Virtualization and Cloud Server Management Policy

• Table of Contents

  • EDC Inc Virtualization and Cloud Server Management Policy
  • 1.0 Policy Statement
  • 2.0 Scope
  • 3.0 Roles and Responsibilities
  • 4.0 Virtualization Management
  • 5.0 Cloud Server Management
  • 6.0 User and Service Account Management
  • 7.0 Patch Management
  • 8.0 Compliance
  • Summary

EDC Inc Virtualization and Cloud Server Management Policy

This policy outlines the guidelines and procedures for the management of virtualization and cloud servers at EDC Inc. It is designed to ensure the security, integrity, and optimal performance of our IT infrastructure.

1.0 Policy Statement

EDC Inc is committed to maintaining a robust, secure, and efficient IT infrastructure. This includes the effective management of our virtualization and cloud server environments. This policy provides the framework for managing these environments in a manner that supports our business objectives while ensuring compliance with all relevant regulations and standards.

2.0 Scope

This policy applies to all EDC Inc employees, contractors, and third parties who are responsible for the management of virtualization and cloud servers. This includes, but is not limited to, the IT Server Operations, IT Server Build Operations, IT-SOC, Corporate Physical Security, IT Security Operations, IT Monitoring Operations, IT Database Operations, and IT Audit and Compliance departments.

3.0 Roles and Responsibilities

• The IT Director of each department is responsible for ensuring compliance with this policy within their respective departments.
• Managers are responsible for enforcing this policy and ensuring that all staff are aware of their responsibilities.
• The IT Security Operations department is responsible for approving any “IT Exceptions” to this policy.
• The IT Server Operations department is responsible for managing OS patching.

4.0 Virtualization Management

All virtual servers must be registered in the CMDB inventory management tool. This includes details of the server’s configuration, purpose, and the services it hosts. Any changes to a virtual server’s configuration must be approved by the CAB and updated in the CMDB.

5.0 Cloud Server Management

All cloud servers must be registered in the CMDB inventory management tool. This includes details of the server’s configuration, purpose, and the services it hosts. Any changes to a cloud server’s configuration must be approved by the CAB and updated in the CMDB.

6.0 User and Service Account Management

All user and service accounts must be managed through Active Directory. This includes the creation, modification, and deletion of accounts. Any changes to user or service accounts must be approved by the CAB and updated in the CMDB.

7.0 Patch Management

All servers must be patched every 30 days, unless an “IT Exception” is approved by IT Security. The IT Server Operations department is responsible for managing OS patching. Any changes to the patching schedule must be approved by the CAB and updated in the CMDB.

8.0 Compliance

All departments are responsible for ensuring compliance with this policy. This includes regular audits by the IT Audit and Compliance department. Any non-compliance issues must be reported to the relevant IT Director and addressed in a timely manner.

Summary

This policy provides a comprehensive framework for the management of virtualization and cloud servers at EDC Inc. It outlines the roles and responsibilities of various departments, as well as the procedures for managing servers, user and service accounts, and patching. By adhering to this policy, EDC Inc can ensure the security, integrity, and optimal performance of our IT infrastructure.