The document is a draft Indian standard code of practice for physical security systems in banks. It outlines organizational responsibilities for security, including having a security manual and program. It describes location and infrastructure considerations as well as security measures like risk categorization, primary in-built measures, essential general measures, and desirable additional measures. It also provides procedures for opening, closing, and accessing branches after hours. In the event of an incident, branches must immediately report to law enforcement and authorities.
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
Based on online data, GDPR fines increased by 40% in 2020, compared to the previous years since the law came into force, and they are expected to increase even more in the upcoming years.
In this light, organizations are facing challenges when it comes to compliance with the increased number of data privacy laws and regulations worldwide.
The webinar covers
• ISO/IEC 27701 standard and its requirements
• GDPR requirements and principles mapped against ISO/IEC 27701
• An overview of CCPA requirements
• Upcoming US privacy laws
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/QGqJsh4kedM
Website link: https://pecb.com/
Building an enterprise forensics response serviceSeccuris Inc.
What issues are enterprises facing that require digital forensics?
• In-depth technical issues within the IT environment
o Complex attack / virus analysis
o Packet analysis
o Complex environment investigation coordination (VMWare)
• Separation of duties / transparency issues with IT staff
o Integrity and audit-ability issues from regulators and common due diligence requirements
• System Audit Functionality verification
o Audit System Investigation / Recovery
• Ensure systems are preserved for forensic investigation*
o Banking Standards
o NIST Standards
o PCI
o US State Laws
• Legal issues such as eDiscovery
o Prepare, Preserve & Produce electronically stored information
• Privacy issues from legislation, regulation and clients
o “DNA Forensics” – Identification for good & evil
• Records Management issues
o Historical Data Retrieval
o Data reconstruction
• Human Resources issues / employee investigations
o Inappropriate Use
o Harassment / Workplace Safety
o Loss management issues / evidence verification
o Theft / Fraud investigation support
o Sabotage
What is an Enterprise Forensics Response Service?
• Enables business owners to actively enforce corporate policy and protect and preserve digital assets through the use of forensic methods.
• Handles investigation requests from many different parts of the organization
o IT (Network / Applications)
o Internal Audit / Compliance
o Legal
o Privacy
o Records Management
o Human Resources / Employee Managers
o Loss Management / Physical Security
• An Enterprise Architectural Perspective of an EDF Service (Overview)
o Conceptual linkages to the business & information security strategy
o Logical service definition, examples of peer services
o Physical mechanisms that the EDF service is comprised of
o Examples of components that the EDF service utilizes
- What does the presentation cover?
• Identification & definition of required forensic services
• Review of common service mechanisms and components
• Considerations for implementing & service management in the enterprise
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
Due to an increase in the collection of consumer data, high-profile data breaches have become common.
Currently, there are 128 countries all over the world that have already put in place regulations to secure the protection of data and privacy.
The webinar covers:
Data protection, a global development
Introduction to the GDPR, ePrivacy & ISO/IEC 27701
GDPR & ISO/IEC 27701mapping
ePrivacy & ISO/IEC 27701 mapping
Recorded Webinar: https://youtu.be/oVhIoHAGGwk
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
Based on online data, GDPR fines increased by 40% in 2020, compared to the previous years since the law came into force, and they are expected to increase even more in the upcoming years.
In this light, organizations are facing challenges when it comes to compliance with the increased number of data privacy laws and regulations worldwide.
The webinar covers
• ISO/IEC 27701 standard and its requirements
• GDPR requirements and principles mapped against ISO/IEC 27701
• An overview of CCPA requirements
• Upcoming US privacy laws
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/QGqJsh4kedM
Website link: https://pecb.com/
Building an enterprise forensics response serviceSeccuris Inc.
What issues are enterprises facing that require digital forensics?
• In-depth technical issues within the IT environment
o Complex attack / virus analysis
o Packet analysis
o Complex environment investigation coordination (VMWare)
• Separation of duties / transparency issues with IT staff
o Integrity and audit-ability issues from regulators and common due diligence requirements
• System Audit Functionality verification
o Audit System Investigation / Recovery
• Ensure systems are preserved for forensic investigation*
o Banking Standards
o NIST Standards
o PCI
o US State Laws
• Legal issues such as eDiscovery
o Prepare, Preserve & Produce electronically stored information
• Privacy issues from legislation, regulation and clients
o “DNA Forensics” – Identification for good & evil
• Records Management issues
o Historical Data Retrieval
o Data reconstruction
• Human Resources issues / employee investigations
o Inappropriate Use
o Harassment / Workplace Safety
o Loss management issues / evidence verification
o Theft / Fraud investigation support
o Sabotage
What is an Enterprise Forensics Response Service?
• Enables business owners to actively enforce corporate policy and protect and preserve digital assets through the use of forensic methods.
• Handles investigation requests from many different parts of the organization
o IT (Network / Applications)
o Internal Audit / Compliance
o Legal
o Privacy
o Records Management
o Human Resources / Employee Managers
o Loss Management / Physical Security
• An Enterprise Architectural Perspective of an EDF Service (Overview)
o Conceptual linkages to the business & information security strategy
o Logical service definition, examples of peer services
o Physical mechanisms that the EDF service is comprised of
o Examples of components that the EDF service utilizes
- What does the presentation cover?
• Identification & definition of required forensic services
• Review of common service mechanisms and components
• Considerations for implementing & service management in the enterprise
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
Due to an increase in the collection of consumer data, high-profile data breaches have become common.
Currently, there are 128 countries all over the world that have already put in place regulations to secure the protection of data and privacy.
