(1)

Proper placement and installation of Information Technology equipment to reduce the effects of interference due to electromagnetic emanations.

(2)

Maintenance of an inventory and configuration chart of hardware.

(3)

Identification and use of security features implemented within hardware.

(4)

Authorization, documentation, and control of change made to the hardware.

(5)

Identification of support facilities including power and air-conditioning.

(6)

Provision of an uninterruptible power supply.

(7)

Maintenance of equipment and services.

(8)

Organisation must make proper arrangements for maintenance of computer hardware, software (both system and application) and firmware installed and used by them. It shall be the responsibility of the officer in charge of the operational site to ensure that contract for annual maintenance of hardware is always in place.

(9)

Organisation must enter into maintenance agreements, if necessary, with the supplier of computer and communication hardware, software (both system and application) and firmware.

(10)

Maintenance personnel will sign non-disclosure agreements.

(11)

The identities of all hardware and software vendor maintenance staff should be verified before allowing them to carry out maintenance work.

(12)

All maintenance personnel should be escorted within the operational site/computer system and network installation room by the authorized personnel of the organisation.

(13)

After maintenance, any exposed security parameters such is passwords, users IDs, and accounts will be changed or reset to eliminate any potential security exposures.

(14)

If the computer system, computer network or any of its devices is vulnerable to computer viruses as a result of performing maintenance, system managers or users shall scan the computer system and its devices and any media affected for viruses as a result of maintenance.