1

PART 4

Security of people, property and information

♦ the key organisational responsibilities in terms of security of people, property and information: — understanding organisational responsibilities in relation to identification and secure entry systems — understanding organisational procedures to protect property, eg security marking, cables and blinds ♦ understanding organisational procedures to protect paper and electronic information, eg usernames, passwords, encryption, access rights, lockable storage

Security Measures It is not only important to make ensure employees are working in a healthy environment, they should also feel safe and secure. Security measures are things which an employer or employee should put in place to make sure staff are safe while at work. Security

In this topic area we will learn about:

Organisational procedures used to protect people

Organisational procedures used to protect property.

Organisational procedures used to protect both paper-based and

electronic information.

The Data Protection Act 1998 and The Computer Misuse Act 1990.

You should already know:

From your own experience and knowledge, measures used to protect

people. For example, staff wearing ID badges, buzzers to enter school,

etc.

From your own experience and knowledge, measures used to protect

property, for example burglar alarms.

2

measures should be taken for various reasons: to protect and reassure staff, to prevent theft of stock and equipment and to maintain confidentiality of information. Security of Staff To ensure that only authorised personnel have access to the premises an organisation can use a combination of the following methods:

intercom and/or security doors

identification badges to be carried (if not displayed) at all times – passes will display name, title, department, picture; may contain an electronic activating device such as an electronic strip which needs to be swiped for entry; will be re-issued regularly

careful handling and issue of keys

Security Guards

Staff In/Out Book

CCTV systems Security of Visitors To ensure that only genuine visitors enter the premises an organisation can use a combination of the following methods:

visitors should report to reception on arrival and have their reason for visiting verified

the reception should be located at the main entrance and constantly staffed

other entrances should be minimised

visitors’ passes to be issued and displayed

visitors should not be left unsupervised

the receptionist should ensure that all visitors leave the building and that passes are returned.

KEYWORDS

Intercom

ID Badge

Security Guard

CCTV

3

Log on to https://bubbl.us/ and create 2 summary mind maps. Or use Microsoft Word. One mind map should show security measures for staff, the other security measures for visitors. USE THE NOTES ABOVE TO HELP!

Security of Property To ensure property is not stolen or damaged in any way, the organisation can:

use security marks eg chips or UV lighter pens

use cable management systems to avoid staff tripping over cables and damaging them.

keep a record of all equipment

install security blinds to minimise burglary, theft and vandalism Security of Information In accordance with the Data Protection Act an organisation should use a combination of the following methods to ensure the security of information:

use of passwords – these should not be obvious and changed

use of read-only files – some files can be read but not amended (changed)

anti-virus or virus-screening software should be used to ensure that files are not lost

use of locked rooms, filing cabinets and computers

confidential documents should be discarded appropriately.

KEYWORDS

Visitor Pass

Security Marks

Cable management system

4

Using the notes above and information from your mindmaps, answer the following questions:

1. Identify 3 ways in which organisations can ensure staff are safe when at work.

2. Define the following terms:

Security mark

Cable management system

3. Mr O’Neill is the manager of SMT Ltd. He is aware that there is no system in place to ensure information which shouldn’t be seen by others is kept confidential. Suggest 2 courses of action Mr O’Neill could take.

STOP HERE

Data Protection Act This Act governs how personal information is collected, used, stored and destroyed. Before we consider the details of this Act, it is first necessary to explain two pieces of important terminology: Data subject Individual to whom the personal data refers Data user The person or organisation that controls the way in which the data is used Under this Act, the Data Protection Registrar supervises data users. Data users must register the following details with the Registrar:

the nature of data held

why it is held

how it was collected

who it will be disclosed to. Anyone processing personal data must comply with the following eight principles of good practice. 1. The personal data shall be obtained fairly and

lawfully.

KEYWORDS

Visitor Pass

Security Marks

Cable management system

5

2. Personal data shall be used only for the registered purpose. 3. The personal data shall not be disclosed for purposes other than those registered. 4. Personal data held shall be adequate, relevant and not excessive for its purpose. 5. Personal data held shall be accurate and kept up-to-date. 6. Personal data shall not be kept for longer than necessary. 7. Data subjects shall be entitled to: be informed of any personal data held by the data

user; access any personal data held; have data corrected or deleted where appropriate. 8. Appropriate security measures shall be taken against unauthorised access to personal data, disclosure of personal data and accidental loss of personal data.