The webinar covers:
Data protection, a global development
Introduction to the GDPR, ePrivacy & ISO/IEC 27701
GDPR & ISO/IEC 27701mapping
ePrivacy & ISO/IEC 27701 mapping
Recorded Webinar: https://youtu.be/oVhIoHAGGwk
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Financial crimes compliance and enforcement trends 2019Joseph V. Moreno
Panel presentation to the DC Bar Association on September 12, 2019, by Joseph Moreno of Cadwalader, Fabio Leonardi of Pillsbury, Stephen Gibbons of Raytheon, and Woo Lee of the U.S. Department of Justice.
Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices.
The development of intelligent network forensic tools to focus on specific type of network traffic analysis is a challenge in terms of future perspective.
This will reduce time delays, less computational resources requirement; minimize attacks, providing reliable and secured evidences, and efficient investigation with minimum efforts
Come implementare un sistema di gestione della sicurezza delle informazioni (SGSI) conforme alla norma ISO 27001 che consenta di gestire la sicurezza di tutte le informazioni aziendali, quindi non solo dei dati personali, al fine di tutelare le informazioni aziendali dai rischi che possono correre ed organizzare e controllare i dati e i sistemi che li gestiscono.
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
Ready your Organisation: Senior Managers and Certification RegimeMyComplianceOffice
The UK’s Senior Managers and Certification Regime (SMCR) came into force for banks, other deposit-takers and PRA-regulated investment firms in March 2016. The regime is expected to be brought into effect for the rest of the UK financial services industry in 2018.
Watch recordings of the webinar here; https://mco.mycomplianceoffice.com/mco-webinar/ready-your-firm-senior-managers-and-certification-regime-fundamentals
This Presentation explains what GDPR is and the impact it'll have for Companies who process data of EU Citizens.
This Guide explains the principles of GDPR, Consent, User Rights and also explains how to implement GDPR in your organization.
Originally appeared at
http://backlinkme.net/definitive-guide-for-general-data-protection-regulation-gdpr-compliance/
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
This webinar provides an overview of:
- The regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Risk management and the GDPR
- Legal requirement for a DPIA
- Why and how to conduct a data flow mapping exercise
- What are the challenges?
- What is an information flow?
- The questions to ask
- Data flow mapping techniques.
A recording of this webinar is available here:
https://youtu.be/EZFgrmzmPYE
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
Iso 27001 2013 clause 6 - planning - by Software development company in indiaiFour Consultancy
This video focuses on the management clauses of ISO 27001:2013 standards. The management clause 6 of ISMS framework relates to 'Planning'.
The 'General' and 'Risk Assessment' sections are explained in this presentation.- by Software development company in india
Ref:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
** Custom software development companies
Financial crimes compliance and enforcement trends 2019Joseph V. Moreno
Panel presentation to the DC Bar Association on September 12, 2019, by Joseph Moreno of Cadwalader, Fabio Leonardi of Pillsbury, Stephen Gibbons of Raytheon, and Woo Lee of the U.S. Department of Justice.
Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices.
The development of intelligent network forensic tools to focus on specific type of network traffic analysis is a challenge in terms of future perspective.
This will reduce time delays, less computational resources requirement; minimize attacks, providing reliable and secured evidences, and efficient investigation with minimum efforts
Come implementare un sistema di gestione della sicurezza delle informazioni (SGSI) conforme alla norma ISO 27001 che consenta di gestire la sicurezza di tutte le informazioni aziendali, quindi non solo dei dati personali, al fine di tutelare le informazioni aziendali dai rischi che possono correre ed organizzare e controllare i dati e i sistemi che li gestiscono.
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
Ready your Organisation: Senior Managers and Certification RegimeMyComplianceOffice
The UK’s Senior Managers and Certification Regime (SMCR) came into force for banks, other deposit-takers and PRA-regulated investment firms in March 2016. The regime is expected to be brought into effect for the rest of the UK financial services industry in 2018.
Watch recordings of the webinar here; https://mco.mycomplianceoffice.com/mco-webinar/ready-your-firm-senior-managers-and-certification-regime-fundamentals
This Presentation explains what GDPR is and the impact it'll have for Companies who process data of EU Citizens.
This Guide explains the principles of GDPR, Consent, User Rights and also explains how to implement GDPR in your organization.
Originally appeared at
http://backlinkme.net/definitive-guide-for-general-data-protection-regulation-gdpr-compliance/
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
This webinar provides an overview of:
- The regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Risk management and the GDPR
- Legal requirement for a DPIA
- Why and how to conduct a data flow mapping exercise
- What are the challenges?
- What is an information flow?
- The questions to ask
- Data flow mapping techniques.
A recording of this webinar is available here:
https://youtu.be/EZFgrmzmPYE
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
Iso 27001 2013 clause 6 - planning - by Software development company in indiaiFour Consultancy
This video focuses on the management clauses of ISO 27001:2013 standards. The management clause 6 of ISMS framework relates to 'Planning'.
The 'General' and 'Risk Assessment' sections are explained in this presentation.- by Software development company in india
Ref:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
** Custom software development companies
These are basic skill set, duty responsibility and his ability to do the assigned work. The requirement of client is also mentioned to make process proper.
2015 security trends so far. Information Security is undergoing huge growth and changes. The general public is now more than ever painfully aware of IT Security. Technology is changing at an accelerated rate, threats are evolving almost at the same pace.
