We deliver......
so that you can.
Security Policy
1 Purpose
Any device that can access the corporate network must be considered part of that network and therefore subject to policies intended to protect the network from harm. Any computer or device that is proposed for network connection must be approved by the IT department.
Portable and home based computers (herby referred to as remote computers) offer staff the ability to be more productive while out of the office. They offer greater flexibility in where and when staff can work and access information, including information on The company’s corporate network. However, network-enabled remote computers also pose the risk of data theft and unauthorized access to our corporate network.
2 Policy Statement – Remote Computers
2.1 Protection
In order to qualify for access to our corporate network, the remote computer must meet the following conditions:
2.2 User’s Responsibilities
2.3 Secure Audits
The IT department reserves the right to audit any device used for company business to ensure that it continues to conform to this Policy. The IT department will also deny network access to any device, which has not been properly configured, scanned, and approved.
2.4 Sensitive Information on Laptops
Laptop computers are common targets for theft, and we must assume that some laptops will be stolen and their contents no longer in our control. Users, with laptops who have access to sensitive or confidential information, whether for the company, a clients business, or an employee’s personal information, must implement the appropriate security measures. Sensitive data should be saved on the network drive (not the hard drive) and should be restricted using appropriate access control. Additionally, when sensitive data is stored on the computer they should employ strong encryption software and encrypt sensitive and confidential information. The company standard encryption software is PGP and can be acquired from your IT department.
Where possible, sensitive information should not be stored or transported on a laptop computer. Users accessing sensitive data should use a virtual machine whenever possible, since the data is isolated to the data center with this method.
3 Policy Statement – Desktop and Server computers
3.1 Protection
3.2 User's Responsibilities
4 Password Selection
Because computer thieves are extremely sophisticated, it is important to select a password that is not easily guessed. You are not allowed to use your spouse’s name, parents’ names, phone numbers, and variation of the following words: “password”, ”test”, blank. Please, refer to the Password Policy for more guidelines on password creation.
You should memorize your password. Writing it down (especially on or near your computer) will compromise security. Never send your password online.