YOUR SECURITY

Security is important for the privacy of data that relates to ENI Clients and their Customers (“Data”). Access to this data is controlled at all times.

ENI specifies that all staff members are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout the organisation:

Management, all full time or part time staff, sub contractors, project consultants and any external partners or other parties have, and will be made aware of, their responsibilities in the preservation of information security, to protect Data, to report security breaches and to act in accordance with the requirements of the Information Security Management System (ISMS);

Information and associated assets is only accessible to authorised users when required to ensure that access to and use of Data is controlled. The computer network(s) must be resilient and the organisation must be able to detect and respond rapidly to incidents (such as viruses and other malware), that threaten Data or the continued availability of assets, systems and information;

Ensuring that information (including Data) is only accessible to those authorised to access it and therefore preventing both deliberate and accidental unauthorised access to the organisation’s information and proprietary knowledge and its systems including its network(s), website(s), extranet(s), and e-commerce systems;

Safeguarding the accuracy and completeness of Data and processing methods therefore requires preventing deliberate or accidental, partial or complete, destruction, or unauthorised modification, of either physical assets or electronic data other than as required in documented procedures for the protection of Data. There must be appropriate contingency including for network(s), e-commerce system(s), web site(s), extranet(s) and data back-up plans, and security incident reporting; and

The information assets include information and Data printed or written on paper, transmitted by post or shown in films, or spoken in conversation, as well as information stored electronically on servers, web site(s), extranet(s), intranet(s), PCs, laptops, mobile phones and PDAs as well as on CD ROMs, floppy disks, USB sticks, backup tapes and any other digital or magnetic media, and information transmitted electronically by any means. In this context “Data” also includes the sets of instructions that tell the system(s) how to manipulate information (i.e. the software: operating systems, applications, utilities, etc).

The security requirements of each business application are determined by a risk assessment that identifies all information related to the application and the risks to that information.

ENI ensures Data is regularly backed up on storage media so that a backup of the Data can be accessed.

Security of System documentation:

  • System documentation is protected against unauthorised access.

Controls against malicious code:

  • Detection, prevention and recovery controls to protect against malicious code and appropriate user awareness procedures have been implemented.

Network controls:

  • Networks are managed and controlled in order to be protected from threats, and to maintain security for the systems and applications using the network, including information in transit.

Information handling procedures:

  • Procedures for the handling and storage of information protect this information from unauthorised disclosure or misuse in place.
  • Media backups are securely stored offsite.
  • All paper and electronic media that contain Data are physically secured.

Types of security methods to make sure that data is secure include:

  • Encryption;
  • Virus protectors;
  • Verification and authentication (Usernames and Passwords); and
  • Backup files.

All staff receive information security awareness training and more specialised staff receive appropriately specialised information security training:

  • Security awareness program allows all staff to be aware of the importance of security to physical and electronic information, including Data. Providing multiple methods of communicating awareness and educating staff by such means as posters, letters, meetings etc.
  • All staff are aware of the sensitivity of Data and the responsibilities for protecting them.
  • Security reviews are performed at least once a year and updates are made when the environment changes.

Specific Work Instructions set out the necessary containment and corrective action and standing contingency plans in respect of the following types of information security incident:

  • Systems failure and loss of service;
  • Malware, including viruses;
  • Denial of service;
  • Errors resulting from poor data;
  • Breaches of confidentiality or information integrity;
  • Misuse of information systems; and
  • Non-standard incidents.

The contingency plans include:

  • Business recovery procedures;
  • Disaster recovery procedures; and
  • Data backup procedures.

ENI’s approach to handling Data as set forth above is current as at July 2010. From time to time, and for any reason, ENI may make changes to how we handle and preserve your Data. ENI will update this page to reflect these changes.