Security Policy
1. Overview
Employees at CWT are given a variety of resources to do their jobs efficiently and effectively. But it’s important that these resources are carefully guarded. Storing, transferring and sharing company information comes with risks. It can result in data breaches (in which company data is released to people outside of the organization or employees of the organization who haven’t been granted access to it), data theft (in which hackers steal information for financial gain or to gather intelligence) and misplaced data (in which original files become lost or unavailable). The purpose of this policy is to ensure that data is kept available only to current employees of CWT who have been pre-approved to possess it.
2. Scope
This policy refers to all parties (employees, job candidates, customers, suppliers who provide any amount of information to us.
3. Access to a Computer
- – All users will be provided with login credentials
- – Account will be disabled and deleted when an employee leaves the business
4. Email Policy
- – excessive personal use of email;
- – conducting other business using a work email account;
- – people using work email address for shopping or access to online services such as eBay or PayPal;
- – sharing of inappropriate or illegal content such as offensive jokes;
- – using email for gambling or other paid-for services;
- – engaging in illegal activities;
- – encrypting personal emails and attachments;
- – employees from allowing other people to access their email account.
5. Password Policies
- – Passwords should be strictly protected and never shared.
- – Passwords should be changed at least every 90 days (or sooner if possible).
- – Passwords should be strong, using a mix of letters, numbers and symbols.
6. Remote Working
- – Use secure network
- – Login via VPN
7. Use of Internet
- – It’s against company policy to use the internet to view inappropriate material
- – Company monitors your PC I,E staff browsing history
8. Laptop
- – Employees must not install any non-work related software on company laptop
- – Loss of laptop must be reported immediately to management
9. Storage Device
Employees of CWT must only use devices provided by the company unless otherwise given permission. 2. NEVER use or even plug in a USB drive that you have found or been given as a promotional gift.
10. Network
- – Only save on your local machine if necessary
- – All confidential files must be stored on the network drive
11. Software
- – All software must be installed by IT support
12. Starters and Leavers
- – Starters are informed of this policy and they sign accepting that they understand it and will comply.
- – Leavers are removed on their last day of employment
13. Document Review
At the end of the document there will be a signature and a date. You may also have a change history record so every time the document is updated a log is made of a brief description of the change, who approved it and a signature with a date of when it was done.