Page 80 - Phil Reddin Financial Services Ltd DRAFT V1
P. 80

Users of remote access devices must accept the fact that the Group will not be liable for any health
               and safety issues pertaining to keyboard and display limitations on personally owned IT equipment.

              Responsibility for Physical & Technical Security

               Users must be aware of and accept the terms and conditions of use, including responsibility for the
               security of information held on such devices. Where personal laptops have been approved for remote
               access to EBS systems, it remains the user's responsibility to ensure that up to date Anti Virus / Anti
               Spyware software is in place. EBS reserves the right to perform IT health checks on remote access
               devices and withdraw access where security is deemed to be inadequate.

               Laptops issued to EBS Staff members remain the property of the EBS. When a laptop is issued to a staff
               member, the staff member assumes temporary custody of the laptop.

               Should a staff member no longer require access to the laptop for a prolonged period of time (e.g.
               annual leave) they are advised to return the laptop to EBS for secure storage.

               Upon leaving the employment of the EBS, the staff member must return the remote access device
               (where owned by EBS), including any secure access tokens and/or peripheral devices, to IT Services.
               This releases the staff member from the custody of the remote access device.

              Travelling with EBS Laptops
               Persons who are using remote access enabled laptops and who travel for business purposes must be
               conscious of the information security issues relating to the laptop and implement the appropriate
               safeguards. At a minimum:

                   •  The laptop must not be left unattended in a public place.
                   •  When travelling the laptop must always be carried as hand luggage if so permitted by the
                       airline etc.
                   •  The laptop must not be left unattended when powered on, except where the screen is 'locked'
                       by password protection.
                   •  Always enable power on password to provide an additional security control.


              Backing up of Data

               For those personnel in possession of RAS key fobs, remote access to EBS systems is facilitated. All high
               priority data should be saved to the user's remote desktop / document storage folder.

              User authentication

               Appropriate passwords and logon IDs are currently one of the principal means of validating a user's
               authority to access a computer system. Appropriate password protection is to be used as defined by
               the Information Security policy.

               For those users in possession of an EBS laptop if you think that your encryption password has become
               known to anyone outside the EBS, you are required to inform your Manager immediately.

               7.14.6 Ownership of Laptops
               EBS laptops, associated peripherals and software are the property of EBS and must be treated as such
               at all times by the custodian.



                                                                                             Page 79 of 83
   75   76   77   78   79   80   81   82   83   84