Objective ：For security purpose, co

Objective ：For security purpose, computer system, either back office or front office, must be strictly controlled and limited to the access for only authorized person with delegated privileges and rights according to the assigned duties.Procedure ：User Application 1. Employee types will be segregated according to different positions/duties and will be configured by the IT Support Manager with the advice of the computer trainer during the installation of the system, and subject to the review by the Director of Finance. The final configuration will be documented.2. After the establishment of the employee types in the system, a pre-printed user request form designed by the IT Support Manager will be distributed to the concerned Department Heads. On each request for user, the application form must be filled in and specified with the employee type, then approved by the Department Head. Each application request will be subject to proper approval by the Director of Finance & Business Support. The duly approved request will be forwarded to the IT Support Manager for building account for the requested user, One sheet per one applicable program only.3. Contract will be prepare between employee and hotel, to avoid any mis-use.4. IT Support Manager will create the ID and initial password according the form. The user should change the password after they get the initial password.5. Only IT Support Manager can initial the password when the staff forgets the password.6. In case of termination, it is the responsibility of the concerned Department Head to notify the IT Support department immediately at the moment when the notice take into effect. The IT Support Manager must disable all the right for the terminated user with immediate action in order to avoid willful damage to the hotel system. Henceforth, the Personnel Action Form should be circulated to the IT Department to endorse that the necessary action had been taken.Password Administration 1. Director of Finance should have a copy of the master passwords for all Hotel Management System (PMS/ POS/Accounting System, etc), network, PABX, internal mail server and all interfaces from IT Support Manager. These must be retained as part of the confidential papers in the Controller’s office. A copy of each of these latest passwords should also be furnished to the General Manager by way of additional security for the hotel.2. Password must according to following rule:(1) A password must be at least seven characters in length. (Longer is generally better.) (2) It is best if passwords contain at least one alphabetic and one numeric character, in mixed case (at least one upper case).(3) It must be different from previous passwords.(4) It cannot be the same as the user ID.(5) It cannot include the first, middle or last name of the person issued the user ID.(6) It should not contain information easily obtainable about you. This includes license plate, social security, telephone numbers, or street address.(7) Passwords should never be communicated in clear text emails or other forms of electronic communications.3. While password changes can be more often, they should occur whenever there is a belief that the password has been compromised. All passwords for newly activated user IDs must be changed at first use. Automatic expiration timeframes may be implemented on specific systems to force user changes passwords every 3 months.4. It is not advisable to write passwords down or store them near the computer or other device.5. Department Heads should brief their employees not to disclose their own password to any other party and they have to bear all consequences for doing so.

Objective: For security purpose, the computer system, either back office or front office, must be strictly controlled and limited to the access for only authorized person with delegated privileges and rights According to the assigned duties. Procedure: User Application 1. Employee types will be segregated According to different positions / duties and will be configured by the IT Support Manager with the advice of the computer trainer during the installation of the system, and subject to the review by the Director of Finance. The final configuration will be documented. 2. After the establishment of the employee types in the system, a user requests a pre-printed form designed by the IT Support Manager will be distributed to the concerned Department Heads. On each request for the user, the application form must be filled in and specified with the employee type, then approved by the Department Head. Each application request will be subject to proper approval by the Director of Finance & Business Support. Duly approved the request will be forwarded to the IT Support Manager for building accounts for the requested user, One sheet per one applicable program only. 3. Prepare contract will be between the employee and the hotel, to avoid any mis-use. 4. IT Support Manager will create the ID and initial password According the form. The user should change the password after they get the initial password. 5. Only IT Support Manager can initial the password when the staff Forgets the password. 6. In case of termination, it is the responsibility of the concerned Department Head to notify the IT Support department Immediately at the moment when the notice take into effect. The IT Support Manager must disable all the right for the user terminated with immediate action in order to avoid willful damage to the hotel system. Henceforth, the Personnel Action Form should be Circulated to the IT Department to endorse that the Necessary action had been taken. Password Administration 1. Director of Finance should have a copy of the master passwords for all Hotels Management System (PMS / POS / Accounting System, etc), network, PABX, internal mail servers and all interfaces from IT Support Manager. Reviews These must be retained as part of the confidential papers in the Controller's office. A copy of each of Reviews These latest Also passwords should be furnished to the General Manager by way of additional security for the hotel. 2. Password must According to following rule: (1) A password must be at least seven characters in length. (Longer is Generally better.) (2) It is best if passwords Contain at least one alphabetic and one numeric character, in mixed case (at least one upper case). (3) It must be different from previous passwords. (4) It can not be the same as the user ID. (5) It can not include the first, middle or last name of the person issued the user ID. (6) It should not contain Easily obtainable information about you. This includes license plate, social security numbers, telephone numbers, or street address. (7) Passwords should never be communicated in clear text emails or other forms of electronic communications. 3. While password changes can be more Often, they should occur Whenever there is a belief that the password has been compromised. All newly activated passwords for user IDs must be changed at first use. Automatic expiration timeframes may be implemented a specific on systems to force the user changes passwords every three months. 4. It is not advisable to write passwords down or store them near the computer or other device. 5. Department Heads should brief Reviews their employees not to disclose Reviews their own password to any other party and they have to bear all consequences for doing so.