• 17.3.21 Information disposal

    Users must securely erase ‘internal’ or higher classified information promptly in non-recoverable manner when they are no longer required. Users m...

  • 17.3.18 Prevention of information leakage or manipulation in transit

    Users shall apply security controls when transmitting data of ‘confidential’ or higher classification to external parties. Such data must be en...

  • 17.3.17 E-mail

    Users are responsible for ensuring that information exchanged via e-mail is protected to a level commensurate with the classification of the informati...

  • 17.3.16 Copying

    Users and Document Management Administrators [link: 12.3.4.3.2] shall keep the number of copies of confidential information, in any combinations of me...

  • 17.3.15 Labeling

    Information assets must have their document classification clearly marked on the cover page, footer, header or watermark regardless of format. Includi...

  • 17.3.14 IT Asset Removal

    IT Asset Removal is the temporary removal and retention of an IT asset in response to an incident. This may include the removal and retention of lapto...

  • 17.3.13 Data Forensics

    Data forensics is the practice of identifying, extracting and examining data in response to incidents. This may include data held in on IT assets, e-m...

  • 17.3.10 Protection of Information Assets

    In ensuring the basic protection of OIST information assets, users must handle Information Assets in a manner appropriate to the information classific...

  • 17.3.9 Information Asset classification

    Information Asset manager shall assign information assets into one of the four classifications listed below, based upon determined value, confidential...

  • 17.2.9 Compliance

    Any breach of information security, or misuse of IT Resources is regarded as serious. Breaches may result in disciplinary action, up to and including ...