The Future of Bank Branches Coordinating Physical with DigitalCapgemini
Digital Technologies will Accelerate Branch Transformation, Not Make Them Extinct
Retail banking is evolving at an accelerated pace. Globally, banks are facing disruptions from multiple directions. Business and economic realities have reduced the total number of US bank branches by 3,000 between 2009 and 2012 - a decrease of 3% over the 3-year period. In Spain alone, banks have closed 5,000 branches or 12% of their overall capacity since the financial crisis began in 2008, lowering the total branch count to approximately 40,000 in 2012.
That is not all. Digital technologies have also brought a significant shift in consumer banking behavior. The percentage of US banking customers who prefer to bank online jumped to 62% in 2011, up from 36% the previous year. Today, four of the top five transactional banking activities in North America – bill pay, viewing balances/transactions, viewing statements and money transfer – are happening online.
This brings us to the key question of this paper: do brick-and-mortar branches have a role to play in the future of retail banking?
DRAFT of NEW White House Cybersecurity Executive Order leakedDavid Sweigert
Posted as a courtesy by:
Dave Sweigert
CEH, CISA, CISSP, HCISPP, PCIP, PMP, SEC+
The latest draft of a cybersecurity executive order to be signed by President Trump has become an unusually precise, report-ordering extravaganza.
Executive orders – even those signed by Trump – tend to be relatively short and quite vague, with general policy goals listed and expected to be interpreted by others.
The new cybersecurity order is none of those. At over 2,200 words it is very long. It is also very precise, listing individuals and giving them specific tasks. Rather than focus on a particular goal – the creation of a new taskforce or the development of a singular report – the order calls for the production of no fewer than 10 reports, six of which will go direct to the President, on a range of aspects of cybersecurity.
(By comparison, even though President Obama put out a very lengthy executive order on cybersecurity, running to 3,000 words, it only asked for three reports to be created.)
To understand how what was originally a restatement of US policy toward cybersecurity with a call for a single report has evolved into an extensive work plan, you need to look at the unusual events of nine days ago.
Trump was expected to sign the cybersecurity order on January 31. To that end, a series of meetings were held at the White House during the day and it was supposed to end with the signing in the Oval Office in the late afternoon. But at the last minute, without explanation, the decision to sign was pulled.
Defentect is an advanced CBRN threat detection system marketing by Rapidsoft Systems Inc. (http://www.rapidsoftsystems.com). It is only system of its kind that can save lives by detecting threats before they occur.
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docxoswald1horne84988
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)
A. The industry.- Tamara
B. The company and the concept- Tamara
C. The product(s) or service(s).- Tamara
D. Entry and growth strategy.- Arturo
· MARKET RESEARCH AND ANALYSIS
A. Customers.- Richard
B. Market size and trends.- Arturo
C. Competition and competitive edges.- Arturo
D. Estimated market share and sales.- Richard
E. Ongoing market evaluation.- Richard
· MARKETING PLAN
A. Overall marketing strategy.- Ryan
B. Pricing.- Ryan
C. Sales tactics.- Ryan
D. Service and warranty policies.- Ade
E. Advertising and promotion.- Ade
F. Distribution.- Ade
Deadline sent to Team Fileshare due- Saturday of each week by 4p.
Team Members in attendance-
Ryan, Richard, Arturo, Tamara, Ade
I. System Design Principles
A network system is a collection of integrated components that works together, to
achieve a common objective. A system design is a process of defining the system architecture,
modules, interfaces, data, and components of a system, to a specified requirement.
Design principles describe the procedures that software developers, system analyst, and
system architect designers, create through the distribution of colors, texture, and the weight of
objects. This union describes the use of assets, so that there is a structured and stable system
design, including system appearance, and security against unauthorized access. Security design
principles are essential when designing any system to make sure security and integrity is tamper
proof.
Various security design principles exist and designed by the system developer, listed
below include security design principles:
1. The Principle of Least Privilege requires the system developers to
limit user access rights to use specific tools and informatio n in a system, this
privilege gives rights to access data and applications, only to special users, with
limited access to other users.
The orientation of this design principle limits the system from damaging
attacks from users of the system; whether they are intentional or not, it also limits
the changes or damages a user can make on the system, and it reduces interactions
with the system.
2. Fail Safe Defaults Principle administered by the system developer
in charge of security, and authorizes users, to access system resources, based on
granted access, rather than exclusion; this design principle permits, the users, to
access resources, if permission is granted. By default, the users do not have
access, to system resources, until authorization is given. This design principle
prevents unauthorized users, from viewing resources. (Dennis & Wixom, 2000)
3. Defense In-depth Principle is a concept used by system developers
use security layers on system resources. This principle requires users to provide
credentials when accessing a system resource. The security experts because of
the operational results and effectivene.
ADAM ADLER FLORIDA - Adam Adler is the current Fund Manager at The Adler Fund, a private organization focusing on investing in the health and wellness, real estate, technology and healthcare space.
As the Founder of Fuse Science, Adam was the company’s CEO and primary investor. He personally signed over 20 world renown celebrity and athlete partnerships and endorsements for Fuse, including Tiger Woods, Andy Murray, David Ortiz, Paul Pierce, and Daymond John. He facilitated the transition to the public market in April 2011 and formed a team of top executives all strategically placed to bring shareholder value through bringing senior level expertise. Mr. Adler spearheaded the acquisition strategy Fuse implemented to bring global awareness around its platform technology.
Adam has substantial business and management experience, and a great understanding of the operation and responsibilities public companies. Adam’s true passion is remaining involved in the Chabad movement and supporting children’s hospitals.
