|
A brief explanation of the purpose of each policy
The purpose of the Acceptable Use Policy is to ensure that computer systems and networks are operated in an effective, safe, ethical and lawful manner... The purpose of the Access Control Policy is to ensure that access to information, computer systems and networks is available to all authorised personnel... This policy is about the need to protect computer systems and networks from viruses, trojans, worms, bots and malware... The purpose of the Business Continuity Policy sets out the policies that will ensure business will continue in the event that its computer systems and networks are affected by a security incident. Communications Equipment Policy The purpose of the Communications Equipment Policy is to advise acceptable use with regard to devices and systems used for the purposes effecting business communication... Computer System and Equipment Use Policy The purpose of the Computer System and Equipment Use Policy is to advise acceptable use with regard to the equipment in their care... Computers for Councillors Policy The purpose of the Computers for Councillors Policy is to ensure that computers used for Council business are compatible with the Council’s system, to protect internal Council systems from viruses and malware and to simplify management and maintenance. The policy also ensures acceptable use of Council equipment by Councillors. Cyber Crime and Incident Handling Policy The purpose of the Cyber Crime and Security Incident Policy is to ensure that the correct procedures are followed should an event of cyber crime or a security incident be experienced... The purpose of the E-Commerce Policy is to provide some guidelines for configuring systems to safely conduct business over the Internet as an alternative service channel... The purpose of this policy is to provide a framework that ensures that the organisation is informed about the applicability of policies and laws relating to email. Users of these email services are informed about how concepts of privacy and security apply to email and the limitations surrounding the use of email. The purpose of the Encryption Key Policy is to make certain that encryption keys are suitably managed throughout their life cycle... The purpose of the Firewall Policy is to ensure that the external perimeter defence for computer systems is configured, managed and maintained to prevent the occurrence of a major security threat. The purpose of the Hardware Management Policy is to ensure that the correct processes and procedures are employed when purchasing, deploying, maintaining and replacing hardware and other equipment... The Information Management Policy sets out the guidelines for managing electronic information... The purpose of the Internet Use Policy is to ensure that the Internet is used predominantly for business purposes, is utilised in a secure, ethical and lawful manner and it is the responsibility of every computer user to know these policies and to conduct their activities accordingly. The purpose of this policy is to inform those who have been allocated a laptop computer of the company's requirements for its use and care. Theft, loss or damage to laptop computers is becoming increasingly commonplace. The costs of replacement are not just financial and include loss of data, lost productivity, increased insurance premiums and the time to configure and set up a new machine. There are also risks associated with the loss or exposure of sensitive, unique or personal information including reputation, commercial and privacy and this policy seeks to mitigate these risks. The purpose of the Legal Compliance Policy is to ensure that staff understand the implications of the legislation pertaining to Privacy, Confidentiality, Copyright, Intellectual Property and Misrepresentation in respect to information and information systems. The purpose of the Network Management Policy is to protect internal systems from abuse or exploitation and sets the parameters for managing, designing and connecting to information systems. Password and Authentication Policy This policy describes the authentication requirements for accessing internal computers and networks irrespective of the location of the user... The purpose of the Personnel Management Policy is to minimise the threat of a security breach involving unauthorised access as it has been proven that the biggest security threat comes from within the organisation. The purpose of the Physical Access Policy is to protect internal systems from harm, abuse or exploitation and for controlling the environmental conditions for information systems... This policy describes the security requirements for remote access connections to internal computers and networks... Note: There is also a Remote Access Agreement document and an Application for Remote Access form. The purpose of the Software Management Policy is to ensure that the correct processes and procedures are employed with regard to software applications... The purpose of the Special Access Policy is to ensure that only those users needing special access rights to computer systems and networks are granted them, with the appropriate controls. |
|
© 2004 Kaon Technologies Ltd |
Policy Summary