1.        Purpose

Visitors to the Company carrying IT equipment pose a serious threat to the security of our IT systems. Commonly, the equipment in question are laptops, and we will use the term laptops instead. Without proper control, a visitor with a laptop can connect to the network and infect the system with viruses or malicious programs (e.g. Trojans), either on purpose or unintentionally. The Visitor IT Security Procedure is designed with the purpose of preventing and covering such cases, should they occur.

2.        Scope

The Visitor IT Security Procedure is applicable to all visitors of the Company’s sites. More specifically, two categories of visitors are defined:

  1. Company consultants hired by the company. These consultants use company laptops and have access to LAN, but are not working in the Company.  (category 1)
  2. General purpose visitors, e.g. vendors, politicians, and university representatives. (category 2)

3.        Owner

The Company, IT.

4.        Policy

The proper execution of the Visitor IT Security Procedure requires adherence to the following policy guidelines.

  • All visitors must be checked by the security guard for laptops.
  • Those with laptops (all catagories) will be issued the IT Visitor Security Slip
  • The IT Visitor Security Slip must be completed by the visitor and signed by both the visitor and security guard.
  • By signing the IT Visitor Security Slip, the visitor agrees to be fully responsible for covering all financial losses resulting from damage inflicted by transferring viruses or malicious software while connected to our network.
  • Visitors belonging to category 1 can have their laptop checked by informing their host to contact the IT helpdesk for a security check.
  • Visitors requesting a check should be immediately be served by an IT technician.
  • Category 2 visitors are allowed to bring their laptops, but they are not allowed to connect their laptops to our network. This will be explicitly mentioned in the IT Visitor Security Slip.
  • Visitors will be made aware of the Visitor Security Policy by means of an announcement.
  • Department secretaries will be made aware of the Visitor Security Policy by means of a short 15-20 minute meeting/briefing, scheduled to be performed after PMT approval.

5.        Roles and Responsibilities

The Visitor IT Security Procedure involves the following entities and corresponding responsibilities.

Role Responsibilities
Security Guard l   The security guard is responsible for identifying visitors at the entrance.l   The security guard is responsible for checking visitors for laptops.

l   The security guard is responsible for recording and issuing the IT Visitor Security Slip to the visitor.

IT Personnel l   IT personnel is responsible for subjecting the visitor’s laptop to a security audit if requested.
IT Manager l   The IT manager is responsible for confirming the security audit performed by IT personnel.
Visitor l   The visitor is responsible for behaving appropriately during his visit.l   The visitor is responsible for taking initiative in case he thinks his laptop does not meet the local security requirements.
Host Department (Secretary) l   The department hosting the visitor is responsible for contacting the IT department in case the visitor desires a security audit.

 

6.        Definition and Abbreviations

6.1.     Definitions

N/A.

6.2.    Abbreviations

N/A.

7.        Procedure details

7.1.    Procedure definition

When a visitor visits The Company, he will report to the entrance security guard. The security guard will check whether or not the visitor carries a laptop computer. If the visitor has brought a laptop, the security guard will request the visitor to complete and sign the IT Visitor Security Slip. In doing this, the visitor assumes full responsibility for financial losses resulting from possible damage inflicted by connecting his laptop to our network. If the visitor does not want to risk this, he may have his laptop checked by our IT department. This option, however, is only available to visitors with laptops provided by the company. Personal laptops are not allowed to connect to our network. To have his laptop checked, the visitor should inform the department hosting him of this preference. The host department will then accompany the visitor to the IT department, where IT personnel will check his laptop.

7.2.    Procedure flow charts

TBD

8.        ReferenceS

N/A.

9.        APPENDIX A: IT VISITOR SECURITY SLIP

TBD

10.    APPENDIX B: VISITOR SECURITY ANNOUNCEMENT

Dear Visitors,

As part of our overall efforts to enhance our security environment and, more importantly, to improve our services to our dearest visitors, we now require visitors with laptop computers to complete the form issued by our security guards. All visitors who have the intention to use our WLAN/LAN, please inform your host to contact the IT service desk to refer to a security check. Only laptops that have passed our IT security standard are allowed to use our LAN. This procedure will not require more than 15 minutes of your time. Please remember, only laptops provided by the company are allowed access to our WLAN/LAN. Nevertheless, visitors are allowed to use their personal laptops as long as they remain unconnected to our systems. Our IT staff will be available should you have any questions. We thank you for your kind understanding.

Sincerely,

The Company.

亲爱的访客,

为了加强我们的IT安全环境,更为重要的是提高我们对来访者的服务,现在我们要求携带笔记本的访客填写由保安人员提供的电脑设备使用声明,所有想使用LAN的访客,请通知被访部门,联系IT SERVICEDESK并对其笔记本进行安全检查,只有通过公司安全检查的笔记本才允许使用我们的网络,这个流程将花费您不超过15分钟的时间。请记住,只有公司提供的笔记本才能连接我们的网络。然而,访客如果不连接到我们系统的话,他可以用他个人的笔记本.如有任何问题,请咨询IT 人员。我们非常感谢您的配合。