Infsec

Policy topics include:-
a) Acess control

i)firewall, 2-factor authorization, mobileTan , OPT, biometric access, encryption, https

availability, LAN, WAN encryption with VPN network, keeping logs of file, server,

ii)Policy description – who/when /how

access to the server room only to concern people

iii) Consistency

iv)compliancy (Protect records )

v)Authorization

vi)audit (external process time to time is required to check the quality of service mainly in the franchise based department )

vii)removal of access (Process, operation )

viii)archive

ix)roles

 

b) backup

complete records

remote access

environment and protection

tested

encryption

Premanent archive

c) privacy and protection of personally identifiable information

Policy

comunication