Information Security Code of Conduct



Similar documents
A Guide to Information Technology Security in Trinity College Dublin

INTERNET, USE AND

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

How To Protect Decd Information From Harm

The Bishop s Stortford High School Internet Use and Data Security Policy

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

Information Security

NETWORK AND INTERNET SECURITY POLICY STATEMENT

Students are expected to have regard to this policy at all times to protect the ipads from unauthorised access and damage.

E-Safety and Computer Security Rules

Angard Acceptable Use Policy

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

So the security measures you put in place should seek to ensure that:

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

General Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information

Online Communication Services - TAFE NSW Code of Expected User Behaviour

Conditions of Use. Communications and IT Facilities

Newcastle University Information Security Procedures Version 3

Version: 2.0. Effective From: 28/11/2014

Information Incident Management Policy

SAS TRUSTEE CORPORATION ( STC )

Physical Security Policy

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users

Acceptable Use of ICT Policy For Staff

Acceptable Use Guidelines

Infocomm Sec rity is incomplete without U Be aware,

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

Information Technology Security Policies

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

Data and Information Security Policy

ACCEPTABLE IT AND COMPUTER USE POLICY GUIDE FOR STAFF

Information & Communications Technology Usage Policy Olive AP Academy - Thurrock

Acceptable Use of ICT Policy. Staff Policy

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

Acceptable Use of Information Systems Standard. Guidance for all staff

Human Resources Policy and Procedure Manual

Acceptable Use of Information and Communication Systems Policy

Service Children s Education

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

ICT Acceptable Use Policy

IT ACCESS CONTROL POLICY

WORTHING COLLEGE STUDENT IT SECURITY POLICY. October 2014

Policies Concerning the use of Computers

How To Protect Your Information From Being Hacked By A Hacker

Revelstoke Board of Education Policy Manual

The Internet and 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

ABERDARE COMMUNITY SCHOOL

Information Technology and Communications Policy

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

ENISA s ten security awareness good practices July 09

ITU Computer Network, Internet Access & policy ( Network Access Policy )

SECURITY ORGANISATION Security Awareness and the Five Aspects of Security

Information Security. Annual Education Information Security Mission Health System, Inc.

School Information Security Policy

Information Security Incident Management Policy

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

Sheridan College Institute of Technology and Advanced Learning Telephone and Computer Information Access Policy

Acceptable Use of Information Technology Policy

REGION 19 HEAD START. Acceptable Use Policy

Services Policy

EMPLOYEE ACCESS RELEASE AND AUTHORIZATION FORM MCS warehouse form No

REMOTE WORKING POLICY

Sibford School Student Computer Acceptable Use Policy

Course: Information Security Management in e-governance

Top tips for improved network security

PRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306)

HIPAA and Health Information Privacy and Security

Computer Network & Internet Acceptable Usage Policy. Version 2.0

Transcription:

Information Security Code of Conduct IT s up to us >Passwords > Anti-Virus > Security Locks >Email & Internet >Software >Aon Information >Data Protection >ID Badges

> Contents Aon Information Security Policy...1 Information Security Awareness...2 Eight Steps to Security Passwords...4 Anti-Virus...5 Security Locks...6 Internet & Email...7 Software...9 Aon Information...10 Data Protection....11 ID Badges...12

> Aon Information Security Policy Chief Executive Officer s Introduction Aon relies on its information processing systems to conduct business. In order to ensure that these are adequately protected from unauthorised access or use, all employees, contractors, temporary employees and business partners must abide by these policies, procedures, and guidelines. Failure to do so may result in disciplinary action, including possible termination of employment and legal action. It is every user s responsibility to use Aon Limited and its associated companies computer resources and facilities responsibly, ethically, lawfully, and professionally. >Aon IT Security Policy Robert Brown Chief Executive Officer, Aon Limited It is every user s responsibility to use Aon Limited and its associated companies computer resources and facilities responsibly, ethically, lawfully, and professionally 1

>Inormation Security Awareness > Information Security Awareness 1 Always 2 Ensure 3 Laptops 4 Internet 5 Never 6 7 Protect 8 Eight Steps to Security select strong, secure passwords (a mix of alpha and numeric minimum 8 characters). Never share or write down your passwords. that anti-virus protection software is installed, up to date and operational on your PC or laptop. must be securely locked at all times by using security locking cables. Information which is highly confidential to Aon and stored on Aon laptops must be encrypted. and email are to be used for business purposes only. Always delete any unsolicited (spam/junk) email from unknown recipients. Never open non business-related attachments and don t distribute non business-related email to anyone. install unauthorised software on Aon s PCs or laptops. Never attach unauthorised devices to Aon s IT networks, PCs or laptops. Never disclose Aon information without validating the identity of the requester. Ensure you are authorised to disclose the information. Aon s information in all its forms. Classify information. Lock away confidential material. Shred unwanted printed information. Operate a clear desk policy. Always wear your ID badge. Politely challenge those without Aon ID badges who are in Aon offices. Keep Aon premises secure and report any suspicious activity to Premises Security. 2

