Professional Documents
Culture Documents
Facilities Policies
Facilities Policies
Facilities Policies
No part of this documentation may be reproduced or transmitted in any form or by any means, electronic or mechanical,
including photocopying or recording, for any purpose without express written permission of an authorized representative
of Accel Frontline
Facilities Policies
Revision History
Table of Contents
1. OBJECTIVE............................................................................................................................................................................................4
2. SCOPE AND APPLICABILITY...........................................................................................................................................................4
3. DEFINITIONS/GLOSSARY.................................................................................................................................................................4
4. POLICY STATEMENTS.......................................................................................................................................................................4
4.1 PHYSICAL SECURITY PERIMETER...........................................................................................................................................................4
4.2 SECURED OFFICES, ROOMS AND FACILITIES...........................................................................................................................................4
4.3 FIRE PREVENTION POLICY.....................................................................................................................................................................4
4.4 NEW INFORMATION PROCESSING FACILITIES.........................................................................................................................................5
4.5 VISITOR MANAGEMENT POLICIES.........................................................................................................................................................5
4.6 PHYSICAL ACCESS CONTROL POLICIES.................................................................................................................................................5
4.7 SECURE WORK AREA (SERVER ROOM / PROJECT SPECIFIC DDCS) POLICIES......................................................................................6
4.8 BADGE RE-CONCILIATION POLICY.........................................................................................................................................................6
4.9 ASSET PROCUREMENT...........................................................................................................................................................................6
4.10 EQUIPMENT SECURITY.......................................................................................................................................................................6
4.11 EQUIPMENT PLACEMENT AND PROTECTION.......................................................................................................................................6
4.12 EQUIPMENT MAINTENANCE...............................................................................................................................................................7
4.13 MATERIAL MOVEMENT......................................................................................................................................................................7
4.14 SECURITY OF OFF-SITE EQUIPMENT MAINTENANCE..........................................................................................................................7
4.15 INVENTORY OF ASSETS......................................................................................................................................................................7
4.16 SAFEGUARDING OF ORGANIZATIONAL RECORDS...............................................................................................................................7
4.17 CRITICAL UTILITY BACKUP POLICY..................................................................................................................................................8
4.18 EXTERNAL FACILITIES MANAGEMENT...............................................................................................................................................8
4.19 Security Agency Policy.....................................................................................................................................................................8
Facilities Policies
OBJECTIVE
The objective of this policy is to ensure safety and security of information processing facilities.
DEFINITIONS/GLOSSARY
Term/Abbreviation Definition/Expansion
Secured Areas Server Room, Records Room
Mobile devices Laptop, Blackberry
Media CD, Pen Drive, External Hard Disk etc.
POLICY STATEMENTS
1.1 PHYSICAL SECURITY PERIMETER
Buildings shall be unobtrusive and give minimum indication of their purpose, with no obvious signs,
outside or inside the building identifying the presence of information processing activities.
Support functions and equipment shall be sited to avoid demands for access, which could compromise
information.
Doors and windows shall be locked when unattended
Suitable physical access control systems shall be installed to cover all external doors
Unoccupied areas, if existing, shall be manned at all times.
General safety equipment such as fire extinguishers, smoke alarms, etc. shall be provided to assist in
emergency.
A management authorization process for new information processing facilities shall be established.
New facilities shall have appropriate management approval
Where necessary, hardware and software shall be checked for compatibility
The use of personal information processing facilities in the work place shall be assessed and authorized
Access for new employees will be provided based on request from HR.
Access will be controlled for all areas of the organization.
No access will be provided by default. Any access to restricted sections of the organization shall be
provided by competent authorities.
All critical and confidential records will be stored in a separate room
Sl. # Area Approving Authority
1 Non-restricted areas of the company Admin Department / Dept. Heads
2 Server Room Head IMS
Entry to the server room is restricted. Only authorized personnel enter the server room.
