Ref. No.: CPP-IT-0303_V2_Equipment Security.doc 

Prepared	W. Cundangan		04/26/2017
Approved	R. Eldridge		05/01/2017

1.1 To set standard guidelines on securing company owned equipments. 

2.1 This policy shall apply to all Infinit-O Global, Inc. and its subsidiaries owned equipment. 

3.1 Equipment Location and Siting 

3.1.1 Equipment for public/visitor use should be installed/setup to minimize unnecessary, unauthorized access into work areas. For example, refreshment units or office machinery designed for visitors should be placed in public accessible areas only (ie. Reception area) 

3.1.2 Network related equipment such as network switch, routers, and production computers must be situated in access controlled locations (ie. rooms with proximity controlled access points, cctv coverage, lockable doors) in reference to Company Access Control Policy 

3.1.3 All servers will be will be installed inside the server room or housed within access controlled datacenters/cloud infrastructure providers in reference to Company Access Control Policy

3.2 Supporting Utilities 

3.2.1 Network related equipment and critical systems must have appropriate protection from short term power interruptions (ie 20 minutes from power cut off). This includes and not limited to: 

3.2.1.1 Workstations 

3.2.1.2 Servers 

3.2.1.3 Network equipment like switch/routers/modems/firewalls 

3.2.1.4 Door access control systems 

3.2.1.5 Biometric systems

3.2.2 Emergency light systems must be installed and tested regularly within company premises as needed and ensure that they will last a minimum of 15 minutes. 

3.2.3 All company connected power system source should have ample circuit breakers protection systems. 

3.2.4 Power generator service must be provided for the company by the building administrator/owner and must be regularly tested to alleviate prolonged power interruption (power failures spanning for hours. 

3.2.5 Power outlets or provisions are strictly for business use only.

3.3 Cabling Security 

3.3.1 Power and telecommunication cables are to be installed properly and protected in accordance with the country’s Building and Fir Code to avoid accidental disconnection/contact. 

3.3.2 Power and telecommunication Cables traversing outside the company legal space must comply with local building guidelines/rules during installation and should be protected with proper conduit/shielding at minimum.

3.4 Maintenance 

3.4.1 Network related equipment’s like workstations, servers, switch, routers or printers are required to undergo routine preventive maintenance. 

3.4.2 Relevant contacts for the equipments shall be maintained and updated.

3.5 Equipments outside office premises 

3.5.1 No equipment will be taken outside office premises without authorization and valid documentation. 

3.5.2 No office equipment should be left unattended outside the office area. (For more guidelines regarding mobile devices, please see latest Acceptable Usage policy)

3.6 Disposal of equipments 

3.6.1 Information residing on network related items and media for disposal will be properly deleted or destroyed. 

3.6.2 Printers, Faxes, scanning machines must be reset to factory default prior to disposal. 

4.1.1 Vice presidents and Directors are responsible for ensuring that all staff and managers are aware of security policies and that they are observed. Managers need to be aware they have a responsibility to ensure staff have sufficient, relevant knowledge concerning the security of information and systems. Designated owners of systems, who have responsibility for the management of systems and inherent information, need to ensure that staff have been made aware of their responsibilities toward security. Designated owners of systems and information need to ensure they uphold the security policies and procedures.

6.1 Team members 

6.2 Team Leaders/Managers/Directors 

6.3 Execom