3.2 5o+t4are ,aintenance an- upgra-e The Authority sha enter into agree,ent 4ith the 1en-ors>suppiers o+ the so+t4are in use 4ithin the Authority +or ,aintenance an- upgra-e to +aciitate ,aintenance o+ up to -ate so+t4are>syste,s. 3.3 Access an- use o+ so+t4are Any so+t4are instae- in the Authority har-4are syste,s sha ony be use- by authori7e- o++icers. This authori7ation sha be pro1i-e- by the hea- o+ *.T or the hea- o+ the user -epart,ent. 3." 5o+t4are usage poicies an- proce-ures 3.".$ 9icense Agree,ents 3.".2 @epro-ucing 5o+t4are 3.".3 :nauthori7e- 5o+t4are 7 +! Information Processing$ Management and Security +1 Introduction The goa o+ bac6ups is to pre1ent the oss o+ -ata in the case o+ syste, +aiure or the acci-enta -eetion o+ -ata. Bac6ups are not ,eant to archi1e -ata +or +uture re+erence. The *.T -i1ision 4i 6eep proper bac6up on -aiy basis an- retaine- +or a perio- o+ up to one 4ee6. <ue to the +re8uent change in technoogy2 the bac6upAs ,e-ia sha be re1ise- consistenty to ensure that a the bac6ups are accessibe an- can be re-epoye- 4hen nee-e-. Entry to 5er1er @oo, sha re,ain restricte- to *n+or,ation an- .o,,unication Technoogy /*.T0 sta++. A -ata pertaining to the Authority sha be store- on Bac6up ;e-ia. The bac6ups o+ co,puter syste,s sha be ocate- in sa+e externa areas to ei,inate any chances o+ -a,age in the e1ent o+ -isaster. +& ,hat to -ac)up <ata store- ocay on -es6top co,puters an- on syste,s that are ,anage- by the *.T -epart,ent incu-ing net4or6 e8uip,ent sha be bac6e- up in accor-ance 4ith this poicy. +* .re%uency of -ac)up and Storage Period <ata bac6up sha be -one on -aiy basis as +oo4sB a0 *ncre,enta bac6up sha be -one -aiy +ro, ;on-ay to 'ri-ay. b0 'ri-ay bac6up sha be 6ept as the 4ee6y bac6up an- the other bac6up tapes recyce- or o1er4ritten. c0 The bac6up o+ the ast 'ri-ay o+ the ,onth sha be treate- as the ,onthy bac6up. The other 'ri-ayAs bac6up o+ the pre1ious ,onth sha be recyce-. -0 ;onthy bac6ups sha be 6ept +or a perio- o+ one year an- therea+ter the tapes can be recyce-. :ser -ata shou- not be archi1e- +or ong perio-s o+ ti,e as it is ony being bac6e- up to reco1er +ro, har-4are +aiure an- acci-enta -eetion. Bac6ups o+ user -ata ,ay be store- +or a ,axi,u, 8 o+ six ,onths an- are to be -estroye- or o1er4ritten a+ter that ti,e. .ertain in+or,ation2 such as syste, ogs an- seecte- usage ogs2 shou- be store- +or a year so as to pro1i-e su++icient -ata +or usage anaysis an- to hep in1estigate security inci-ents.