Dependable, Cost-effective & Customized Professional Security Services
Security solutions are at the heart of what we do at Servexo. Committed to safeguarding our customers and their assets, we have the tools, training and experience to provide the most reliable security services available. Our security service provides the much-needed peace of mind in today’s relatively hostile world.
Servexo understands that organizations are under increasing pressure to maintain safe & secure operations while keeping costs under control. Our security solutions help you achieve that by tailoring a plan to your specific needs.
Similar to Code of practice for physical security systems in banks (20)
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Code of practice for physical security systems in banks
1. DRAFTS IN
WIDE CIRCULATION
DOCUMENT DESPATCH ADVICE
Ref: ME 24/ T-20 Date: 01-12-2014
SECURITY EQUIPMENT SECTIONAL COMMITTEE, MED 24
To:
a) The interested members of Mechanical Engineering Division Council,
b) All members of Security Equipment Sectional Committee,
c) All others interested
Dear Sir(s),
Please find enclosed the following documents
Kindly examine the draft Indian standards and forward your views stating any
difficulties which you are likely to experience in your business or profession, if these are
finally adopted as standards.
Last date for receipt of comments: 31-01-2015
Comments, if any, may please be made in the format as given overleaf and mailed to the
undersigned at the above address.
In case no comments are received or comments received are of editorial nature, you will kindly
permit us to presume your approval for the above document as finalized. However, in case of
comments of technical in nature are received then it may be finalized either in consultation with the
Chairman, Sectional Committee or referred to the Sectional committee for further necessary action
if so desired by the Chairman, Sectional Committee.
Thanking you,
Yours faithfully
(T.V. SINGH)
Encl: As above Scientist ‘F’ & Head (Mech Engg)
Phone/fax 011 23232509 email: med@bis.org.in
Doc . No. TITLE
Doc ME 24 (1394) Draft Indian Standard Code of Practice for Physical Security Systems
In Bank.
2. Doc: ME 24(1394)c
Dec 2014
Draft For Comments Only
Draft Indian Standard
CODE OF PRACTICE FOR PHYSICAL SECURITY SYSTEMS IN BANKS
Not to be reproduced without the permission of Last date for receipt of
BIS or used as a STANDARD comments is 31-01-2015
NATIONAL FOREWORD
(Adoption clause to be added later on)
1.0 SCOPE
1.1 This standard recommends practices to be followed for ensuring physical security in
banks and financial institutions.
1.2 This standard does not cover internet banking or information security.
1.3 This standard is intended to be a guideline and the provisions herein shall be
Subservient to all applicable rules and regulations and policies, unless otherwise
mandated by a competent regulatory authority.
1.4 The Physical Security System of a bank is a function of various factors like threat
Perception, location, construction, installed security measures, quality of security
equipment and devices. This standard attempts to take a comprehensive view of
the related factors and specify minimum measures to ensure desirable functioning of
the system.
2.0 OBJECTIVE
2.1 The principal objective of this code of practice is to prescribe minimum security
measures to be instituted by all banks and financial institutions for the purpose of :
a) Creating and maintaining a secured environment to facilitate safe banking
transactions,
b) Promoting security awareness among management and staff in all banks and
financial institutions,
c) Minimise crimes and reduce losses,
d) Assisting investigating agencies, and
e) Building customer confidence and organisational image.
3.0 TERMINOLOGY
3. Doc: ME 24(1394)c
Dec 2014
3.1 For the purpose of this standard, the following definitions shall apply :
(a) Branch : Any operating unit of a Bank or Financial Institution dealing with receipt
and disbursal of cash and /or storage of valuables on behalf of its customers,
(b) Branch Heads : The senior most official of the Branch ,under whose
administrative authority the Branch functions,
(c) Organisation : Any organisation classified as a Bank or a Financial Institution as
per the law of the land,
(d) Security devices : Any device employed to enhance the security measures
through warning signals or generating evidence,
(e) Security Equipment : Any product employed to store and protect currency and
other valuables in the custody of a Branch,
(f) Security Manual : A documented Physical Security Policy and Procedures Manual
as described in 4.1 of this standard, and
(g) Top Management: The Management of the organisation, or any person or group
of persons representing the Management to execute a specific task.
4.0 ORGANISATIONAL RESPONSIBILITIES :
4.1 Security Manual
4.1.1 Every organisation shall have a documented security policy and procedure manual
which shall be approved at the highest level of the organisation and implemented at all
appropriate levels of the organisation.
4.1.2 The Security Manual shall provide the basis of a Security Programme, appropriate to
the scale of operation of the organisation. It shall be the responsibility of the Top
Management of the organisation to ensure successful implementation of the Security
Programme.
4.1.3 The Security manual shall be formulated on basis of the Plan Do Check Act
principle and shall, to the extent possible, follow the structure of IS/ISO 9001.
4.2 Security Programme:
4.2.1 The Security Programme shall address, at least, the following :-
(a)Procedure for Risk Categorisation of branches,
(b)Procedure for installing security programme , devices and equipment appropriate to
the risk categorisation levels at various functional units of the organisation,
(c)Procedure for deployment of security personnel in accordance to its risk
categorisation,
4. Doc: ME 24(1394)c
Dec 2014
(d)the responsibilities and authorities of the personnel involved in implementing the
security programme at appropriate levels of the organisation,
(e)procedure for providing initial and periodic training to security staff and other
employees about the organisation’s security policy , general security measures and
specific responsibilities appropriate to his/her level,
(f) Procedures for safekeeping of all currency, negotiable instruments, and other valuable
items, whether owned by the organisation or by its customers
(g) Procedures for ensuring security of strong rooms/vaults,
(h) Special security measures to be taken during off-days or holidays,
(i) Procedures for preserving evidence and assisting in identification of persons
committing acts of robbery or burglary,
(j) Procedures for selecting, procuring, operating, maintaining and disposal of
security devices,
(k) Procedures for selecting, procuring, operating, maintaining and disposal of
security equipment,
(l) Procedures for comprehensive periodic auditing of all aspects of security installed
at the organisation,
(m) Procedures for maintenance of appropriate records at various functional levels
on implementation, administration and effectiveness of the security programme .