KEYWORDS

Data Protection Act

Data Subject

Data User

8 Principles

6

Go to: http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/0dataprotectionactrev1.shtml

Read the information about the Data Protection Act and try the test bite at the end! Print out your answers.

.

1. Update the extract from the staff handbook with relevant information on employee and organisational responsibilities with regard to security within the organisation. (National 4 do not need to fill out the grey columns) USE THE NOTES ON PREVIOUS PAGES TO HELP! 2. Print one copy of the updated staff handbook.

Test Your Learning! - Summary Questions (Use Leckie Leckie notes to help too)

1. Explain WHY a reception area plays a crucial role in the security of an organisation.

2. Describe three security measures taken by the receptionist.

3. State how keypads/combination locks/swipecards can restict unauthorised access.

4. Describe three securtiy meausres taken by an organisation to protect property.

5. List two ways usernames and passwords can restrict access to information.

6. List three wother methods of protecting information held on computer.

7. State what is meant bu the term ‘back-up’.

7

8. Outline the main principles of the Data Protection Act 1998.

FINISHED? Log on to http://www.teach-ict.com/gcse_new/gcse_ict_quizzes.htm and try the Data Protection Act quizzes in order to check your learning

8

FILL OUT THE CHECKLIST TO SEE HOW CONFIDENT YOU ARE IN YOUR LEARNING

AP Part 4: Security of people, property and information

Se

curi

ty o

f p

eop

le, p

rop

ert

y an

d in

form

atio

n

Skills, Knowledge and Understanding

Strength

Weakness

Next Steps

I understand the organisational procedures used to protect people.

I understand the organisational procedures used to protect property

I understand organisational procedures used to protect both paper-based and electronic information

I understand the Data Protection Act 1998

WELL DONE!

You have completed Part 4 of the Administrative

Practices unit.

You are now ready for your assessment!

9

Task 19

Answer the following questions in your jotter.

1. In your position as a receptionist of a large computer firm, you are the first point of call for all visitors to the organisation. Describe some of the procedures you will follow to ensure a high level of security is maintained.

2. Recently a member of the public was found wandering in a private part of the building. What steps could an organisation take to ensure this does not happen again?

3. Give 2 reasons why it is important that staff complete the Staff

In/Out Book.

4. Because of the highly sensitive nature of the work your organisation carries out; suggest some measures your organisation could take to protect information stored on a computer.

5. Which Act of parliament controls the security of information within your

organisation?

6 Why is it important that an organisation uses consistent methods of presenting information?

7. You have been appointed security officer at Huntstar Electronics Ltd.

One of your first duties is to improve the existing security systems within the organisation. In order to do this you should be able to answer the following questions.

(a) What are the 3 main reasons for installing security systems in

organisations.

(b) List, using the headings given below, the security measures an organisation should take for:

Staff entry and movement

10

Visitors to the organisation

Security of information

Securing property

8. TRUE OR FALSE? Justify your answer.

(a) A person who empties the fire bucket for a joke is committing an

offence under the Health and Safety at Work Act 1974.

(b) A VDU operator whose eyesight is failing must pay for his or her own

eye test. (c) An employee is within his or her rights to refuse to wear protective clothing which is not comfortable. (d) All types of fire extinguishers can be used on electrical fires. (e) After an emergency evacuation, all staff and visitors should proceed

immediately to the assembly point.

11

15 A trainee receptionist has recently been employed by Scotia Enterprises. You have been asked to provide a set of written instructions on how to deal with the following situations.

a A caller who appears to be under the influence of alcohol has

become verbally abusive.

b A stranger enters the building at night when you are working

on your own at the reception desk.

c The receptionist often discusses confidential information over the

phone which can be overheard by visitors.

d Staff often ask for the receptionist’s password to access computer files.

12

4PS

16 The receptionist at Scotia Enterprises deals with confidential information both paper and ICT-based. To assist with the problems of such information being accessed freely suggest ways by which the receptionist can ensure confidentiality.

