Would someone be willing to share their Security Policy with me? Our policy seems to hit all points except for the last piece, "such other devices as the security officer determines to be appropriate." I would like to see what other banks say on that part. TIA.
Can anyone provide a user-friendly description of Traffic Manipulation?
Preventing unauthorized access to customer data starts with controlling physical access to non-public areas of your facilities. Each institution should implement the following:
- A well-defined and detailed visitor access policy. We recommend not allowing unsolicited (e.g. without prior approval) visitors.
- Continual employee training on visitor policies and proper methods of screening individuals, as well as how to manage unauthorized visitor access. If an electrician shows up unannounced, without pre-approval, employees should be empowered to say no!
- Keep a record of all visitors to non-public areas.
- Verify the reason for the visit and determine if the visit is authorized and by whom.
- Request photo identification from the visitor.
- Log the visitor’s name, company, reason for visit, and in/out time.
- Issue the visitor a badge if available (in accordance with policy) and collect at the end of the visit. It’s a good idea to keep an accurate inventory of all visitor badges.