4.4 Storage Media There are ,any a1aiabe bac6up soutions incu-ing Tape bac6ups2 Net4or6 attache- storage2 5torage Area Net4or6s2 <irect Attache- 5torage2 i5.5*2 <is6 .oning2 @e,o1abe an- Externa <is6 <ri1es2 Bac6up 5o+t4are2 @A*< 5torage2 'ireproo+ ;e-ia 5a+es an- .abinets. +/ Storage 'ocation =ee6y bac6ups an- ,onthy bac6ups sha be 6ept o++&site. Proper en1iron,ent contro2 te,perature2 hu,i-ity an- +ire protection2 sha be ,aintaine- at the storage ocation. ".6 Storage Security and Access ".6.$ A bac6up ,e-ia 4i be store- in a secure area an- ony accessibe to *.T or authori7e- sta++. To a-- an extra ayer o+ security -ocu,ents shou- be sa1e- 4ith pass4or-s. ".6.2 The bac6up -e1ice2 5er1ers an- storage ,e-ia shou- be in a secure2 oc6e- roo, 4ith i,ite- access. The bac6up ,e-ia shou- be store- in +ireproo+ sa+e 4hen it is not in use. ".6.3 Perio-ic tests o+ the bac6ups 4i be per+or,e- to -eter,ine i+ +ies can be restore-. This shou- be -one ,onthy to ensure that both the tapes an- the bac6up proce-ures 4or6 propery. ".# 0estoring -ac)up <ata re8uire- +or restoring sha be -one upon re8uest to the *.T section 9 /! Internet and Email The Authority has net4or6 connecti1ity that enabes sta++ to chec6 ,ai an- bro4se the internet +or in+or,ation an- other ser1ices. The +oo4ing is to be obser1e- by a users 4hen accessing the *nternet!& $. =hie sta++ is encourage- to use the *nternet as an in+or,ation resource2 they are not ao4e- to -o4noa- an- insta -ata +ro, the *nternet 4ithout appro1a +ro, *.T. 2. The sta++ is -iscourage- +ro, 1isiting unauthori7e- sites. 3. <eete e,ais that they -o not 6no4 the source 4ithout opening to a1oi- in+ecting the e8uip,ent 4ith 1iruses. ". 5a1e any e,ais to separate +o-er i+ they 4ish to re+er to the, ater. 5. <eete e,ais 4ith attach,ents to sa1e -is6s space. 6. Any e,ais that are three months o- or ,ore 4i auto,aticay be -eete- +ro, a ,ai boxes by *.T section to re-ee, -is6 space. #. 5ta++ is encourage- to sa1e copies o+ their i,portant -ocu,ents on -is6ettes2 .<s or tapes in iaison 4ith *.T section 10 1! EPZA ,e2site 6.$ :se Authority 4ebsite sha be use- as source o+ in+or,ation to the externa 4or- an- sha aso pro1i-e a +ee-bac6 on en8uiries about the EPZ progra,,e in Cenya. 6.2 :p-ating :p-ating o+ the Authority 4ebsite sha be -one a+ter reco,,en-ation +ro, the =ebsite ,anage,ent tea, 4hich sha be constitute- by the .EO an- co,prises o+ Ne4 *n1est,ents2 P@O an- the *.T. 6.3 @e-esigning @e-esigning o+ the 4ebsite sha be -one a+ter e1ery three years an- sha be coor-inate- by the =ebsite ,anage,ent tea,. 11 3! Training and Staff A#areness *n+or,ation an- .o,,unication Technoogy is -yna,ic there+ore training o+ sta++ on upco,ing technoogy is e,phasi7e- to ensure that the Authority is not e+t behin-. To ensure that users ha1e su++icient 6no4e-ge o+ operating co,puter syste,s! & $. A a++ecte- users sha be a-e8uatey traine- on any ne4 upco,ing so+t4are or co,puter har-4are 2. The *.T sta++ sha be traine- consistenty to act as the +irst e1e *.T support in the organi7ation. 3. The Authority sha pro1i-e ree1ant earning ,aterias on *.T in the section an- ,ain ibrary. 12 4! Prohi2ited Acti5ities67ses The iste- actions are prohibite- in the AuthorityAs *.T syste,s $. <o4noa-ing 5o+t4are 4ithout *.T section hea- authority 2. Printing or -istributing copyrighte- ,aterias 3. :se o+ unicense- 5o+t4are ". :sing Authority syste,s to soicit +or persona gain 5. Operating a Business +ro, the o++ice using Authority *.T +aciity 6. :se o+ O++ensi1e or 3arassing state,ents #. 'or4ar-ing inappropriate ,essages %. :se o+ 5urs an- )o6es D. 5exuay oriente- ,essages or ?o6es $0. Accessing =ebsites .ontaining a. Pornographic b. Terroris, c. Espionage -. The+t e. <rugs $$. Ea,bing $2. :nethica Acti1ities $3. Acti1ities -a,aging to the co,pany $". Eranting access to externa persons $5. *,personating another person $6. *ntro-ucing a 1irus 13 8! 0esponse to ICT incidentals D.$ <es6top .o,puters an- Access D.2 Net4or6 D.3 5yste, A-,inistration D." E,ai D.5 *nternet D.6 ;o1e,ent o+ E8uip,ent 14 Fioation o+ the poicy 4i resut in re1ocation>suspension o+ the pri1ieges accor-e- to the *.T users This poicy 4i be re1ie4e- on reguar basis an- users 4i be noti+ie- by e,ai on the changes an- current 1ersion o+ the *.T poicy. 15