|FUNCTIONS AND OBLIGATIONS
||Deliver to all users in accordance with their user profiles, their functions and obligations relating to the security measures to be complied with and the consequences of any breach.
|IDENTIFICATION AND AUTHENTICATION
||Individual identification and authentication Procedure for assigning and distributing passwords Password complexity and changes.
||Updated list of authorised users and access. Access control allowed in keeping with the functions assigned and systems to prevent non-authorised access. Granting of access permits only for authorised personnel. Physical access control to the premises where the information systems are located.
||Frequency of backups Procedures for generating backup copies and data recovery. Remote backup copies systems.
||Inventory management and identification of media. Media stored under lock and key Log of incoming and outgoing media. Media destruction measures.
||Log containing the type, time detected, person reporting, effects and corrective measures of the incident. Notification procedure and incident management Data recovery procedures
|OTHER TECHNICAL MEASURES
Use of antivirus and firewalls.
Remote access control
Standards of use of email and the internet.
Use of peripherals (printers, photocopiers and multi-function devices).
||Application of document filing criteria to facilitate consulting, locating and handling of Rights. Use of storage devices with locking systems (key, codes...). Custody of active documents to prevent non-authorised access.
||List of data processors. Description of services rendered. Adoption of warranties by processors.