Versions Compared

Version Old Version 8 New Version Current
Changes made by

Jan Tenenberg

Jan Tenenberg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Vertic has developed this IT policy and procedure document under the standard IT protocols to manage the risk associated with ICD. Our goal is to fundamentally protect and deter incidents from occurring, but to also instigate appropriate actions to detect, respond and recover should an incident occur.

Risk Area  

Protect

Deter

Detect

Respond

Recover

Secure offices

X

 

 

 

 

Physical assets

X

 

 

 

 

Client security & Confidential Data

X

X

X

 

 

Client Access

X

 

 

 

 

Monitoring

 

X

X

 

 

System Audits

 

X

X

 

 

Incident Management & Reporting

 

 

 

X

X

Disciplinary Action

X

X

 

 

 

Procedures

X

 

 

 

 

Secure Offices /Work areas

...

When working from non Vertic offices including your home, the same care should be applied where practical.  

Accepting Deliveries (Physical)

When accepting physical deliveries, all Vertic employees must exercise care to not expose their working environment, must accept the delivery, once deemed appropriate, and store securely inside the home/office in accordance with the physical security policies within this document.

Equipment Siting and Protection

All equipment issued by Vertic to its employees must be handled with care and a focus on protecting information. These actions include, but are not limited to, the following:

  • When working in public spaces, ensure a non-transparent wall is behind the employee

  • Ensure that any person walking past can be seen and therefore the environment managed

  • When equipment is unattended or an employee leaves their workstation, they must ensure that:

    • They either enter the lock screen function on their laptop

    • Have an active screensaver which will activate in no more than 3 minutes to lock the screen

    • Close the lid of the laptop to place the equipment in Sleep Mode

Physical Assets

Employees should take care to ensure that Vertic physical assets are in appropriate working order to avoid the risk of any OH&S issue.

All employees are provided a Vertic laptop as part of their employment and are expected to take appropriate means to safeguard this asset at all times, both in and outside working hours. All physical assets are recorded in Vertic’s Asset Register.  

In the scenario of working from home, the following must be place:

...

Lockable Doors

...

Lockable Windows

...

Supporting Utilities

All of Vertic’s employee use laptops and mobile that independently charge in case of power outages; this ensures that we have continued service. All of Vertic’s online services, like Salesforce and Atlassian, have their own data centres (and/or rely on Amazon AWS); this means that we are protected by multiple safeguards against utility and power failures.

Disposal of e-Waste

Once an existing digital assets, such as a laptop or phone, has been decomissioned, it must be disposed of correctly by using an accredited e-waste disposal agency for which a destruction certificate must be provided as proof of such a disposal.

Privileged Utility Programs

In cases where specialist supporting utilities are required to be managed, only the following authorised employees are able to do so:

  • Jan Tenenberg

  • Stephen Kent

  • Matt Romeo

This might include virus scanning software, specialist source code scanning software among others.

Accepting Deliveries (Physical)

When accepting physical deliveries, all Vertic employees must exercise care to not expose their working environment, must accept the delivery, once deemed appropriate, and store securely inside the home/office in accordance with the physical security policies within this document.

Equipment Siting and Protection

All equipment issued by Vertic to its employees must be handled with care and a focus on protecting information. These actions include, but are not limited to, the following:

  • When working in public spaces, ensure a non-transparent wall is behind the employee

  • Ensure that any person walking past can be seen and therefore the environment managed

  • When equipment is unattended or an employee leaves their workstation, they must ensure that:

    • They either enter the lock screen function on their laptop

    • Have an active screensaver which will activate in no more than 3 minutes to lock the screen

    • Close the lid of the laptop to place the equipment in Sleep Mode

Physical Assets and Cable Management

Employees should take care to ensure that Vertic physical assets are in appropriate working order to avoid the risk of any OH&S issue.

All employees are provided a Vertic laptop as part of their employment and are expected to take appropriate means to safeguard this asset at all times, both in and outside working hours. All physical assets are recorded in Vertic’s Asset Register.  

In the scenario of working from home, the following must be place:

  • Lockable Doors

  • Lockable Windows

  • Blinds or Curtains to shut off external visibility

We recognise that any cables coming into the home office environment (like Telstra Internet) is not within the control of Vertic employees, but as soon as the cables enter the home, the following care must be taken:

  • Ensure cables are secure and not damaged

  • Ensure that cables can’t be damaged, for example by dogs, young kids, etc

  • Ensure the length of the cable is as short as it needs to reasonably be to accomodate the need

VIRUS PROTECTION  

Viruses have the potential to disrupt Vertic business and access sensitive Vertic and client data.  Controls are required to prevent, detect and correct the effects of malicious code.

...

INFORMATION BACKUP

All of Vertic’s systems and software are online; we do not host any software solutions on-premise and therefore rely on our consumed software services’s backup and redundancy procedures as detailed below:

DATA STORAGE

All Vertic employees have been assigned an Office 365 account and as such have access to the Vertic SharePoint site. All work related material must be stored within this environment. If you are not sure where specifically to store data within this environment, please consult your LOB Manager.

...

Depending on the nature of the inappropriate use of Vertic ICD, non-compliance with this Policy may constitute:

  1. A breach of employment obligations;

  2. Serious misconduct;

  3. A criminal offence;

  4. A threat to the security of the company’s ICD;

  5. An infringement of the privacy of employees and other persons; and/or

  6. Exposure to legal liability.

Non-compliance with this Policy will be regarded as a serious matter and appropriate action will be taken.

...