Jul 04

The Laws

Registers of operation Agree that register of the activities of pessoalde is kept operation. It agrees that these registers include, as appropriate: ) hourly of beginning and the end of the processings; b) errors and adopted corrective actions in the processings; c) confirmation of the correct treatment of the archives of dadose of the results generated in the processings; d) identification of who is effecting the operation. It agrees that the registers of activities of the sejamsubmetidos operators the regular and independent checagem, in compliance with operational osprocedimentos. Register of imperfections Agrees that any type of imperfection is told and that sejamtomadas corrective actions. It agrees that imperfections informed for relative users aproblemas with information processing or sejamregistradas systems of communication.

Management of the net To guarantee safeguards it of the information in the net and proteoda support infrastructure. The management of the security of nets that if extend to almdos physical limits of the organization requires particular attention. Also the use of controls can be necessary adicionaispara protection of sensible data that transit for public nets. Security of the e-mail Risks of security the e-mail is being used for commercial ascomunicaes, substituting half traditional, such as telex ecartas. The e-mail differs from the form established in the memorandum of understanding of comunicaocomercial in, for example, speed, structure of the message, degree deinformalidade and vulnerability the not authorized action.

It agrees that if it has taken emconta the necessity of controls to scrumble the risks generated for usodo e-mail. Politics of use of the e-mail Agrees that the organizations define one clear politics paraa use of the e-mail, including: ) the attacks to the e-mail, as, for example, porvrus and interception; b) protection of annexes of e-mail; c) orientaes of when if it does not have to use the correioeletrnico; d) responsibilities of the employees of form to nocomprometer the organization, as, for example, the sending of mensagensdifamatrias, use of the e-mail to torment not authorized people or fazercompras; e) use of techniques of criptografia to protect aconfidencialidade and integrity of the electronic messages; f) retention of messages that, if kept, can serdescobertas and used in litigation cases; g) controls you add for the inquiry of mensagensque could not be notarized. Available systems public Agree that if it takes care to protect the integrity dainformao divulged electronically, of form to prevent noautorizadas modifications that can harm the public reputation of the organization. Ainformao in available systems for the public, as, for example, information in an accessible server through the Internet, can need to be conformity with the laws, norms and regulations in the jurisdiction in which osistema is located or where the transaction will be being carried through. Convmque exists a process of formal authorization before the publication of an information. It agrees that software, data and other information querequeiram one high level of integrity, displayed in a public system, sejamprotegidos for appropriate mechanisms, as, for example, digital signatures.