Policy Management
Server Configuration Policy
Purpose
The purpose of this policy is to define standards, procedures, and restrictions for new servers being installed on [TT Tech High School]’s internal network(s) or related technology resources via any means. This can include, but is not limited to, the following:
• Internet servers (FTP servers, Web servers, Mail servers, Proxy servers, etc.).
• Application servers.
• Database servers.
• File servers.
• Print server.
• Third-party appliances that manage network resources.
This policy also covers any server device outsourced, co-located, or hosted at external/third-party service providers, if that equipment resides in the [ITT Tech High School].com" domain or appears to be owned by [ITT Tech High School].
The overriding goal of this policy is to reduce operating risk. The [ITT Tech High School] Server Configuration Security Policy will: • Eliminate configuration errors and reduce server outages. • Reduce undocumented server configuration changes that tend to open up security vulnerabilities. • Facilitate compliance with the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley which requires companies to institute IT controls and demonstrate that the controls are working. • Protect corporate data, networks, and databases from unauthorized use and/or malicious attack.
Therefore, all new server equipment that is owned and/or operated by [ITT Tech High School ] must be provisioned and operated in a manner that adheres to company-defined processes for doing so.
Scope
This policy applies to all [ITT Tech High School] company-owned, company-operated, or company-controlled server equipment. Addition of new servers within corporate facilities will be managed at the sole discretion of IT. Non-sanctioned server installations, or use of unauthorized equipment that manage networked resources within the organizational campus, is strictly
Purpose
The purpose of this policy is to define standards, procedures, and restrictions for new servers being installed on [TT Tech High School]’s internal network(s) or related technology resources via any means. This can include, but is not limited to, the following:
• Internet servers (FTP servers, Web servers, Mail servers, Proxy servers, etc.).
• Application servers.
• Database servers.
• File servers.
• Print server.
• Third-party appliances that manage network resources.
This policy also covers any server device outsourced, co-located, or hosted at external/third-party service providers, if that equipment resides in the [ITT Tech High School].com" domain or appears to be owned by [ITT Tech High School].
The overriding goal of this policy is to reduce operating risk. The [ITT Tech High School] Server Configuration Security Policy will: • Eliminate configuration errors and reduce server outages. • Reduce undocumented server configuration changes that tend to open up security vulnerabilities. • Facilitate compliance with the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley which requires companies to institute IT controls and demonstrate that the controls are working. • Protect corporate data, networks, and databases from unauthorized use and/or malicious attack.
Therefore, all new server equipment that is owned and/or operated by [ITT Tech High School ] must be provisioned and operated in a manner that adheres to company-defined processes for doing so.
Scope
This policy applies to all [ITT Tech High School] company-owned, company-operated, or company-controlled server equipment. Addition of new servers within corporate facilities will be managed at the sole discretion of IT. Non-sanctioned server installations, or use of unauthorized equipment that manage networked resources within the organizational campus, is strictly