Unit 7: P4 & P5

Unit 7

P4: Disaster Recovery

Disaster recovery is a procedure that is arranged in every organisation to recover damaged equipment that’s has been damaged from disasters. These disasters can be cause by natural disasters such as:

• Earthquakes
• Floods
• Terrorism
• Fire
• Sabotage
• Hacked

Countries and areas that are affected by natural disasters, the organisation within that area will have a disaster recovery procedure in place so that data and equipment are not damaged during the disaster. for example if a hurricane occurs the organisation employees could power off their equipment and also disable servers/network to prevent from further damage to the system. The organisation within that area could arrange a regular backup of their systems to prevent loss of data. If the system is hacked users of the system must be informed on what has happened and also recommend them to change their password, to prevent data being stolen off their account. For example when eBay’s website was compromised they informed all of their users to change the password.

The consequences an organisation will have for not having a disaster recovery procedure in place are that their reputation will be affected because data can be lost or because of downtime and it can also lead on to further damage to equipment. As they did not have a disaster recovery procedure in place to help them recover any damaged equipment or lost data. The impacts organisations will have are that their reputation will be affected and will also lose trust from their customers/users. This is because the organisation has not provided their customers/users with the best service. The organisations income will also be affected as they will have to pay extra for any damages to hardware and software.

Code of conduct

Code of conduct is set of rules and principles that have been placed within an organisation. They are in place for disciplinary, equality, diversity, legislation, to prevent damage to equipment/software or to prevent employees getting harmed in the organisation. Code of conduct is commonly placed in organisation/workplace, in education, military etc. anywhere you are providing service to others. They are there to safely guide the employees within the organisation for day to day decision making. For example in schools there will be code of conducts which the teachers will follow to keep the students safe and also themselves. Code and conduct can also be used on software which the employees use; they will be in place to prevent any threats to the organisations computer systems.

Before joining an organisation you will be expected to sign the code of conduct. This state’s that you will follow the code of conduct and be working safely at the workplace. As you have agreed with the terms and conditions before joining the organisation you must not break them. There will be consequences if failing to follow the code of conduct, these consequences can be fines which the employee or employer receives as they have not followed the code of conduct, as they could have put them in harm’s way, they could also be let go from the organisation because you have not followed your contract rules.

Email Usage

Email usage is when an organisation limits the uses of the users email for security reasons and also to prevent any threats to the network and the system. The users will be unable to use their email for personal use as their will be separate systems for them use for personal use. This is because if the user opens an email which stores virus, the virus could spread throughout the system and also the network affecting them and also the organisation. Organisation will also limit the size of attachments to prevent the system from getting slow during the transfer of the email.

Internet Usage

Internet usage is when the organisation limits the Internet use for the users i.e. for personal use. Organisation will have this policy in place to prevent any threats entering their network or systems and also for security reasons. The users will be unable to visit other sites that are not related to their day to day job, this is so that the users is not distracted from their work and also prevents them visiting sites that may store threats. There will be a separate computer system which the employee could use for personal use in their own time such as lunch breaks etc. The consequences for not having Internet usage policy in place are that viruses could enter the system and damage the software and hardware, which the organisation may have to buy replacements. This can lead them in to downtime which will prevent the users using the computer to do their day to day job. The organisation will lose profit as the employees are unable to work.

Organisation Security

Organisation security is a security procedures that takes place before hiring new staff. This procedure is in place for the safety of the company and also for the safety of other employees. The employer of the organisation will to a number of checks before allowing a new person to join the organisation.

There will need to be a vacancy open if anyone is to join the company. Once there is a vacancy you will be asked to hand your CV in to the organisation or may be asked to apply online or on a paper application which the organisation may provide you with, this allows the employee to see what the people are like. The employer will look through the application and see if the person is a good match to the organisation. Once the employer has chosen the right candidates, they will all be asked to come in for a interview. In the interview you will be asked to bring in a proof of identity such as a drivers licence or password etc. this is for security purpose so that it is the right person coming in for the interview.  Once the interview is over and you have successfully passed the interview you will be asked to come in and sign the contract with the organisation and also the code of conduct. These are for security purposes, so that you do not break any rules and working safely. Breaking the code of conduct you will find consequences, such as losing the job.

During the procedure of signing the contract the employer will do a background check to see if you previously hand any issues. They will do a CRB check which shows if you have a criminal convictions this covers all of you adult life, the employer may also call you previous employer to see what kind of person you are, check the list 99 or credit check. These checks are for security purposes to insure that the employer is hiring a safe person, which they can trust to work in the organisation.

Surveillance policy

Surveillance policy are in place to monitor certain areas within the organisation. Surveillance will not be included in staff rooms or break out areas or any personal places within the organisation. Surveillance can monitor areas of the organisation using a CCTV, GPS tracking of certain equipment, key logging software monitors the keys you press on the computer system or surveillance on computer systems which tracks the data passing through the computer system.

All the employees within the organisation need to be aware of the surveillance policy and also be told to sign the surveillance policy agreement which states you are aware of the surveillance policy, the management and also the union will be informed of the surveillance policy. for example at a colleges all the employees and students will be informed that there is a surveillance policy in place which monitors certain areas of the college campus.

P5: Risk Management

Separation of Duties

Within an organisation it is important that the employers separate the employee’s responsibility. The organisation will have different departments for different jobs this so that one person is not responsible for all the jobs, because having one person responsible for all the jobs will put a lot of pressure on the employee causing them to cause problems during the job. Organisation such as Microsoft will have different departments which will help the company develop their products.

Separation of duties can help the organisation keep their systems secure, as a third party security audit could take place, this is when one technician installs the security software and another technician will get to test their security to see if there are any security breaches on the system. The organisation could also have a third party security which an external company will manage the organisations security, this will benefit the organisation as the third party security is an organisation that only focuses on the security.

Disciplinary process

A disciplinary process is when in an organisation then employer gives a warning to the employee, this could be because they have  broken the rules or are not performing to the organisations standards.

The first warning a employer may give will be a verbal warning this warning will explain what the warning is for, a verbal warning will be given for minor issues that the employee has committed. The verbal warning will last for a minimum of 6 months, if within those 6 months the employee is caught breaking the rules or not performing well, they will get a seconded warning which will be a written warning. The written warning will explain what the employee has done in more detail, this warning will last up to 12 months, once the 12 months is over the warning will be cleared from their profile. The final warning will be a written and also meeting with the employer, in which they will inform the employee that they will be dismissed.  If the employee has committed something serious the employer can instantly dismiss the employee. for example if an employee working at Apple and is caught stealing their product this will lead to instant dismissal, as they have committed a crime.

Training policy (CPD)

A training policy is when the organisation provides the employee with one week of training. The training is there to help the employees work safely within the organisation and also help them develop/improve their skills. for example school teachers will have training days which help them develop their skills. CPD continuing professional development  is when the employer of the organisation tracks and documents the skills and knowledge the employee has developed while working with the organisation.

"note you may be asked to expand on some of the points, so try to add more to the assignment. Also remember not to copy word for word, as their are now software to check for plagiarism, when marking the assignment, try to complete the assignment your own way." [I am not encouraging you to copy this piece is here for educational purposes]