201 0

IT Project Report
Xansa’s Network Architecture and IT policy

1 |Page

Sanchit Sharma Roll No.70

WMG 18B

Table of Contents

Network Architecture in Xansa.................................................................5 Network Connectivity.................................................................................................5 Key Features...........................................................................................................6 Importance of Protocols.............................................................................................6 Protocols Used...........................................................................................................7 IPsec-Virtual Private Network Protocol....................................................................7 E-mail protocols......................................................................................................8 Advantages over POP..........................................................................................9 Connected and disconnected modes of operation...............................................9 TCP IP-Network Protocol.......................................................................................10 The Need for an Information Security Policy............................................................16 Introduction of Xansa’s Information Security policy.............................................17 Audit Policy........................................................................................................... 19 Introduction.......................................................................................................... 19 Internet Policy.....................................................................................................20 Email Policy.........................................................................................................26

2 |Page

ACKNOWLEDGEMENT
It has been a great pleasure for me to work on this project. My sincere thanks goes out to Prof. D. Punia for giving me an opportunity to work on this project which helped me to increase the span of our knowledge and developed my thinking on more practical lines. I thank him for him guidance and support throughout the time when I was working on this project.

3 |Page

4 |Page .

Network Architecture in Xansa Network Connectivity 5 |Page .

Sunil. print server. All the applications required by users are published in Citrix.0. listening and understanding. Our DC & ADC's are IBHANAN and Inesh . WSUS. Key Features • Users in Barclaycard domain are connecting to (BSP) domain in Pune and Noida. Charita. The connectivity route for Pune users is a link between Steria Pune and Steria Reading and thereafter from BT link to Steria Birmingham reroute to Barclaycard Northampton.The Barclaycard Project team consists of users based in Steria Noida.Noida . DNS.Pune managed by Server team of Noida and Pune. Citrix Web Interface is used to access the client applications. Local services running are Symantec End Point 11. ISHAN & ISHWAR . also called protocols of 6 |Page . Chanchal. Chandi. • • • • • • • • Importance of Protocols The protocols in human communication are separate rules about appearance. speaking. DHCP. Chahna. chitrani. The users log onto BSP domain and then use Citrix Farm to access various applications dependent on the user’s work profile. Server details for BSP( Noida & Pune): Sonu. Cheri. Local Printer configured on the user workstation will act as the printer for Citrix application as well. The connectivity route for Noida users is a link between Steria Noida and Steria Birmingham and A mega stream link from Steria Birmingham to Barclaycard Northampton. Pune Offices and Barclaycard Northampton Office. Server details for Bites: Chandrak. however the connectivity to the Citrix Farm is via the Steria WAN. 80 users in Bites and 700 users in Barclaycard are providing support to the development and production system for Barclays. The Citrix Farm resides within the Barclaycard estate and is managed by Barclaycard. All these rules. chinmay. Chakori .

how to interrupt. computer users or servers). NLSP was based on the SP3 protocol that was published by NIST. SSL VPN can provide the granular access control such that all users. IPsec can be used for protecting any application traffic across the Internet.g. or between a security gateway and a host. The use of TLS/SSL. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. These rules.g. Transport Layer Security (TLS) and Secure Shell (SSH). how hosts listen. They work together to help people successfully communicate. IPsec is officially specified by the Internet Engineering Task Force (IETF) in a series of Requests for Comment addressing various components and extensions. Computers have no way of learning protocols. what language to use and many others. how to say good-bye. represent different layers of communication. that work together to ensure successful communication are grouped into what is known as a protocol suite Protocols Used IPsec-Virtual Private Network Protocol Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream.conversation. end-to-end. IPsec is a dual mode. IPsec can be used to protect data flows between a pair of hosts (e. so network engineers have written rules for communication that must be strictly followed for successful host-tohost communication. These rules apply to different layers of sophistication such as which physical connections to use. must typically be incorporated into the design of applications. on the other hand. Some other Internet security systems in widespread use. Technically speaking. routers or firewalls). Hence. IPsec is a successor of the ISO standard Network Layer Security Protocol (NLSP). optional "presentation layer" considering a transport level protocol the application. and all connected foreign networks need explicit permission to access any resource within the intranet. operate in the upper layers of these models. It effectively acts as an additional. such as Secure Sockets Layer (SSL). The point is that the internal network should be the sole trusted infrastructure that can be protected at the highest level by IPSec VPN. between a pair of security gateways (e. IPSec VPN protects network-to-network data communications between intra-networks across the 7 |Page . The need for protocols also applies to network devices. Applications don't need to be specifically designed to use IPsec. including the official capitalization style of the term. but designed by the Secure Data Network System project of the National Security Agency (NSA). both in and nut of the physical office. and in short how to communicate. security scheme operating between the Internet and Transport layers of the Internet Protocol Suite. or protocols.

within the SSL VPN infrastructure and outside the firewall and IPSec VPN management. allowing interoperability with other servers and clients. road warriors/traveling employees. Most e-mail clients support IMAP in addition to POP to retrieve messages. and Interim Mail Access Protocol[2]) is an Application Layer Internet protocol that allows an e-mail client to access e-mail on a remote mail server. but these are considered to be a temporary cache. proprietary protocols. such as all out-of-band and power-control capabilities. Microsoft's Outlook client uses a proprietary protocol to communicate with a Microsoft Exchange Server server as does IBM's Notes client when communicating with a Domino server. but all of these products also support POP. while SSL VPN protects intranet data communications from classified users. As SSL VPNs become mainstream in managing mobile business users accessing desktops and applications. however. IMAP supports both on-line and off-line modes of operation. and previously called Internet Mail Access Protocol. IMAP version 4 revision 1 (IMAP4rev1). E-mail clients using IMAP generally leave messages on the server until the user explicitly deletes them. the evolutionary trend will demand secure remote administrative access. is defined by RFC 3501. vendors. For example. The user retrieves the messages with an e-mail client that uses one of a number of e-mail retrieval protocols. Clients may store local copies of the messages. Interactive Mail Access Protocol (RFC 1064). Support for the Internet standard protocols allows many e-mail clients such as Pegasus Mail or Mozilla 8 |Page . The next logical trend is a solution that can effectively integrate various forms of access so that all ingress points can he managed centrally. This and other characteristics of IMAP operation allow multiple clients to manage the same mailbox. Companies should look for an SSL VPN that can significantly augment IPSec VPN to improve mobility and to enhance internal security for remote access. SMTP for sending e-mail and POP and IMAP for retrieving e-mail. Some clients and servers preferentially use vendor-specific. It should also support advanced remote-access methods required by technical users. and outgoing SMTP. extranets and the Internet. E-mail protocols The Internet Message Access Protocol (commonly known as IMAP. partners. fewer email services support IMAP. IMAP. By achieving such a goal. in addition to end-user access. The current version.Internet.[3] IMAP offers access to the mail store. companies can establish an enforceable policy-based access for all end-users based on classifications--telecommuter. A comprehensive SSL VPN solution should support both end-user access as well as remote IT administration. but most support the Internet standard protocols. Incoming e-mail messages are sent to an e-mail server that stores messages in the recipient's email box.

