Title Page

  • Conducted on

  • Prepared by

  • Location
  • To view our Loss Prevention Standard that supports this checklist, please view the following link: https://connect.avivab2b.co.uk/documents/view/aviva_security_-_computer_equipment_lps.pdf

Computer Equipment Checklist

  • 1. Have Business Impact and Security Risk Assessments been undertaken of the current IT/computer security at your premises, including the following?<br><br>• Local or business history of IT security related events?<br>• The cost of replacing computer equipment, systems or data? Expected equipment/software replacement times?<br>• Accessibility and vulnerability of premises, systems or data to unauthorised physical or electronic access?<br>• The business impact on your operations:<br>o Reputation and customer confidence?<br>o Loss of computer equipment, systems or data?<br>o Malicious interference with computer equipment. systems or data?<br>• Strength and nature of the building construction, doors, windows and securing mechanisms?<br>• The nature of any other electronic security measures or human presence on site?

  • 2. Has any independent or specific crime prevention advice or security requirements been sort from:<br><br>• The Police?<br>• A security consultant?<br>• Your insurer?<br>• Equipment leasing company?

  • 3. Do your password rules and other procedures limit employee and customer access to systems and equipment?

  • 4. Has anti-virus software been installed and is this up to date?

  • 5. Are there clear employee controls on internet usage, downloading software and the use of data encryption?

  • 6. Have users been made aware of the theft risks of leaving equipment unattended in public; in unattended vehicles; carrying items in recognisable laptop bags; leaving them in clear line of sight of windows and doors?

  • 7. Is an asset register maintained of all serial numbers and the location within the business of computer equipment?

  • 8. Is important and critical computer data regularly backed-up?<br><br>Are copies maintained securely off site or in a different building at least 30m away?

  • 9. Has a BCP for the IT hardware and systems been prepared?<br><br>• Is this a live document which is regularly reviewed?<br>• Is this tested?

  • 10. Has the location of any IT or server rooms been considered?<br><br>• Are these visible or accessible from the building exterior?<br>o Are additional measures in place to protect any glazing to the exterior?<br>• Can the room be accessed through a weak vulnerable ceiling/floor above or from a floor below?<br>• Is access to these areas restricted the closer one gets to the room?<br>• Are these rooms locked at all times?<br>• To prevent 'unmanaged open doors', do the doors into the room have automatic closing and latching mechanisms? <br>o Are door wedges prohibited?<br>• Is access to these rooms limited to a named group of individuals?

  • 11. Are the premises protected by electronic security systems?<br><br>• A CCTV system?<br>• An access control system?<br>• A remotely monitored intruder alarm system?

  • 12. Is the computer equipment hardware 'property-marked'?<br><br>• Visible marking (etching) of equipment with details of the company name and postcode?<br>• Covert forensic marking?

  • 13. Is high value or business critical equipment secured by a proprietary 'entrapment' device?<br><br>Is this bolted/anchored to a floor, wall or desk to prevent easy removal of equipment or internal components?

  • 14. Are secure plug-in dongles (devices that enable or encrypt software to specific users or computers) used for critical systems or operators?

  • 15. Are the security measures of the IT hardware equipment and software systems considered within a formal Management of Change process?<br><br>• For new software systems?<br>• For new hardware?<br>o Delivery?<br>o Receipt?<br>o Storage?<br>• For removal of old hardware?<br>• New employees?<br>• Departing employees?

  • 16. Are all employees formally trained on your IT policies and security measures, and does this include:<br>• All employees?<br>• Contractors?<br>• Repeat training?

  • 17. Are security arrangements and the basis for the risk assessment reviewed following any security issues, local incidents, intrusions or losses etc.?

Completion

  • Additional Comments

  • Completed by: (Name and Signature)

  • Please Note:

    This document contains general information and guidance only and may be superseded and/or subject to amendment without further notice. Aviva has no liability to any third parties arising out of ARMS' communications whatsoever (including Loss Prevention Standards), and nor shall any third party rely on them. Other than liability which cannot be excluded by law, Aviva shall not be liable to any person for any indirect, special, consequential or other losses or damages of whatsoever kind arising out of access to, or use of, or reliance on anything contained in ARMS' communications. The document may not cover every risk, exposure or hazard that may arise and Aviva recommend that you obtain specific advice relevant to the circumstances.

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.