Document | Purpose |
How to report security incidents, risks and threats | |
Provides the process for handling a data breach | |
| G.IT01.001 Event Logging Policy | The event logging policy for IT systems and applications |
The policy relating to system owners | |
Policy for auditing of data transfers in and out of Penske | |
The policy for retaining digital data in Penske | |
Policy for the sanitisation (erasure or destruction) of IT equipment | |
The approved cryptographic algorithms and ciphers for use within Penske | |
Acceptable usage policy for users of the PROTECTED network | |
Policy for configuration and existence of IDS and IPS | |
The policy for Data Classification of documents and emails | |
Policy for use of computers and software in Penske | |
Policy for use of mobile devices (phones, tablets) in Penske | |
Managing risks for third party IT suppliers | |
| Acceptable usage policy for all Penske staff using IT equipment and services | |
An information security statement that can be shared to external parties | |
Process for backing up data and replicating data for disaster recovery | |
The process for restoring data from backups | |
The process for patching computers and servers | |
The process for managing vulnerabilities on IT assets | |
How to classify documents and emails | |
How to audit the importing and exporting of data | |
IT's procedures for various activities | |
Details the process for managing a major IT incident |