Policy topics include:-
a) Acess control
i)firewall, 2-factor authorization, mobileTan , OPT, biometric access, encryption, https
availability, LAN, WAN encryption with VPN network, keeping logs of file, server,
ii)Policy description – who/when /how
access to the server room only to concern people
iii) Consistency
iv)compliancy (Protect records )
v)Authorization
vi)audit (external process time to time is required to check the quality of service mainly in the franchise based department )
vii)removal of access (Process, operation )
viii)archive
ix)roles
b) backup
complete records
remote access
environment and protection
tested
encryption
Premanent archive
c) privacy and protection of personally identifiable information
Policy
comunication