4.3 Designation of Responsible Officer:
4.3.1 Every organisation shall have a Security Department headed by a Chief Security
Officer with appropriate responsibilities and authority.
4.3.2 Depending upon the organisational structure, Zonal and / or Regional Security officers
may also be appointed with appropriate authorities to implement the security policy of
the organisation.
4.3.3 It shall be the primary responsibility of the Branch Head to ensure appropriate
measures in the Branch under his authority, in accordance to the Security Programme.
The nomination of an alternate official to look after the day to day security activities of
the Branch may also be considered wherever necessary.
5.0 LOCATION AND INFRASTRUCTURE:
5.1 Location: The following measures shall be ensured while deciding about the location of
a Branch and the operational infrastructure therein:
(a) The Branch shall not be located in an isolated and /or vulnerable place .
5. Doc: ME 24(1394)c
Dec 2014
(b) The Branch shall not be located in a crime prone area . The Security Officer of the
Bank and the local police shall be consulted to assess the crime proneness of a
locality and their views shall be taken in to account.
(c) The Branch shall be located as near to the police station as possible.
(d) During site selection, the possibility of any easements within or adjacent to the facility
that could affect the security of personnel or assets should be examined.
(e) Consideration should be given to potential and perceived threats.
(f) The susceptibility of the area to natural calamities should also be considered.
5.2 Constructional Requirements
5.2.1 General
(a) The design, layout and site location of buildings should facilitate natural
surveillance by police and the public from the surrounding area (e.g., from nearby
roadways or other buildings) unless this approach is deemed undesirable by
organisational safeguarding strategies.
(b) Structurally strong building should be selected for locating Branches. Old
dilapidated buildings which may infringe on security requirements shall not be
used ,even temporarily.
(c) It shall be ensured that windows do not directly open into areas having direct
access to the strong rooms ,storage facilities or sections dealing with liquid
assets.
(d) Where windows are unavoidable ,they should be fitted with strong grills
embedded into the walls with strong steel rods, angles or flat bars. The grill shall
be so designed as to deny access by human hand through it.
(e) Irrespective of the location or design of the Branches ,the strong rooms
shall be built in accordance to the relevant Indian Standard and in strict
conformance to the guidelines issued by RBI.
(f) RCC construction for Strong Rooms shall be as per relevant IS Specifications.
(g) In cases where strong rooms as per specifications cannot be made available.
(h) Safes shall be adequately embedded in to the walls by strengthening the walls
with 6 inches thick RCC lining all around.
(i) The future operational requirements should be considered while constructing
the Branch.
5.2.2 Entry/Exit
6. Doc: ME 24(1394)c
Dec 2014
a) In addition to the wooden doors, the entrance at the front should have rolling shutters
and collapsible grills.
b) Rolling shutter shall have floor embedded central lock with slots made of steel . There
shall be no gap between the lock lever and the hook of the door.
c) Hanging locks shall not be used on the rolling shutter in place of the latch
embedded locks.
6.0 SECURITY MEASURES:
6.1 Risk Categorisation:
6.1.1 Every Branch shall be assessed for its exposure to risk and categorised
appropriately.
6.1.2 The security measures installed in a Branch shall be appropriate to its risk
categorisation and in accordance to guidelines made available by the appropriate
authorities.
6.2 Primary In-built Measures:
6.2.1 All Branches shall invariably ensure the following primary security arrangements :
(a)There shall be only one entrance to a Branch. The entrance shall be situated at a
place easily noticeable by a substantial part of the employees working in the
Branch.
(b) If there are more than one entrance to a Branch , only one entrance shall be used
and all other entrances shall be securely closed from inside . It shall not be possible
to gain access through these entrances without raising an alarm or drawing attention
of persons present in the working area.
(c) The doors and grills should have separate locking devices.
(d) Strong and good quality high leverage locks with minimum 11 levers should be
used. Locks with long arms should not be used as these are more amenable to
break-in attempts.
(e) Perimeter lighting should provide sufficient illumination in and around facilities to
allow the detection and observation of people approaching the facility, discourage
opportunistic criminal activity, address any other security threats that may apply
and support surveillance features.
(f) Emergency power must be provided in the Branch and particularly for the
Security devices
(g) The strong room facilities shall include the following:-
(i) fire alarm security system;
(ii) Intrusion detection security systems;
7. Doc: ME 24(1394)c
Dec 2014
(iii) 24 hours monitored surveillance cameras (CCTVs);
(iv) secured locks and keys to avoid duplication;
(v) Secured safes and storage equipments; and
(vi) Adequate access control system.
(h) Wherever Branches are functioning without a Strong Room facility, all valuable
terms and documents are to be kept in FBR safe.