allow messages to be given one or more tags whose meaning is up to the client. replied to. the IMAP protocol specifically allows simultaneous access by multiple clients and provides mechanisms for clients to detect changes made to the mailbox by other. clients. Multiple clients simultaneously connected to the same mailbox The POP protocol requires the currently connected client to be the only client connected to the mailbox. Access to MIME message parts and partial fetch Usually all Internet e-mail is transmitted in MIME format. Adding user created tags to messages is an operation supported by some web-based email services. Multiple mailboxes on the server 9 |Page . for example. clients often stay connected as long as the user interface is active and download message content on demand. System flags indicate state information such as whether a message has been read. whether or not the message has been read.Thunderbird (see comparison of e-mail clients) to access these servers. In contrast. clients typically connect to the e-mail server briefly. Keywords. Message state information Through the use of flags defined in the IMAP4 protocol. such as Gmail. These flags are stored on the server. allowing messages to have a tree structure where the leaf nodes are any of a variety of single part content types and the non-leaf nodes are any of a variety of multipart types. concurrently connected. only as long as it takes to download new messages. so different clients accessing the same mailbox at different times can detect state changes made by other clients. For users with many or large messages. and allows the clients to be used with other servers (see list of mail servers). The IMAP4 protocol allows clients to separately retrieve any of the individual MIME parts and also to retrieve portions of either individual parts or the entire message. clients can keep track of message state. or deleted. These mechanisms allow clients to retrieve the text portion of a message without retrieving attached files or to stream content as it is being fetched. POP provides no mechanism for clients to store such state information on the server so if a single user accesses a mailbox with two different POP clients. which are not supported by all IMAP servers. state information— such as whether a message has been accessed—cannot be synchronized between the clients. The IMAP4 protocol supports both pre-defined system flags and client defined keywords. When using IMAP4. Advantages over POP Connected and disconnected modes of operation When using POP. this IMAP4 usage pattern can result in faster response times.

This mechanism avoids requiring clients to download every message in the mailbox in order to perform these searches. 10 | P a g e . The receiver continually hints the sender on how much data can be received (controlled by the sliding window). the next acknowledgment contains a 0 in the window size. and POP now has one defined by RFC 2449. and should in fact be unpredictable to defend against TCP Sequence Prediction Attacks. regardless of any fragmentation. In the first two steps of the 3-way handshake. Built-in extension mechanism Reflecting the experience of earlier Internet protocols. For every payload byte transmitted the sequence number must be incremented. both computers exchange an initial sequence number (ISN). disordering. Server-side searches IMAP4 provides a mechanism for a client to ask the server to search for messages meeting a variety of criteria. The sequence number identifies the order of the bytes sent from each computer so that the data can be reconstructed in order.limits the rate a sender transfers data to guarantee reliable delivery. and move messages between mailboxes. Multiple mailbox support also allows servers to provide access to shared and public folders. or packet loss that may occur during transmission. IMAP4 defines an explicit mechanism by which it may be extended. This number can be arbitrary.the destination host rearranges according to sequence number Retransmission of lost packets .IMAP4 clients can create.any cumulative stream not acknowledged is retransmitted Discarding duplicate packets Error-free data transfer Flow control . IMAP2bis did not have an extension mechanism. TCP IP-Network Protocol Data transfer There are a few key features that set TCP apart from User Datagram Protocol: Ordered data transfer . to stop transfer and allow the data in the buffer to be processed. rename. Reliable transmission TCP uses a sequence number to identify each byte of data. When the receiving host's buffer fills. Many extensions to the base protocol have been proposed and are in common use. and/or delete mailboxes (usually presented to the user as folders) on the server.

TCP primarily uses a cumulative acknowledgment scheme. The TCP checksum is a weak check by modern standards. if computer A sends 4 bytes with a sequence number of 100 (conceptually. but the end-to-end 16-bit TCP checksum catches most of these simple errors [9]. The weak checksum is partially compensated for by the common use of a CRC or better integrity check at layer 2. this does not mean that the 16-bit TCP checksum is redundant: remarkably. and ordered-data transfer. However. If the sender infers that data has been lost in the network. Error detection Sequence numbers and acknowledgments cover discarding duplicate packets. The receive window shifts each time the receiver receives and acknowledges a new 11 | P a g e . Essentially. the PDA must regulate data flow so as not to be overwhelmed. if a PC sends data to a hand-held PDA that is slowly processing received data. which is inserted in the sequence number field. In each TCP segment. Data Link Layers with high bit error rates may require additional link error correction/detection capabilities. retransmission of lost packets. This is the end-to-end principle at work. the four bytes would have a sequence number of 100. For example. TCP sequence numbers and receive windows behave very much like a clock. TCP receivers can also send selective acknowledgments to provide further information (see selective acknowledgments). and the receiver sends an acknowledgment specifying the sequence number of the next byte they expect to receive. 102. where the receiver sends an acknowledgment signifying that the receiver has received all data preceding the acknowledged sequence number. Flow control TCP uses an end-to-end flow control protocol to avoid having the sender send data too fast for the TCP receiver to receive and process it reliably. such as is used in PPP or the Ethernet frame. 101. the first byte in a segment's data field is assigned a sequence number. To assure correctness a checksum field is included (see TCP segment structure for details on check summing). below both TCP and IP. it retransmits the data. For example. Having a mechanism for flow control is essential in an environment where machines of diverse network speeds communicate. TCP uses a sliding window flow control protocol. The sending host can send only up to that amount of data before it must wait for an acknowledgment and window update from the receiving host. In addition to cumulative acknowledgments. introduction of errors in packets between CRC-protected hops is common. the receiver specifies in the receive window field the amount of additional received data (in bytes) that it is willing to buffer for the connection. & 103 assigned) then the receiver would send back an acknowledgment of 104 since that is the next byte it expects to receive in the next packet.

