1 Purpose
This policy defines standard practices for the day-to-day operation of IT systems at Tree (tree.com.hk) to ensure reliability, security, and continuity of business services.
2 Scope
| System | Purpose |
|---|---|
| File Server | Shared file storage and user data |
| QuickBooks | Accounting, invoicing, and financial reporting |
| POS System | In-store sales (Visa card via payment gateway — not stored locally) |
| Online Sales System | Online orders and e-commerce (Visa card via payment gateway — not stored locally) |
| Office Users + PCs | Daily office work; local user accounts (no admin rights) |
Also covers network devices, backups, and related infrastructure.
3 Policy
3.1 System Monitoring
- Critical systems (file server, POS, online sales) must be monitored for availability.
- QuickBooks is an end-user application and is not monitored by IT — report failures to Admin (L1).
- Alerts for failures or unusual activity must be reviewed and acted on promptly.
- System logs should be retained for troubleshooting and security review.
3.2 Scheduled Maintenance
- Routine maintenance should follow a defined schedule.
- POS and online sales maintenance should minimize impact on business hours.
- Office users should be notified in advance when maintenance may affect the file server or office PCs.
3.3 Job Processing and Batch Operations
- Daily job processing is part of the end-user daily workflow and is not formally documented as IT batch jobs.
- Each system/software update must be recorded by IT or Admin staff.
- If a daily workflow fails: Admin first (L1) → escalate to outsourced IT (L2).
3.4 Incident Handling
- Report outages/errors to Admin first (Level 1).
- Unresolved issues escalate to outsourced IT (Level 2).
- Incidents must be recorded; restore service quickly and document root cause where practical.
- Repeat incidents should be reviewed to prevent recurrence.
3.5 Capacity and Performance
- System capacity should be reviewed periodically.
- Resources should be upgraded before they cause service disruption.
3.6 Separation of Environments
- Production, test, and development environments should be kept separate.
- Testing must not be performed on live production data without approval and safeguards.
4 End User Guidelines
- Use only approved office PCs with your assigned local user account (standard user — no admin rights).
- Save files to the file server personal folder — not only on local PC storage.
- Report problems to Admin first; escalate to outsourced IT if needed.
- End users cannot install software or change system settings — request via Admin or IT.
5 Responsibilities
- Admin (Level 1): First-line support; record updates and incidents; escalate unresolved issues to IT.
- Outsourced IT (Level 2): Technical support, maintenance, monitoring, and escalated issues.
- System Owners: Define business requirements and priority for critical services.
- End Users: Follow guidance and report issues to Admin promptly.
6 Review
This policy will be reviewed at least once per year.