Telecommunications Communication Policy

Version: 1.00Issue Date: 12/8/2014

This is an example Telecommunications Communication Policy. A Telecommunications Communication Policy is required to provide additional security and quality guidelines for communications equipment supporting the WAN and external communications circuitry.

1.0 Overview

This Telecommunications Communication Policy describes standards of quality, testing, and physical security to ensure WAN performance and security. This Telecommunications Communication Policy is an internal Information Technology policy.

2.0 Definitions

  • Bandwidth - Indicates the amount of data that can be sent in a specific time period. The more data that can be sent in a set period of time, the higher the bandwidth. Bandwidth for networking is commonly measured in Mbps which is one million bits per second.
  • Permanent Virtual Circuit (PVC) - A networking connection that connects two or more end points and appears as a fixed line from the end points but is a logical connection. Circuitry between the end points routes the data and the circuit may send data through various paths. Frame relay is an example of a permanent virtual circuit.
  • Frame Relay (F/R) - Frame Relay is a communications service which establishes a permanent virtual circuit (PVC) between two points on the network. Frame relay uses frames of varying length and it operates at the data link layer of the OSI model. The route the frames take through the network may change and is determined by the provider of the frame relay service. The frame relay customer pays charges based on usage. Frame relay error checking is handled by devices at both sides of the connection. Frame relay speed is between 56Kbps and 1.544Mbps.
  • Committed Information Rate (CIR) - A telecommunications term describing the bandwidth (expressed in bits per second) associated with the rate at which a network line or virtual circuit supports data transfer. The committed information rate describes the commitment of a carrier to provide a specified throughput to the subscriber. The bandwidth may have limitations of maximum burst rates, overall bandwidth in a given period of time, or other limitations.
  • Indefeasible Right of Use (IRU) - A telecommunications term describing the right to temporarily use (during the lease period) a designated amount of communications capacity of a specific telecommunications line or lines. IRUs are purchased in terms of bandwidth.
  • WAN - A Wide Area Network (WAN) is larger than a MAN and may be an enterprise network or a global network. A WAN spans a large geographical and normally will link two or more LANs together. A WAN will normally use leased lines or a public network to conect LANs or MANs.

3.0 Scope

This policy is effective as of the issue date and does not expire unless superceded by another policy. This Telecommunications Communication Policy applies to all transport media used for organizational telecommunications efforts including but not limited to owned and leased facilities carrying organizational data over:

  • Broad-band cable
  • Fiber-optic cable
  • Frame relay networks
  • Integrated Services Digital Network (ISDN)
  • Virtual Private Networks (VPN)
  • Dial-in facilities

4.0 Installation and Maintenance

  • Fiber optic cable ends should be secure and clean. Fiber optic cabling should be tested when installed and periodically thereafter using one or more of the following tools to detect possible weak splices or attempts to penetrate the cable:
    • Power meters
    • Time domain reflectometers (TDR)
  • Cables should be well ordered and groomed well to make modifications and security checks easier.
  • The untrusted side of the WAN should not be included in Intermediate Distrubution Facilities (IDF) but contained only in the Main Distribution Facility (MDF). Distribution facilities should secure and monitored for access.

5.0 Physical Security

  • Facilities containing cable carrying organizational data and distribution facilities must be secure with access controls and an ability to log access, preferrably electronically.

6.0 Leasing

  • Bandwidths over leased lines should be monitored by the provider and verified by organizational staff.
  • Point to point circuits should be used where possible but when cost prohibitive, circuits such as Frame Relay may be used so long as they are appropropriately monitored and traffic types kept separate to maintain security.
  • Where Frame Relay (F/R) circuits are used, trusted network traffic should remain separate (physically isolated) from semi-trusted, and untrusted network traffic. This configuration prevents a breakdown across security zones if the Frame Relay circuits have vulnerabilities that would allow traffic to pass where it should not. Frame relay performance should be monitored or checked including actual data throughput, Committed Information Rate (CIR), Permanent Virtual Circuits (PVCs), circuit-bridging techniques at the carrier central office, and physical locations of equipment and cable.
  • Data about the circuit should be regularly requested from the carrier to be sure terminination points and points-of-presence are proper and authorized.
  • Indefeasible Rights of Use (IRU) contracts and service agreements should protect the organization, organizations sharing the resources, and the service provider. All parties involved should be assured that the telecommunications segment is secure.

7.0 Enforcement

Organizational members that do not adhere to this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Vendors that violate this policy may be subject to the termination of their contract.

8.0 Additional Requirements

  • Senior management must ensure that this policy is published and users agree to abide by the policy.
  • Auditors must periodically check to be sure this policy is being followed.

Approval

Approved by:__________________________ Signature:_____________________ Date:_______________