FACILITIES POLICIES

Block 1C, Ground Floor, DLF IT Special Economic Zone (SEZ),

1/124 Shivaji Gardens,Manapakkam,
Chennai 600 089, Tamil Nadu, India

Process Owner(s) Process Review Process Approval Effective Date

CISO Infosec Forum Head MSOC 26-Dec-11

Doc ID Ver.# Prepared by Classification

MSOC/POL/08 1.1 Shashank Internal

No part of this documentation may be reproduced or transmitted in any form or by any means, electronic or mechanical,
including photocopying or recording, for any purpose without express written permission of an authorized representative
of Accel Frontline
Facilities Policies

Revision History

Ver Change Description Prepared Reviewed Approv Date

No. By By ed By
1.0 New Release Shashank T.N.Ravi Ravi M 09-Sep-10
1.1 Updated New Logo T.N.Ravi Ravi M Ravi M 26-Dec-11

Information classification Accel Frontline Page 2 of 8

Facilities Policies

Table of Contents

1. OBJECTIVE............................................................................................................................................................................................4
2. SCOPE AND APPLICABILITY...........................................................................................................................................................4
3. DEFINITIONS/GLOSSARY.................................................................................................................................................................4
4. POLICY STATEMENTS.......................................................................................................................................................................4
4.1 PHYSICAL SECURITY PERIMETER...........................................................................................................................................................4
4.2 SECURED OFFICES, ROOMS AND FACILITIES...........................................................................................................................................4
4.3 FIRE PREVENTION POLICY.....................................................................................................................................................................4
4.4 NEW INFORMATION PROCESSING FACILITIES.........................................................................................................................................5
4.5 VISITOR MANAGEMENT POLICIES.........................................................................................................................................................5
4.6 PHYSICAL ACCESS CONTROL POLICIES.................................................................................................................................................5
4.7 SECURE WORK AREA (SERVER ROOM / PROJECT SPECIFIC DDCS) POLICIES......................................................................................6
4.8 BADGE RE-CONCILIATION POLICY.........................................................................................................................................................6
4.9 ASSET PROCUREMENT...........................................................................................................................................................................6
4.10 EQUIPMENT SECURITY.......................................................................................................................................................................6
4.11 EQUIPMENT PLACEMENT AND PROTECTION.......................................................................................................................................6
4.12 EQUIPMENT MAINTENANCE...............................................................................................................................................................7
4.13 MATERIAL MOVEMENT......................................................................................................................................................................7
4.14 SECURITY OF OFF-SITE EQUIPMENT MAINTENANCE..........................................................................................................................7
4.15 INVENTORY OF ASSETS......................................................................................................................................................................7
4.16 SAFEGUARDING OF ORGANIZATIONAL RECORDS...............................................................................................................................7
4.17 CRITICAL UTILITY BACKUP POLICY..................................................................................................................................................8
4.18 EXTERNAL FACILITIES MANAGEMENT...............................................................................................................................................8
4.19 Security Agency Policy.....................................................................................................................................................................8

Information classification Accel Frontline Page 3 of 8

Facilities Policies

Facilities Policies

OBJECTIVE
The objective of this policy is to ensure safety and security of information processing facilities.

SCOPE AND APPLICABILITY

This policy is applicable to all employees of the MSOC division of Accel Frontline

DEFINITIONS/GLOSSARY

Term/Abbreviation Definition/Expansion
Secured Areas Server Room, Records Room
Mobile devices Laptop, Blackberry
Media CD, Pen Drive, External Hard Disk etc.

POLICY STATEMENTS
1.1 PHYSICAL SECURITY PERIMETER

 Security perimeter shall be clearly defined and will be physically sound.

 Project level physical security aspects shall be considered, if required.
 A manned reception area shall be established to control physical access
 Physical barriers, if necessary, shall be extended from real floor to real ceiling to prevent unauthorized entry
and environmental contamination such as that caused by fire and flooding.
 All windows of the entire premises are locked after office hours.

1.2 SECURED OFFICES, ROOMS AND FACILITIES

 Buildings shall be unobtrusive and give minimum indication of their purpose, with no obvious signs,
outside or inside the building identifying the presence of information processing activities.
 Support functions and equipment shall be sited to avoid demands for access, which could compromise
information.
 Doors and windows shall be locked when unattended
 Suitable physical access control systems shall be installed to cover all external doors
 Unoccupied areas, if existing, shall be manned at all times.

1.3 FIRE PREVENTION POLICY

 Smoking is strictly prohibited inside the building.

 All employees will be trained on evacuation process in case of fire / emergencies through regular mock drill
sessions.

Information classification Accel Frontline Page 4 of 8

Facilities Policies

 General safety equipment such as fire extinguishers, smoke alarms, etc. shall be provided to assist in
emergency.

1.4 NEW INFORMATION PROCESSING FACILITIES

 A management authorization process for new information processing facilities shall be established.
 New facilities shall have appropriate management approval
 Where necessary, hardware and software shall be checked for compatibility
 The use of personal information processing facilities in the work place shall be assessed and authorized

1.5 VISITOR MANAGEMENT POLICIES

 Visitors date and time of entry and departure are recorded

 Visitors shall be granted access for specific, authorized purposes only and their activities in secured areas
will be supervised
 Visitors are issued with instructions on the security requirements of the area and on emergency procedures
 All visiting personnel shall wear clearly visible ID card
 Access to sensitive information and information processing facilities shall be controlled and will be
restricted to authorized persons only
 An audit trail of all access shall be maintained.
 Access rights to secure areas shall be regularly reviewed and updated.

