25. HealthSafe Laptop Security Policy



LAPTOP AND DESKTOP SECURITY POLICY


Document Identification 

HSNZ/POL/25

Document Name

Laptop Security Policy

Master Copy

CISO

Version Number

1.3

Date Of Release 

15 Aug 2023

Prepared By

Eparama Tuibenau

CISO

Approved by

Kevin McAfee

Managing Director

 

VERSION HISTORY


Sl No

Version No.

Prepared by

Approved by

Description of Version

Date

Reason for Version Change

From

To

1

1.0

-

CISO

MD

First Release

14 Apr 2020 

No changes made

1

1.0

1.1

CISO

MD

Updated

2 Aug 2021 

Modifications due to changes in HealthSafe

1

1.1

1.2

CISO

MD

Reviewed

28 Jul 2022

Annual review

1

1.2

1.3

CISO

MD

Reviewed

15 Aug 2023

Annual review


DOCUMENT STATUS


Date

Document Status

14 Apr 2020

Modified

2 Aug 2021

Reviewed

28 Jul 2022

Reviewed

15 Aug 2023

Current


Table of Contents

1 Purpose


2 Scope


3 Input


4 Output


5 Interacting Process


6 Abbreviations, Acronyms and Definitions


7 Procedure


8 Monitoring the Process


9 Records



  1. PURPOSE
    The purpose of this document is to establish and maintain a policy for Laptop Security for HealthSafe NZ.

  2. SCOPE
    These procedures applies to all aspects of Laptop Security

  3. ABBREVIATIONS, ACRONYMS AND DEFINITIONS

Abbreviation

Description

FH

Functional Head

IT

Information Technology Department

TL

Team Lead

CISO

Chief Information Security Officer


4 INPUT

HealthSafe NZ will be responsible for the safety of all information that is stored or accessed through the laptop.


5 OUTPUT

All users shall comply with the laptop policy in order to secure the information

6 INTERACTING PROCESS

Functional Head


7 PROCEDURE

  • Users shall ensure that they comply with the policy without fail.
  • Users shall ensure that laptops issued from HealthSafe are used only for HealthSafe company business purposes
  • CISO reserves the right to withdraw the laptop privileges on conclusive evidence of activities beyond acceptable usage

Boot Controls

  • Laptop systems shall be configured to require a unique password before the system boots.  
  • Laptops shall only be able to boot from the onboard hard-disk and not any other external media.

Physical Security

  • Laptops shall be kept physically secure at all times.  
  • Laptop shall be carefully guarded when taken outside the office environment.
  • Laptops should not be left unattended outside of business hours in any environment without being secured.
  • Users shall be accountable for the theft or any damage to the laptop and their peripherals with the support of company insurance where required.
  • Any such damage / theft of laptops shall be immediately reported to CISO or FH.

Antivirus

  • The IT team ensures that laptops installed with the current updated version of CleanMyMac or CleanMyPC antivirus before giving the laptop to users.
  • Users shall ensure that anti-virus software is updated regularly with the help of the IT team

Limitations

  • Users shall not install / uninstall any hardware / software on the laptop that is not authorisation
  • Laptop shall be subject to periodic inspections for appropriate usage by the IT team

Backup

  • The sole responsibility of taking backups to the users' Google Drive for any critical information lies with the laptop users. 

Network connectivity

  • The laptop provided by HealthSafe will be part of HealthSafe domain

8 MONITORING THE PROCESS
  • The IT department and FH monitor these processes 

9 RECORDS
  • NIL