again the most minor of normally overlooked clauses have saved our collectives asses when things turn rough with a particular client. Proposal Kit IS the reason we are still in business; a PROFITABLE BUSINESS after all these years."
company name CONFIDENTIAL Incident Report. Security Date Reported. current date Employee. contract first name contract last name Department. department Supervisor. supervisor manager Date Time of Injury. Insert Incident Date and Time Point of Contact POC Information Name. Phone. Job title of signator authorized signature or signer. Email. Instructions. Point of Contact must complete the following form and file it with the Security Department as well as the Human Resources Department.
The following is high level description of the incident for summary purposes only. Distribution of this report is limited to the following departments on NEED TO KNOW basis only. If you have any questions related to this summary please contact Contact at Contact Method for more information. Description of Incident Intrusion Describe the injury as well as the events or what happened to cause this incident. Attach additional pages if necessary. Witnesses Did anyone witness the incident or evidence of the incident after it occurred. Yes No. Name of Witnesses. Type of Intrusion Please check all that apply. Intrusion Data Breach. Theft. Malware Trojan Virus. Compromised System Physical Intrusion. Other.
Intrusion Location and Information. Name Address Phone if applicable Notes. Effect of Intrusion Please check all that apply. Loss of Data Unauthorized Access of Data. Theft. Degradation of Service Interruption of Service. Physical Damage to System Unauthorized Escalation of Privileges Physical Intrusion. Other. Additional Information.
Notes. Systems Affected Insert the systems this intrusion affected. Notes. Intrusion Discovery Describe how where and by whom this intrusion was first detected.
Notes. Communication Notification Describe the notifications and communication that were carried out at every step. Also describe any initial notification follow up resolutions and communication that still need to be made at this stage. Notes. Evidence and Documentation Describe the evidence and documentation logging files etc. that have been gathered at each step and indicate by whom they were gathered. Attach additional sheets if necessary. Notes. Incident Response
Describe the work flow of the incident response including personnel involved at each stage and all actions taken. Attach additional sheets if necessary. Notes. Corrective Action Taken and Incident Resolution Describe the corrective actions taken including names of parties responsible for those actions to address each system impacted by the intrusion. Attach additional sheets if necessary. Notes. Conclusion and Findings Insert conclusions reached at this stage. Attach additional sheets if necessary. Conclusions may include.
The root or proximate cause of this incident. Precautions that could have prevented this. The direct and indirect impact on the Company and its systems customers users employees etc. The estimated cost to investigate respond to and correct the intrusion. The steps that have been taken to prevent the incident from happening again and to limit further interruption. The additional actions research or communication that need to happen. Notes.
Point of Contact Signature. Date. Supervisor Signature. Date. For Office Use Only Received By signator authorized signature or signer. Human Resources Manager Date Security Department Manager Date cc. Insert Executive Here if Applicable address address city state or province zip or postal code Phone phone number
DATA CENTER ACCESS AND SECURITY POLICY DCASP THIS AGREEMENT is made this current day day of current month current year by and between company name hereafter referred to as Customer and company name hereafter referred to as Company The purpose of this policy is to set forth Data Center Access and Security Policy DCASP or Access Policy by which Customer will abide while using renting leasing or otherwise making use of Company facilities goods and services Data Center or Contracted Spaces By using Companys Data Center and facilities Customer agrees to comply with the following policies and assume responsibility for the compliance of all policies by Customer and Customers Agents. Terms and Conditions As service the standard Data Center Access and Security Policy is provided below.
1. Company and Customer Responsibility. Company is responsible for ensuring that the security of all resources under its control remains physically secure. The Company maintains this access policy in order to provide framework for Customers to follow for physical security and access to Company facilities and to instruct Customers on the procedures and policies that Company staff and technicians follow. Customer agrees to adhere to all posted notices or changes to protocol that the Company makes the Customer aware of during its visits to Company facilities. 2. Data Center Habits and Hygiene. Access into Company facilities requires adherence to the following protocols and restrictions on dangerous materials dangerous materials * No smoking or chewing tobacco is allowed. * No combustible materials may be brought into the data center including lighters hand warmers mace tear gas aerosol cans or compressed air. * No eating or drinking is allowed in the data center. * No drugs or alcohol are permitted in the data center. * No weapons or firearms are allowed in the data center.
* No external fire suppression devices are allowed. * No prohibited hardware allowed Insert descriptions into your Contract rather than blanket statement here. * All work related materials must be cleaned up before leaving. * All work related trash or garbage must be disposed of properly. * No illegal activity of any kind is permitted. * Insert Data Center specific policies here recycle bins unattended equipment etc.
