History

Priority

must

2010

Agencies must develop a site security plan for each server and communications room covering:• a summary of the security risk review for the facility• roles and responsibilities of facility and security personnel• the administration, operation and maintenance of the electronic access control system or security alarmsystem• key management, the enrolment and culling of system users and issuing of personal identificationnumber codes• personnel security clearances, information security awareness training and regular briefings• inspection of the generated audit trails and logs• end of day checks and lockup• reporting of cyber security incidents• activities to undertake in response to security alarms.

2008

Agencies must develop a site security plan and where necessary standard operating procedures (SOPs) for each server room. Information to be covered includes, but is not limited to: a. a summary of the protective security risk assessment b. roles and responsibilities of facility or ICT security officer and staff members; c. the administration, operation and maintenance of the electronic access control system and/or security alarm system d. key management, the enrolment and culling of system users and issuing of personal identification number codes e. staff member clearances, security awareness training and regular briefings f. inspection of the generated audit trails and logs g. end of day checks and lockup h. reporting of ICT security incidents and breaches.