Page 74 - Phil Reddin Financial Services Ltd DRAFT V1
P. 74

All managers and agents are directly responsible for implementing the policy within their business
               areas and for adherence by their staff.

               It is the responsibility of each employee to adhere to the policy and be familiar with the Information
               Security Procedures document and to inform management of known breaches of the policy. Failure
               to do so will be deemed misconduct and could result in disciplinary action up to and including dismissal
               for cases of gross misconduct. Your attention is drawn to specific breaches of the policy which will
               result in disciplinary action and these are identified in the procedures:

               Section 1 — Visitor Controls

               Section 1.3 — Use of EBS Facilities
               Section 2.1 — Voicemail

               Section 2.3 — USB Keys / Memory Sticks / Removable Disks

               Section 2.4 — Use of Radio

               Section 5.4 — Remote Access Compliance

               Section 7 (Inclusive) — Internet and Email Policy

               Section 8.2 — Password Management
               Section 9.4 — Software Compliance

               7.10.2 Approval
               The  Head  of  Enterprise  Risk  &  Head  of  Information  Security  reviews  the  Policy  and  procedures
               document on an annual basis which is presented to the Operations Management Committee (OMC)
               of EBD for approval.

               In addition, material changes to the Information Security Policy are Board approved on an annual
               basis.

               7.10.3 Support documentation
               The Information Security Policy is supported by a number of more detailed policy and procedures
               addressing specific risks which are attached below.


               7.11 INFORMATION SECURITY SUPPORT POLICIES
               7.11.1 Building Access Control
               It is important that only authorised persons gain access to controlled areas within EBS premises and
               that such entry is recorded both from a security and health and safety perspective. To do otherwise
               could put at risk —
                   •  the personal safety of individuals (especially in times of emergency),
                   •  the property we own, (personal as well as company), and
                   •  the information we hold and use (e.g. unauthorised disclosure, theft, denial of use of systems
                       etc).
               Identity (Id) Cards (including Temporary Id Cards and Visitor Passes) must be worn and be visible at all
               times  while  on  EBS  premises.  Staff  should  use  their  own  ID  Security  swipe  to  gain  access  to  the
               building.



                                                                                             Page 73 of 83
   69   70   71   72   73   74   75   76   77   78   79