bijay_majumdarAlthough I have not worked in IT Company , how ever I have handled vendors security desk as assignment manager at IT company and Ops Manager in security agencies.
IT SECURITY SOP GUIDE
Technically speaking the security procedures involve IT department in managing the information security.
Few Points which Physical security department must know and handle are as below.
1.All electronic devices in the inventory of company including lap tops etc. are made identifiable with certain code numbers for security to identify if it belongs to company or not.
2. These inventory items are required to have special approval from IT department in case of movement from dept to dept or anywhere outside the company premises.
3. All items and devices ports and USBs are disabled by IT Dept when used on company server or Log ins such that no personal work can be done on it or no external devices be connected on it.
4.Security is to exercise control and checks on all electronic devices which needs to be carried in or out of premises and follow the approval protocol from IT department.
5.All unauthorized electronic devices including mobile phones are seized and submitted to IT department for further checks for and misappropriations or Information leak.
6. All Offices are having electronic RFID locks and can only be opened with RFID cards issued to authorized personnel of that office.
7.To avoid tail gating, RFID turnstiles are used at access gates or doors.
8.A strong visitor management system is required to be installed at access gates where access is only given to people who obtain the approval from the concerned individual or their department heads etc. through internal mail system linked to access control via intranet work.
9.Area which are out of bound for visitors or any personnel including employee are physically manned and needs special permission on approval Performa.
10. Display of ID cards/ visitor cards/ vendor cards/ guest cards at all times is mandatory.
11. IT department in coordination with facility team can carry out surprise checks for electronic media security in any office or gate or with in premises.
12 An audit on electronic or IT devices is to be carried out periodically under the control of management team or any other appointed team of trusted members of the organization.
13.CCTVs and RFID access be installed at all vulnerable areas.
14Training of employees on electronic media security and procedures therein be given periodically and especially so during induction.
15. An SAP based HR software may be useful in controlling the movements of goods and final clearance of employees leaving the premises.
16.Employees resigning and leaving the organization need to undergo a manual clearance procedure through every department and clearance be given subject to approval from every department head.
16.An exit interview is required to be carried out for employees and must ensure availability of at least one family member where company after due clearance safely hands over the individual employee to their family member. (This is important to ensure any untoward incident or suicidal activities with in premises that may arise due to stress if any and conditions unfavorable.)
From India, Vadodara
Sashi kumar BHi,This is Sasi Kumar from IT company Please provide the Information Security Management policy for IT company.
From India, Hyderabad
Community Support and Knowledge-base on business, career and organisational prospects and issues - Register and Log In to CiteHR and post your query, download formats and be part of a fostered community of professionals.