|
|
Advanced
How To Guides
Internal IT Security Policy and Procedures
Sample Policy Document
Child
Trafficking and Pornography Act 1998
The making, storage or distribution of child pornography
is an offence. In the terms of this Act a child is an
individual or the depiction of an individual under the
age of 17 years. This includes actual children, cartoon
images of children or a combination of either i.e. amending
or superimposing a graphic over an image.
If you receive or view any image(s) or media (picture,
graphic, booklet, audio tape, video etc.) which depicts
a child engaged in or witnessing a sexual explicit act
you must report it to the Gardai as this act has a mandatory
reporting requirement. There are no exceptions to the
reporting requirement. In addition, you must contact
the Human Resources Department who will provide assistance
in this matter.
Copyright Act 2000
The copying of software or documents, which are copyrighted,
is an offence. "Company Name" has a policy
whereby only licensed media is used within the organisation.
If you require additional software contact the IT Department
who will ensure that the relevant licensing agreements
are complied with.
Criminal Damage Act 1991
Damage to or threatened damage to data or IT infrastructure
is an offence. While in your possession you must take
the necessary precautions to protect data and equipment
provided to you.
Data Protection Act 1988 & Amendment 2002
The Data Protection Act (DPA) was initially enacted
to protect personal information that was held on electronic
media. Personal information is data that can be directly
related to a living individual. In 2002 the scope of
the Act was broadened to cover paper-based information
and also to expand the information that is covered under
the Act. For example an email address is now considered
to be a personally identifiable piece of information
and is therefore covered under the Act.
If you have access to personal information you must
ensure that it was obtained fairly, is accurate, protected
against unauthorised disclosure, used only for the purpose(s)
for which it was collected and is held no longer than
is necessary for that purpose(s).
Refer to www.dataprivacy.ie
Appendix 2 - IT Dept/personnel SECURITY
RESPONSIBILITIES
This section contains policy guidelines, which are the
responsibility of the IT Department/relevant resource.
USER IDENTIFICATION AND PASSWORDS
-
All unused usernames must be deleted following an
initial period when they are disabled. Line managers
must inform the IT Help Desk/relevant IT resource
when staff leave "Company Name" to ensure
that their usernames are promptly removed.
-
Staff transferring sections within "Company
Name" must have their access privileges reviewed
and altered based on their new responsibilities,
following notification to the IT Help Desk/relevant
IT resource by the person moving location.
-
Usernames must conform to the standard "Company
Name" naming convention. The convention must
be used consistently across all applications and
platforms.
-
When the IT Help Desk/relevant IT resource are unsure
of the identity of the user requesting a password
change, then authorisation must be received from
relevant manager before the request is actioned.
- ll
"Company Name's" hardware and software
must have the vendor-supplied default passwords
changed on installation. This applies to test as
well as live environments.
|
|
