{"version":"1.0","provider_name":"Software development - offshore service | BAP Software","provider_url":"https:\/\/bap-software.net\/en","author_name":"Dao Thanh","author_url":"https:\/\/bap-software.net\/en\/author\/daothanh\/","title":"Information Security At BAP","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"9y6NImFVG2\"><a href=\"https:\/\/bap-software.net\/en\/information-security-at-bap\/\">Information Security At BAP<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/bap-software.net\/en\/information-security-at-bap\/embed\/#?secret=9y6NImFVG2\" width=\"600\" height=\"338\" title=\"&#8220;Information Security At BAP&#8221; &#8212; Software development - offshore service | BAP Software\" data-secret=\"9y6NImFVG2\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/bap-software.net\/wp-includes\/js\/wp-embed.min.js\n\/* ]]> *\/\n<\/script>\n","thumbnail_url":"https:\/\/cdn.bap-software.net\/2020\/06\/information-security-1.jpg","thumbnail_width":650,"thumbnail_height":433,"description":"The set of regulations on security has been issued with the purpose of stipulating and guiding the implementation steps to keep the information and data security of all employees in the process of working at the Company. Documents used are based on the document list specified in Clause A15 &#8211; ISO \/ IEC 27001: 2013 standard. Purposes: This set of regulations includes the general rules to ensure that the company&#8217;s information resources are not leaked outside as well as raise employees&#8217; awareness of information security at work. Content: The General rules include 12 articles Passwords policy: Employees need to change passwords every 3 months as prescribed. It is not advisable to create passwords with common words or phrases. Passwords have to include uppercase letter, lowercase letter, digit number and special character. The maximum length of password is 8 characters. Email policy: Each employee has a personal email account created by the IT department. The email is limited access by department, purpose, position and demand. Network access policy: The network access will be divided according to the type of network. For each type, there will be different network settings and divided into small groups depending on the purpose, based on the network structure and features that network equipment allows for custom expansion. Access management policy: Accessing important information of the Information Security Management System is based on the positions, tasks and authority concerned. Device management policy: For these devices, if staff want to remotely access and use the company internet, they need to send a request to review and grant access. Computers \/ Laptops policy: Employees are responsible for preserving computers \/ laptops after being provided and they are not allowed to bring computer\/laptop home. When there is a need to take a computer\/laptop home for work, it needs to be [&hellip;]"}