The main purposes of the Monitoring of System Use Policy is to maintain the confidentiality, integrity and availability of information processing and communication services, to detect failures and unauthorized activities and to define guidelines for the implementation of on-going review and monitoring activities at Company.
The objective of the Network Security Policy is to ensure the security of data transfers across Company’s networks and that an adequate level of security exists to protect the network infrastructure.
This IT Risk Standard details the requirements with respect to Network Security. It addresses requirements which must be incorporated into the Company network design, in order to mitigate risks associated with remote access and interconnected networks.
The Privacy and Data Protection Policy sets forth minimum standards for the collection, access, use, disclosure, disposal, safeguarding and other handling of certain nonpublic identifiable information on current, former, and prospective employees, clients and other third parties that the Company keeps or uses for business purposes. Such information is referred to as “Protected Information”.
The Managing IS Risks in IT Services Provided by Third Parties Standard requires the use of risk management techniques to stipulate controls necessary for the management of the relationship with IT third parties and those controls required in formal agreements with the IT third parties.