3. Access Keycards and Identification. Company will issue identification badges and access keycards to Customer and Customers designated agent s. Company shall maintain list of all authorized personal issued such access and at no time shall identification badges or access keycards transfer between any other employee or other agent of the Customer without pre approved written permission from Company. If at any time Company becomes aware that an access badge has been transferred in violation of this policy revocation of access to the Data Center and contracted space may occur. 4. Data Center Access Procedures. Access to the Company Data Center is gained through the Data Center welcome room or Insert specific manned space here and requires that all Customers sign in with valid signature in order for Company staff member to grant them access. Customers wishing access must have their identification badge and access keycard available for inspection. Customer or Customers Agent will sign in and provide the time of entry to the Data Center and the purpose for their visit. Exit from the Data Center requires that Customer or Customers agents sign out with valid signature for each Customer or Customers Agent wishing to leave. At no time will Company staff member be authorized to allow exit without each Customer or Customers Agent properly signing out from the Data Center. If at any time Customer or Customers agent is allowed by staff member to exit the Customer or Customers Agent should immediately demand to sign out of the Data Center and or ask to see Company supervisor.
Failure to adhere to the sign in and sign out procedures could result in revocation of access to the space. 5. Data Center Access Types. For our customers convenience the Company maintains several types of access to the Data Center. Access levels include. 5 Unrestricted Access to All Contracted Space Insert Access Description 5 Restricted Access to Specific Contracted Space Insert Access Description
5 Escorted Access to Contracted Space Insert Access Description The level of access shall be determined and maintained by the Company and Customer according to the Specifications of the Data Center Contract or Co location Contract between Company and Customer. 6. Emergency Access by Personnel Not Currently on Access Lists. Access by Customer or Customers Agents not currently on any access lists may only be granted by the Company Data Center supervisor and shall be governed according to the Specifications of the Data Center Contract or Co location Contract between Company and Customer. Access to the Data Center under this condition shall be noted as an emergency access in the Data Center security logs. Any inappropriate use of emergency access may result in access being immediately denied and the requesting Customer or Customers Agent being ejected from the Data Center and or Customers emergency access privileges revoked. 7. Modification of Agreement. Company reserves the right to add modify or delete any provision of this Agreement at any time and without notice. Company reserves the right to restrict any access right at any time whether violation of this agreement occurs or not. Company reserves the exclusive right and will be the sole arbiter as to what constitutes violation of any of these provisions.
8. Potentially Tortuous or Illegal Conduct. The following shall be construed as violations of this Agreement and may result in suspension or deletion of Customers account or in termination of this Agreement. a Falsifying any information provided to Company or to other staff members in connection with access to the data center or the use of Company facility product or service. b Allowing access to any restricted area by individual or allowing individuals to gain access to any restricted areas as defined in the Specifications of the Data Center Contract or Co location Contract between Company and Customer. c Allowing any dangerous or restricted materials inside the data center or Company facilities at any time.
9. Data Center System and Network Security. Violations of Data Center system or network security are strictly prohibited and may result in criminal or civil liability. Examples include but are not limited to. allowing unauthorized access to data center use of any Company product or service that Customer does not have permission to use use of any equipment hardware connections or other materials that Customer does not have permission to use disruption or interference with the connectivity and access or otherwise impeding other Customers use of the Company Data Center products or services. 10. Consequences of Violation. If Company becomes aware of an alleged violation of any of the terms contained in this Agreement or any other policy that has been posted on its web site made available to Customer via email or posted in any other form Company shall initiate an investigation. During the investigation Company may restrict Customers access to the Data Center or other Company products and services in order to prevent further possible unauthorized activity. Company may at its sole discretion restrict suspend or terminate Customers account without notice or refund or pursue civil remedies as it deems necessary. Company shall notify the appropriate law enforcement department of any such violations. Company shall not be responsible for any payment refunds or compensation in any way for service disruptions or termination resulting from violations of this Agreement. The undersigned represents and warrants that on the date first written above the undersigned is authorized to enter into this Agreement in its entirety and duly binds respective principals by the signature below. EXECUTED as of the date first written above. company name By signator authorized signature or signer.
