1. Describe in detail the confidentiality agreement and specifically including maintaining the confidentiality of the password
2. Reexamination of the access rights of each and updating access rights in case of transfer of part or advancement in accordance with their respective access rights.
3. Every employee, contractor or third party should return all the company's assets used for work depending on the contract, when the employee, contractor or third party quit the company or moved other part.
4. Operating procedures specified in the security policy should be documented and maintained. …show more content…
Media information systems should be controlled and physically protected to prevent damage to assets and interruption to business activities. Appropriate procedure should be established to protect documents, computer media, the data input / output and documented system from damage, theft and unauthorized access.
7. Attention should be given to protect the integrity of electronically published information to prevent modifications that may harm the company's reputation. The information provided to the public, such as information on the web that can be accessed via the internet must be in accordance with the laws, rules, and regulations in the jurisdiction
8. The business requirements of the access control must be established and documented. Access control rules and rights for each user or group of users should be clearly stated in a policy statement about access
All employees, contractors and third party users of information systems and services should be required to record and report any allegations or findings of security weaknesses in the system or the services. This aims to ensure that information security events and weaknesses detection of information security can be dealt with in a timely and