it may repeatedly advertise a small receive window. These individual RTT samples are then averaged over time to create a Smoothed Round Trip Time (SRTT) using Jacobson's algorithm. If a receiver is processing incoming data in small increments. For example. where network performance can fall by several orders of magnitude. manage congestion and go fast in very high-speed environments are ongoing areas of research and standards development. Coupled with timers. typically they use Karn's Algorithm or TCP timestamps (see RFC 1323). The sender-side silly window syndrome avoidance logic is referred to as Nagle's algorithm. In addition. Maximum segment size 12 | P a g e . Acknowledgments for data sent. Once it runs out of sequence numbers. senders employ a retransmission timeout (RTO) that is based on the estimated round-trip time (or RTT) between the sender and receiver. given the relatively large overhead of the TCP header. There are subtleties in the estimation of RTT. This is more generally referred to as congestion control and/or network congestion avoidance. senders must be careful when calculating RTT samples for retransmitted packets.segment of data. The persist timer is used to protect TCP from a deadlock situation that could arise if the window size update from the receiver is lost and the sender has no more data to send while the receiver is waiting for the new window size update. or lack of acknowledgments. fast retransmit. This SRTT value is what is finally used as the round-trip time estimate. TCP uses a number of mechanisms to achieve high performance and avoid 'congestion collapse'. These mechanisms control the rate of data entering the network. TCP senders and receivers can alter the behavior of the flow of data. As a result. Congestion control The final main aspect of TCP is congestion control. This is referred to as the silly window syndrome. TCP senders and receivers typically employ flow control logic to specifically avoid repeatedly sending small segments. the sequence number loops back to 0. When a receiver advertises a window size of 0. When the persist timer expires. as well as the variance in this round trip time. there are a number of TCP congestion avoidance algorithm variations. since it is inefficient to send only a few bytes of data in a TCP segment. keeping the data flow below a rate that would trigger collapse. minimize errors. Enhancing TCP to reliably handle loss. the sender stops sending data and starts the persist timer. The behavior of this timer is specified in RFC 2988. congestion avoidance. the TCP sender sends a small packet so that the receiver sends an acknowledgement with the new window size. Modern implementations of TCP contain four intertwined algorithms: Slow-start. are used by senders to infer network conditions between the TCP sender and receiver. and fast recovery (RFC 2581).

TCP senders can use Path MTU discovery to infer the minimum MTU along the network path between the sender and receiver. where each SACK block is conveyed by the starting and ending sequence numbers of a contiguous range that the receiver correctly received. SACK uses the optional part of the TCP header (see TCP segment structure for details).The Maximum segment size (MSS) is the largest amount of data. but failed to receive the first packet. In a pure cumulative acknowledgment protocol. Selective acknowledgments Relying purely on the cumulative acknowledgment scheme employed by the original TCP protocol can lead to inefficiencies when packets are lost. Thus the sender may then have to resend all 10. that TCP is willing to send in a single segment. An out-of-order packet delivery can often falsely indicate the TCP sender of lost packet and. The TCP sender undoes the action of slow-down. as in the basic TCP acknowledgment. The sender thus retransmits only the first packet. containing bytes 0 to 999.000 and 9. This is negotiated when connection is established. Selective acknowledgment is also used in Stream Control Transmission Protocol (SCTP). the MSS should be set small enough to avoid IP fragmentation.000 bytes. and the first packet is lost during transmission.all popular TCP stacks support it. in which case it is determined by the maximum transmission unit (MTU) size of the data link layer of the networks to which the sender and receiver are directly attached.999.000 bytes are sent in 10 different TCP packets. The acknowledgement can specify a number of SACK blocks. defined in RFC 2018. the TCP sender retransmits the suspected-to-be-lost packet and slow down the data delivery to prevent network congestion. bytes 0 to 999. Furthermore. The SACK option is not mandatory and it is used only if both parties support it. which allows the receiver to acknowledge discontinuous blocks of packets that were received correctly. specified in bytes. in turn. in addition to the sequence number of the last contiguous byte received successively. the receiver cannot say that it received bytes 1. The use of SACK is widespread . and use this to dynamically adjust the MSS to avoid IP fragmentation within the network. upon receiving a D-SACK that indicates the retransmitted packet is duplicate. To solve this problem TCP employs the selective acknowledgment (SACK) option. defined in RFC 2883.000 to 9. In the example above. the receiver would send SACK with sequence numbers 1. which can lead to excessive retransmissions if there is packet loss. suppose 10. that is a recovery of the original pace of data transmission. For best performance. Window scaling 13 | P a g e . For example.999 successfully. To try to accomplishthis. typically the MSS is negotiated using the MSS option when the TCP connection is established. An extension to the SACK option is the "duplicate-SACK" option.

This tells the receiving program to process it immediately. The signals must be sent without waiting for the program to finish its current transfer. The window scale value represents the number of bits to left-shift the 16-bit window size field. The problem is visible on some sending and receiving sites behind the path of defective routers. TCP informs the application and resumes back to the stream queue. Some routers and packet firewalls rewrite the window scaling factor during a transmission. Both sides must send the option in their SYN segments to enable window scaling in either direction. The result is non-stable traffic that may be very slow. The window scale value can be set from 0 (no shift) to 14 for each direction independently. Since the size field cannot be expanded. and a 4-byte echo reply timestamp value. defined in RFC 3522. TCP timestamps are also used to help in the case where TCP sequence numbers encounter their 232 bound and "wrap around" the sequence number space. a larger TCP window size may be used. the Eifel detection algorithm.535 bytes.535 bytes to 1 Gigabyte. The TCP window size field controls the flow of data and its value is limited to between 2 and 65. along with the rest of the urgent data. defined in RFC 1323. These signals are most often needed when a program on the remote machine fails to operate correctly. is an option used to increase the maximum window size from 65.For more efficient use of high bandwidth networks. or PAWS (see RFC 1323 for details). This scheme is known as Protect Against Wrapped Sequence numbers. The sender uses the echo reply timestamp in an acknowledgment to compute the total elapsed time since the acknowledged segment was sent. where the receiver generally inserts the most recent timestamp value that it has received. This is done by specifying the data as urgent. Out of band data One is able to interrupt or abort the queued stream instead of waiting for the stream to finish. Furthermore. The window scale option is used only during the TCP 3-way handshake. Scaling up to larger window sizes is a part of what is necessary for TCP Tuning. Timestamp options include a 4-byte timestamp value. When finished. the user can send a keyboard sequence that interrupts or aborts the program at the other end. An example is when TCP is used for a remote login session. as defined in RFC 1323. help TCP compute the round-trip time between the sender and receiver. where the sender inserts its current value of its timestamp clock. TCP Timestamps TCP timestamps. This causes sending and receiving sides to assume different TCP window sizes. a scaling factor is used. which detects unnecessary loss recovery requires TCP timestamps.[2] 14 | P a g e . The TCP window scale option.

