EMPLOYEE SECURITY POLICIES

Block 1C, Ground Floor, DLF IT Special Economic Zone (SEZ),

1/124 Shivaji Gardens,Manapakkam,
Chennai 600 089, Tamil Nadu, India

Process Owner(s) Process Review Process Approval Effective Date

CISO Infosec Forum Head MSOC 26-Dec-11

Doc ID Ver.# Prepared by Classification

MSOC/POL/09 1.1 Shashank Internal

No part of this documentation may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying or
recording, for any purpose without express written permission of an authorized representative of Accel Frontline
 Revision History

Ver Change Description Prepared Reviewed Approved Date

No. By By By
1.0 New Release Shashank T.N.Ravi Ravi M 09-Sep-10
1.1 Updated New Logo T.N.Ravi Ravi M Ravi M 26-Dec-11
Employee Security Policy

Table of Contents

1. Objective...............................................................................................................................................................4
2. Scope and Applicability........................................................................................................................................4
3. Definitions/Glossary..............................................................................................................................................4
4. Policy Statements..................................................................................................................................................4
4.1. Security & Confidentiality..................................................................................................................................4
4.2. Eatables Policy....................................................................................................................................................4
4.3. ID Badge Policy..................................................................................................................................................4
4.4. Clear Desk Clear Screen Policy..........................................................................................................................4
4.5. Personal Assets...................................................................................................................................................5
4.6. Protection of Company Assets............................................................................................................................5
4.7. Asset movements................................................................................................................................................5
4.8. Communication...................................................................................................................................................5
4.9. Copy Rights Policy.............................................................................................................................................5
4.10. Protection against Virus for Mobile Devices (Laptops)...................................................................................5
4.11. Physical Security of mobile devices.................................................................................................................6
4.12. Protection of Sensitive Data on Mobile Devices..............................................................................................6
4.13. Rights to trace User Activities..........................................................................................................................7
4.14. Employee Responsibilities towards Business Continuity.................................................................................7

Information classification Accel Frontline Page 3 of 7

Employee Security Policy

Employee Security Policy

1. OBJECTIVE

To draft and implement the information security policies for employees

2. SCOPE AND APPLICABILITY

This policy is applicable to all employees of the MSOC division of Accel Frontline

3. DEFINITIONS/GLOSSARY

Term/Abbreviation Definition/Expansion
Mobile devices Laptop, Blackberry

4. POLICY STATEMENTS

4.1. Security & Confidentiality

 All information about the Company, its customers, clients, prospects, suppliers or employees is confidential and
proprietary, and shall not be divulged to anyone other than persons who have a right to know, or are authorized
to receive such information.
 This basic policy of caution and discretion in handling of confidential information extends to both external and
internal disclosure.
 Confidential information obtained as a result of employment with the organization is not to be used by you for
the purpose of furthering any private interest, or as a means of making personal gains.

4.2. Eatables Policy

 Eatables & Drinks are prohibited in the work area.

4.3. ID Badge Policy

 ID cards are to be displayed prominently.
 Mandatory use of access card at access control points.
 Employees will not tailgate or allow any else to tail gate at the access control points for entry/exit.

4.4. Clear Desk Clear Screen Policy

 Every employee shall keep their systems locked if they are leaving their desk.
 Screen savers shall also be employed when inactivity has been detected on unattended computers.
 Ensure sensitive documents are stored securely and handled with care.
 Sensitive or critical business information shall be kept in a secured central location.

Information classification Accel Frontline Page 4 of 7

Employee Security Policy

 Sensitive or classified information, when printed, shall be cleared from printers immediately.

4.5. Personal Assets

 Employees shall not carry any personal computing device like Laptops, pen-drives, CDs etc within the premises
without authorization
 Do not take pictures using any camera or phone

4.6. Protection of Company Assets

 Employees shall take adequate care to protect company assets
 Company assets to be used for strictly business purpose only

4.7. Asset movements

 Do not move company assets on your own. Request Tech Support/Administration department to plan and
implement the movement.

