Workplace Technology Security Policy

Progress:
0%
?
X

This is the business of the employer who wants to enforce the policy. A business can take various forms. At times, if there's no registered trade name, the name of a business is the name of the person or individual themselves. This would be the individual who operates the business. The business may also be incorporated or a partnership.

Need
help?
Customize the template

WORKPLACE TECHNOLOGY SECURITY POLICY

of

________



1) INTRODUCTION

a. This Policy is revised as of: ________

b. The purpose of this Policy is to ensure cybersecurity of our information systems. ________ relies on its technology and systems in order to communicate and serve its customers, which requires security protocols to prevent unauthorized access to confidential information and data breaches.

c. ________ ensures compliance with all applicable laws concerning data privacy of its customers, employees, retention, and confidentiality. ________ further ensures compliance with the profession's governing statute.


2) SCOPE

a. This Policy applies to all individuals who utilize the computational resources of ________, including, but not limited to, all workers, independent contractors, prospective employees, staff, personnel, officers, agents, consultants, employees, whether full time or part time, temporary or permanent, and all members affiliated with third-parties (hereinafter, "employees" or "users").


3) OBJECTIVE

a. The primary objective of this Policy is to ensure cybersecurity of company communications, to foster secure transactions between all stakeholders, maximize organizational awareness on how to prevent and mitigate risks, establish company protocols to manage risk, and to ensure compliance with legal and regulatory requirements.

b. Cybersecurity is a collective effort among all members of an organization. This requires participation of all users to prevent and mitigate risk of cyberattacks, vulnerabilities, information leakage, and system and network compromises. We expect full participation and compliance from our users. Any breach of this Policy or non-compliance may result in disciplinary action, up to and including termination.


4) ACCEPTABLE USE OF TECHNOLOGY

a. Acceptable use is the employer's criteria on what users of the company can do with office hardware and software, including what users can do if they have access to the Internet via the company's network and equipment, and access to the company's Intranet, if any.

b. Employees should, at all times, use their best judgment when utilizing the Internet during working hours and accessing such via the company's networking resources. Use of the Internet while using company hardware, whether remotely working or on-premises, shall be restricted to business use.

c. Employees shall have limited Internet access as the company may, in its sole discretion, prescribe from time to time. Such limited access will be exclusively for work-related purposes and to be used in the performance of duties.

d. Inappropriate use of the Internet may result in disciplinary action. This includes access to explicit content, gambling, hacking, illicit activities, cyberbullying, spyware, fraud, spamming, etc. The Information Technology (IT) team will utilize filtering and block certain websites from being used and will work in tandem with Human Resources to make these filtering decisions. Should employees require use of a specific website that has been blocked, an IT ticket may be submitted.

e. Software from third-party vendors may be critical for certain tasks undertaken at ________. The accepted use of such software will be based on the licensing arrangement with the third-party vendor, or based on a Software as a Service Agreement for applications with cloud features and for which a subscription may apply, whether payable monthly, annually or otherwise.

f. When accessing the Internet and utilizing public material, users may not reproduce copyrighted material without the prior approval of the owner.

g. Private internet browsing and sending communications should be done using personal hardware using personal data and not Company networks.

h. Employees retain a diminished, but reasonable expectation of privacy with respect to company property and/or items stored on or within company property. The hardware owned by the Company is subject to audits and investigations in order to ensure cybersecurity, on-premises safety and manage processes. Employees should therefore caution personal use on company-issued hardware as audits and investigations may reveal such personal uses.


5) USER ACCESS, PASSWORDS AND CONTROL

a. Users with access to the hardware and information technology of ________ are encouraged to review all accounts on a monthly basis.

b. All members of ________ who utilize company devices and access the company's network must practice the following safety measures in the workplace:

  • Avoid clicking on suspicious links sent by email, including spam mail;
  • Avoid webpages without security features;
  • Do not access malicious software;
  • Do not download software without prior approval from the company;
  • Do not share passwords under any circumstances, and if employees have any suspicions that passwords have been compromised, employees are required to effect a password change and notify the IT department of suspicious activity;
  • Dual authentication should be utilized for all user-accounts;
  • When sending confidential information by email, a secure encryption of files is necessary;
  • Regularly update software and OS systems as needed in order to patch and fix security vulnerabilities.

c. Employees must ensure that hardware is password-protected and ensure that each user-account, including desktop applications or online web applications, utilize unique passwords that are distinct from one account to another. In other words, do not use the same password for everything.

d. Temporary passwords will be provided to new users whenever they require use of new software or technology for purposes related to their roles; and upon receipt of the temporary password and successful login of new software, users are required to create a new password immediately with the necessary safety criteria.

e. Every 3 months, passwords must be changed.


