Installing New Hardware

Installation of new equipment must be properly considered and planned to avoid unnecessary disruption and to ensure that the Information Security issues are adequately covered. (See Premises for further detail.)

To view the related Policy click      

 

  • The equipment must be located in a suitable environment otherwise it may fail.

  • Adhere to the specifications and recommendations of the manufacturer or supplier, e.g. for operational temperature, humidity etc.
  • Adequate safeguards against fire, water and electrical failure should be in place. See Premises.

  • Any disclosure of your network diagrams, security features, locations, configurations etc. exposes potential vulnerabilities which could be exploited.

  • Ensure that all persons on site, whether from your own organisation or not, have completed a Non-Disclosure Agreement.
  • Although a Non Disclosure Agreement paves the way for legal redress, it cannot protect you against actual commercial damage.

  • Leaving tools, utilities and developer's kits on your new system endangers the confidentiality and integrity of your data.

  • All new systems should be configured for maximum practical security by the removal of unnecessary utilities, developers' programs, etc. - a technique known as hardening.

  • Without an installation plan for the new equipment, disruption to operational systems is more likely.

  • Ensure that all special pre-installation requirements (e.g. air conditioning) have been met.
  • Identify the precise location for the equipment and ensure that the power and network cables are ready.
  • Agree a detailed installation plan with the vendor. (See Project Plan).
  • Anticipate what might go wrong and consider how to minimise the risks.

  • Where the installation plan does not include safeguards against the (inevitable) increased security threat resulting from (relatively) 'open access' to the systems area, accidental or malicious damage can result.

  • Agree a detailed installation plan and document it. See Project Plan.
  • Monitor progress against the plan.
  • Only allow authorised persons access to the systems area.
  • To protect all parties never allow engineers to work unattended.

  • Breaches of Health and Safety regulations endanger the well-being of your staff and your organisation's commercial activities.

  • Ensure Health and Safety regulations are followed when locating the equipment, peripherals, and cables.
  • A periodic visual inspection is beneficial also.

Previous PageTop of this pageNext Page

Information Security Policies from US$595

 From
 US$595

For further information about the RUsecure interactive security policies, visit Information Security Policy World
Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
Sponsor: ISO 17799 Directory
This site created with EasyHTMLHelp(tm) for MS Word

 

Next PageUpPrevious Page