All documents
PDF COP-v1.0

IT Policy

Computer Operations Policy

Tree (tree.com.hk) · Effective 2026-01-15

Prepared by

Max.chan@mediaworld.com.hk

Approved by

Date

2026-01-15

Version

COP-v1.0

1 Purpose

This policy defines standard practices for the day-to-day operation of IT systems at Tree (tree.com.hk) to ensure reliability, security, and continuity of business services.

2 Scope

SystemPurpose
File ServerShared file storage and user data
QuickBooksAccounting, invoicing, and financial reporting
POS SystemIn-store sales (Visa card via payment gateway — not stored locally)
Online Sales SystemOnline orders and e-commerce (Visa card via payment gateway — not stored locally)
Office Users + PCsDaily office work; local user accounts (no admin rights)

Also covers network devices, backups, and related infrastructure.

3 Policy

3.1 System Monitoring

  • Critical systems (file server, POS, online sales) must be monitored for availability.
  • QuickBooks is an end-user application and is not monitored by IT — report failures to Admin (L1).
  • Alerts for failures or unusual activity must be reviewed and acted on promptly.
  • System logs should be retained for troubleshooting and security review.

3.2 Scheduled Maintenance

  • Routine maintenance should follow a defined schedule.
  • POS and online sales maintenance should minimize impact on business hours.
  • Office users should be notified in advance when maintenance may affect the file server or office PCs.

3.3 Job Processing and Batch Operations

  • Daily job processing is part of the end-user daily workflow and is not formally documented as IT batch jobs.
  • Each system/software update must be recorded by IT or Admin staff.
  • If a daily workflow fails: Admin first (L1) → escalate to outsourced IT (L2).

3.4 Incident Handling

  • Report outages/errors to Admin first (Level 1).
  • Unresolved issues escalate to outsourced IT (Level 2).
  • Incidents must be recorded; restore service quickly and document root cause where practical.
  • Repeat incidents should be reviewed to prevent recurrence.

3.5 Capacity and Performance

  • System capacity should be reviewed periodically.
  • Resources should be upgraded before they cause service disruption.

3.6 Separation of Environments

  • Production, test, and development environments should be kept separate.
  • Testing must not be performed on live production data without approval and safeguards.

4 End User Guidelines

  • Use only approved office PCs with your assigned local user account (standard user — no admin rights).
  • Save files to the file server personal folder — not only on local PC storage.
  • Report problems to Admin first; escalate to outsourced IT if needed.
  • End users cannot install software or change system settings — request via Admin or IT.

5 Responsibilities

  • Admin (Level 1): First-line support; record updates and incidents; escalate unresolved issues to IT.
  • Outsourced IT (Level 2): Technical support, maintenance, monitoring, and escalated issues.
  • System Owners: Define business requirements and priority for critical services.
  • End Users: Follow guidance and report issues to Admin promptly.

6 Review

This policy will be reviewed at least once per year.

Physical Security Next: User Access