IT Security
IT Security
In this post we will discuss the basic measures for an adequate IT (Information Technology) Security in the business environment.
We will break these measures down into four themes: Hardware, Software, Networking and Compliance.
Hardware
The hardware, understood as the equipment that allows us to access our computer system and process information (Computers, Servers, Smartphone, External memories, etc.). It is obviously a fundamental part of the IT Security of any company.
It must be the one that has been corporately authorized to work and that therefore complies with the necessary security measures to guarantee the confidentiality, integrity, availability and resilience of the information processed, as well as the technical characteristics necessary to carry out the work entrusted.
This statement of intent shall be included in the IT Security and Personal Data Protection Policies, approved by the Management.
Inventory
An inventory (customer ref. Business Adapter: folder 08 ), with the detail of the hardware that each user of the company has assigned to work.
It will also include hardware that is not assigned to a user, but which houses or is used to process corporate information in some way, such as servers, printers, point-of-sale terminals, etc.
External Servers
Regarding external servers, i.e. those that are contracted to suppliers and are physically located in a place other than the company’s facilities (e.g. cloud servers), it will be necessary to analyze whether the supplier complies with IT security measures and, if possible, whether the servers are within the EEA.
ET Contract
With these suppliers, to whom we delegate some functions, as in the case of the hosting of information, it will be necessary to sign a Data Processor contract with them in compliance with the RGPD.
IT Security
The IT Security Policy must establish several procedures to ensure the confidentiality, integrity, availability and resilience of the information handled. For example:
- Equipment Roaming Policy
- Registration of delivery and collection of devices
- Equipment use policy (personal use/professional use/maintenance, etc.)
- Encryption of equipment
Software
Software refers to all those computer programs that together with the hardware allow the management of the information system, from the operating system, which is the most important, to other programs with different functionalities (ERP, CRM, Office automation, E-mail, etc.).
It must be the one that has been corporately authorized to comply with the task entrusted to each one of them and that complies with the necessary security measures to guarantee the confidentiality, integrity and availability of the information processed.
This statement of intent shall be included in the IT Security and Personal Data Protection Policy, approved by the Management. But this Policy will also include several aspects:
IT Security
The IT Security Policy must establish several procedures to ensure the confidentiality, integrity, availability and resilience of the information handled. For example:
- User Identification and Authentication Measures
- E-mail use policy
- Videoconference use policy
- Telework or Telecommuting Policy
- Backup policy
Inventory
An inventory (customer ref. Business Adapter: folder 08 ), with the details of the hardware that each user of the company will be able to use to develop their work.
It will also include software that does not have a specific purpose necessary for the work, but has an essential utility for the security of the information, (example: antivirus systems, antimalware, etc.).
ET Contract
With those suppliers that provide services that involve the processing of personal data under the responsibility of the data controller, it will be necessary to sign a data processor contract with them in compliance with the RGPD.
Networks
Networks would be the means by which the different corporate teams are interconnected internally, but also the networks needed to be connected to the outside.
There are many types of networks and depending on the type of data processed, a type of network is recommended according to the type of data or information to be processed. The more relevant the information, the more secure the network used should be.
Inventory
An inventory (customer ref. Business Adapter: folder 08 ), with details of the network system used by the company.
IT Security
The IT Security Policy must establish several procedures to ensure the confidentiality, integrity, availability and resilience of the information handled. For example:
- Authorization for the use of networks
- Use of networks outside the workplace
- User identification and authentication policy
Regulatory Compliance
The European General Data Protection Regulation(GDPR) and the Spanish Organic Law on Data Protection(LOPD-GDD) must be implemented in any company and their degree of application will depend on a technical-legal analysis that an expert data protection consultant will perform for your company.
If you are looking for a data protection company in Valencia, Business Adapter® data protection Valencia, is your best option. If you want to know what they think about us click here.
[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]I would like a quote to hire an expert Data Protection Consultant.[/su_button]