Skip to main content

PhysicalSecurityPolicy

Physical Security Policy
Last updated: January 20, 2023

Introduction

  • Zora Communications Ltd production infrastructure, including data storage, should be secured and managed by our infrastructure provider. We must rely on the physical security measures taken by our infrastructure provider for ensuring security, availability, and confidentiality of our production systems. Further, no production servers or customer data should be hosted within our premises. As a result, the physical security of our office premises is not critical to ensure security, availability and confidentiality of customer data. Having said that, the physical security of the premises where we work is important to us and we take the following steps to secure the same.
  1. Visitors: Zora Communications staff may invite visitors to the office premises for business reasons or during pre-specified times, for social reasons. In such cases, the staff members are responsible for the visitor's actions and must always escort their visitors. As a general principle, do not invite anyone to the office who you do not trust or know. Zora Communications staff members who spot unauthorized visitors should report to the security personnel on duty to take the necessary measures and refer the issue to management.
  2. Clean desk: Ensure that no customer classified data, or security keys/password etc. are written on whiteboards, or unattended notepads etc.
  3. Printing: Printing of customer classified data, security keys, passwords etc is prohibited.
  4. Removable media: Use of removable media to transfer sensitive customer data is not allowed on laptops used by Zora Communications staff to perform their work.
  5. Shoulder surfing: Zora Communication allows you to work from outside of the office premises. You Should find yourself working from a public place (like a coffee shop or airport), you should be aware of shoulder surfing.
  6. Local laws: We must abide by local laws regarding fire safety, display of licenses etc.
  7. Ensure that the loading/delivery or reception areas are secured with appropriate security measures.

Working Remotely

  • Zora Communications staff who work remotely must follow these rules: When working remotely, the security of the device you use to perform your work is your responsibility. For instance, your equipment should be in your presence, or screen locked, or be stored securely. Please follow the organization's endpoint protection and encryption standards for any equipment (company provided, or otherwise) used to perform your work. Protect the confidentiality, security, and privacy of our customers data by ensuring that unauthorized people may not view, overhear, or otherwise have access to such data. For example, be aware of "shoulder surfing" when working in public places like coffee shops or airports. All remote work must be performed in a manner consistent with Zora Communication's information security policies.

Non compliance

  • Zoracom staff who violate this policy may face repercussions in proportion to the impact of their violation. Zoracom management will determine how serious a staff member's offense is and decide the appropriate penalty. Penalties may include
  1. Reprimand
  2. Demotion
  3. Detraction of benefits for a definite or indefinite time
  4. Suspension or termination for more serious offenses