Essay on Policay Statement for Tucker Inc.

Decent Essays


1. Information Services (Tucker Inc.) Responsibility—All Tucker Inc. employees who come into contact with sensitive Tucker Inc. internal information are expected to familiarize themselves with this data categorization policy and to consistently use these same ideas in their daily Tucker Inc. business activities. Sensitive information is either Confidential or Restricted information, and both are defined later in this document. Although this policy provides overall guidance, to achieve consistent information protection, all employees are expected to apply and extend these concepts to fit the needs of day-to-day operations. This document provides a conceptual model for Tucker Inc. for classifying information based on its …show more content…

Data used for authentication shall be protected from unauthorized access. Controls shall be in place to ensure that only personnel with the proper authorization and a need to know are granted access to Tucker Inc. systems and their resources. Remote access shall be controlled through identification and authentication mechanisms.

1.3 Access Granting Decisions—Access to Tucker Inc. sensitive information must be provided only after the written authorization of the Data Owner has been obtained. Access requests will be presented to the data owner using the Access Request template. Custodians of the involved information must refer all requests for access to the relevant Owners or their delegates. Special needs for other access privileges will be dealt with on a request-by-request basis. The list of individuals with access to Confidential or Restricted data must be reviewed for accuracy by the relevant Data Owner in accordance with a system review schedule approved by the VP, Director of Information Services and the AVP, Director of Risk Management.

2. Information Classification

2.1 Owners and Production Information—All electronic information managed by Tucker Inc. must have a designated Owner. Production information is information routinely used to accomplish business objectives. Owners should be at the VP level or above. Owners are responsible for assigning appropriate

Get Access
Get Access