All documents
PDF SUA-v1.0

IT Policy

System User Access Management Policy

Tree (tree.com.hk) · Effective 2026-01-15

Prepared by

Max.chan@mediaworld.com.hk

Approved by

Date

2026-01-15

Version

SUA-v1.0

1 Purpose

This policy ensures that access to Tree (tree.com.hk) systems is granted only to authorized users, based on job needs, and removed when no longer required.

2 Scope

SystemAccess Type
File ServerShared folders, departmental drives, user home folders
QuickBooksAccounting modules based on job role
POS SystemCashier, supervisor, and admin access levels
Online Sales SystemOrder management, product admin, reporting
Office Users + PCsLocal user login (standard user, no admin rights); tree.com.hk email and office applications

Also covers network login, VPN, and remote access where applicable.

3 Policy

3.1 Account Provisioning

  • New accounts created only after approval from manager or HR.
  • Each office user gets a local user account (standard user — no administrator rights).
  • QuickBooks, POS, and online sales accounts granted separately based on job role.
  • Closed internal system with flat role structure — minimum access required for daily duties.

3.2 Authentication

  • Strong passwords per company standards.
  • MFA should be enabled if the application supports it (especially remote/admin).
  • Passwords must not be shared.

3.3 Access Review

  • Review user access at least once per year.
  • Managers confirm team members still require current access.
  • Remove access that is clearly no longer needed.

3.4 Access Changes

  • Role changes, transfers, or promotions require an access update request.
  • Temporary access (e.g., contractors) must have a defined end date.

3.5 Access Termination

  • Disable access on office PC, file server, QuickBooks, POS, and online sales as applicable.
  • HR or manager must notify IT promptly for offboarding.
  • All company devices and credentials must be returned or revoked.

3.6 Privileged Access

  • Office users do not have administrator rights and cannot install software.
  • Software installation and system changes on office PCs are performed by IT only.
  • Admin accounts limited to authorized IT staff; not used for daily routine work.
  • Privileged access must be logged and reviewed regularly.

4 End User Responsibilities

  • Protect login credentials and report suspected compromise immediately.
  • Lock workstations when away from the desk.
  • Do not attempt to install software or change PC settings — request IT.
  • Use access responsibly within the closed internal environment.
  • Report if you can see data or systems you should not have access to.

5 Responsibilities

RoleResponsibility
HR / ManagerRequest account creation, changes, and termination
IT TeamProvision, review, and revoke access; enforce authentication standards
End UsersSafeguard credentials and use access appropriately

6 Review

This policy will be reviewed at least once per year.

Computer Operations Guides: Onboarding