Title Page

  • Document No.

  • Audit Title

  • Client / Site

  • Conducted on

  • Prepared by

  • Location
  • Personnel

IT Golden Rules 2017

  • Read Aston International IT Standards and Guidelines Document

  • Maintain documentation of your network diagram, admin passwords, device maintenance history, device inventory and layout.

  • - Is there an Inventory list documentation ? (Status, purchase history)

  • - Is there a documentation of user account list and keep in Keepass ? (PMS, E-mail, Domain, other systems)

  • - Is there a maintenance log book for all devices ?

  • - Is there a Complete Network Diagram? <br>(Router, Switch, Access Point and other network devices, Outlet Data and Access Point Placement layout)

  • - Is there a Network Config Documentation? (Device configuration, system access)

  • Enter your hotel statistic data every month to AstonData.com

  • - Do they have the access and know how to entry data statistic?

  • - All the statistics item has for the last three month has been input?

  • Make sure the server room is always locked, access is limited and the keys are stored in a safe place.

  • - Is it Always Locked ?

  • - Only limited person has the access (IT, Security, Eng, Duty Manager)

  • - Is the key stored in a safe place?<br>(Security / Pass Code)

  • - Is there a log book?

  • Make sure the server room is always clean. Clean the floors with a mop. Dust equipment with dry pressurized air. The server room and computer parts should only be cleaned by the IT staff – you should mop the floor – not housekeeping. Be careful not to get equipment wet. Clean all BOH keyboards and mice once every two months.

  • - Is the floor clean?

  • - Are all the devices in control room are clean? <br> (No Dust and Device's fan are also clean)

  • - Are all the devices in distribution panel/room room are clean? <br> (No Dust and Device Fan clean also)

  • - Is there any flammable materials inside the control room?<br> (such as : Multiplex Wood, Paper box or any paper materials)

  • Keep your server room temperature between 20 to 24 degrees Celsius at all times, with humidity between 30% to 60%. Have a small alarm go off if the temperature or humidity is not ideal. If possible, have an automatic email be sent to you and the duty manager as well.

  • - Is Thermometer available?

  • - Temperature and Humidity monitoring tools can send email notifications?

  • - Is Humidity meter/Sensor available?

  • - Are the room temperature and humidity correct?

  • All employees should be using our Google Apps Webmail from our official domain name, not Outlook or anything else. At no point are Gmail, Yahoo, Hotmail or any other personal email services allowed for business use.

  • If you are unsure about something please email ITHelp@ArchipelagoInternational.com. <br>Is the IT staff send questions to IThelp@archipelagointernational.com?

  • Any request related to email administration please send it to EmailAdmin@archipelagointernational.com

  • Teach all employees to check their email quota every month and delete emails if over 90%. <br>Is there any training recorded for this?

  • Teach employees how to recognize a “suspicious” email attachment and not to open files from people they don’t know.<br>Is there any training recorded for this?

  • Have all employees with an email account read our rules about email etiquette.<br>Is there any training recorded for this?

  • Check that all HODs are able to check their email from their phone. Report to us if someone is not able to because their phone is ancient.

  • If the hotel is not following all of our IT equipment standards, they should plan on purchasing the equipment gradually, year by year. A budget should be allocated, planned and sent to the corporate office to review IT spending each year at 1st of June.

  • - Is the 2017 IT budget follows our IT guideline and investment priority?

  • - Is there any IT Budget planning for the 2018?

  • - Is the 2018 IT Budget Submitted to Corporate Office?

  • - Is there any budget for Meraki license?

  • You must have a Meraki MX80 or MX100 for your hotel. If your hotel is more than 200 rooms, you should have the MX100, if it’s less than 200 rooms, you may use the MX84.

  • All hotels should have 100 Mbps internet connection. Fave or Neo with below 200 rooms inventory can have 50 Mbps internet connection.

  • There should be only one Wi-Fi SSID for the guests, which is the same throughout the hotel – they should be able to walk from their room to restaurant or lobby and be seamlessly connected. If you are an Aston hotel the guest SSID should be “Aston”, if you are a Fave, the SSID should be “Fave” etc. for each brand. Use “BOH” for BOH Wi-Fi.

  • Make sure your Wi-Fi is secured by WPA2. There should be no walled gardens, splash pages, advertisements or other login pages.

  • Please follow our Wi-Fi password recommendations; we have a new password every 2 months that all our hotels use.

  • Guests should only have to enter the password to connect to our Wi-Fi at most once per day.

  • <br>Make sure your Wi-Fi network is not using overlapping channels as much as possible.<br>

  • Monitor your internet traffic by watching your MRTG and your Meraki dashboard every day.