Warning regarding Monitoring of Aon Systems Aon monitors its IT systems. Abuse of Aon IT systems and information assets and failure to comply with company policy is a disciplinary offence which may result in termination of employment and/or legal action against the offender. >Information Security Awareness Storage of Personal Information on Aon IT Systems or Resources Aon s systems are for Aon business use and not for personal, non-business activities. If employees store personal information on Aon IT resources then Aon cannot guarantee that it will remain confidential. Employees are advised not to store this type of personal information on Aon s systems or resources. 3

>Eight Steps to Security > Eight Steps to Security Always select strong, secure passwords. Never share or write 1down your passwords. Why? Weak passwords are easy to crack. A weak password means our security can be broken and information disclosed, changed or deleted. You are issued with a personal user-id and password for your exclusive use. Aon s system audit trails makes you personally accountable for the use of your user-id. For this reason, you must never give your password to anyone, including IT staff*. Watch out for password scams when you receive an email looking authentic requesting you to disclose your password. These are hoaxes but many Internet banking customers have been caught out by their own gullibility. 4 Make your password easy for you to remember but difficult for others to guess. To create a strong password : It must have at least 8 characters and a mix of alpha and numeric characters eg M0use#12 (using zero not the letter O in Mouse) Mix upper and lower cases Avoid using words in dictionaries or names or things which others may associate with you, eg children s names or dates of birth * Note: If you do have to disclose your pasword for IT support purposes then please change it afterwards to minimise risk of exposure Watch out for password scams when you receive an email looking authentic requesting you to disclose your password.

Ensure that anti-virus protection software is installed, up to date and 2operational on your PC or laptop. Why? Virus and other malicious code is the most common source of major disruption to IT systems. Prevention is better than cure. Aon invests a lot of money and effort in anti-virus controls. It is imperative that employees help to maintain the effectiveness of these controls by doing the following: >Eight Steps to Security Never tamper with anti-virus software controls. These are normally locked down (ie cannot be edited) but please don t attempt to make changes if this is not the case Laptop users must check their anti-virus definitions are up to date on a regular basis (at least monthly). Visit the IT Intranet for instructions. (www.ke.aon.co.uk/ke_it/home/default.jsp) Always read and act upon Information Security Services UK email notifications regarding new virus threats Never stop the automatic download of new anti-virus definition files to your PC or laptop. Laptop users are advised to update these files when they are in Aon offices rather than via remote access Virus and other malicious code is the most common source of major disruption to IT systems. 5

>Eight Steps to Security Laptops must be securely locked at all times by using security locking cables. Information which is highly confidential to Aon and stored on laptops must be protected using the 3Aon encryption product. Why? Laptops are easy to steal or lose and contain lots of intellectual capital and Aon information, some of which may be confidential to our clients. All of our employees have a duty to protect Aon s information. Laptops must be protected in the following ways: Always lock the device using the locking cable provided. If you do not have a cable then order one immediately via the IT service desk (Extn 199 internal) Lock the laptop away at night in a secure cabinet if it is not required. Out of sight is out of mind Never leave laptops unattended in cars or hotels, while travelling. Secure them or keep them with you All of our employees have a duty to protect Aon s information. Always use PointSec encryption product if you have Aon highly confidential information on the laptop (that is information which could cause significant damage to Aon if it were disclosed (medical records, kidnap/ransom, merger and other Aon stock-related information not in the public domain). PointSec must be purchased from the IT Procurement Catalogue 6

Internet and email are to be used for 4business purposes only. Why? Email is the preferred method for business and personal communications. However, all messages sent from Aon s email systems carry the Aon name. Inappropriate email damages Aon s reputation. For this reason Aon s email system is for business use. Personal use is tolerated if in moderation and does not contain any inappropriate comment or material. The following rules apply: Do not send email which contains inappropriate content or causes harassment (eg obscene or defamatory messages) If you receive inappropriate email then delete the message preferably without opening it Only act upon information security warnings issued by Aon IT. There are many hoax warnings never forward these to anyone in Aon or externally. >Eight Steps to Security Never open non business-related file attachments. These could be new virus-infected files. Delete them immediately Do not forward jokes or chain letter emails. These can cause significant waste of employee time and harassment to the recipients Only act upon Information Security warnings issued by Aon IT. Beware of email hoax warnings. Never forward these to anyone in Aon or externally 7

