Archer Real Estate Internet IT Policy & Security Plan

It is understood that no security plan is foolproof. However, individual due diligence will help us approach a risk limited environment.

Computer usage is restricted to authorized personnel (users) or persons directly supervised by authorized personnel.

In order for personnel to become authorized, they must complete a basic course in Internet Security that has been approved by the technology committee.

Users include the Archer Real Estate staff and the technology committee.

Users are responsible for the security of their personal computer and should follow the "general security guidelines".

On a daily basis, the technology committee will update and post the guidelines to the world wide web. (http://membrane.com/security/) Users shall be responsible to understand these guidelines, as well as, read the updates. Virus protection software should be maintained and run on each computer on the network.

Use extreme discretion when accepting a file or a program (since this will by-pass the protection of the firewall.) These kinds of files go by names, such as, cookies, Java, Java Script, Active-x, active WebPages, Flash, NetObjects, Fusion, ICat Commerce, IRC, Chat, and others.

Avoid accepting attachments in e-mail messages. Ask people to copy and paste text to the body of an email. Word, Excel and other Microsoft attachments are very dangerous. Never accept an .exe, .scr, or .vbs file. Any incoming attachments that you do accept should be downloaded to a floppy disk and scanned for viruses.

All floppy disks brought in from outside the company location should be scanned for viruses upon insertion into any computer.

Back-ups of all pertinent data will be run on a weekly basis, and tested on a monthly basis. Off site back-ups will also be maintained. The types of information that are deemed pertinent will be determined by the technology committee.

The technology committee will recommend the frequency and duration for a continuing education program in the areas of policy, inventory, countermeasures, crisis management, backups and recovery.

=========================================================================

Created by: brouse@membrane.com and sidd@membrane.com [3 October 2001] ©2001 Membrane.com