Establish,Security,Guidelines, business, insurance Establish Security Guidelines
As we all know to live in this world we have to perform some activity by which we can earn money. There are many activities by which we can earn money and meet the standards to live in this society. And from one of them is franchise. Franc Small offices have unique needs, and thatincludes document shredding. Designed with the smaller business inmind, the Dahle 20314 is a cross-cut shredder that offers Level 3security and brings you into compliance with federal regulations. The
Security can becomplex. It deals with user access to systems, data storage, Internet access,email retention, and many other operational processes. Yet, to a large extent,security for your call center work will be dependent on the network andoperating systems established by your outsourcer. Hence, the need forguidelines. Guidelinesshould define the topics used in a basic checklist. The checklist should definephysical and technical safeguards that protect the confidentiality, integrity,and availability of the electronic information that the outsourcer creates,receives, maintains, and transmits on behalf of your company from anyanticipated threats, hazards, or improper access or use. Guidelines needto reflect your own security goals and, likewise, used to evaluate the securityof any prospective outsourcer. Keep in mind that you are already obligated toprotect the confidentiality and integrity of your customers. Your outsourcer shouldhonor the same commitment. Not providing guidelines may inadvertently violate contracts,expose confidential data, reduce market credibility, or result in government imposedpenalties. Security goalsmay vary, but at a minimum, your guidelines should incorporate policies to maintainthe confidentiality of data, protection of data being modified by unauthorizedsources, levels of access for applications and associated data, andaccountability to verify compliance with security policies. Outlineenforceable security requirements in any contractual or other form ofagreement. Remember these requirements have a lifecyclethrough which policieswill be generated, applied, audited, and revised. Validate youroutsourcer has a Chief Security Officer (CSO), or equivalent executive,that oversees security across their organization and periodically report on allaspects of security at his site. Ensure youroutsourcer has an organizational hierarchy that identifies who will have accessto sensitive data or critical applications. Be sure you have established yourown internal process for classifying data, and appropriate levels of securityfor each data class. While yourprospective outsourcer may independently submit the details of their securitydepartment in an RFP or other due diligence request, you should establish thesecurity guidelines you expect to be followed. After all, it is your business. As an example ofwhat happens when guidelines are not enforced, consider the breach that Sonyexperienced between April 17 and April 19, 2011. After the breach, Sonyinformed the public that the names, addresses, and credit card numbers of 77million of its users had been compromised. Reuters laterreported that Michael Pachter, Wedbush Securities Analyst, said "Sonyprobably did not pay enough attention to security when it was developing thesoftware that runs its network. In the rush to get out innovative new products,security can sometimes take a back seat." Guidelines needto define the process of any new technologies, products, or data uses and identifythe potential security impact, whether recommended by you or your outsourcer.Guidelines should also include the process for your outsourcer to respond tosecurity "alerts" released by software vendors. When securitybreaches are discovered, guidelines should set forth penalties and theprocedures to correct the breach as promptly as possible. Guidelines shouldstipulate an incident recovery/back-up plan, including backup software and asecondary site to maintain data, in case of any breaches in your informationsecurity systems. The guidelines should also mandate a process to eradicatedata from equipment prior to disposal. For the desktop,guidelines should mandate the use of virus protection programs and the regularupdates of virus and software patches. Whenguidelines are not followed, you will need to identify how to handle andresolve disputes. Thus, your guidelines need to include a plan for resolutionof disputes arising out of security breaches or alleged misuse of customeridentifiable information. © 2011 Geoffrey Best
Establish,Security,Guidelines,