and the session cannot make any progress until these five characters have been transmitted and the response has been received. This creates serious delays when the two sides of the connection are exchanging short messages and need to receive the response before continuing. the login sequence at the beginning of a telnet session begins with the short message "Login". but the other side can. The side that has terminated can no longer send any data into the connection. This process can be seriously delayed by TCP's normal behavior when the message is provided to TCP in several send calls. Forcing data delivery Normally.[2] This operation also causes TCP to set the PSH flag or control bit to ensure that data is delivered immediately to the application layer by the receiving transport layer. It is possible for both hosts to send FINs simultaneously then both just have to ACK. it transmits a FIN packet. 15 | P a g e . the push operation can be used each time a keystroke occurs. an application can force delivery of segments to the output stream using a push operation provided by TCP to the application layer. More generally. in which case one side has terminated its end. This could possibly be considered a 2-way handshake since the FIN/ACK sequence is done in parallel for both directions. a typical tear-down requires a pair of FIN and ACK segments from each TCP endpoint. a four-way handshake. The urgent pointer only alters the processing on the remote host and doesn't expedite any processing on the network itself. when host A sends a FIN and host B replies with a FIN & ACK (merely combines 2 steps into one) and host A replies with an ACK. However. For example. which the other end acknowledges with an ACK. When it gets to the remote host there are two slightly different interpretations of the protocol.[13] This is perhaps the most common method. but the other has not. In the most extreme cases. Connection termination The connection termination phase uses. which means only single bytes of OOB data are reliable. at most. This is assuming it's reliable at all as it's one of the least commonly used protocol elements and tends to be poorly implemented. with each side of the connection terminating independently. A connection can be "half-open". application programs use this function to force output to be sent after writing a character or line of characters. When an endpoint wishes to stop its half of the connection. The terminating side should continue read the data until the other side terminates as well. By forcing the data to be sent immediately.TCP OOB data was not designed for the modern Internet. Therefore. It is also possible to terminate the connection by a 3-way handshake. for example when a user expects each keystroke to be echoed by the receiving application. delays and wait time are reduced. TCP waits for the buffer to exceed the maximum segment size before sending any data.

16 | P a g e . and ran up a bill for many thousands of dollars before being found out. if necessary. but not all of them can be prevented or detected without significant expense. this list goes on and on. staff can be encouraged to not deliberately embark on these activities. and – if caught – can be strongly disciplined or. I've seen many examples of IT policy being required by a range of companies. and who owns any IP created or stored on the systems. Unfortunately. Exposing staff to indecent media (text. • Activating viruses on inappropriate websites by initiation of web scripts. Data theft. Many of these risks can be mitigated with good use of security systems within your organization. removed from the company. One such example was a case where staffs were downloading videos using torrent software. With a strong IT policy in place. confidentiality requirements or expectations. Inappropriate use of company equipment and resources including: Downloading of bulk materials (known as leaching) * Downloading of illegal or inappropriate material * Distribution of spam * Use of stolen or pirated software * Distribution of stolen or pirated software * Hosting of inappropriate material for download * Forwarding of illegal actions (hackers like to hide behind other identities).The Need for an Information Security Policy There are a number of risks inherent to your business IT systems that locking down computers can limit – but not really remove. IT policy can also be used to set expectations about who owns the data stored on the systems. Leaking of information protected by the Privacy Act. sound or graphics). Some of these risks are: • • • • • Loss of data through deletion and corruption.

in conjunction with each client's own information security policy. Users include the entire workforce and any client. Policy Xansa will ensure that appropriate security controls are in place to maintain the confidentiality. integrity and confidentiality. integrity and availability of data and information for which it is responsible. All access must be formally requested. services and assets in such a way as to maximize their availability. organizational structure and authorized processes. Each Xansa region is responsible for compliance with regional legislation. Good systems monitoring may have prevented both issues. Access to Xansa's technology systems. Introduction of Xansa’s Information Security policy Xansa manages its technology systems. don't spend money". but clear policy can deter staff from embarking on the wrong path. The same standards will be applied to all work with client facilities. The following policy and guidelines is specific to Xansa’s Access Control Policy. services and assets are granted on a business need basis. The policy applies to all users of Xansa equipment and Xansa infrastructure.I've also seen employees downloading and running pirated software to "get a job done" when the required software was not made available to them. Managers are responsible for Access to network systems and services 17 | P a g e . Any improper use of technology is not permitted and is treated as a serious offence. Xansa is committed to the provision of the information resources necessary to enable workforce to perform their duties in an effective and well-informed manner. recorded and authorized. The Xansa Information Security policy applies to the whole organization. The employees were thinking "get the job done. All workforce members have a responsibility to maintain and enhance the organization’s professional and secure image by utilizing its technology in an appropriate and productive manner. All representatives of Xansa working on client facilities must also follow this security policy as well as adhering to each client’s own IT security policies. but management were oblivious to the risks this exposed the company to. It is written in a generic format. supplier or other third party.

Workforce must never log on as another member of staff. Non work related file browsing on Xansa's systems and networks is prohibited. Unauthorized access rights should be reported to the Xansa Customer Service Desk. When the business need ceases the access rights must be promptly revoked. Attempts to gain unauthorized access to systems. Access must be promptly removed for all leavers. Passwords must be subject to regular enforced change with precautions enforced against re use. 18 | P a g e . Workforce who suspects that their password may have been disclosed must immediately report this to the Xansa Customer Service Desk. All access to network systems and services is administered by Technical Services Practice under instruction from line managers. All changes to user accounts must be documented and authorized. Users shall be required to follow good security practices in the selection and use of passwords. All user accounts on all systems require a personal user ID and password. A previous password or incremental numbers cannot be used nor can it contain a user name or any part of the full name. Access to all systems and resources are provided on the basis that it is necessary to meet a business need. Passwords must not be easy to guess. Searching for files and/or programs in the directories of other users is prohibited. User IDs and passwords are provided to workforce in order to access those systems that they need for their work. It is the responsibility of the user to ensure that their password remains confidential. Access to systems is granted through the standard request procedure. Human Resources is responsible for providing notification of leavers. is an offence under Computer Misuse Act. User access management Access to all systems must be via a user identity and password. who will arrange for it to be reset. Unauthorized access. or attempts to bypass security controls will be treated as a serious violation of security policy. or hacking. They are provided for the user’s sole use and must not be shared. impersonation of other users on the network.The workforce must only access systems for which they have authorization. All access should be subject to regular review by the owner to ensure that access privileges are appropriate. software or data this should be reported to the Customer Service Desk (CSD). All requests for access to ITsystems must be made to the Xansa Customer Service Desk. If any user believes they have access to unauthorized systems. Legitimate steps taken to locate information needed to perform one's job are not considered browsing.

