Beruflich Dokumente
Kultur Dokumente
1 Introduction
2 Scope
This policy sets out <Short Name>’s requirements regarding connecting devices to our
networks.
This policy applies to all staff, including employees, contractors and interns etc. working for,
or under the control of, <Short Name>.
3 Revision History
Revision Date Record of Changes Approved By
0.0 [Date of Issue] Initial Issue
5 References
Standard Title Description
ISO 27000:2014 Information security management systems Overview and vocabulary
ISO 27001:2013 Information security management systems Requirements
ISO 27002:2013 Information technology - security Code of practice for information security
techniques controls
7 Responsibilities
The <IT Manager> is responsible for all aspects of the implementation and management of
this procedure, unless noted otherwise.
8 Network Policy
If you operate IT networks you should set out your network policy below. We have provided
a ‘good practice’ model which hopefully meets most of your requirements. This document is
part of your ISMS.
<IT Services> operates this policy to ensure the security and appropriate use of <Short
Name> Networks, and to allocate access to network resources and bandwidth in an
equitable manner.
This policy advises users regarding the specifics of connecting devices to the network.
users may only connect to the network from those locations that <IT Services> has
designated as connectivity points: voice/data jacks or separate demarcation points
These connections are limited to end-point devices such as PCs, notebooks,
workstations, printers, or other terminating devices.
users may not extend or modify the network in any way by installing devices such as
repeaters, bridges, switches, routers, gateways, wireless access points, or
permanent hubs unless specific permission has been obtained from <IT Services>
users may not install mail servers without first discussing their project requirements
with <IT Services>
Any mail servers found not registered will be summarily blocked by <IT Services>
and disciplinary action may be taken.
users must seek prior authorisation from the <IT Manager> before they install web,
application, music, or other types of servers or devices designed to provide file, print,
application, or access services
users must use network services provided by <IT Services>, and not attempt to
provision network services such as IP address assignment (i.e., DHCP servers),
DNS, or other management services
Any piece of equipment that is found in violation of these requirements will be subject to
immediate disconnection.
9 Breaches of policy
<Short Name> will take all necessary measures to remedy any breach of this policy
including the use of our disciplinary or contractual processes where appropriate.
10 Records
Records retained in support of this procedure are listed in the ISMS Controlled Records
Register and controlled according to the Control of Management System Records
Procedure.