Versions Compared

Version Old Version 2 New Version Current
Changes made by

Jan Tenenberg

Jan Tenenberg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following policies and procedures are relevant to this document:

  • Physical Security Design Standards

  • Procedure for Working in Secure Areas

  • Mobile Device Policy

Secure areas

Information must be stored securely according to its classification. A risk assessment must be conducted to identify the appropriate level of protection to be implemented to secure the information being stored.

...

These may include, but are not restricted to, the following:

  • Alarms fitted and activated outside working hours

  • Window and door locks

  • Window bars on lower floor levels

  • Access control mechanisms fitted to all accessible doors (where codes are utilised they should be regularly changed and known only to those people authorised to access the area/building)

  • CCTV cameras

  • Staffed reception area

  • Protection against damage - e.g. fire, flood, vandalism

Staff working in secure areas must challenge anyone not wearing a badge.

...

Paper in an open office must be protected by the controls for the building and via appropriate measures that could include, but are not restricted to, the following:

  • Filing cabinets that are locked with the keys stored away from the cabinet

  • Locked safes

  • Stored in a secure area protected by access controls

All general computer equipment must be located in suitable physical locations that:

  • Limit the risks from environmental hazards – e.g. heat, fire, smoke, water, dust and vibration

  • Limit the risk of theft – e.g. if necessary, items such as laptops should be physically attached to the desk

  • Allow workstations handling sensitive data to be positioned so as to eliminate the risk of the data being seen by unauthorised people

  • Data must be stored on network file servers or approved cloud locations where available. This ensures that information lost, stolen or damaged via unauthorised access can be restored and its integrity maintained.

All servers located outside of the data centre in Vertic Pty Ltd premises must be sited in a physically secure environment.

...

Staff involved with maintenance must:

  • Retain all copies of manufacturer’s instructions

  • Identify recommended service intervals and specifications

  • Enable a call-out process in event of failure

  • Ensure only authorised technicians complete any work on the equipment

  • Record details of all remedial work carried out

  • Identify any insurance requirements

  • Record details of faults incurred and actions required

A service history record of equipment must be maintained so that decisions can be made regarding the appropriate time for it to be replaced.

...