6.3. Essential General Measures:
6.3.1 Every Branch shall have the following security arrangements :-
a) Entrance door shall be fitted with a grill gate, shutter with central lock.
b) CCTV surveillance.
c) Appropriate types of fire extinguishers at important places, including server/UPS
rooms.
d) Integrated intruder alarm system with sensors and auto-dialler connected to the
emergency responders.
e) UPS system shall have a separate circuit, independent of the usual electrical circuit of
the Branch.
f) Emergency lights and inverters or generator sets shall be installed to ensure that
lights come on automatically in case of power failure .
g) Every Branch shall be provided with a B Class strong room. Where, a B Class
strong room cannot be provided for unavoidable reasons, the safe room shall be
suitably provided with grills.
h) Armed Guards shall be posted in accordance to the risk categorization of the
Branch
i) Important phone numbers like Police, Fire, Hospital, Bank Officials etc. shall be
displayed at prominent places.
j) Adequate Insurance cover for cash and valuables is to be obtained for an amount
more than the combined value of the market value of the gold kept at the branch and
cash, generally kept at the branch.
k) Procedures for opening, closing and accessing the bank after working hours shall be
rigidly followed.
l) Accumulation or dumping of furniture ,files or any other objects shall not be
permitted to happen in a manner so as to constitute a potential fire hazard and/or
provide cover to intruders.
6.4 Desirable Additional Measures
8. Doc: ME 24(1394)c
Dec 2014
6.4.1 In addition to the measures described in 6.1 to 6.3 , it is desirable that every Branch
should also take the following additional measures :
(a) Security guards of nearby shopping or residential complexes etc may be requested
to keep an eye on the branch at night and on holidays
(b) The local police authorities may be requested to include the branch under the Police
beat system.
(c) Adequate perimeter lighting may be provided at the front rear and sides preferably on
all exposed sides of the branch premises.
(d) During the weekends and holidays, the Branch Head or any other designated staff
should visit the branch premises at staggered timings to ensure the security of the
premises.
7.0 OPENING, CLOSING AND ACCESING THE BRANCH AFTER WORKING HOURS:
7.1 The Security Manual of an organisation shall document the procedures to be followed for
opening and closing a Branch as well as for accessing the branch after normal working
hours, both by employees as well as customers.
7.2 Opening the Branch
7.2.1 Every Branch shall nominate an officer to open the Branch for starting the services.
The documented procedure shall be strictly followed by the Branch.
The nominated officer shall, in addition to any other responsibility outlined in the
organisation’s procedures, ensure that the following actions are taken:
a) Examine the premises from the outside to check whether any attempt to break in to
the branch has been made.
b) After opening the main entrance, the security alarm should be switched on in the day
mode.
c) While cleaning of the premises is carried out before the working hours under the
supervision of the nominated officer/ employee, it shall be ensured that entry into the
branch is not allowed to customers.
d) The cleaning of the Branch shall be done only by authorised personnel. In cases
where outside agencies have been contracted to do the housekeeping functions, the
concerned person(s) shall be issued with proper identity document by the Branch
Head.
e) The cleaning shall be done under the supervision of nominated employees/ Branch
Head.
9. Doc: ME 24(1394)c
Dec 2014
f) If any staff member is allowed entry during this time , it shall be ensured that he is
identified properly. The collapsible gate should be closed and locked immediately after
he enters.
7.3 Access after Working Hours:
7.3.1 Access to the Branch premises after working hours should be avoided. In situations
where it becomes unavoidable, all following precautions should be taken to ensure the
security of the Branch:
a) After the banking hours, all entrances will be closed and secured from inside.
b) If any customer is in the banking hall after the close of the business hours, they
should be attended to as expeditiously as possible.
c) Entry of outsiders after working hours shall be allowed only after obtaining permission
from the Branch Head . Under no circumstances, the authority should be delegated to
the guard, watchman, or attender.
d) Whenever a customer is allowed to enter the premises before or after business hours,
care should be taken to identify the person seeking entry in to the premises. The
collapsible gate should be closed and locked immediately after he enters. Similarly,
the collapsible gate should be closed and locked immediately after he leaves the
premises.
e) In case the Branch is functioning after normal working hours, the Branch Head should
ensure that at least two or more staff members are present.
f) Strangers or customers whose identities are not properly known shall not be
entertained to stay back during lunch hours or after working hours.
7.4 Closing the Branch:
a) Ensure that the Security alarm and CCTV are switched on and functional.
b) Check that all doors, windows, strong rooms, storages are properly closed/ locked/
bolted in strict accordance to the procedures outlined in the Security Manual.
c) Each Branch shall have a check-list of security points to be verified. The check-points
shall be verified and authenticated by a responsible officer nominated by the Branch
Head.
d) Check that all electrical connections, except the UPS, are switched off.
e) Check that all table drawers and almirahs are locked.
f) Operational guidelines on dual control of keys should be strictly adhered to.
8.0 POST- INCIDENT ACTIONS:
10. Doc: ME 24(1394)c
Dec 2014
In the event of an attempted or successful burglary or robbery attempt, every Branch shall
take the following actions:
(a) Immediately report to the law enforcement agencies.
(b) Report to the authorities as specified in the Security Manual.
(c) Under these circumstances, the Branch entrance should not be opened until
directions of the Branch Head/Regional Head/Security Officer are received.,
(d) Care must be taken not to touch anything and not to allow anybody into the branch.
(e) A communication shall be sent to the nearest BIS office requesting them to examine
whether the unaffected / untampered sides of the burgled equipment may be
subjected to testing to assess whether the burgled equipment was made as per the
required standard.
