Equipment Security

Equipment Security

Ref. No.: CPP-IT-0303_V2_Equipment Security.doc 
W. Cundangan
R. Eldridge

1.0  Objective  
1.1 To set standard guidelines on securing company owned equipments. 

2.0 Scope
2.1 This policy shall apply to all Infinit-O Global, Inc. and its subsidiaries owned equipment. 

3.0 Provisions
3.1 Equipment Location and Siting 
3.1.1 Equipment for public/visitor use should be installed/setup to minimize unnecessary, unauthorized access into work areas. For example, refreshment units or office machinery designed for visitors should be placed in public accessible areas only (ie. Reception area) 
3.1.2 Network related equipment such as network switch, routers, and production computers must be situated in access controlled locations (ie. rooms with proximity controlled access points, cctv coverage, lockable doors) in reference to Company Access Control Policy 
3.1.3 All servers will be will be installed inside the server room or housed within access controlled datacenters/cloud infrastructure providers in reference to Company Access Control Policy
3.2 Supporting Utilities 
3.2.1 Network related equipment and critical systems must have appropriate protection from short term power interruptions (ie 20 minutes from power cut off). This includes and not limited to: Workstations Servers Network equipment like switch/routers/modems/firewalls Door access control systems Biometric systems
3.2.2 Emergency light systems must be installed and tested regularly within company premises as needed and ensure that they will last a minimum of 15 minutes. 
3.2.3 All company connected power system source should have ample circuit breakers protection systems. 
3.2.4 Power generator service must be provided for the company by the building administrator/owner and must be regularly tested to alleviate prolonged power interruption (power failures spanning for hours. 
3.2.5 Power outlets or provisions are strictly for business use only.
3.3 Cabling Security 
3.3.1 Power and telecommunication cables are to be installed properly and protected in accordance with the country’s Building and Fir Code to avoid accidental disconnection/contact. 
3.3.2 Power and telecommunication Cables traversing outside the company legal space must comply with local building guidelines/rules during installation and should be protected with proper conduit/shielding at minimum.
3.4 Maintenance 
3.4.1 Network related equipment’s like workstations, servers, switch, routers or printers are required to undergo routine preventive maintenance. 
3.4.2 Relevant contacts for the equipments shall be maintained and updated.
3.5 Equipments outside office premises 
3.5.1 No equipment will be taken outside office premises without authorization and valid documentation. 
3.5.2 No office equipment should be left unattended outside the office area. (For more guidelines regarding mobile devices, please see latest Acceptable Usage policy)
3.6 Disposal of equipments 
3.6.1 Information residing on network related items and media for disposal will be properly deleted or destroyed. 
3.6.2 Printers, Faxes, scanning machines must be reset to factory default prior to disposal. 

4.0 Responsibilities
4.1.1 Vice presidents and Directors are responsible for ensuring that all staff and managers are aware of security policies and that they are observed. Managers need to be aware they have a responsibility to ensure staff have sufficient, relevant knowledge concerning the security of information and systems. Designated owners of systems, who have responsibility for the management of systems and inherent information, need to ensure that staff have been made aware of their responsibilities toward security. Designated owners of systems and information need to ensure they uphold the security policies and procedures.
5.0 Frequency – N/A

6.0 Distribution
6.1 Team members 
6.2 Team Leaders/Managers/Directors 
6.3 Execom
7.0 Usage – N/A

8.0 References 

    • Related Articles

    • Network Control and Security

      Ref. No.: CPP-IT-0302_V2_Network Security.doc  Prepared W. Cundangan 04/27/2017 Approved R. Eldridge 05/01/2017 1.0 Objective 1.1 This policy is aimed to ensure the protection of information in networks and relevant supporting network services.  2.0 ...
    • Teleworking and Mobile Device Policy

      Ref. No.: CPP-IT-0203_V1_Teleworking and Mobile Device Policy.doc  Prepared W. Cundangan 09/21/2015 Approved R. Tan 09/22/2015 1.0 Objective   The purpose of these policy is to ensure that security of information and systems, accessed through ...
    • Backup and Recovery

      1.0 Objective This policy is designed to protect against loss of data and ensure it can be recovered in the event of an equipment failure, intentional destruction, or disaster. 2.0 Scope This policy applies to all data and system configurations used ...
    • Network Services Acceptable Usage Policy

      Ref. No.: CPP-IT-0201_V2_Network Services Acceptable Usage Policy.doc  Prepared W. Cundangan 04/26/2017 Approved R. Eldridge 05/01/2017 1.0 Objective   1.1 The purpose of this policy is to outline and establish guidelines the acceptable use of ...
    • Internet Usage Policy

      This document defines the standards, awareness and techniques required of all Infinit-O Manila,Inc. (referred to as “INFINIT-O”) and associated company staff (permanent, casual and contractors) using the Infinit-O Manila, Inc. Internet connections.  ...