Professional Documents
Culture Documents
ISMS Wireless Network Policy
ISMS Wireless Network Policy
ISMS Wireless Network Policy
1 Introduction
2 Scope
This policy sets out <Short Name>’s requirements for the operation of wireless IT networks.
This policy applies to all staff, including employees, contractors and interns etc. working for,
or under the control of, <Short Name>.
3 Revision History
Revision Date Record of Changes Approved By
0.0 [Date of Issue] Initial Issue
5 References
Standard Title Description
ISO 27000:2014 Information security management systems Overview and vocabulary
ISO 27001:2013 Information security management systems Requirements
ISO 27002:2013 Information technology - security Code of practice for information security
techniques controls
7 Responsibilities
The <ISMS Manager> is responsible for all aspects of the implementation and management
of this procedure, unless noted otherwise.
Managers and supervisors are responsible for the implementation of this policy, within the
scope of their responsibilities, and must ensure that all staff under their control understand
and undertake their responsibilities accordingly.
our IT Service ensures that our secure wireless networks comply with all legal and
regulatory requirements and our ISMS
all access points and wireless devices used on our secure wireless network must
conform to all related national regulations, standards and recommended
specifications as defined by the IT Service
all new access points and wireless devices used on our secure wireless network
must be purchased and installed by the IT Service
requests for the installation of new access points or wireless devices must be
directed through the <IT Service Desk>
all access points and wireless devices used on our secure wireless network must
follow the IT Service standard configuration settings.
our IT Service has the right to disable, without prior notice, any non-standard or
unauthorised devices on our secure wireless network
wireless security testing is performed on a periodic and random basis using audit
penetration tests
such audit penetration tests must only be carried out with the prior agreement of the
<IT manager>
where unauthenticated open access to the Internet is provided it is provided
separately from the secure wireless network and unauthenticated access via
personal laptops and other mobile devices will be subject to internet filtering
only <Short Name> approved software and hardware devices are permitted on our
secure wireless network
10 User responsibilities
Users must not connect any unauthorised equipment to our secure wireless network without
prior approval from <IT Services>.
Wireless technology must not be used to connect to our non-wireless networks.
All users of information and ICT systems for which <Short Name> is responsible must agree
to, and abide by, our ISMS Acceptable Use Policy and all other requirements as set out in
our information security management system (ISMS).
No information regarding our wireless networks, including configuration and setup
information, may be shared with any unauthorised users, third party vendors or members of
Wireless Network Policy Page 2 of 3
<Short Name> Information Security Policy
the public, apart from notification of the availability of our guest unauthenticated wireless
network.
11 Breaches of policy
<Short Name> will take all necessary measures to remedy any breach of this policy
including the use of our disciplinary or contractual processes where appropriate.
12 Records
Records retained in support of this procedure are listed in the ISMS Controlled Records
Register and controlled according to the Control of Management System Records
Procedure.