Professional Documents
Culture Documents
IT Security Policy
(Information Technology Security Policy)
2011 Workshop
IT Security Policy - Purpose
= Request access
1. Access to restricted or limited –access data of employee requires a
formal request with an approval from the Senior Manager before
forwarding to the appropriate IT admin.
2. Email request are accepted. The request must specify the data desired
and intended to use.
= Exceptions
1. All request of exceptions to the data access policies must be made in
writing with a consent of a Senior Manager prior to approval of an
IT Manager and/or Finance Division Head . Email Request are accepted.
= Denial
1. IT Manager will provide a written record of the reasons for denial of
any request for access. Email records are acceptable.
Passwords
2011 Workshop
There are a number of dos and don’ts when creating and managing your passwords,
but there are some basics guidelines you can follow.
Incorrect password(“attempts”) Account locked out after the 3rd or more attempts
E-mail
2011 Workshop
The content and maintenance of the user’s electronic mailbox is user’s responsibility.
1. check mail daily
2. delete unwanted messages immediately since these take up disk storage
3. do not open mail with virus or emails with attachments with following EXE, BAT,
SCR, PIF, COM and VBS
4. sending large attachment beyond 5mb should be raised thru the IT. IT will help
help facilitate the sending or receiving
5. email should not be considered private. Confidential information should not be
sent by email.
Internet (World Wide Web)
2011 Workshop
Internet usage policy should restrict access to these types of sites (hotmail, yahoo, etc.) and should clearly identify
what, if any, personal use is authorized. Authority to access the internet shall be determined by Finance Division Head.
Approved application shall be channeled to the IT Manager wherein access shall be granted based on the
authorized access level.
Full access – used by Senior Managers and other user who need full, important access
to different internet sites.
Limited access – Given access are PPIC, Scan and Pack, Merchandisers, Shipping, Sample/Pattern,
Logistics, Adicomp, HRs
- These are only limited for the following sites.
1. Adidas Sites
2. PAXAR/Adicomp
3. Shipping/Courier Sites (FEDEX, UPS, DHL)
4. Trading System/Terminal, FTP connections to taipei office and mail access
5. Government sites (SSS, PHIC, HMDF, BIR, DOLE)
6. Other official business related sites: (FFC, SEDEX, PINKERTON, OMEGA, etc.)
2011 Workshop
CCTV
The purpose of this Policy is to provide guidelines for the use of CCTV on the
organization’s property in a way that enhances security, but also respects the
expectation of reasonable privacy among members of the company. This Policy
applies to all Departments within the company.
THANK YOU!