Visitors who need access to server room will be accompanied by IT/Admin staff after obtaining necessary
verbal / written approval from respective authorities.
All visitors have to be escorted within the office premises.
Once an employee is terminated / separated / resigned, deactivation of the access has to be done
immediately.
House keeping or any other contractual maintenance staff will have limited access.
Special category badges are issued for visitors and contractors.
1.7 SECURE WORK AREA (SERVER ROOM / PROJECT SPECIFIC AREAS) POLICIES
Personnel shall only be aware of the existence of, or activities within, a secure area on a need to know basis
Unsupervised working in secure areas shall be avoided both for safety reasons and to prevent opportunities
for malicious activities.
Vacant secure areas shall be physically locked and periodically checked.
Access to the secure areas shall be provided only after appropriate authorization and need basis. Such
access shall be monitored.
Photographic, video, audio, or other recording equipment shall not be allowed.,.
Reconciliation checks will be carried out on badges issued to employees with the list in the HR database
once in a quarter.
All information assets shall be located or protected to reduce the risks from environmental threats and
hazards, and from unauthorized access.
Employees and third party vendors shall ensure that unattended equipment is protected from unauthorized
use.
Critical information assets shall be protected from power failures and other electrical anomalies.
Equipment shall be placed in a way to minimize disruption to the access into the work place.
Items requiring special protection shall be isolated
Appropriate control shall be adopted to minimize the risks of potential threats including - Theft, Fire,
Explosives, Smoke, Water (or supply failure), Dust, Vibration, Chemical effects, Electrical supply
interference.
Eating and drinking in proximity of information processing facilities is prohibited.
Environmental conditions shall be monitored for secured areas
Equipments shall be protected from power failures and other electrical anomalies
Equipment shall be maintained in accordance with manufacturer’s instruction and/or documented
procedures to ensure its continued availability and integrity.
Only authorized maintenance personnel shall carry out the repairs and service equipment
Records shall be kept of all suspected or actual faults & all preventive and corrective maintenance.
Adequate care shall be taken to reduce the risk of compromising organization’s information systems during
maintenance.
All outward movement of material, including dustbins, garbage, etc., going out of the office premises shall
be screened by the Security Guard.
All outgoing materials will be entered in the materials register by the Security Guard.
All incoming materials will be entered in the materials register by the Security Guard.
All assets (information, software, physical and services – computing, communication, utilities) shall be
clearly identified. Records of their ownership, security classification and its current location documented
between system owner and Security Steering Committee.
Important documents of the organization shall be protected from loss, destruction, and falsification.
Consideration shall be given to the possibility of degradation of media used for storage of records. Storage
and handling procedures shall be implemented in accordance with manufacturer’s recommendations.
All critical utilities such as electricity, water etc, will have backups.
Options for electrical continuity can include multiple feeds, UPS, and back-up generator.
Risks shall be identified in advance, appropriate controls agreed with the contractor and incorporated into
the contract.
Sensitive or critical applications shall be retained in-house.
Approval shall be obtained of business application owners for any external facilities management
Implications for business continuity plans shall be analyzed
Security standards shall be specified and the process for measuring compliance shall be established
Specific responsibilities shall be allocated and procedures to effectively monitor all relevant security
activities shall be established
Responsibilities and procedures for reporting and handling security incidents shall be established
The agency should have well trained personnel who conform to normal physical and medical conditions.
The agency should also make it mandatory to deploy only the personnel who have undergone training in
fire-fighting, basic first aid.
To ensure uniformity of security protection, leveraging on rates and to have one-point control, the company
should have a common Security Agency for all its locations at all units.
Reference check and verification of prospective guards / supervisors to be conducted by the security
agency. Selection is made in consultation with the COO.
The Security Agency will ensure that Supervisors are trained to keep them updated about the latest needs of
the company.
The Security Agency shall conform to all statutory requirements under laws applicable to the region.