Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security policies for PHPS - Coggle Diagram
Security policies for PHPS
Staff Access Right to Information
RBAC
Ensuring staff have the correct access rights based on the role they perform
E.g couriers only able to access their own delivery routes, parcel information
customers only being able to access their own account and history
administrators being able to access all security system information
customer service being allowed access as required and only to those who they are helping
Multi-factor authentication
Principle of least privilege
Responsibilities of Staff for Security of Information
Password management
Using long, complex passwords
Not leaving notes or telling others of passwords
E.g couriers not leaving passwords to their smartphones in the van
Data handling procedures
Reporting security incidents
Disaster Recovery
PHPS need a back-up if servers go down
Ensure the continuity of business
Regular back-ups of data
Paper copies of delivery routes
Keep off-site back-up
Practice restoring data
Paper copies of delivery
Information Security Risk Assessment
What should be included in report
Technical vulnerabilities
Human error
Physical security
Effectiveness
Security audits
Penetration security logs
Training Staff to Handle Information
Password security
Phishing/threat awareness
Data handling procedures
How to report security concerns