Page 74 - Phil Reddin Financial Services Ltd DRAFT V1
P. 74
All managers and agents are directly responsible for implementing the policy within their business
areas and for adherence by their staff.
It is the responsibility of each employee to adhere to the policy and be familiar with the Information
Security Procedures document and to inform management of known breaches of the policy. Failure
to do so will be deemed misconduct and could result in disciplinary action up to and including dismissal
for cases of gross misconduct. Your attention is drawn to specific breaches of the policy which will
result in disciplinary action and these are identified in the procedures:
Section 1 — Visitor Controls
Section 1.3 — Use of EBS Facilities
Section 2.1 — Voicemail
Section 2.3 — USB Keys / Memory Sticks / Removable Disks
Section 2.4 — Use of Radio
Section 5.4 — Remote Access Compliance
Section 7 (Inclusive) — Internet and Email Policy
Section 8.2 — Password Management
Section 9.4 — Software Compliance
7.10.2 Approval
The Head of Enterprise Risk & Head of Information Security reviews the Policy and procedures
document on an annual basis which is presented to the Operations Management Committee (OMC)
of EBD for approval.
In addition, material changes to the Information Security Policy are Board approved on an annual
basis.
7.10.3 Support documentation
The Information Security Policy is supported by a number of more detailed policy and procedures
addressing specific risks which are attached below.
7.11 INFORMATION SECURITY SUPPORT POLICIES
7.11.1 Building Access Control
It is important that only authorised persons gain access to controlled areas within EBS premises and
that such entry is recorded both from a security and health and safety perspective. To do otherwise
could put at risk —
• the personal safety of individuals (especially in times of emergency),
• the property we own, (personal as well as company), and
• the information we hold and use (e.g. unauthorised disclosure, theft, denial of use of systems
etc).
Identity (Id) Cards (including Temporary Id Cards and Visitor Passes) must be worn and be visible at all
times while on EBS premises. Staff should use their own ID Security swipe to gain access to the
building.
Page 73 of 83