<Short Name> Information Security Policy

Network Connection Policy

1 Introduction
2 Scope
This policy sets out <Short Name>’s requirements regarding connecting devices to our
networks.
This policy applies to all staff, including employees, contractors and interns etc. working for,
or under the control of, <Short Name>.

3 Revision History
Revision Date Record of Changes Approved By
0.0 [Date of Issue] Initial Issue

4 Control of hardcopy versions

The digital version of this document is the most recent version. It is the responsibility of the
individual to ensure that any printed version is the most recent version. The printed version
of this manual is uncontrolled, and cannot be relied upon, except when formally issued by
the <Document Controller> and provided with a document reference number and revision in
the fields below:
Document Ref. Rev. Uncontrolled Copy X Controlled Copy

5 References
Standard Title Description
ISO 27000:2014 Information security management systems Overview and vocabulary
ISO 27001:2013 Information security management systems Requirements
ISO 27002:2013 Information technology - security Code of practice for information security
techniques controls

6 Terms and Definitions

 “staff” and “users” means all of those who work under our control, including
employees, contractors, interns etc.

 “we” and “our” refer to <Short Name>

7 Responsibilities
The <IT Manager> is responsible for all aspects of the implementation and management of
this procedure, unless noted otherwise.

Network Connection Policy Page 1 of 2

 <Short Name> Information Security Policy
Managers and supervisors are responsible for the implementation of this policy, within the
scope of their responsibilities, and must ensure that all staff under their control understand
and undertake their responsibilities accordingly.

8 Network Policy
If you operate IT networks you should set out your network policy below. We have provided
a ‘good practice’ model which hopefully meets most of your requirements. This document is
part of your ISMS.
<IT Services> operates this policy to ensure the security and appropriate use of <Short
Name> Networks, and to allocate access to network resources and bandwidth in an
equitable manner.
This policy advises users regarding the specifics of connecting devices to the network.

 users may only connect to the network from those locations that <IT Services> has
designated as connectivity points: voice/data jacks or separate demarcation points
These connections are limited to end-point devices such as PCs, notebooks,
workstations, printers, or other terminating devices.

 users may not extend or modify the network in any way by installing devices such as
repeaters, bridges, switches, routers, gateways, wireless access points, or
permanent hubs unless specific permission has been obtained from <IT Services>

 users may not install mail servers without first discussing their project requirements
with <IT Services>
Any mail servers found not registered will be summarily blocked by <IT Services>
and disciplinary action may be taken.

 users must seek prior authorisation from the <IT Manager> before they install web,
application, music, or other types of servers or devices designed to provide file, print,
application, or access services
 users must use network services provided by <IT Services>, and not attempt to
provision network services such as IP address assignment (i.e., DHCP servers),
DNS, or other management services
Any piece of equipment that is found in violation of these requirements will be subject to
immediate disconnection.

9 Breaches of policy
<Short Name> will take all necessary measures to remedy any breach of this policy
including the use of our disciplinary or contractual processes where appropriate.

10 Records
Records retained in support of this procedure are listed in the ISMS Controlled Records
Register and controlled according to the Control of Management System Records
Procedure.

Network Connection Policy Page 2 of 2