VEAZ Security Policy

The following policy has been produced to protect the systems and applications of the VEAZ Enterprise Network and therefore reduce the risk of unauthorised access to its information assets to an acceptable level. The policy applies to all computer systems, applications and networks. Security will be maintained by:

• Ensuring access to computer services is via a secure logon process.
• Legitimate access to electronic information is determined and maintained at the required level.
• Appropriate segregation of networks is maintained.
• Access is reviewed on a regular basis.
• All legal and regulatory requirements are fulfilled - e.g. Data Protection Act 1998 Computer Misuse Act 1990.
• Remote users must be identified and strongly authenticated using an approved method.
• Each user must be uniquely identifiable by means of a unique Userid to allow for accountability and audit of actions.
• Userids must be at least 6 characters long.
• Passwords must be changed at least every 90 days. However the facility must be available to change them at any time.

Physical Security

Physical security will be maintained by the following:

• MDF and IDF rooms will be locked using security coded doors. Access will be limited to named individuals. Student access is forbidden.
• Local patch panels and cross-connects will be kept in locked cabinets.
• All host will be labelled and numbered.