Update part6.tex
This commit is contained in:
parent
115bbc130c
commit
2256bb1c2a
1 changed files with 34 additions and 0 deletions
|
|
@ -1 +1,35 @@
|
|||
\section{Part 6: Security Policies}
|
||||
|
||||
\subsection{Policy 1: Handling of customer-related data}
|
||||
|
||||
\begin{list}{-}{}
|
||||
\item Customer-related data may only be stored on the company server.
|
||||
\item The temporary storage of customer-related data on anything else outside of the company server is not allowed.
|
||||
\item Customer-related date must be confidential. It cannot be share with anybody without the permission of the customer.
|
||||
\item Every customer needs to sign Form 4B before storing of any Data in the system will take place.
|
||||
\item After a 6 Month storage period all customer-related data must be deleted. Backups may hold the data for no longer then 12 Months.
|
||||
\item The Client DB is only accessable over the company network.
|
||||
\item All Communication to the Client DB must be encryped.
|
||||
\end{list}
|
||||
|
||||
\subsection{Policy 1: Implementation}
|
||||
|
||||
New Customer -> Signing of Form 4B -> customer-related data is entered in the system and processed -> after 6 months it is deleted -> backups will continue to hold data for 6 more months
|
||||
|
||||
\subsection{Policy 2: Access to Production site / Building Security}
|
||||
|
||||
\begin{list}{-}{}
|
||||
\item The front desk is to be staffed 24/7. The staff has to effectively control the entrance to the company premises.
|
||||
\item Camera monitoring for selected areas must be provided. The records must be archived for 21 days.
|
||||
\item Loss of keys must be reported immediately to the factory protection (tel.: +49 XXX).
|
||||
\item Company ID cards and keys may not be passed on or exchanged between employees.
|
||||
\item The control of these directives is the responsibility of the plant protection team. A check of the perimeter takes place at least twice a day (walking the fence).
|
||||
\item Access may only permitted if the employee has access to the specific area.
|
||||
\item Employees need to carry their ID card at any time.
|
||||
\item Before acces to premises employee needs to sign Form 3C.
|
||||
\item ID cards need to be visible at all time.
|
||||
\end{list}
|
||||
|
||||
\subsection{Policy 1: Implementation}
|
||||
|
||||
New Employee -> Backround Check -> Hire Employee -> IT processes new ID Card -> Employee signs form 3C -> User Account will be created -> Access to restricted area
|
||||
|
|
|
|||
Reference in a new issue