Physical Security Policy

From Wikimedia UK
Jump to navigation Jump to search
Comment This policy was adopted by the Board on 9 February 2013. It is part of a series of IT Security Policy.

Introduction

Wikimedia UK recognises that as a first line of protecting its informational and other assets, staff and volunteers must understand and uphold the physical security of access to its office space.

Key Principles

  • This policy should act as an ongoing reminder to new staff to be vigilant to security concerns.
  • Staff and volunteers who access the Wikimedia UK offices should remain vigilant to security flaws in terms of building access, and report these to the building management or Office and Development if identified to ensure remedies can be put in place.
  • This policy seeks to support Wikimedia UK offices being as open and accessible as possible to the vibrant volunteer community that underpins the Wikimedia movement, while balancing this against its duties to protect confidential data and other assets.

Building and Office Access

Wikimedia UK operates from a shared office on the fourth floor of Development House, 56-64 Leonard Street, London, EC2A 4LT. Access to the premesis requires pin code entry, key fobs, a key to the office and alarm codes.

Staff authorised to hold this information are listed in the Access Control List.

New keys are ordered via the building management and spares are not held. Spare door fobs are kept in the Office and Development Managers locked filing cabinet drawer.

Storage

Due to the shared nature of the office, lockable storage is used by WMUK. Individuals holding keys are listed in the Access Control List.

Protection of hardware and data

In line with the clear screen policy, members of staff are required to put electronic equipment (such as laptops and mobiles) and other sensitive data in lockable storage overnight, to prevent potential theft and risk of data loss.

Visitors

Office hours

  • Visitors are defined as those who are neither key holders as listed in the access control list, or Trustees who are bound by their responsibilities to the charity and may therefore be allowed unsupervised access to the office space.
  • Visitors to the office are to be accompanied at all times by a member of staff or otherwise authorised personnel (i.e. Trustees)
  • A record of each visitor and arrival/leaving times is kept by the staffed reception to Development House.

Outside of office hours

  • If a visitor wishes to access the Development House facilities outside of normal office hours (9.00 - 5.00pm, Monday to Friday) then their access to the Wikimedia office space must be requested reasonably in advance where possible - 24 hours is suggested and a written request is preferred (an email is acceptable)
  • The Office and Development manager will determine if a member of staff is required to accompany the visitor, and the request will be logged on the UK wiki Outside Office hours visitor log.
  • If a member of staff is not required the visitor will collect a set of keys prior to the day when the space will be accessed - this will also be recorded on the Outside Office hours visitor log. They will be required to review and sign Wikimedia UK's IT security policy and the policies it references.
  • Generally, a member of staff will be required if the visitor is not known to any member of staff or if the visitor will require access to any personally identifiable information held by Wikimedia UK. This would apply if the visitor wished to review accounting or database records, but would not apply if a visitor wished to access the space to conduct a meeting or hold an event.