ie SecureID. Passwords must always be encrypted when held in storage for any significant period of time or when transmitted over networks. integrity and confidentiality. workstation or PC for a reasonable period of time (15 minutes). Users must not leave their accounts logged on to systems when not being used. Guest accounts are not permitted on the network and must be disabled on all systems.Passwords disclosed to support third parties must be promptly changed when support responsibilities granted to that party are terminated. Login and password access must be enhanced by strong authentication using hardware tokens. All workforce members have a responsibility to maintain and enhance the organisation’s professional and 19 | P a g e . systems must automatically blank the screen and suspend the session if there has been no activity on a computer terminal. All vendor-supplied default passwords must be changed before any computer or communications system is used for business. User ID and associated password that are transmitted to a user must be protected from unauthorised disclosure. Screen savers should be invoked with password protection. Xansa Customer Service Desk must only issue a one-time access if a new user-ID is being assigned. Wherever business use priorities permit. Screens displaying sensitive information should not be left unattended. or is locked out of his or her user-ID and the involved user has first provided some definitive evidence substantiating his or her identity. if the involved user has forgotten or misplaced a password. services and assets in such a way as to maximise their availability. All remote access to Xansa networks must be via dual authentication. Reestablishment of the session must take place only after the user has provided the correct password. Unattended user accounts User accounts must always be automatically logged out when unattended for at least 15 minutes. Audit Policy Introduction Xansa manages its technology systems.

As a minimum audit logs should be analysed monthly by systems administrators. Each Xansa region is responsible for compliance with regional legislation. integrity and confidentiality. supplier or other third party. Users include the entire workforce and any client. Internet Policy Introduction Xansa manages its technology systems. organisational structure and authorised processes. It is written in a generic format. Xansa is committed to the provision of the information resources necessary to enable workforce to perform their duties in an effective and well-informed manner. services and assets in such a way as to maximise their availability. The Xansa Information Security policy applies to the whole organisation. The same standards will be applied to all work with client facilities. in conjunction with each client's own information security policy. The same standards will be applied to all work with client facilities. The following policy and guidelines is specific to Xansa’s Audit Policy. The policy applies to all users of Xansa equipment and Xansa infrastructure.secure image by utilising its technology in an appropriate and productive manner. All audit logs must be retained for a minimum of a month and then archived. All workforce members have a responsibility to maintain and enhance the organisation’s professional and secure image by utilising its technology in an appropriate and productive manner. Any improper use of technology is not permitted and is treated as a serious offence. in conjunction with each client's own information security policy. successful and failed. All representatives of Xansa working on client facilities must also follow this security policy as well as adhering to each client’s own IT security policies. Policy Auditing should be configured to record an audit trail of user activity on all Xansa systems. As a minimum all systems must audit attempts to log on. Xansa is committed to the provision of the information resources necessary to enable workforce to perform their duties in an effective and well-informed manner. 20 | P a g e . Any improper use of technology is not permitted and is treated as a serious offence.

The following policy and guidelines is specific to Xansa’s Internet Policy. The Internet is an insecure environment. All workforce working in Xansa make heavy use of Internet and intranet services and the provision of such facilities places significant responsibilities on both the organisation as a whole and individual users. employees. organisational structure and authorised processes. 21 | P a g e . Workforce must use the services responsibly and in particular must not use them for viewing obscene or pornographic material. It is written in a generic format. This policy applies to all users. All representatives of Xansa working on client facilities must also follow this security policy as well as adhering to each client’s own IT security policies. The policy applies to all users of Xansa equipment and Xansa infrastructure. The policy is not intended to restrict people unfairly.knowing how to use it securely is essential. auditors and third parties and shall apply regardless of how access to the Internet was achieved. Policy Access to the Internet from Xansa PCs must only be from the Xansa network via Xansa’s Internet firewalls. email can be an insecure communication medium. Each Xansa region is responsible for compliance with regional legislation. in particular Internet email .The Xansa Information Security policy applies to the whole organisation. reasonable basis for personal use. supplier or other third party. Users include the entire workforce and any client. Internet access is provided as a business tool and users are encouraged to optimise the use of technology in order to raise the business performance of Xansa. contractors. Managers will take responsibility for a user's adherence to this policy and will ensure that the user has received the appropriate training if required. whether by Xansa LAN or the secure dial service. Purpose Access to the Internet is primarily provided for business use and may only be used on an occasional. hence security controls are necessary to protect Xansa networks and information assets to reduce risk and potential liability. Similarly.

the Internet may be used for any normal Xansa business activity that is in line with of the aims and policies of Xansa.xansa. Internet and World Wide Web (WWW). Therefore. Workforce accessing Internet and other future services:by dial-in using their Xansa laptop (including SSL VPN) Broadband from any browser that has access to the Internet. All content posted to the intranet (http://xan sanet. the use of personal web logs (blogs) must not be detrimental to Xansa and its clients or suppliers.Internet access from the Xansa infrastructure is only permissible through a firewall. Only those users or officials who are duly authorised to speak to the media. the term “Internet” will be used to refer equally to Xansanet. users must consider email outside of the Xansa to be public information.com) and the web site (http://www. regardless of where it is located via 22 | P a g e . the World Wide Web.xan sa. Throughout this policy.g. It is used to host internal websites for all of Xansa while also providing a gateway to the wider Internet. In common with the Information Security Policy of Xansa no confidential material or company -classified information must be transmitted over the Internet. to research relevant topics and obtain useful business information. Due to the insecure nature of Internet mail. Users must conduct themselves honestly and respect the copyrights. to analysts or in public gatherings on behalf of the Xansa may speak/write in the name of Xansa to any Internet newsgroup or chat room. Xansanet and the Internet Xansanet is in effect a "private internet" provided solely for Xansa.Examples are provided where needed to facilitate understanding of the policy these are not exhaustive. In addition.com)is the property of Xansa. subject to the points described below in Unacceptable use. software licensing rules. including email-generating (‘contact us’) web pages. e. Acceptable Use The Internet will normally be used for Xansa related purposes. property rights and privacy of others.to communicate with colleagues and clients. or permission has been obtained from the owner to use it. Users must refrain from any unauthorised endorsement or appearance of endorsement by Xansa of any commercial product or service or of anything which would be in breach of commercial confidence or which could have a detrimental effect on Xansa.

