Software contracts should also address the following:
1. Flexibility and choice for upgrades and updates. Some contracts specify required upgrades to receive updates or maintenance.
2. SLAs for defining expectations for support and maintenance.
3. Annual maintenance costs. Should be fixed at the time of purchase and should not vary.
4. Provisions for protecting the company against unforeseen problems such as software interoperability.
5. Intellectual property rights for modi. cations. Customer may not be granted the rights for modifications.
The purpose of the Server Security Policy is to establish standards for the base configuration of internal server equipment that Blanco Wireless owns and/or operates. Effective implementation of this policy will minimize unauthorized access to Blanco's proprietary information and technology:
This policy applies to all production servers at Blanco Wireless, including web, application, and database servers.
The following directives are required of all servers at Blanco, and should be detailed in every configuration or "hardening" guide used by administrators:
PRINCE2 is a scalable, flexible project management method, suitable for use on any type of project. It has been derived from professional Project Managers’ experiences and refined over years of use in a wide variety of contexts. It is owned by a stable public authority, the Office of Government Commerce (OGC), and is available free of charge in the public domain. The OGC has an ongoing commitment to maintaining the currency of the method, together with the manual and other books used to define the method.
1. Character reference checks, one personal and one business. These should, for preference, be written, but a substitute might be a signed and dated detailed note of a telephone reference given by a nominated third party to a competent (ie experienced in carrying out telephone reference checks) member of the organization’s staff.
2. A completeness and accuracy check of the employee’s curriculum vitae; this is usually carried out by means of written references supplied by previous employers or third-party organizations, and most employers will already have standard documents that are sent out to guide these third parties in replying. It is critical that the employer is methodical in ensuring that all facts are corroborated and that all forms are returned, duly completed, by previous employers. Where they are not returned within a defined time period (which should be short – perhaps 10 days at the outside), the organization should arrange to complete the form by means of a telephone interview with the previous employer.
1. Establishing the management isecurity forum (unless the organization chooses to establish the forum first and then ask the forum to select the manager).
2. Developing, with the forum, the security policy, its objectives and strategy.
3. Defining, with the forum, the scope of the ISMS.
4. Briefing the forum on current threats, vulnerabilities and steps taken to counter them.
5. Carrying out the initial risk assessment.
6. Identifying changed risks and ensuring that appropriate action is taken.