Paper-based

a

b

c

ICT-based

a

b

c 6KU

17 A trainee receptionist has recently been employed by Scotia Enterprises. You have been asked to provide a set of written instructions on how to deal with the following situations.

a A caller who appears to be under the influence of alcohol has

become verbally abusive.

13

Calm visitor down, politely ask the caller to leave

Call security for additional support

b A stranger enters the building at night when you are working

on your own at the reception desk.

Change staff rotas so no one has to work alone

Improve communication systems – e.g. hidden panic buttons

c The receptionist often discusses confidential information over the

phone which can be overheard by visitors.

Direct visitors who cannot be seen immediately to the waiting area

away from the reception desk and deal with calls discreetly

d Staff often ask for the receptionist’s password to access computer files.

Change staff passwords regularly

Regular training to remind staff of importance of confidentiality

4PS

18 The receptionist at Scotia Enterprises deals with confidential information both paper and ICT-based. To assist with the problems of such information being accessed freely, suggest ways by which the receptionist can ensure confidentiality.

Paper-based

14

a keep all papers in a lockable filing cabinet

b ensure that old papers are shredded

c train staff not to leave papers etc carelessly lying around

ICT-based

a issue passwords to all staff – train staff to keep them confidential

b change staff passwords regularly

c keep all floppy discs in a lockable box and have named keyholders 6KU

2010 Credit Question 1

You are a relief receptionist for Kanudoit Ltd. The following problems arose yesterday.

(i) You did nothing about a suspicious parcel which had been left at the reception

desk.

(ii) You sent a visitor without an appointment through to see the Sales Manager who

had left the office for the day.

(iii) You were unable to answer a telephone enquiry about who is in charge of the

Finance Department.

Suggest the action you should have taken in each of these situations. Give reasons for

your answers. A different answer/reason must be given for each. PS6

2009 Credit Question 8

(a) Explain how the Reception area within an organisation contributes to the security

of that organisation.

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

15

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________ KU4

2008 Credit Question 8

You are a receptionist at Grace Brothers. Suggest and justify an efficient way of dealing

with the following situations.

(i) A car has been left in the company car park for the last 3 days.

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________ PS2

(ii) A visitor arrives at reception demanding to see the Human Resources Manager

who is interviewing all day and has asked not to be disturbed.

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________ PS2

2008 Credit Question 12

At a recent meeting between Ian Murray, the owner of Murray Motors, and Fiona

Anderson, the Admin Manager, the following points were raised.

What must Ian advise Fiona to do to solve these problems? Give reasons for your

answers.

(ii) The customer waiting area is unwelcoming.

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

16

________________________________________________________________________ PS2

2006 Credit Question 3

(a) Polly Pann has recently been employed as a Receptionist within Hilltops Leisure and

Fitness Club. Polly recently encountered the following problems and was unsure of the

procedures to be followed.

(i) Staff have been arriving at reception without ID badges, insisting they are allowed

through.

(ii) A suspicious parcel was received at reception.

(iii) Polly could not answer a customer enquiry on the times and prices of fitness

classes.

Advise Polly on how to deal with the above situations in future. Give reasons for

your answers. PS6

(b) CCTV is the only method of security used by Hilltops Leisure and Fitness Club.

Suggest and justify another security feature which could be introduced in the

reception area. KU2

(c) An electronic diary can be used to make appointments and to avoid double-

bookings. Describe 2 other benefits of an electronic diary. KU2

2005 Credit Question 9

(a) Mai Chu is Head Receptionist of Lochview Hotel, Kinross. During a recent

training session Mai was asked how she would deal with the following security

problems, if they occurred at the hotel.

(i) A suspicious parcel left at reception

(ii) An aggressive visitor

Suggest how Mai could deal with each of the above problems. Give reasons for

your answers. PS4

(b) Suggest and justify 2 methods of record-keeping which could be used by a

receptionist. KU4

2004 Credit Question 4

(a) High Tech plc sells computers and accessories throughout Europe. The company

has been experiencing the following problems.

17

(ii) There have been a number of complaints, as staff are often not available

when customers telephone the office.

Suggest a solution for the above problem and justify your answer. PS2

2004 Credit Question 9

(a) Fiona Lang is General Manager of Smart Look Ltd. The following complaints

have been received from customers regarding the reception area.