inconvenience or needless anxiety. The creation. Xansa will always comply with any reasonable requests from law enforcement and regulatory agencies for logs diaries and archives on an individual’s Internet activities.for example whether or not the action may result in the disclosure of confidential information. No confidential information should be posted to intranet or the web site. Webmasters and any other workforce posting material to the intranet (Xansanet) or the web site(Xansa. transmission or downloading of any offensive. they must disconnect from that site immediately. or anything which might be deemed to be harassing or intimidating The transmission or downloading of material such as infringes the copyright of another person See Copyright and Software Licensing policy. transmission or downloading of defamatory material. viewing. annoyance. or copyright infringement Unacceptable use The Internet must not be used for any of the following: The creation. timeliness and relevance to Xansa’s business before posting it ensure legal issues are raised with Xansa Legal . such activities are prohibited on personal PCs/Laptops provided for official duties. The Xansa’s Internet facilities and computing resources must not be used knowingly for any illegal activity. The transmission of unsolicited commercial or advertising material to organisations connected to other networks (ie the wider Internet). Trojan horses. printing. The downloading. obscene or indecent images. data or other material or any data capable of being incorporated into obscene or indecent images or material.client-supplied equipment must be authenticated by means of technology which meets recognised international security standards. The creation. Similarly. or redistribution of any kind of sexually explicit image or document on any Xansa system is a breach of Xansa’s policy on sexual harassment. If workforce finds that they are connected accidentally or incidentally to a site that contains sexually explicit or offensive material.com) information must thoroughly check all information and programs to make sure they do not include viruses. storing. transmission or downloading of any material which is designed to or likely to cause offence. 23 | P a g e . and other malicious code confirm the information’s accuracy. In the event of such activity being discovered Xansa may proceed to act in accordance with its Disciplinary Procedure.

Users are also reminded that Xansa already has a policy concerning confidentiality and should ensure that Xansa’s data is treated as confidential at all times. for example the disclosure of sensitive information to commercial organisations or contact details to non. Users who are Xansa employees who attempt to disable. it also increases risks to Xansa’s data and systems and requires special security. racist material. In all cases individual users will be disconnected from the network. The overriding principle is that security is to be every member of the workforce’s first concern. A user will be held accountable for any breaches of security or confidentiality and for the protection of data in accordance with Xansa’s data protection policy.Non business use that grossly abuses the service. Users who become aware of weaknesses in security facilities or attempts to breach security must inform Xansa Security Team via CSD at the earliest opportunity. Alternatively it may mean that certain users must be prevented from using certain Internet features such as file transfers. malicious or indecent material from the Internet such as pornography. Internet and or any other form of computer access pending the outcome of the investigation. Users who are not Xansa employees such as contractors and project staff will be subject to an equivalent level of investigation and treatment. Monitoring 24 | P a g e . obscene. material that is intolerant of religious belief or sexual orientation. Such decisions will be the remit of the CSD team in conjunction with Xansa Security management. This may include preventing computers with sensitive data or applications from connecting to the Internet entirely or for that matter separating those machines connecting to external information sources from the network entirely. violent imagery or incitement to commit criminal behavior. sexist material. Access or attempting to access offensive. Sub-contractors will be expected to discipline their own staff (where appropriate). which could ultimately lead to dismissal. Gross abuse of the service by the unsolicited sending of inappropriate e-mail to large numbers of people. Security While a direct connection to the Internet offers many potential benefits.Xansa workforce. whether on Xansanet or the wider Internet. Deliberate unauthorised access to facilities or services accessible via Xansanet. which will include the sub contractor removing such staff from Xansa. defeat or circumvent any Xansa security facility will be subject to Xansa disciplinary procedures.

The purchase of goods or services over the Internet or through the use of email is permitted. Any such personal use of the Internet or any email facility. Xansa’s integrity must always be maintained in anything written. The list below shows categories of approved and non approved personal software. shall remain the subject of this policy. review individual Internet usage for each web site or newsgroup visited or email message and file transferred into and out of workforce computer. as appropriate. Personal use Xansa PCs/laptop etc should be used for the conduct of Xansa’s business activity and excessive personal Internet or private email activity whilst at a Xansa workstation during working hours will be considered a breach of Xansa Information Security Policy and the subject of disciplinary action. Xansa. record and. These arrangements will apply to all user access. Clearly it is not the intention or desire of Xansa that individual Internet or Email records be scrutinised but Xansa has a responsibility to itself and its clients to ensure that standards and security are upheld. whether from an individual’s PC or provided through the “Internet Kiosk”. This includes but is not restricted to: 25 | P a g e . This will not be practised as a matter of course but in the event of any real or suspected breach of security or transgression against Xansa policies on email usage or Internet access such actions may be authorised by Business Management team in conjunction with Technical Services Practice management and in line with HR policy. Limited personal use of the Internet is available to staff from their workstations during lunch breaks but every effort should be made to reduce the impact on the business related Internet traffic. Where possible staff must make it clear that they are purchasing them in a personal capacity and that they are responsible for any commitments entered into. Users must not use Xansa Internet facilities to download entertainment software. or to play games either alone or against opponents over the Internet. therefore reserves the right to inspect any files stored in private areas of the network or individual networked PCs in order to assure compliance with policy and no employee should have any expectation of absolute privacy as to their usage of the Internet. or received by any individual user.Technical Services Practice can monitor. Abuse of this privilege will lead to disciplinary action being taken against employees and restrictions and appropriate for the wider workforce. transmitted. screensavers or games.

