Network Systems Policy

Purpose

Effective security is a team effort involving the participation and support of every user who deals with information and/or information systems.

Information Systems play a major role in supporting the day-to-day activities of Opus Works. These systems include but are not limited to all infrastructure, networks, hardware, and software, which are used to manipulate, process, transport or store Information owned by Opus Works.

Scope

This policy applies to all networks within Opus Works offices.

Policy

• Only employees and contractors should have access to the Opus Works staff network, there is a separate guest network for visitors.
  • All networks should be treated as insecure and potentially hostile.
• Each piece of equipment connected to the network must have an identifiable ‘owner’.
  • In the case of the staff network, it must be a staff member who will be responsible for ensuring that the connected equipment complies with the relevant policies and regulations.
  • In the case of guest networks, it must be a person who is on-site. i.e. nothing should be connected to the guest network outside of office hours.
• The ISMS Committee has the authority to remove devices from any network, if no owner can be identified.
• The ISMS Committee has the authority to remove from the network any equipment which is interfering with the network service or is deemed likely to compromise the security of the network.
• Anyone connecting equipment to the network is responsible for ensuring that the equipment is configured correctly, that the operating systems and software applications are up-to-date as regards patch management etc. and that the equipment has adequate protection against viruses and other malware. If there is any suspicion that the equipment may be infected or compromised in any way it should not be connected.
• Access through the network perimeter firewall is managed and operated by the firewall service owner(s).
• Authentication is required for each connection to the network. Authentication is normally via a password. It is the responsibility of each user to ensure that the password is not disclosed to unauthorised parties.
• Any breaches of security should be reported immediately to the ISMS Committee.
• This network policy is intended to ensure that an effective, secure and available network infrastructure for the benefit of all users is always available.
• Public wifi networks are no different to our office networks, in that they are insecure networks.

Policy Compliance

Compliance Measurement

The ISMS Committee team verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.

Exceptions

Any exception to the policy must be approved by the ISMS Committee team in advance.

Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Related Standards, Policies and Processes

• Monitoring Policy
• Data Protection Policy
• Social Networking Policy
• Access Control Policy
• Password Policy

back