When discussing Security, reviewing a set of questions is a good place to start a discussion. Currently the cup may only be half full on some these topics. Establishing the criteria and performance expectations is essential to implementing the level of IT security your organization wants.
- Is a documented information and data security policy in place? Does the policy address granting and removing access, authentication, ownership of data and enforcement?
- How is it ensured that data and information access controlled through a firewall or other mechanism is in accordance to established policies?
- Is encryption required for highly confidential data?
- Are there requirements and policies for system availability?
- Are procedures in place for introducing new programs and code to production environments (e.g., test and quality assurance steps)?
- Is the system security linked in with the human resource function (e.g., if someone is terminated from the company, are the appropriate actions taken from a security perspective).
- Is there a physical security plan in place, to include:
- control of physical access to equipment / assets
- conditioned power
- uninterrupted power supply (UPS)
- backups / offsite archival storage
- special policy for laptops
- Are there policies / guidelines for telecommuting?
- Is there a communication policy on security? Is there a separate one for employees and clients / customers?
- Is there a data backup / security policy that extends to each desktop and mobile devices?
Give us a call. We would like to work with you to make your workplace more secure. For more information dial 805.000.0000 .