Job title of signator authorized signature or signer. Date when the contact was signed Customer Initials
company name WIRELESS NETWORK USAGE POLICY This policy sets forth guidelines for expected conduct and defines the conditions under which an employee contractor vendor or any other person user may use Wireless Networks or other Internet Access Points including but not limited to. Company Internet access; its private network ; its vendors suppliers and partners networks and its email system or any other access point or connection resource while conducting business for or on behalf of the Company. 1. Introduction. The Company makes available its various assets hardware software services and computer network in order to allow its employees access to resources to effectively execute their job functions and duties. This policy defines the Companys official policy regarding Internet connectivity and usage. Before access to the Internet via the company network is approved the user is required to read and sign the Wireless Network Usage Policy.
2. Definitions. Authorized Use Authorized Use shall mean any use of wireless network access points or hot spots which is deemed to be necessary and consistent with the execution of the individual duties and obligations of employees contractors and staff associated or employed by the Company. Authorized Users Authorized Users shall mean all current employees contractors vendors or staff who are authorized by the Company to use specific network or computing resource by the department responsible for overseeing or managing the resource. Non authorized Users Non authorized Users shall mean anyone including but not limited to employees contractors vendors staff or anyone else who are NOT authorized by the Company to use specific network or computing resource by the department responsible for overseeing or managing the resource. Mobile Computing Equipment or Devices Mobile Computing Equipment or Devices shall mean any handheld PDA cell phone or other computing or communication device which is not physically connected to Company network environment.
Public Wireless Networks Public Wireless Networks or Internet Hotspots shall mean any device appliance or broadcast which offers access to the Internet. Untrusted Wireless Networks Untrusted Wireless Networks shall mean an insecure Public or Private Wireless Network or Internet Hotspot which offers access to the Internet and which does not employ SSL or secure encryption. 3. Company Wide Standards. Use of mobile computing devices by Company employees and contractors shall be governed by the Company Internet Access and Asset Usage Policy as well as this Company Wireless Network Usage Policy. Copies of all Company policies may be obtained from the Company Human Resources Department. Users are expected to use mobile computing equipment responsibly and professionally and shall make no intentional use of the equipment or internet services in an illegal malicious or obscene manner.
The following rules shall apply to all use of Wireless Networks by mobile computing devices. * Access to internal Company network resources or internal systems from public wireless networks must be obtained using secure encrypted connections and secured at the device level through virtual private network VPN session and connection. * Employees may make personal use of the Internet subject to the Company Acceptable Use Policy see below so long as there is no negative security impact or impact on the performance of the employees obligations and duties that creates an unreasonable cost to the Company. * Sending or receiving personal email shall be allowed so long as any email that is sent using Company email account has the authorized company disclaimer at the bottom of the email stating that the contents of this message may not represent the views of the Company. * Use of any company mobile computing equipment or accessing company network resource or Internet access point implies an agreement to abide by all Company policies and procedures in existence governing such use. * Use of any company mobile computing equipment must be secured in accordance with the security standards set forth in the Company Network Access and Security Policy. * Mobile computing devices or wireless access may not be used for commercial or other activities from which they directly or indirectly personally profit or have profit motive. * All mobile computing devices must have the Company required Applications and Security Software installed prior to accessing Company resources or Networks. Employees must have the Company IT Department review and certify that all mobile computing devices meet the Company Network Security Policy prior to their use.
* All mobile computing devices shall make use of access control systems and encryption. * All mobile computing devices and software running on mobile computing devices must use complex passwords and secure digital certificates for remote access. * All mobile computing devices must be configured to require hardware BIOS password upon start up which must be changed every months. * All mobile computing devices shall make use of self updating or software that automatically updates itself to ensure that the devices comply with the Company Network Security Policy. * All mobile computing devices whether owned by the employee or not shall be subject to on demand audits by the IT Department or Managers to ensure compliance with the Company Network Security Policy. * All mobile computing devices provided to employees and contractors must be serialized and recorded into Company Inventory. This includes all mobile computing devices purchased by employees or contractors that they are later reimbursed for. * All mobile computing devices that connect to an untrusted network must meet the following minimum security and safety standards including.
o The most recent versions of Company approved anti virus and firewall applications must be installed. o The most recent versions of spyware and malware applications must be installed. o All digital certificates used must be current and non expired. o All logins and access must be conducted over SSL HTTPS. o Active intrusion detection and countermeasures must be in place. o Internet and network activity monitoring and reporting must be active and enabled. 4. Training and Education. Employees who will use mobile computing devices and wireless Internet access may be required to participate in network security awareness training in order to educate themselves on the specific dangers and risks that may accompany access to public wireless Internet access points. The goal of such training is to equip our employees with the knowledge and tools they need in order to comply with Company policies concerning data and network security while traveling outside of the Company office. Department managers shall document and retain evidence of training provided to each user.
