Disaster/Recovery Plan
The primary objective of a Disaster Recovery Plan is to enable an organization to
survive a disaster and to continue normal business operations as soon as possible
after the damage has occurred.
Data Safety
Data Classification
According to the importance of the data, the data is classified into three categories:
Classified: Documents such as project proposals, source code, and financial statements;
any data of vital importance to the company which would result in severe damage
to DGT or its customers if lost or stolen.
Internal: Employee listing, internal contact information, and other data normally
reserved for DGT employees or other key people.
Public: Press releases, general contact information, job listing, and other data
for general public use.
The classification dictates the handling and access of the data.
Data Backup and Recovery Procedure
All important data in the server is protected by redundant backups. Double tape
backups, made weekly, are stored in separate secured areas. The backed up data on
tape can be recovered with the recovery software should the IT system suffer any
damage.
Anti-virus
Anti-virus software is installed on all systems to avoid system breakdown and the
loss of data due to infection. The server will scan the client PCs daily and synchronize
the versions on all clients with that of the server.
Hardware and Software Installation
All software and hardware is installed in accordance with the Project Software/Hardware
Installation Regulations developed by System Administrator. Software that is not
relevant to work is disallowed and all networked devices must have all available
patches installed that address security vulnerabilities.
Physical Security
DGT has set up a number of physical security measures to keep the location secure.
The building is restricted exclusively to approved personnel via electronic card
key security. An auditable log records all entry and exit events. Fire escapes are
alarmed and monitored by video surveillance. Printed documents are not allowed to
be removed from the facility premises. Removable, recordable media devices and computer
systems are prohibited to enter or leave the development labs without written consent
from customer or higher authority.
Network Security
All hosts in the development environment live on a physically and logically isolated
network with only one egress point.
Information Security Guidelines
Storage and Handling of Information
Information is the held with the utmost importance at DGT. Company classified printed
information sent through internal mail, external mail, or by courier is sent by
trusted courier or registered mail so the mail can be tracked. DGT holds in confidence
all proprietary information obtained from or developed for the customer under the
Secrecy and Inventions Agreement Documents, which contain confidential information
of customers, are secured when not in use.
Disposal of Information
All waste copies of company classified information that are generated in the course
of copying, printing, or otherwise handling such information are destroyed.
|