(f) In the event of any recorded evidence that the equipment was actually burgled in less
than its certified resistance time, an online complaint shall be registered with BIS
giving necessary details of the burgled equipment. This shall be followed up with a
written communication to the appropriate authority in BIS, with a request to conduct a
suitable enquiry about the particular consignment /control unit of which the burgled
equipment was a part.
Note: Possible course of action in case of non-BIS certified equipment needs to be explored
because similar investigative actions and consequent corrective measures may not at all be
possible in such cases.
9.0 SECURITY EQUIPMENT:
9.1 Procurement (General):
9.1.1 Security equipment plays a vital role in enhancing security of banking operations, both
during banking and non-banking hours. It is therefore imperative that the security equipment
installed in branches must be procured and installed according to strict time tested norms
that accrue the maximum benefits and safeguard to the organisation.
9.1.2 Only BIS certified Security Equipment shall be procured for all products where an IS
Specification exists.
9.2 Procurement of BIS Certified Security Equipment
9.2.1 At the time of procurement, the procuring authority shall confirm whether the
manufacturer holds a valid BIS certification marks licence with respect to the product, type,
variety intended to be supplied.
9.2.2 The purchasing authority shall familiarise itself with the benefits of BIS Certification
and the ways and means to avail of such benefits.
9.2.3 The purchasing department shall familiarise itself with the general requirements of
the BIS certification scheme for operation of a licence and ,in case of any observed deviation
11. Doc: ME 24(1394)c
Dec 2014
by the supplier ,shall immediately bring it to the notice of the nearest BIS office and seek
their guidance.
9.2.4 A list of Indian Standard Specifications related to Security Equipment is given at
Annexure A.
9.3 Procurement of Uncertified Security Equipment
9.3.1 In cases where it may be essential to procure a type of product that may not be
covered under the relevant IS Specification, proper justifications may be recorded for using
such a product.
9.3.2 Before finalising the procurement of such a product, the organisation shall appoint a
panel of experts to prepare the product specifications and test methods in line with the
relevant existing IS Specification for the product. The members of the Panel shall be well
versed with the engineering aspects of the product.
9.3.3 While preparing the specification, the panel shall ensure that dilution of quality
parameters vis-à-vis the existing IS standard is not permitted.
9.3.4 No product shall be procured unless the manufacturer has demonstrated complete
conformance to the specification prepared by the panel
9.4 In absence of Specification: Where no IS Specification exists for a product, possibility
of urgently formulating an IS standard may be explored. Failing that, the procedure outlined
at 9.3 may be followed.
9.5 Procurement of Equipment certified according to specifications other than IS
Specifications
9.5.1 Where the necessity is felt to procure products conforming to some other standards
bodies like EN or UL, the necessity of such action shall be recorded.
9.5.2 While taking the decision it shall be kept in mind that quality parameters of other
standards may not necessarily suit the conditions arising in India . Accordingly, the suitability
of product conforming to other standard specification over the Indian standard specification
shall be examined and recorded.
9.5.3 While procuring such a product, it shall be ensured that (a) the quality is certified by
an agency appointed or approved for the purpose by the concerned standards formulating
body (b) the certifying agency accepts responsibility of quality.
10.0 PRE-SUPPLY / POST-SUPPLY QUALITY CHECK
10.1 A proper and effective conformity assessment of physical security equipment is not
possible without systematic, destructive testing. In case of BIS certified products, this is taken
care of by the third party quality assessment provided by BIS.
10.2 Considering the nature of the product and its usage, any corrective action becomes
extremely difficult after installation of the equipment .Therefore ,wherever ,in the opinion of
12. Doc: ME 24(1394)c
Dec 2014
the organisation , extra precaution is deemed necessary , ,it would be desirable to work out
a methodology to institute checks during or immediately after supply.
10.3 The most effective way to install such a check would be through the BIS certification
mechanism. It would be advisable to arrive at a sampling and assessment method, at the
organisational level, in consultation with BIS.
10.4 For non-BIS certified products, a suitable scheme may be installed where a pre-supply
inspection may be done by an agency appointed by the Bank.
10.5 A well thought out pre or post-supply quality check mechanism, will provide additional
confidence to all concerned as well as act as a deterrent to production of sub-standard
material.
11.0 MAINTENANCE OF SECURITY EQUIPMENT
11.1 Physical security equipment should not normally require periodic maintenance
.However, as and when maintenance or repair are called for the following precautions shall
be observed:
(a) All repair and maintenance activities shall be undertaken strictly as per the terms
of the contract between the Bank and the supplier of the equipment.
(b) Before the supplier’s representative is allowed access to the equipment in need
of repair or maintenance, the equipment shall be emptied and the contents shall
be stored in an alternate facility. The acts of emptying and storing shall be done
as per the policy of the concerned bank.
(c) After the repair /maintenance is completed, it shall be verified that the equipment
meets all its original quality and supply requirements. No alteration in the locking
system or construction of the equipment shall be permitted. Where a replacement of
lock is called for, an identical lock only shall be used.
(d) Wherever the equipment is fitted with a combination lock, immediately after the
maintenance activity, the combination shall be changed.
(e) All such activities shall be recorded in detail.
12.0 SECURITY DEVICES
12.1 Security devices shall be installed as specified in the Security manual of the
organisation.
12.2 Each device shall be tested periodically to ensure its readiness in the event of necessity.
12.3 While procuring any security device utility features shall always be given preference
over other features which may not contribute significantly to enhancing security.
13. Doc: ME 24(1394)c
Dec 2014
12.4 While procuring security devices, enquiries shall be made with other branches and /or
other organisations about the on-spot performance history of such devices. Brands or
devices having a history of frequent break-downs or requiring frequent maintenance or poor
after-sales service record shall not be considered for procurement.