shopping. holidays. The following policy and guidelines is specific to Xansa’s Email Policy. Open University software File sharing products e. Users include the entire workforce and any client. Doom 3 All diallers Only Xansa approved Gator. Policy Only Xansa supplied or Xansa approved email facilities can be used for Xansa business communications via email. in conjunction with each client's own information security policy. KAZZA or networked Standalone games e. All representatives of Xansa working on client facilities must also follow this security policy as well as adhering to each client’s own IT security policies. Xansa is committed to the provision of the information resources necessary to enable workforce to perform their duties in an effective and well-informed manner. adverts which pop up unwanted Only Xansa screensavers are permitted Email Policy Introduction Xansa manages its technology systems. Purpose 26 | P a g e . rentals CBT.g. All workforce members have a responsibility to maintain and enhance the organization’s professional and secure image by utilizing its technology in an appropriate and productive manner. integrity and confidentiality. The policy applies to all users of Xansa equipment and Xansa infrastructure. The Xansa Information Security policy applies to the whole organisation. The same standards will be applied to all work with client facilities. It is written in a generic format.Categ ory Access to Personal Websites Personal Development Peer to Peer Software Personal Games Illegal Diallers Instant Messaging Advert Sponsors Screensa vers Appro ved Yes Yes No No No No No No Exam ple On-line banking.g. services and assets in such a way as to maximize their availability. Each Xansa region is responsible for compliance with regional legislation. organisational structure and authorised processes. supplier or other third party. Any improper use of technology is not permitted and is treated as a serious offence.

letters. These services are primarily provided for business use and may only be used on an occasional. by not expressing views that may be detrimental to the organisation or its workforce ensure usage of the service is not in breach of company policy ensure usage of the service is not in breach of current legislation • • Workforce should be aware that content of any communication represents the organisation. surpassing the usage of communication tools such as post. file types and other information. It is therefore fundamental that every authorised user adheres to the guidelines set out within this policy.g. Xansa is committed to providing high quality Email access to all users with a business need for such a service. Xansa employs automatic email content scanning tools to identify selected words. regardless of the existence of any specification that views expressed are solely that of the sender.The purpose of the Email Policy is to: • ensure the efficient and ethical use of the business tool to protect the integrity of Xansa. legal and cultural terms) for its acceptable uses and applications to be completely clear. Xansa makes extensive use of Email. reasonable basis for personal reasons. facsimile and telephone. Users should restrict their communications to business matters in recognition of this electronic monitoring as emails not recognised as business emails may be intercepted. Many members of the workforce have access to email and to the Internet. the use of Email is not sufficiently established or tested (in technical. Xansa is committed to the provision of the information resources necessary to enable workforce to perform their duties in an effective and well-informed manner. Internet and Intranet services and the provision of such facilities places significant responsibilities on both the organisation as a whole and on individual users. Definitions of terms The following terms are widely used within this policy: Email 27 | P a g e . Therefore the use of Email should be treated with caution.Unlike the use of formal documents e. Workforce must use the services responsibly and in particular not use them for frivolous or libellous messages or for viewing pornographic material. Email is the primary method for business communication. memoranda and telephone conversations. Privacy therefore cannot be guaranteed. either directly or indirectly.

including instant messaging. Authorised users A person with access to the business service via specification of a username and password. Scope The policy applies to all Email communications sent by authorised users via the Lotus Notes or any other email systems provided by Xansa. Inappropriate use 28 | P a g e . Communications The use of the Email service for the transmitting of any material. in the first instance. an offensive article. facsimile and post. telephone.Throughout this policy the Electronic Mail service provided by Xansa is referred to as ‘Email’. be offensive to the specified recipient(s). In additional. be subject to disciplinary action for accessing the system without authorization. attachments and associated media. For example. Background Access to the service Authorised users will be granted access via an assigned username and userdefined password. Unlawful material Transmitted communication that does not conform to English Law (or any other law that may be breached by the communication) including International Law and Contractual Agreements. in his/her opinion. the sender cannot deem a communication to be inoffensive because the content will not. Unauthorised users will. or is not. Generic guidelines The content of this policy is generic and therefore the guidelines on acceptable and unacceptable service usage apply to all authorised users. many of the policy statements also apply to the usage of other communication tools within Xansa. including messages. It is the nature of the communication itself that defines whether it is. uploaded data.

Redirects to web based email accounts are forbidden e. Yahoo. identifiers or origin with intention to misguide the recipient Access or attempted access to another person’s account without specific permission from the account holder The transmitting of any dangerous content or inclusion of any virus with intent to cause damage.yahoo. transmitting. If there is a need to read a colleague’s mail in his/her absence. These facilities are easy to use and advice is available from the Xansa Customer Service Desk (CSD). Xansa email accounts must not be forwarded permanently to third party email accounts. invasive. The transmitting of material that infringes patent. Forging or manipulation of data/document content. This includes video. The transmitting of unlawful. Emails must not contain program files (*. Copyright material must 29 | P a g e . in breach of Xansa’s equal opportunity. For security reasons. harassing and/or obscene material or views.exe) or other non-business formats. programs. abusive. games. trade secret or intellectual property rights of any third party. for example sites such as www.com. libellous. files.com and www. Hotmail. software and joke-programs. Workforce is provided with Xansa email accounts when needed or in some cases workforce based on client sites will be supplied with client email address. either by false identification or usage of another individuals service account. Email attachments for external use are limited to a size of 5Mb Standard software is provided to reduce the size of attachments. Misrepresentation of an affiliation with any other person or persons. Such information may only be sent by internal email to other Xansa email accounts. In exceptional circumstances larger attachments may be transmitted after prior authorisation from the Xansa CSD.g. interruption or limited performance to computer code. including organisational bodies. history. other facilities must be used. All redirects must be agreed with the TSP security team via CSD. These are the only email accounts that should be accessed from Xansa equipment. trademark.Authorised users must not engage in any of the following when communicating. copyright. uploading or posting information via the business service: ‘Company confidential’ information must not be sent by email across the Internet when security cannot be guaranteed. Redirect requests must highlight why the redirect is required and for how long. Use of Internet-based email facilities is prohibited. hardware or software.hotmail. Workforce must not use an email identity assigned to another individual either to send or receive messages.

persons or organisation. Interference with the service. ‘spam’. Improper use of the email will not be permitted and will be treated as a serious offence. network or connections associated with providing the business service. Inappropriate use and failure to comply with the policy may result in disciplinary action. passwords. Every member of the workforce has a responsibility to maintain and enhance the Company’s image and to use Company email in a productive manner. personal details. either by false identification or usage of another individuals service account. all emails must be signed and those containing sensitive information must be password protected (where possible) and encrypted or sent using Sealed Media. Workforce should be aware that such improper conduct could result in disciplinary action or the termination of Client or Supplier agreements. identities. 30 | P a g e . including junk mail. Electronic communications must always be carried out in a way that will prevent or minimise legal liability and potential damage to the reputation of Xansa. Acceptable use and guidelines These guidelines should be adhered to where possible. Workforce are reminded that they must not share identities or passwords. Because of the risk of interception. Passwords are assigned to individuals and must be kept secret. salary. chain communications or other forms of solicitation. Examples include documents marked "Company Confidential". Workforces are advised to use their judgement in deciding what constitutes sensitive information. The transmitting of material for promotional. Workforces are advised to consider email to be the electronic equivalent of a postcard. advertisement or personal gain.not be uploaded or distributed electronically or as printed matter without the authority of the copyright owner. bid and other financial information. Performance of any activity that may be deemed objectionable to the Xansa or other service users. critical business information. Impersonation of any other person. to ensure the service is managed effectively and used to its maximum potential in a lawful and appropriate manner.

