Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
11. Personnel Security<br />
These Personnel Security Mandatory Procedures support the Enterprise Security <strong>Policy</strong><br />
(ITEC 7230 Rev 1), and the Acceptable Internet Use <strong>Policy</strong> (ITEC 1200).<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
11. Personnel Security <br />
11.1. Acceptable Usage<br />
11.1.1. Establish Acceptable Usage Baselines (6 sets) (6 sets)<br />
11.2. Personnel Operations<br />
11.2.1. Establish Pre-Hiring Processes (4 sets) (3 sets)<br />
11.2.2. Hire Employees in a Structured Fashion (3 sets) (1 set)<br />
11.2.3. Transfer Employees in a Structure Fashion (4 sets) (2 sets)<br />
11.2.4. Terminate Employees in a Structured Fashion (3 sets) (1 set)<br />
11.3. Maintain Records <br />
11.1. Acceptable Usage<br />
The following are the Mandatory Procedures that support the Acceptable Usage<br />
section <strong>of</strong> the Default Security Requirements:<br />
11.1.1. Establish Acceptable Usage Baselines<br />
Acceptable Usage Baselines define what qualifies as appropriate and<br />
inappropriate behaviors during the course <strong>of</strong> day to day operations:<br />
11.1.1.1 Internet and e-Mail Usage<br />
Internet and e-mail usage must be restricted as both activities make<br />
use <strong>of</strong> public and unsecured networks.<br />
11.1.1.2 System and Computer Usage<br />
Systems and system components are the property <strong>of</strong> the<br />
organization.<br />
11.1.1.3 S<strong>of</strong>tware and Data Usage<br />
The s<strong>of</strong>tware the organization provides and the data it creates and/or<br />
manipulates is the property <strong>of</strong> the organization.<br />
11.1.1.4 Telephone Usage<br />
The telephone system, including all telephones and fax machines, is<br />
the property <strong>of</strong> the organization.<br />
11.1.1.5 Materials Usage<br />
The <strong>of</strong>fice materials, supplies, etc. are the property <strong>of</strong> the<br />
organization and are to be used for business purposes only.<br />
11.1.1.6 Sanctions<br />
Violation <strong>of</strong> any <strong>of</strong> the constraints <strong>of</strong> the security policies or<br />
procedures will be considered a security breach and depending on<br />
the nature <strong>of</strong> the violation, various sanctions will be taken.<br />
26