5. Sensitive and Confidential Information. Every employee contractor or staff member has the obligation to protect sensitive and confidential information. All mobile computing users who make use of wireless networks must use VPN encryption protocols when sending or transmitting sensitive or confidential information in any form. No employee contractor or staff member should ever access an internal company network resource without being secured by VPN encryption protocols as all Company internal networks network resources or other internal assets shall be deemed sensitive and confidential information. 6. Definition of Unacceptable Use of Wireless Networks. Unacceptable use shall be defined as but not limited to the following examples. * Using the Internet for personal commercial purposes. * Sending bulk unsolicited email Spam.
* Engaging in file sharing or Peer to Peer Networking P2P. * Accessing Social or Professional Networking Sites MySpace. com Facebook. com etc. Blogging Platforms Blogger Blogspot etc or other sites that are non essential to the performance of your job duties and obligations. * Disseminating any confidential information about the Company or its customers. * Downloading or using excessive amounts of internal Company bandwidth or external Internet resources i. e. paid Internet access billed to the Company or reimbursed in some way to employee contractor or staff member for non essential non work related activities. * Downloading Shareware or Freeware programs or software that have not been authorized while on wireless network.
* Installing ANY software on Company computer or other asset without prior approval from manager or supervisor while on wireless network. * Compromising the security of the Company network company computers or any other company resource by engaging in unacceptable usage of the Internet. * Knowingly causing someone to view content that may be deemed as obscene immoral or illegal or that may cause the Company to be held liable for discrimination or obscenity. * Knowingly causing disruption or interference with any network or user whether associated with the Company or not. * Searching for requesting acquiring storing or disseminating images text or data that are pornographic whether legal or not or that negatively depict race religion sex age or creed. * Conducting third party business or personal business enterprise not benefiting the Company participating in political or religious activity engaging in illegal or fraudulent activities or knowingly disseminating false or otherwise libelous materials. * Engaging in online gaming or gambling while on wireless network. * Accessing any Company resource or asset that is not within the scope of the users normal work and job functions. Examples include but are not limited to. customer information personnel files and data or any other documents not required for the proper execution of the users normal job functions or duties.
* Any other illegal purpose whether listed here or not whether through wireless network or not that would encourage or conduct criminal activity offense exposure to civil liability or otherwise violate any regulations local state national or international law including without limitations US export control laws and regulations. 7. Consequences of Violations. Violations of the Wireless Network Usage Policy are logged and documented. Violations may lead to revocation of the employees Internet access privileges and or may lead to disciplinary action including termination. The Company also reserves the right to pursue legal remedy for damages incurred as result of an employees violation. Certain illegal activities will require that Company immediately notify or comply with the proper authorities upon discovery. The Company reserves the right to examine any users Email Account Web Logs Chat Logs or any other information passed through Company resources or Network or stored on Company computers at any time and without prior notice.
8. Inappropriate Use of Resources. Inappropriate use of resources shall be defined as engaging in any activities by users that are inconsistent with the business needs and goals of the Company. Engaging in any activity that adversely affects the users productivity will not be tolerated. When you access the Internet for business purposes you are representing the Company with each site or activity you engage in. Special attention must be paid to such activities that do not directly contribute to the fulfillment of the employees job description or duties. 9. Responsibility for Online Activities. Users are responsible for their online activities. Each employee must indemnify the Company from all claims of loss whether direct or indirect and from any consequential losses suffered by the Company due to breach of the Company Wireless Network Usage Policy. Company is not responsible for users who display store or otherwise transmit any personal information such as passwords banking information credit card numbers social security or tax ID numbers or make use of Internet passports or wallets. Company shall not be held liable for damages resulting from any loss of such information abuse by other parties or any consequential loss of personal property or injury resulting from the storage or loss of such information.
The practices described in this Wireless Network Usage Policy are current as of current date. Company reserves the right to modify or amend this policy at any time. Appropriate notice will be given to all employees contractors vendors or other users of Company resources governed under this Agreement concerning such amendments. Effective Date. current date I hereby declare that have read and fully understand my duties and obligations set forth in the above Wireless Network Usage Policy for company name and will uphold these duties and obligations at all times. EXECUTED as of the date first written above. contract first name contract last name By signator authorized signature or signer. Job title of signator authorized signature or signer. Date when the contact was signed
company name By signator authorized signature or signer. Job title of signator authorized signature or signer. Date when the contact was signed Company Initials Employee Initials