INFORMATION SECURITY POLICY

Purpose of the Policy

This policy provides guidelines for the protection and use of information technology assets and resources within the business to ensure integrity, confidentiality and availability of data and assets.

Procedures

Physical Security

For all servers, mainframes and other network assets, the area must be secured with adequate ventilation and appropriate access through such as keypad, lock, biometric machine etc.

It will be the responsibility of IT Dept. to ensure that this requirement is followed at all times. Any employee becoming aware of a breach to this security requirement is obliged to notify IT Dept. immediately.

All security and safety of all portable technology such as laptop, notepads, iPad, BitLocker Key, iPhone etc. will be the responsibility of the employee who has been issued with the such as laptop, notepads, iPads, mobile phones etc. Each employee is required to use such as locks, passwords, BitLocker etc. and to ensure the asset is kept safely at all times to protect the security of the asset issued to them.

In the event of loss or damage, Management will assess the security measures undertaken to determine if the employee will be required to reimburse the business for the loss or damage.

All laptops, notepads, iPads etc. when kept at the office desk is to be secured by such as keypad, lock, password etc. provided by System Administrator.

Information Security

All relevant data to be backed up – either general such as sensitive, valuable, or critical business data or provide a checklist of all data to be backed up is to be backed-up.

It is the responsibility of System Administrator to ensure that data back-ups are conducted on regular interval as per backup policy and the backed-up data is kept on cloud\ Egnyte.

All technology that has internet access must have anti-virus software installed. It is the responsibility of System Administrator to install all anti-virus software and ensure that this software remains up to date on all technology used by the business.

All information used within the business is to adhere to the privacy laws and the business’s confidentiality requirements. Any employee breaching this will be referred to Management who will review the breach and determine adequate consequences

Technology Access

Every employee will be issued with a unique identification code to access the business technology and will be required to set a password for access every 30 days.

Each password is to be such as number of alpha, one cap letter and numeric etc. and is not to be shared with any employee within the business.

System Administrator is responsible for the issuing of the identification code and initial password for all employees.

Where an employee forgets the password or is ‘locked out’ after three attempts, then System Administrator is authorised to reissue a new initial password that will be required to be changed when the employee logs in using the new initial password.

The following table provides the authorisation of access:

Employees are only authorised to use business computers for personal use such as internet usage, mobile etc.

For internet and social media usage, refer to the HR Policies and Procedures.

It is the responsibility of System Administrator to keep all procedures for this policy up to date.

Policy Revision History