1.6 PHYSICAL ACCESS CONTROL POLICIES

 Access for new employees will be provided based on request from HR.
 Access will be controlled for all areas of the organization.
 No access will be provided by default. Any access to restricted sections of the organization shall be
provided by competent authorities.
 All critical and confidential records will be stored in a separate room
Sl. # Area Approving Authority
1 Non-restricted areas of the company Admin Department / Dept. Heads
2 Server Room Head IMS

Information classification Accel Frontline Page 5 of 8

Facilities Policies

 Entry to the server room is restricted. Only authorized personnel enter the server room.
 Visitors who need access to server room will be accompanied by IT/Admin staff after obtaining necessary
verbal / written approval from respective authorities.
 All visitors have to be escorted within the office premises.
 Once an employee is terminated / separated / resigned, deactivation of the access has to be done
immediately.
 House keeping or any other contractual maintenance staff will have limited access.
 Special category badges are issued for visitors and contractors.

1.7 SECURE WORK AREA (SERVER ROOM / PROJECT SPECIFIC AREAS) POLICIES

 Personnel shall only be aware of the existence of, or activities within, a secure area on a need to know basis
 Unsupervised working in secure areas shall be avoided both for safety reasons and to prevent opportunities
for malicious activities.
 Vacant secure areas shall be physically locked and periodically checked.
 Access to the secure areas shall be provided only after appropriate authorization and need basis. Such
access shall be monitored.
 Photographic, video, audio, or other recording equipment shall not be allowed.,.

1.8 BADGE RE-CONCILIATION POLICY

 Reconciliation checks will be carried out on badges issued to employees with the list in the HR database
once in a quarter.

1.9 ASSET PROCUREMENT

 Any asset procurement shall have suitable management approval.

 Compatibility requirements shall be taken care of.

1.10 EQUIPMENT SECURITY

 All information assets shall be located or protected to reduce the risks from environmental threats and
hazards, and from unauthorized access.
 Employees and third party vendors shall ensure that unattended equipment is protected from unauthorized
use.
 Critical information assets shall be protected from power failures and other electrical anomalies.

1.11 EQUIPMENT PLACEMENT AND PROTECTION

 Equipment shall be placed in a way to minimize disruption to the access into the work place.
 Items requiring special protection shall be isolated

Information classification Accel Frontline Page 6 of 8

Facilities Policies

 Appropriate control shall be adopted to minimize the risks of potential threats including - Theft, Fire,
Explosives, Smoke, Water (or supply failure), Dust, Vibration, Chemical effects, Electrical supply
interference.
 Eating and drinking in proximity of information processing facilities is prohibited.
 Environmental conditions shall be monitored for secured areas

1.12 EQUIPMENT MAINTENANCE

 Equipments shall be protected from power failures and other electrical anomalies
 Equipment shall be maintained in accordance with manufacturer’s instruction and/or documented
procedures to ensure its continued availability and integrity.
 Only authorized maintenance personnel shall carry out the repairs and service equipment
 Records shall be kept of all suspected or actual faults & all preventive and corrective maintenance.
 Adequate care shall be taken to reduce the risk of compromising organization’s information systems during
maintenance.

1.13 MATERIAL MOVEMENT

 All outward movement of material, including dustbins, garbage, etc., going out of the office premises shall
be screened by the Security Guard.
 All outgoing materials will be entered in the materials register by the Security Guard.
 All incoming materials will be entered in the materials register by the Security Guard.

1.14 SECURITY OF OFF-SITE EQUIPMENT MAINTENANCE

 Authorization shall be required before allowing equipment to leave the premises.

 The material will be logged out and logged back in when returned.
 Manufacturer’s instructions for protecting equipment shall be observed at all times. Adequate insurance
cover shall be in place to protect equipment off-site. All requirements imposed by insurance policies shall
be complied with.
 Spot checks shall be undertaken to detect unauthorized removal of property.
 Individuals shall be made aware that spot checks will take place.

1.15 INVENTORY OF ASSETS

 All assets (information, software, physical and services – computing, communication, utilities) shall be
clearly identified. Records of their ownership, security classification and its current location documented
between system owner and Security Steering Committee.

1.16 SAFEGUARDING OF ORGANIZATIONAL RECORDS

 Important documents of the organization shall be protected from loss, destruction, and falsification.

Information classification Accel Frontline Page 7 of 8

Facilities Policies

 Consideration shall be given to the possibility of degradation of media used for storage of records. Storage
and handling procedures shall be implemented in accordance with manufacturer’s recommendations.

1.17 CRITICAL UTILITY BACKUP POLICY

 All critical utilities such as electricity, water etc, will have backups.
 Options for electrical continuity can include multiple feeds, UPS, and back-up generator.

1.18 EXTERNAL FACILITIES MANAGEMENT

 Risks shall be identified in advance, appropriate controls agreed with the contractor and incorporated into
the contract.
 Sensitive or critical applications shall be retained in-house.
 Approval shall be obtained of business application owners for any external facilities management
 Implications for business continuity plans shall be analyzed
 Security standards shall be specified and the process for measuring compliance shall be established
 Specific responsibilities shall be allocated and procedures to effectively monitor all relevant security
activities shall be established
 Responsibilities and procedures for reporting and handling security incidents shall be established

1.19 SECURITY AGENCY POLICY

 The agency should have well trained personnel who conform to normal physical and medical conditions.
 The agency should also make it mandatory to deploy only the personnel who have undergone training in
fire-fighting, basic first aid.
 To ensure uniformity of security protection, leveraging on rates and to have one-point control, the company
should have a common Security Agency for all its locations at all units.
 Reference check and verification of prospective guards / supervisors to be conducted by the security
agency. Selection is made in consultation with the COO.
 The Security Agency will ensure that Supervisors are trained to keep them updated about the latest needs of
the company.
 The Security Agency shall conform to all statutory requirements under laws applicable to the region.

Information classification Accel Frontline Page 8 of 8