Page 76 - Ipsos
P. 76

Information Classification: Internal Use
                                                                       Ipsos Book of Policies & Procedures



                         9.5    Confidentiality of Authentication Details

                   The authentication details (ex: user name, password, token or other authentication means) are to
                   be  considered  private,  and  should  not  be  shared  with  anyone,  either  Ipsos  employee  or  non-
                   employee. You are responsible for all activity occurring under  your account, regardless of who
                   was actually at the keyboard. Unauthorized disclosure/loss of the authentication details must be
                   reported to the local IT in a timely manner, requesting the change of the authentication details.

                   To further  protect  your  account:  lock Windows  (press  Ctrl-Alt-Del  and  choose  Lock  Computer)
                   when you must leave the system logged on and unattended.

                   If you need access to a resource for which you do not currently have permission, you must call
                   the  helpdesk  to  have  access  granted  to  your  own  account;  you  may  not  use  someone  else's
                   account. Password sharing is strictly prohibited. Additionally, all accounts must accurately identify
                   the user.

                   How to create a strong password:
                   Passwords must, as a minimum, contain a mixture of letters, numbers and special characters. In
                   addition it is recommended that you also use a mix of upper case and lower case letters.

                   Example:
                   If  you  want  to  setup  a  Password  like  finewine,  you  can  increase  its  strength  as  follows:
                   F3neW4ne!


                   10.0  Physical Security Policy

                         10.1  Clean Desk and Clear Screen Policy
                   Clear desk and clear screen policy used to reduce the risks of unauthorized access to, or loss of,
                   or damage to, information.

                          Ensure that at any time, unattended working areas are kept clear of all media including,
                          but not limited to paper, DVD, tapes, flash storage, or any other media that may contain
                          secure sensitive data as defined by Ipsos data classification standards.

                          Employee work areas, like cubicles and offices are kept clean and organized, and that all
                          media,  regardless  of  its  classification,  is  not  present  on  work  surfaces,  desks,
                          bookshelves, or unlocked cabinetry if the employee is not present.

                          Ensure that appropriate facilities are available in the office in which media can be stored
                          and locked away, including in lockable closets, filing cabinets and cupboards.










                                                   Page 14 of 17
   71   72   73   74   75   76   77   78   79