13.0 TRAINING:
13.1 Every Organisation shall provide appropriate training to its personnel on security
measures. The training should be appropriate to the responsibilities and authorities of the
persons concerned.
13.2 In the event of a trained person assuming different or higher responsibilities, it shall be
the responsibility of the top management to provide him/her fresh training appropriate to the
new responsibility. This may not be necessary where the concerned person has already
received the required training within a reasonable period immediately preceding the change.
13.3 Security measures shall be a part of the induction training curricula for all classes of
employees.
13.4 Specific guidelines containing Dos and Don’ts in the event of any security related
incident shall be made available to employees on training.
13.5 Mock exercises shall be conducted to ensure that employees are familiar with the
actions required to be taken in emergencies. The frequency of such exercise shall be
decided in accordance to the security policy of the organisation.
13.6 Security trainings shall at least cover the following:
(a) Importance of security measures;
(b) Features and structure of the security programme installed in the organisation;
(c) Knowledge about functioning of the security systems and devices;
(d) Actions to be taken in the event of robbery or burglary;
(e) Criteria of a good witness;
(f) Actions to be taken to preserve evidence;
(g) Dealing with threatening messages and kidnappings; and
(h) Measures to be taken in the event of a fire outbreak.
14.0 SECURITY AUDIT:
14.1 At the time of opening or relocating a Branch, a preliminary security audit and risk
categorisation shall invariably be done and actions taken accordingly.
14. Doc: ME 24(1394)c
Dec 2014
14.2 Subsequently, every operating Branch shall be subjected to a multi-tier security audit
in the following manner:
(a) An internal security audit of every Branch shall be conducted periodically by a
senior employee of the branch . The purpose of this audit shall be to verify whether
all security norms, as applicable to the Branch , are being observed .In the event of
detection of a deviation ,the matter shall be immediately brought to the notice of
the Branch Head and appropriate actions taken . The matter shall be appropriately
recorded.
(b) An external security audit shall be conducted periodically by a Security Officer The
purpose of this audit shall be to examine the security status of the Branch vis-a-vis
the organisational policy and security categorisation of the Branch . The report of
the internal audit shall be considered and verified while conducting this audit.
(c) The organisation shall provide check-list and Report Proformae for both the audits
and the audits shall be strictly conducted and reported accordingly .
(d) At least once every three years ,every branch shall be audited for re-assessment of
its risk categorisation
(e) In addition, the organisation may institute audits and/or conduct re-assessment of
risk categorisation as and when deemed necessary.
(f) The periodicity of the audits shall be as determined by the top management.
15.0 RECORDS
15.1 Every organisation shall maintain relevant records with respect to the following, in
accordance to the documentation policy of the Bank:
(a) Incidences of robbery or burglary
(b) Type of security devices the bank or financial institution has installed.
(c) Frequency of maintenance of its security devices;
(d) Training of its management and staff on security issues;
(e) Security classification of Branches;
(f) Branch-wise records of security training of the staff employed; and
(g) Reports of Security Audits and consequent action taken report.
15.2 The records maintained shall adequately address the following :
15. Doc: ME 24(1394)c
Dec 2014
(a) Bank’s internal Management Information System;
(b) Requirements of regulatory Authorities; and
(c) Audit requirements.
Annexure A
16. Doc: ME 24(1394)c
Dec 2014
IS.NO. TITLE
IS 550(PT 1):2003 Safes: Part 1 Specification (fourth revision)
IS 550(PT 2): 2005 Safes, Part 2 Tests for burglary resistance (fourth revision)
IS 550(PT 3):2005 Safes, Part 3 Tests for fire resistance (fourth revision)
IS 1046:1992 Cash boxes - Specifications (third revision)
IS 5244:1991 Safe deposit locker cabinets - Specification (second revision)
IS 7152:1992 Book room doors - Specifications (first revision)
IS 11188(PT 1):1991 Vault (strong room) doors: Part 1 - Specification (first revision)
IS 11188(PT 2):1991 Vault (Strong room) doors: Part 2 Test for burglary resistance (
first revision)
IS 11188(PT 3):1991 Vault (Strong room) doors: Part 3 Tests for fire resistance ( first
revision)
IS 12187:1987 Specification for coffers
IS 14203:1999 Fire resisting record protection cabinet - Specification (first
revision)
IS 14387:2005 Vaults - Air ventilators – Specifications
(first revision)
IS 14505:1998 Fire resisting magnetic media protection cabinets - Specification
IS 14512:1998 Safe cum safe deposit lockers - Specification
IS 14561:2007 Fire resisting (insulating) filing cabinets – Specification (first
revision)
IS 14562:1998 Fire resisting computer media protection cabinets - Specification
IS 15369:2003 Code of practice for construction of vault (strong room)
18. FORMAT FOR SENDING COMMENTS ON BIS DOCUMENTS
(Please use A4 size sheet of paper only and type within fields indicated. Comments on each clauses/sub-
clauses/table/fig. etc be started on a fresh box. Information in Column 4 should include reasons for the comments
and suggestions for modified wording of the clauses when the existing text is found not acceptable. Adherence to
this format facilitates Secretariat’s work) It is desirable to send comments through email at : med@bis.org.in .
IS. No./ Doc. No.:
TITLE :
NAME OF THE COMMENTATOR /ORGN.: _________________________
Sl.
No.
Clause/Subclause/
para/table/fig.
No. commented
Comments Justification Proposed
change