CHAPTER 01: Securing hardware, peripherals and other equipment
Section 01 Cabling, UPS, Printers and Modems
Section 02 Working Off Premises or Using Outsourced Processing
Section 03 Using Secure Storage
Section 04 Documenting Hardware
Section 05 Other Hardware Issues
Section 01: Cabling, UPS, Printers and Modems
Policy 010101 Using Fax Machines / Fax Modem
POLICY STATEMENT
“Sensitive or confidential information may be faxed or sent via modem only where more secure methods of transmission are not feasible. Both the owner of the information and the intended recipient must authorize the transmissions beforehand.”
Policy 010102 Installing and Maintaining Network Cabling
POLICY STATEMENT
“Network cabling should be installed and maintained by qualified engineers to ensure the integrity of both the cabling and the wall mounted sockets. Any unused network wall sockets should be sealed-off and their status formally noted.”
Section 02: Working Off Premises or Using Outsourced Processing
Policy 010201 Moving Hardware from One Location to Another
POLICY STATEMENT
“Any movement of hardware between the organization’s locations is to be documented and strictly controlled by authorized personnel.”
Policy 010202 Using Public Terminals Facilities
POLICY STATEMENT
“Personnel using public terminals facilities to work on the organization’s transaction are responsible for ensuring the security and subsequent removal and deletion of any information entered into such facilities”
Section 03: Using Secure Storage
Policy 010301 Using Fire Protected Storage Cabinets
POLICY STATEMENT
“Sensitive or valuable data and equipment must be stored securely and according to the classification status of the information being stored.”
Policy 010302 Using Lockable Filing Cabinets
POLICY STATEMENT
“Documents are to be stored in a secure manner in accordance with their classification status.”
Section 04: Documenting Hardware
Policy 010401 Managing and Using Hardware Documentation
POLICY STATEMENT
“A formal Hardware Inventory of all equipment is to be maintained and kept up to date at all times.”
Policy 010402 Maintaining a Hardware Inventory or Register
POLICY STATEMENT
“Hardware documentation must be kept up-to-date and readily available to the staffs who are authorized to support or maintain systems.”
Section 05: Other Hardware Issues
Disposing Of Obsolete Equipment
POLICY STATEMENT
“Equipment owned by the organization may only be disposed of by authorized personnel who have ensured that the relevant security risks have been mitigated.”
Policy 010502 Recording and Reporting Hardware Faults
POLICY STATEMENT
“All information system hardware faults are to be reported promptly and recorded in a hardware fault register.”
Policy 010503 Logon and Logoff from the Computer
POLICY STATEMENT
“Approved login procedures must be strictly observed and users leaving their screen unattended must firstly lock access to their workstation or log off.”
Policy 010504 Taking Equipment off the Premises
POLICY STATEMENT
“Only Authorized personnel are permitted to take equipment belonging to the organization off the premises; they are responsible for its damage and security at all times.”