The objective of this procedure is to ensure the security of Company’s assets by applying the following rules:
a. All activities performed by a system, application or person that may affect the security of an information asset (physical or electronically format) should be allowed only after formal requesting and granting of permission.
b. All authorized activities performed by a system, application or person, having a major impact over the security of an information asset should be permitted through a set of access controls.
Effective security controls in relation to access the data are an essential component of the effective risk management of Company’s data resource. Access controls protect information by managing access at all entry and exit points, both logical and physical. These measures ensure that only authorized users, as determined by Company’s Board of Administration, have access to specific information, systems and facilities.
This procedure defines the Access Control Procedure for Company and how requests for access to Company systems and applications are initiated, processed, validated and executed. The procedure encompasses all aspects of granting, revoking, or modifying access to Company systems and applications by employees, contractors, consultants, vendors and other third parties.
This procedure applies to all business functions and covers the information under the management of Company regardless of all locations.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. ACCESS ON PREMISES
3.1 PERSONS’ ACCESS
3.2 GOODS ENTERING [COMPANY] PREMISES
3.3 ACCESS TO [COMPANY] PREMISES – EMERGENCY SITUATIONS
5. FINAL CONSIDERATIONS
5.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
5.2 DOCUMENT REVISION
The purpose of this procedure is to formalize an Internal Investigation process by the Security Department and to guarantee the quality of the services provided by Security Department and the professionalism of the Company’s investigators. Also, provide Company's investigators with a common repository in terms of language, rules of conduct and methods to guarantee that the investigations are carried out with professionalism, in a standardized approach
This IT Risk Standard details the requirements with respect to Network Security. It addresses requirements which must be incorporated into the Company network design, in order to mitigate risks associated with remote access and interconnected networks.