Page 78 - Phil Reddin Financial Services Ltd DRAFT V1
P. 78

•  Be aware of the value of the information contained in the fax document. Agree a time with
                       the sender of a fax and wait by the fax machine for receipt of the fax. If it has to be re-
                       transmitted due to failure keep all copies. If necessary, wait until back at an EBS office before
                       disposing of unwanted pages.
                   •  Check the location of the receiving fax machine; is it in an open area (e.g. general office, open
                       plan environment).
               It is essential that EBS protect its information and that of third parties from unauthorised disclosure
               and theft. Failure to comply with this notice could harm the reputation of EBS and may damage our
               ability to retain and build our business.



               7.13 REMOTE ACCESS SECURITY POLICY
               7.13.1 Scope
               This policy and procedures required to minimise the security risks associated with staff use of EBS
               remote access devices. It also covers the use of personal laptops and desktop PCs used for the purpose
               of remotely connecting to EBS systems.

                   •  Remote  Access  Devices  are  defined  as  any  device  that  allows  inside  access  to  the  EBS
                       Computer Network from a remote location using the public Internet. Such devices include
                   •  EBS  Laptops/Desktop  PC's  or  non  EBS  Laptops/Desktop  PCs.  EBS  policy  is  to  prevent
                       unauthorised access to our network.

               This policy applies to the following:

                   •  Laptop computers owned by EBS;
                   •  Personal laptop / computers authorised for remote access to EBS systems;
                   •  Desktop computers issued by EBS for the purpose of remote access; and
                   •  Desktop computers issued by EBS for the purpose of teleworking.
               The policy applies to all EBS Staff using both laptops owned by the EBS Group and remote access
               enabled  devices  which  are  personally  owned  by  EBS  personnel  and  authorised  for  access  to  EBS
               systems.

               User Responsibilities:

                   •  Defines the policy statements to which the user must agree in order to be issued with an EBS
                       laptop.

               IT Responsibilities:

                   •  Defines the steps taken by IT to protect the Group's asset — both physical and information —
                       as well as restricting access to inappropriate material (these are held by the IT department).

               Peripheral devices are prohibited from connection to laptops and desktop PCs unless explicit approval
               has been received from Information Security. In particular no USB devices can be connected unless
               they are EBS encrypted and approved for use by Information Security.

               7.13.2 Objectives
               To protect the Group's property and information assets.





                                                                                             Page 77 of 83
   73   74   75   76   77   78   79   80   81   82   83