read through the message once it has been drafted. set-up the out of office message to advise others. to ensure communications can be found. Personal email must be addressed to individuals and not sent to business email groups. the Email service can remain connected while other desktop applications are in process. Select a suitable password (Access Control Policy . do not act impetuously as a result of fast communication. In most cases. Broadcast email must be used with caution and only after authorisation has been obtained. Do not print or forward sensitive messages without the sender’s permission. This can be arranged through Xansa Corporate Communications for non IT related emails and Xansa CSD for IT. If a workstation is left unattended for any period of time. Electronic communications must always be carried out in a way that will prevent or minimise legal liability and potential damage to the reputation of Xansa. ensure messages are only sent to the intended person(s) – do not ‘Reply to All’ if this action is unnecessary. The CSD team will be happy to provide assistance in setting up the ‘out-ofoffice reply’ feature. actioned and deleted effectively.The use of Internet email list-servers and subscription to Internet email sources must be for business purposes only . Only open attachments if they are received from a reputable source. Email groups must only be used when sending business email. Include the ‘subject’ for every message communicated. Archive received messages in a systematic and organized fashion. Broadcast email provides important information to workforce and certain specific business clients. Ensure outgoing messages are sent to the correct address by keeping address books updated. as the content of such attachments may contain material that is inappropriate. Login regularly and read messages promptly to ensure action is taken as and when necessary. 31 | P a g e . When absent for a given period of time. In addition. If a user believes that they have downloaded a virus they should inform the CSD team immediately. and ensure the message is spell-checked as poor grammar and spelling errors may reflect negatively upon Xansa. harmful or otherwise detrimental to the recipient and/or Xansa.for example subscriptions to joke list-servers are prohibited. log-out of the system to prevent the account being used by an unauthorised person.A Xansa disclaimer will be appended to all external email. Workforce must exercise professional care when sending or forwarding email.User Access Management for further details). However.

It is not good practice to write in a sarcastic.Take care to ensure that messages are not in breach of appropriate use as detailed herein. shared folders and Email groups. Do not type in BLOCK CAPITALS unless absolutely necessary as this can be considered aggressive. All policy updates must be agreed by Xansa’s ISMF and signed off by the Xansa Executive Board. Therefore. Sign off with sender’s name. Managers will be notified as appropriate. organisation and contact details if necessary Do not attach large files unless absolutely necessary — often a file can be trimmed. Risk and Security Manager and Technical Services Practice management team are responsible for future revisions of this policy. Updating the Policy The Information. Technical Services Practice retains the rights to manage the service and enforce this policy as detailed below. Xansa reserves the right to inspect any 32 | P a g e . Particularly useful are. Responsibilities and rights of the organisation Xansa’s integrity must always be maintained in anything written. An Email message can easily be misinterpreted. rules based messaging. Should an authorised user receive a message they believe to be in breach of policy. In the case of misuse of the service. Use all of the facilities provided within the Email system to support collaboration and team working. Managing the System The Technical Services Practice teams in both UK and India manage the Email systems and deal with technical issues surrounding the service. role. In addition. please report the incident to the appropriate Manager — do not forward the message as this may implicate the sender and others. or the data copied into the message itself to prevent the need for a large attachment. Enforcing the email policy Managers will take responsibility for an authorised user's adherence to this policy and will ensure that the users are aware of the Information Security Policy and will organise a user awareness session if required. demanding or cynical tone. or received by any individual user. Always adhere to the etiquettes associated with sending letters by hand/post — in a professional environment the same standards apply with Email. transmitted. appointment scheduling.

property and integrity Complying with legal requirements To ensure the service is managed effectively and fairly. Clearly it is not the intention of Xansa that individual Email records be scrutinised. 33 | P a g e .files stored in private areas of the network or individual networked PC’s in order to assure compliance with policy and no member of the workforce should have any expectation of absolute privacy as to their usage of Email. must any such case arise Respond to complaints made by a third party Protect the organization’s rights. The Anti-Virus Policy also details measures that help protect the organisation from potential attack. but Xansa has a responsibility to itself. Xansa may monitor. A user will be held accountable for any breaches of security or confidentiality via their logon email account and for the protection of data in accordance with Xansa’s data protection policy. Security The overriding principle is that security is to be every member of the workforce’s first concern. Excessive personal Email activity whilst at a Xansa workstation during working hours will be considered a breach of Xansa policy and the subject of disciplinary action. preserve or disclose any communication with a view to: Administration of an account in line with organisational procedure Re-enforcing the case of misuse against an individual. Appropriate management of passwords is a very effective security method (further details can be found in the Information Security Policy document). its clients and its partners to ensure that standards and security are upheld. particularly as this would place a large administrative overhead on the Technical Services Practice team. Limited personal use of Email facilities is available to workforce from their workstations but every effort should be made to reduce the impact on the core business Internet traffic by keeping downloads to a minimum. privacy. the organisation may define restrictions on individual accounts to limit: Communication with a specified account The amount of messages a user can store (mailbox limits) A single communication to a specified size Personal use Xansa equipment should be used for the conduct of business activities.

will be subject to an equivalent level of investigation and treatment. Internet and or any other form of computer access pending the outcome of the investigation. In all cases individual users will be disconnected from the network. which could ultimately lead to dismissal or termination of contractual relationship. Sub-contractors will be expected to discipline their own staff (where appropriate). Users who are not Xansa employees. Users who become aware of weaknesses in security facilities or attempts to breach security must inform the CSD team immediately. such as contractors and third party staff. defeat or circumvent any Xansa security facility will be subject to the Xansa disciplinary procedures. which will include the sub-contractor removing such staff from Xansa.Any member of the workforce who attempts to disable. Thank you 34 | P a g e . This could ultimately lead to termination of contractual relationship.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.