  • You should have a PMS recovery plan procedure with minimum data lost (Maximum 6 hours of data lost)

  • - Is there a backup Server ?

  • - Is your server recovery plan below 6 hours?

  • Make sure you have an offsite PMS backup plan that is approved by the Archipelago Corporate Office. Test your backups and replication every month to make sure they are working properly. You should be able to restore to a fully functional state in less than 6 hours after the failure.

  • - Does the backup store at separate places? minimum 2 place : Backup Server and Other storage outside server room.

  • - Is it tested regularly ? (monthly) checked the log

  • - Can we do a failover test ?

  • - Is there any SOP Documentation related to database offsite backup?-

  • You must have a CO2 or Halotron or FM200 Fire Extinguisher no further than 4 meters away from your server rack. Check that it works every 12 months – understand asphyxiation, and cold burn risks before using it.

  • - Is there a proper Fire Extinguisher located near the Server/Control Room ?

  • - Make sure it is still valid (not expired)

  • - Is it located no further than 4 meters from Control Room and also located outside the control room ?

  • All users should be running as “Standard User” – this means they cannot install anything.

  • Make sure a domain controller is setup with all computers joined to the domain and everyone using domain accounts.

  • All computers and servers should be forced to check and install System Updates automatically, everyday.

  • All computers should have Microsoft Security Essentials installed and kept up to date. Only one antivirus solution should be installed, not multiple.

  • Keep all software installed on all computers up to date. Check once a week for new versions and updates.

  • All employees should be using Google Chrome as their default browser.

  • Enforce password complexity requirements to all users via group policies. Minimum 8 character passwords and they must change their password at least every 6 months. They cannot use old passwords.

  • All laptops should be “Full Disk Encrypted” with trucrypt. Try to buy laptops with an AES-NI capable processor.

  • Make sure all computers automatically password lock after 10 minutes of inactivity.

  • Set a group policy for all computers to go to sleep after 30 minutes of inactivity and hibernate after 90 minutes.

  • Illegal software is not allowed. There are many open source / free alternatives if you don’t have the money. Prefer to use free open source software alternatives rather than expensive proprietary options. For example, use ImgBurn to burn CD/DVDs, use Paint.net for image editing, use 7zip instead of WinZip or Rar, use Picasa as a photo viewer/organizer, use Keepass for password management, use the Windows Snipping Tool to take screenshots, etc. is there any illegal software use in the hotel?

  • Pornography, social networking, online video and other bandwidth or time wasting websites should be blocked from employees.

  • Enforce the policy that users are not allowed to let other people use their account, without their constant supervision – but this should be avoided as much as possible. Check if FO or any other staff are not using shared account (Email, VHP, DC, etc)

  • Teach all employees that they are never to share their password with anyone, even you.<br>Is there a training record for this?

  • Teach employees to lock their computer (Windows Key + L) or log off when they leave their computer.<br>Is there a training record for this?

  • Teach employees to turn off their monitor when leaving their desk and turn off their computer at the end of the day.<br>Is there a training record for this?

  • Employees are financially responsible for any damage they do to their computer, such as spilling a drink.<br>Is there a training record for this?

  • Teach employees not store sensitive information on their computer; like credit card information. Encrypt it or keep it in their webmail. If the computer handles credit card data, bank account information (even just logging into bank websites), or other sensitive information it should be using full disk encryption (truecrypt).<br>Is there a training record for this?

  • Teach everyone, if accessing sensitive data through their email, they should use https.<br>Is there any training record for this?

  • Teach employees that their computer is not their property; they should assume everything they do is being monitored by the IT department. They should not be using computers, printers, or scanners for personal purposes.<br>Is there any training record for this?

  • Storing music, movies, games, personal photos and the like are not allowed on work related computers.<br>There should be no personal files in company computers.

Aston Data Application

  • Is the hotel using the Membership application and responding to Butler Chat request? <br>Check the hotel's response time.

  • Is the hotel input their DRR report everyday?<br>If they are not input DRR report for the last 5 days, it will be considered as fail (No)

  • Is the hotel use the Employee Databse

  • Is the hotel IT staff submit their statistic data for the last 2 months?

  • Is the hotel use the recruitment application? Check if the last hired staff has their data in astondata.com/jobs

Fail Over Procedure (FOP)

  • Is there any FOP for internet connection

  • Is there any FOP for Interface PC?

  • Is there any FOP for FO (front Desk) PC

  • Is there any FOP for Key encoder

  • Is there any FOP for POS & Bill printer

  • Is there any FOP for main router / security appliance

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.