Go to main Enterprise Ireland site
 
Advanced Search
 
 
 

 
 
 
Key Messages
How-To Guides
Case Studies
Assessment Tools
Solutions Providers
Library
Advanced How To Guides

Internal IT Security Policy and Procedures

Sample Policy Document
4 UNSOLICITED COMMUNICATIONS
(Where software is in place, use these clauses as appropriate)

4.1 Email
  • Software is in place to monitor incoming and outgoing external email messages. Messages that contain text which indicate that they may have come from an unsolicited source are 'quarantined' by the software and an automatic email is sent to the "Company Name" sender or recipient to inform them that a message has been stopped. Please contact the IT Help Desk/relevant IT resource if you receive a quarantine message.
5 TELECOMMUNICATIONS

5.1 Remote access
  • Remote Access can be defined as "Access to "Company Name's" IT resources or data from a location external to "Company Name"". This access may be by a third party or an employee who is located off-site.

  • All notebook computer users must ensure they have remote access software to connect securely to the "Company Name" IT systems.

  • For cost and other security reasons remote connections must be closed as soon as a search is completed.

  • Telephone numbers that are used to access "company Name" computers must not be listed in public telephone directories and must not be disclosed to unauthorised personnel.
6 THIRD PARTY ACCESS
  • Third Party Access can be defined as "The granting of access to "Company Name's" IT resources or data to an individual who is not an employee of "Company Name"".
Examples of third parties include:
    • Software vendor who is providing technical support;
    • Contractor or consultant;
    • Service provider; and
    • An individual providing outsourced services to "Company Name" requiring access to applications or data.
  • Third Party Access can only be provided after the Third Party has signed a confidentiality agreement that must be included in their formal contract with "Company Name". "Company Name" staff must never permit another individual to utilise their user name to access the "Company Name" network.

  • Further requirements for granting Third Party Access are:
    • Risk analysis process;
    • Approval by Data Owner;
    • Approval by the Head of IT/relevant IT resource;

  • Third party access will only be permitted to facilities and data which are required to perform specific agreed tasks as identified by "Company Name".
<<<Previous Start of Guide Next>>>


Legal | Contact | Sitemap
National Development Plan The Programmes of Enterprise Ireland are co-funded by EU Structural Funds