I.T Security: Policy and Guidelines

I.T Security: Policy and Guidelines
13.1 Storage of information
Policy: Adequate procedures shall be enforced to ensure that AlFaiz Company data and information stored on paper, tape, disk, microfiche or other media such as image, text and voice, is properly protected at all times from unauthorized access. These procedures will extend to all locations where AlFaiz Company information is stored including areas external to AlFaiz Company e.g. off-site storage location for backup.
Guidelines:
13.1.1 The room where computer media is kept must be secure at all times. Only authorized AlFaiz Company personnel may gain access to the room.
13.1.2 All PCs must possess a screen saver password, for when users are temporarily away from their desks.
13.1.3 All media is to be appropriately labeled and stored in locked cabinets or other secure areas.
13.1.4 All hard-copy of confidential and sensitive AlFaiz Company's data and information must be stored in locked cabinets or other secure areas.
13.1.5 The off-site storage location of AlFaiz Company's data, information and software must be secured from unauthorized access.
14 Destruction of obsolete information
Policy: Obsolete information will be disposed of according to the confidentiality level of the information
Guidelines:
14.1.1 All software, information and data must be erased beyond readable format, from storage devices or any other media prior to disposal.
14.1.2 All disposals must be authorized by the Manager of Information Technology or authorized designate and details regarding the disposal appropriately recorded.
14.1.3 Hard-copy documents containing AlFaiz Company’s confidential and sensitive data and information must be disposed of securely e.g. through shredding.
15.1 Virus controls
Policy: All electronic media brought into AlFaiz Company’s computing environment must be scanned for the presence of viruses, by AlFaiz Company’s approved and up to date virus scanning software
Guidelines:
15.1.1 AlFaiz Company shall only implement a corporate version of antivirus software which will cover all servers and PCs.
15.1.2 Virus scanning software must be used on all AlFaiz Company’s PCs, to detect the possibility of viruses. Automatic scanning should be enabled on all computing facilities. 15.1.3 All media must be scanned for viruses, using AlFaiz Company’s virus scanning software, prior to being used on AlFaiz Company’s computing facilities.
15.1.4 Virus scanning and deletion software must be purchased from an approved vendor, contained on the AlFaiz Company’s vendor list. Virus scanning software must be up to date, to ensure the most recent viruses are detected. Where possible, virus scanning must be updated in an automated fashion. Where it is not possible to update virus definitions automatically, update patches should be downloaded and virus definitions should be updated on all servers, PC's and laptops or any other computing device at least on a timely basis.
16.1 Documentation of procedures
Policy: Documented procedures must be provided for the operation of all AlFaiz Company’s computer systems.
Guidelines:
16.1.1 Standard operating procedures shall be defined for all computer operations. Documented procedures are also required for system development, maintenance, backup, testing and help desk operations including the Core Banking. The procedures must cover:
(a) The correct handling of information files;
(b) Scheduling requirements for systems and back-ups;
(c) Instructions for the handling of errors or other exceptional conditions and the escalation processes for problems, crises and disasters;
(d) Support contacts;
(e) Special output handling requirements;
(f) Disposal requirements;
(g) System restart procedures;
(h) System housekeeping; and