Page 81 - Phil Reddin Financial Services Ltd DRAFT V1
P. 81
EBS laptops must be returned for periodic inspection when requested by the IT Department. EBS also
reserve the right to perform IT health checks on personal laptops and desktop PCs which are used to
connect to the EBS network.
Use of the equipment must at all times comply with the Information Security Policy and Standards.
Use of Non EBS Laptops computers
• The use of laptops not issued by the EBS for business purposes, including remote access, is
only permitted where explicit authorisation has been received from Information Security.
• EBS IT are responsible for implementing the remote access capability.
• The use of personal laptops not authorised by the EBS to connect to the EBS network is also
strictly prohibited.
7.13.7 Incident Notification
• It is the responsibility of each employee to adhere to the policy and to inform management of
known breaches of the Policy. Failure to do so will be deemed misconduct and may result in an
appropriate sanction under the disciplinary procedure.
• Loss or damage of a laptop must be reported to Management, IT Services and the Information
Security department.
• Where EBS laptops require maintenance / repair, IT must be contacted directly. In circumstances
where personal laptops / remote access devices require maintenance you must first confirm that
no EBS sensitive data resides on the device before submitting it to any 3rd parties.
Remote Access: RAS key fobs
• Remote access to EBS systems is provided by RAS key fobs. These items provide access to EBS
secure environments. They must be treated in an appropriate manner i.e. Key fobs must be kept
secure at all times.
• N.B. Keep RAS key fobs separate from a laptop when it is not in use. They must not be stored
within the laptop case itself. If an EBS RAS key fob is misplaced / stolen the end user must inform
IT and Information Security immediately.
7.13.8 Remote Access for Third Parties
The EBS policy for granting remote access to the EBS IT Network to Third Parties is as follows:
Third Parties will only be allowed access to the EBS Network under exceptional circumstances. The
Third Party must apply for approval to the Head of Information Security.
A formal review of the Security Measures Imposed by the Third Party will be carried out by EBS
Information Security to ensure EBS security standards are met in the areas of:
• Physical and Network security;
• Access and Administrative controls;
• Written Information Security Policy to cover controls; and IT Security Department to regulate
controls.
Approved access will be implemented by IT in a secure manner with access restricted — VPN etc.
Third Party Access will be reviewed by Information Security on a regular periodic basis.
Page 80 of 83