(i) Bobby Black, the receptionist, despite recent training, was rude and

unhelpful.

(ii) The reception area is uncomfortable and unwelcoming.

Advise Fiona how she could overcome these problems and justify your

answers. PS4

(b) Smart Look Ltd currently employs a security guard at the main entrance.

Suggest and justify one other way security could be improved within the

reception area. KU2

(c) Describe 2 features of an electronic diary which would not be available when

using a paper based diary. KU2

2003 Credit Question 9

(c) Describe 2 features of an electronic diary which would not be available when

using a paper based diary. KU2

Lesson 3

Dealing with unauthorised visitors G

Contribution of reception to the safety and security of the organisation G

Security systems and procedures (swipecards, CCTV, locked doors,

keypad/combination locks, entryphone, security/ID badges, security personnel,

etc) G

Potential security risks and organisational security policy and reporting

procedures C

Reporting incidents C

Dealing with unauthorised visitors

Try to find the location of the unauthorised person

Call security personnel

18

Call police

Enter the information in the Incident Book.

Contribution of reception to the safety and security of the organisation

To prevent unauthorised access

◦ to the building

◦ to confidential files

To prevent theft

◦ of hardware

◦ of confidential information

For safety reasons

Security systems and procedures

Location of Reception

Safeguard other entrances

Visitor records and passes

Limited or supervised access

Monitor staff

Companies and schools are aware that they must stop unwelcome visitors from entering

the building. This is to protect the people in the building and also to prevent theft.

There are many ways a company could do this.

Card Readers/Swipe Cards

These are machines on doors which operate using a card. The card

is run through a machine which opens the lock allowing entry.

Each member of staff will have a card to allow them into their

part of the building, but may exclude them from other parts of

the company.

Security Cameras/CCTV (Closed Circuit Television)

Some companies and schools have security cameras watching

everyone entering and leaving the building (they may also

cover the car park). Pictures may also appear on a television

screen showing any activity. The receptionist may be asked

to watch the screen and

report anything

suspicious to a security guard or the police.

19

Locked Doors

Keypad/Coded Door Entry System

A coded door entry system uses a keypad

on the door. A code must be keyed in

before the door lock will release allowing

you to enter. You may only have the code

for the part of the company you work in.

This allows companies to control who is in

each area. These are very common in

Building Societies and Banks.

Entry Phone/Intercom

Security/ID (Identification) Badges

Many companies and schools operate a system whereby all

members of staff have ID (identification badges) they must

wear, clearly displayed, every day. These cards will give their

position (job) in the company and will also have a photograph on it.

The photograph makes sure that no one else can steal it and use

it. If someone forgets their ID badge, the receptionist may have

photos on file or on the organisation chart that can be checked to

verify the identity of the member of staff. All visitors must also

be issued with badges or security tags.

Security Guards/Personnel

Many firms have security guards at reception to deal with

unwelcome visitors immediately.

20

Potential security risks

Organisational security policy and reporting procedures

Risk Action Justification

A suspicious parcel

arrives at reception

Do not touch it

Inform security personnel

May be a safety risk, and only

trained personnel should deal

with serious situations

Abandoned car in car

park

Call security

Inform police if unable to

trace owner

Aggressive Visitor Try to calm visitor down –

do not attempt to restrain

him/her

If still aggressive, call

security to escort visitor

from the premises

The visitor’s organisation

may be informed about the

visitor’s behaviour

Reporting incidents

For all security problems you would have to enter the information in the Incident

Book/Security Breach Report Form.

INCIDENT/SECURITY BREACH REPORT FORM

Name of Person

Reporting Incident Jenny Kerr

Position in Organisation Receptionist

Date and Time of

Incident 12 May 2010, 2.35 pm

Place Where Incident

Occurred Reception

Name of Other

Witnesses Sam Ryan

21

Description of Incident

Mr Fairgrieve, a sale rep from

Qwerty Designs became very angry

when informed that there was no one

available to see him. I called Sam

Ryan for assistance.

Action Taken at the

Time

Sam talked to Mr F and managed

to calm him down. He apologised

for his behaviour.

Further Action Required

Sam is to inform the Sales

Manager of Qwerty Designs of the

incident

Signature of Line

Manager Sam Ryan

Date 13 May 2010

22