Appropriate protection for personnel, offices, and technical sites is essential to maintaining Schibsted businesses and personnel security.
To prevent unauthorised physical access, damage, and interference to Schibsted’s information and facilities, security perimeters shall be defined and used to protect areas that contain sensitive or critical information, i.e., with a business impact level of major or severe according to the information classification levels defined in the chapter about Information classification.
Threats against Schibsted assets, intellectual property, products, operations, and facilities or individuals are and shall be logged, analyzed, and reported to authorities.
Security policy for employees on travel duties
Travel security has become extremely important because of the nature of our business which often requires employees to travel to dangerous countries considered less or non-democratic. Journalists, especially, are a target of potential attacks by nation-state actors or individuals with resources and motivation to directly or indirectly influence their journalistic work. They risk being arrested, captured, imprisoned, or even killed. Besides physical threats, cyber security threats to both journalists and media houses continue to increase. Cyber attacks on journalists and media houses are regular daily occurrences.
For these and other reasons, the Scbisted Security Team has set up a process to guide employees and to protect systems and journalists.
Secure areas
Secure areas shall be protected by appropriate entry controls to ensure that only authorized personnel are allowed to access them. Procedures for working in secure areas shall be designed and applied.
Appropriate physical security for offices, rooms, and other facilities shall be designed and applied. Planning and establishment of sites or operations are evaluated to avoid unnecessary risks. Before establishing an operation, risks related to natural and human-caused hazards at the site and the surrounding area are identified and evaluated by the business responsible in consultation with facility management.
Equipment & Clear Desk Policy
To prevent loss, damage, theft, or compromise of assets and interruption to Schibsted’s operations, equipment shall be safely located and protected to reduce the risks of environmental threats, hazards, and opportunities for unauthorized access. Technical or environmental threats such as fire, flood, and electrical outage shall be analyzed to assess the need for and degree of access protection. In assessing and designing protection, the facility’s location, the availability of guards, and the frequency of crime in the area are considered.
Critical equipment shall be protected from power failures and other disruptions supporting utilities such as electrical power, telecommunication, ventilation, etc. Power and telecommunication cabling carrying data or supporting information services shall be protected from interception, interference, or damage. Equipment shall be correctly maintained to ensure its continued availability and integrity. Security controls shall be applied when bringing assets off-site, taking into account the different risks of working outside Schibsted’s premises.
Users shall ensure that unattended equipment is protected by locking their computers, terminating active sessions, and logging off from applications or network services. This policy for a clear desk of papers, removable storage media, and a clear screen for information processing facilities shall be adopted across Schibsted.