IT Policy

IT Policy

The purpose of this Information Technology (IT) policy is to ensure the effective protection and proper usage of the IT Systems Access by KONSULTANT. Any access, logins and any other relevant information provided to KONSULTANT is protected by policy adhere to this document.

Client is responsible for ensuring all required information by KONSULTANT is given in timely and secure manner. Delayed or invalid information which may cause delays in delivery of project.

  1. Vendor access to KONSULTANT is granted solely for the work contracted and for no other purposes.
  2.  Client must comply with all applicable KONSULTANT policies, practice standard and agreements, including, but not limited to:
    • Privacy Policy
    • Security Policy
    • Auditing Policy
    • Change Management Policy
    • Software Licensing Policy
    • KONSULTANT code of Conduct
  3. If applicable, client must provide their copy of Security and Privacy policy to KONSULTANT before execution of work specified in the scope of the project.
  4. KONSULTANT is bound to return, destruction or disposal of information by the end of project.
  5. Any other information provided to KONSULTANT in the course of contract cannot be used for KONSULTANT’s own purpose or divulged to others.
  6. Where applicable, client will provide a technical point of contact for the KONSULTANT. The point of contact will work with the KONSULTANT to ensure the compliance of their policies.
  7. Before the commencement of the agreement the appropriate implementation of client change management processes will be determined by client in consultation with KONSULTANT. This will include such things as the definition of standard changes, level and type of communications around changes, and responsibilities around technical vulnerability management and security incident reporting.
  8. At the commencement of the agreement, Standard Changes, as defined in the context of the client’s change management system, must be clearly identified and agreed upon by the client and KONSULTANT.
  9. All deployments related to client’s SOW is bound to be deployment files only. Design and any other source code will solely remain with KONSULTANT. Which can be later procured by client on request.
  10.  All work and changes that are identified as impacting on other client systems must be entered into the client Change Management System by the client point of contact or, where applicable, the business owner point of contact. Activities include, but are not limited to, such events as software/operating system updates/patches, password changes, project milestones, changes to deliverables, and commencement and completion times, wherever possible.
  11. KONSULTANT work activities on client systems may be monitored and logged for comparison to Change Management System records.
  12.  Before the commencement of the project methods for:
    • The monitoring and review of service performance
    • logging activities
    • submission of KONSULTANT reports
    • role and responsibilities regarding problem management
    • will be determined by the client in consultation with KONSULTANT.
  13. KONSULTANT will provide client with a list of all employee names working on the contract. The list must be updated and provided to client within 24 hours of staff changes, wherever possible.
  14. KONSULTANT Access must be uniquely identifiable and password must comply with the password policy
  15. If appropriate, regular work hours and duties will be defined in the contract. Work outside of defined time-frames must be approved by the appropriate client business owners.
  16. All KONSULTANT maintenance equipment on the client network that connects to the internet via any means, and all KONSULTANT accounts, will remain disabled except when in use for authorized maintenance
  17. Upon departure of a KONSULTANT or KONSULTANT employee from the contract for any reason, KONSULTANT will ensure that all sensitive information is collected and returned to client or destroyed within 24 hours.
  18. Upon termination of contract, or at the request of client, KONSULTANT will return or destroy all client information and provide written certification of that return or destruction within 24 hours.
  19. All software provided by the client for the use of KONSULTANT must be properly inventoried and licensed.
  20. KONSULTANT will require access within scope of the project. Client must update access control if scope of the project changes.