Purpose:

This policy establishes the guidelines and procedures for protecting the company's information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Scope:

This policy applies to all employees, contractors, and third parties who have access to the company's information and information systems, including mobile devices.

Policy:

• Employees, contractors, and third parties must use strong and unique passwords for all accounts and regularly update them.
• Employees, contractors, and third parties must not share their passwords with anyone, including their supervisors or IT staff.
• Employees, contractors, and third parties must not access, use, or disclose the company's information or information systems without proper authorization.
• Employees, contractors, and third parties must immediately report any suspected or known security breaches to their supervisor and the IT department.
• The IT department will regularly monitor and assess the company's information systems for vulnerabilities and implement appropriate security measures.
• The IT department will provide employee training on cyber security best practices.
• Mobile devices must not be rooted or jailbroken and must be in a factory standard state.
• Mobile devices must have a minimum 6-digit PIN to unlock.
• Administrator accounts should only be used for administrative tasks and should not be used for day-to-day activities.
• Access to administrator accounts should be granted only after approval from a director and should be limited to the minimum permissions necessary for the individual's role.
• Before granting administrator permissions to an employee, a director of the company must provide written approval. The IT and Media manager will then set up the new administrator with an administrator account or adjust their existing permissions to the minimum necessary for their role. If administrator permissions are no longer required, the IT and Media manager will revoke them immediately.
• If an employee requires IT to access their device, the IT department can either schedule an in-office appointment where they will physically access the device and log in using an admin-level account, or schedule a remote assistance meeting where they will supply a one-time use Quick Assist code and allow the IT and Media Manager to use an admin account to make the necessary changes.
• Employees are only permitted to use the following mobile applications on company-owned and personal devices: Zoom, WhatsApp Business, Google Drive, OneDrive, Meta Business Suite, Twitter, Instagram, LinkedIn, Phorest Go, Microsoft Suite, Google Workspace, Banking Applications (AMEX, HSBC)

Violations of this policy may result in disciplinary action, up to and including termination of employment or contract.

Review and Updates:

This policy will be reviewed and updated on an annual basis, or more frequently as necessary. Employees will be notified of any changes to the policy and are responsible for understanding and following the updated policy.

Date: 10/12/2022