4.8. Communication
 Employees shall take appropriate care not to compromise on information security while using various modes of
communication like email, verbal, telephone and fax or voice mail.

4.9. Copy Rights Policy

 Unauthorized copying of copyrighted materials including software and products are strictly prohibited.

4.10. Protection against Virus for Mobile Devices (Laptops)

 Anti-virus software must be installed on laptops and configured to scan files as they are installed or copied to
the laptop
 Do not disable virus scan feature
 Update Antivirus regularly
 Loading or installing non-business related items on to the Laptop is to be discouraged.
 Any virus infection on the mobile device should immediately be informed to the IT representative and the
device should be disconnected from the network. If possible the mobile device may be switched off.
 All critical data shall always be backed up before proceeding on an extended travel.
 In situations where the removable media or mobile device is used from outside office premises, all items (CD,
Disks, Paper, Mobile Device) containing organization information shall be guarded. If they are to be discarded
then they should be disposed according to “IT Asset disposal policy” in the IT Policy of the organization.
 Mobile Devices provided by organization shall be used only for official purpose by the employee.

Information classification Accel Frontline Page 5 of 7

Employee Security Policy

4.11. Physical Security of mobile devices

 Users must take the following preventive measures towards physically securing the Mobile Device.
 All laptops acquired for or on behalf of the organization shall always remain organization’s property. Each
employee provided with a laptop is responsible for the security of that laptop, regardless of whether the laptop
is used in the office, at his/her residence, or in any other location such as a hotel, conference room, car or
airport.
 Laptop computers must not be:
 left to be viewed in an unattended area, even for a short period of time,
 left in a vehicle overnight,
 kept in extreme temperatures
 A laptop displaying sensitive information and being used in a public place, e.g. on a train, aircraft or bus, must
be positioned such that the screen cannot be viewed by others.
 When leaving a laptop unattended for any extended period, e.g. lunch breaks or overnight, users must:
 Physically secure it with a cable lock and/or
 Lock it away in a robust cabinet or alternatively lock the door of an individually occupied office.
 In vulnerable situations, e.g. public areas such as airport lounges, hotels and conference centers, the laptop must
never be left unattended.
 Laptops should be carried as hand luggage whenever permitted while traveling.
 Where any of the above rules are either inappropriate or impractical, the owner is responsible for taking all
reasonable steps to minimize the risk of loss or damage to the laptop.
 Mobile users connecting to the web from external locations like their home or a hotel room are vulnerable to
virus attack. It is recommended to have personal firewall installed as an effective and inexpensive layer of
security.
 In case of any accident, damage, or harm to the laptop or any of its components/accessories, the user must
report the incident to the IT Department.

4.12. Protection of Sensitive Data on Mobile Devices

 All sensitive information must be updated / stored on the main network servers by the user.
 It is the responsibility of each employee to ensure that confidential and sensitive data is protected from
unauthorized users.
 It is the responsibility of the laptop owner to ensure safety of business & important data. Local IT team should
be requested for backup & archiving on regular basis as per the Backup Policy. IT team shall not be responsible
for any loss of the data due to failure of the hardware.
 Keep the laptop in a locked and secured environment when not being used for a long period.

Information classification Accel Frontline Page 6 of 7

Employee Security Policy

4.13. Rights to trace User Activities

 Company reserves the right to monitor computer facilities, user workstation, Email access, internet access,
network traffic, file transfer activity, etc., for any suspected abuse, unauthorized or illegal activities.

4.14. Employee Responsibilities towards Business Continuity

 Understand safety aspects in the work environment
 Participate in Fire Drills
 Not to do any thing that could cause any disaster such as bringing in inflammable material into the premise
 Follow Fire Safety procedures all the time
 Keep personal contact information updated
 Not to carry any mobile device into work area
 Report any observed safety or security lapse immediately to BCP Team

Information classification Accel Frontline Page 7 of 7