Physical Security Manual
BT ISIS directive
General Interest Visit
Security Measures
SEC | POL | AO13
ISIS directive
Origin: Directorate of Security and Investigation
SecID
Physical security Manual
General Interest Visits
Introduction
Although BT wishes to maintain good relations with the community, general
interest visitors are not normally permitted into operational computer
centres or buildings containing network equipment such as telephone exchanges.
Visits to associated premises may be permitted but should not be actively
encouraged. Any request for a visit should be considered on its merits
by local
management.
Policy 7.1 Security Measures
When visit is arranged, the following measures must be taken to minimise
the
risk:
- Except in an emergency, formal entry and exit procedures must be
scrupulously
followed.
- Visitors must be issued with passes.
- Parties must be organised so that they are of manageable size,
to ensure that
a BT person always accompanies and supervises all visitors. A ratio of
five
visitors to each BT guide, one of whom must be a manager, is recommended.
- The route and timetable must be pre-planned and strictly followed
to avoid all
'sensitive' areas.
- Areas of work that are demonstrated must be selected to avoid close-up
viewing
of 'sensitive' information (such as logging on procedures, network access
numbers and customer data).
- BT people must be given adequate warning of impending visits so
that sensitive
information and access methods can be concleaded.
- Passwords must be changed after any such visit if it is considered
that any
passwords may have been seen.
- Any information handed out must be have been authorised by the
local manager
in accordance with the Information Security Code.
- Visitors must not carry cameras or electronic devices capable of
interfering
with computer or electronic systems.
Computer Security Manual (ISIS SEC|POL|AO12)
godhead/med
Back to document index