>Eight Steps to Security Similarly, the Internet is a key business resource tool. The Internet must be used for business purposes and personal use must be kept to a minimum. The following rules apply: Never use the Internet in a way that may be offensive, disruptive or harmful to Aon s reputation. Personal surfing is only permitted if used in moderation, if appropriate sites only are accessed, and outside of core business hours (lunch break, before 08.00 or after 18.00) Never attempt to access any offensive sites. Attempts to access inappropriate non business-related Internet sites are logged and you may have to explain your actions to your line manager Never use the Internet in a way that may be offensive, disruptive or harmful to Aon s reputation Never download any software including games and music files. This may be an infringement of copyright laws. Business tools and other applications need to be authorised by Aon IT before they may be used within Aon s environment Access to web mail/internet email accounts such as hotmail and yahoo mail is prohibited. Webmail providers are considered high risk as they are often the source of virus infections 8

Never install unauthorised software or attach unauthorised devices to Aon IT 5resources or networks. Why? The use of unlicensed software on a computer is a criminal offence. It is easy to download software from the Internet or load personal software and not realise that the law is being broken. All software programs have terms and conditions, as set out by the software publisher or owner of the copyright and these must be adhered to and managed by Aon. Unauthorised devices may disrupt Aon s networks especially if they are infected with viruses or malicious code. >Eight Steps to Security The following rules apply: Never install any unauthorised software (including Freeware and Shareware) onto any of Aon s devices Games, music and non business related pictures must not be installed on any computer Never attach any unauthorised devices including mobile phones, PDAs (eg Palm or IPAQ) and other IT equipment. Contact your IT Helpdesk for further information Never install any unauthorised software onto any of Aon s devices. When storing data on USB hard drives you must ensure the data is secured (encrypted) to avoid exposure of company or client data eg use Winzip to encrypt data. Before connecting any USB hard drive to the Aon network ensure it is scanned for viruses Contact your IT Helpdesk for further information on how to do this or visit http://www.ke.aon.co.uk/ke_it/home/info_security/policies/default.jsp. All software must be ordered and installed following Aon IT processes and procedures 9

>Eight Steps to Security Never disclose Aon information without validating the identity of the requester. Ensure it is appropriate to disclose the 6information. Why? Disclosing information to the wrong people can cause major damage to Aon. It can also be a breach of the Data Protection legislation. Please consult the Data Protection Policy on the Knowledge Exchange for further information. Disclosing information to the wrong people can cause major damage to Aon. The following rules apply: Verify the identity of the person requesting the information Ensure they have a valid reason and are authorised to obtain the information Trust your instincts. If you are suspicious, refer the request to your line manager 10

Protect Aon s information in all its forms. Classify information, lock away confidential material and shred unwanted information. Operate a clear 7desk policy. Why? Information comes in many forms (eg written, spoken and electronic media ) and it needs protecting as it is created, stored, utilised, communicated and finally deleted. This is the information life cycle. There is no point having expensive IT security controls to protect confidential information if our employees leave information unprotected on their desks, or throw material away without placing it in the Confidential Shredding sacks. The following rules apply: Classify information when it is created (Aon Internal, Aon Confidential, Aon Highly Confidential). Please refer to the Information Classification Matrix within the IT Security Policy (www.ke.aon.co.uk/ke_it/ home/info_security/policies/default.jsp) Store information appropriately. Lock away confidential material. >Eight Steps to Security Use footers to label documents, presentations and files with the Aon classifications. This helps others to know how to protect the information Operate a clear desk policy everyday Store information appropriately. Lock away confidential material Use confidential shredding facilities (bags or shredding machines). Always take personal responsibility for shredding Aon Highly Confidential information 11

>Eight Steps to Security Always wear your ID badge. Politely challenge those in Aon offices without Aon ID badges. Keep Aon premises secure and 8report suspicious activity. Why? Aon cannot protect your workplace if strangers are allowed into our offices without being challenged. Some Aon locations do not have ID badges but don t be afraid to ask politely who strangers are and if you can help them to verify that they are in the right place. The following rules apply: Don t let strangers in if they don t have a badge direct them to reception. If you work in a site where Aon ID badges are issued to all staff, you must wear your badge at all times. Don t let strangers in if they don t have a badge direct them to reception Report suspicious activity to Premises Security in London 020 7216 3333 For the 55 Bishopsgate office call 020 7814 9210 12

It is every user s responsibility to use Aon Limited and its associated companies computer resources and facilities responsibly, ethically, lawfully, and professionally >IT Security Basics Guide For further information regarding Aon s information security controls, policies and procedures, please refer to Aon s Intranet Knowledge Exchange at: www.ke.aon.co.uk/ke_it/home/info_security/policies/default.jsp

Aon Limited 8 Devonshire Square London EC2M 4PL United Kingdom tel: +44 (0)20 7623 5500 fax: +44 (0)20 7621 1511 www.aon.co.uk Published by Aon Limited. Registered office 8 Devonshire Square, London EC2M 4PL. Copyright Aon Limited 2009. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any way or by any means, including photocopying or recording, without the written permission of the copyright holder, application for which should be addressed to the copyright holder. Aon Limited is authorised and regulated by the Financial Services Authority in respect of insurance mediation activities only. BC2120 10.09 This document has been produced using a minimum of 50% recycled material from a sustainable forest.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information