6) MOBILE DEVICES AND WORK

a. Users wishing to use mobile devices, including cell phones, tablets, laptops or desktops for remote employees, to access workplace communications, such as, but not limited to, Gmail, Google hangouts, Outlook, and any other platform where users can access company communications and company data requires the endorsement of ________. This subsection applies whether or not workers are telecommuting.

b. Employees using mobile devices for work shall ensure that all data being stored is encrypted using company-approved encryption software. Mobile devices shall also be equipped with remote wipe technology in the event of a lost or stolen device. Such lost or stolen device needs to be reported to management immediately.

c. Where applicable, a Cloud VPN shall be used by users of the company to access information from any location, thus enabling secure transmission of data from the company to the end-user.

d. Whether a device is owned by the company or personally, if users are using a remote connect system from a mobile device to access the company's network, such device will require the company's approval.

e. Any connection to the network from remote workers shall require company approval and monitoring. Technology such as Windows Remote Desktop or any Virtual Desktop Infrastructure, which allows users to connect to the company network and telecommute, gives them access to the company's network and thus exposes the company to greater vulnerabilities. Therefore, scrupulous company oversight on such matters is needed. The company shall also require software configurations to be implemented prior to allowing users to remotely connect to the company network. This process is completed prior to the employee's start date. Personal devices connecting to the network using Virtual Desktop are permitted with appropriate configurations and company oversight.

f. Giving family members or other members of the household access to company software and hardware is prohibited.

g. Remote employees shall use a company-approved VPN software for remote work. Any associated VPN fees shall be covered by the employer.

h. Employees using a VPN shall ensure that only the employee using such VPN has access to the network of ________.

i. Subject to company approval, if employees use personal devices, these devices must be configured in the same manner as if they were company-owned hardware, and will include remote wipe technology.


7) NETWORK PROTECTION AND MANAGEMENT

a. The company shall utilize segregated networks in order to maintain safety of the information that it stores on its servers. As business partnerships and information sharing augments, ________ shall complement such increased access with proper security measures.

b. Clients or customers of ________ who wish to utilize company WiFi while on the premises shall access the segregated network, which is entirely separate from the company's main servers that holds important business information.

c. Where applicable, network firewalls shall be installed and maintained for utmost security. ________ shall monitor user-access and traffic to the network, including a hybrid-cloud network, and shall monitor company dataflow.

d. Where applicable, ________ shall utilize malware software and detection tools to prevent system attacks.

e. To meet its objectives, ________ may implement DNS Filtering to prevent users from accessing malicious webpages or web applications that may expose the company's systems to malware and vulnerabilities.

f. Devices that wirelessly connect to the company network are subject to approval and company oversight, as provided under the above section Mobile Devices and Work.

g. Use of wireless access points on the company's premises must be secure.

h. The company may, from time to time, opt to use a honeypot or sinkhole to protect its network from potential cyber attacks by implementing an artificial network, and to prevent cyber attackers from targeting the company's IP address by implementing a server to block malicious and unwanted traffic.


8) NETWORK AND INFORMATION SECURITY

a. New information systems must be secure, and include measures such as user authentication; privileged access to limited users; and availability, confidentiality and integrity of information.

b. Where applicable, secure application techniques must be utilized for secure coding.

c. When ________ utilizes third-party software for purposes related to the company's objectives and to facilitate the company's functionality, the company must ensure that the third-party provider adheres to security principles in all of its architecture layers.

d. When ________ contracts work to an outside company for purposes related to the company's objectives and to facilitate the company's functionality, such as IT infrastructure, controls shall be utilized to ensure that there shall be no network compromises or any threats emanating from the supply chain.


9) PHYSICAL SECURITY OF PREMISES AND WORKSTATION

a. The premises, including any area in which company hardware can be found, is protected. Where applicable, server rooms of ________ containing all of the data at the company and its information shall be locked and secured everyday prior to leaving the premises. Only authorized personnel may access the server rooms of the company. Access requests by unauthorized personnel may only be granted in the narrowest of circumstances, including, for example, to replace a failed harddrive as soon as practicable. An entry and exit log must be kept for anybody accessing such rooms with appropriate controls in place to prevent log entry and exit tampering.

b. Rooms with sensitive information should not be labelled so as to draw attention, and they should be kept locked at all times unless such rooms are being utilized by authorized personnel.

c. Where applicable, if the company uses off-site backup facilities to store data, such facilities shall be secured and locked to prevent cybercriminals from physically accessing the datacenter and accessing the company's hardware for malicious purposes. Cybercriminals often make for great fraudsters, so it is crucial that ________ not allow anyone access to a storage facility other than authorized personnel.

d. When stepping away from a workstation, whether working remotely or otherwise, employees shall ensure that their workspace perimeter does not reveal sensitive information, and that any confidential information is not visible on their computer screen. Employees should put their computer on sleep mode when stepping away from their workstation to prevent dissemination of important information. Employees should, at all times, use their best judgment when walking away from their computer to ensure colleagues, family members or other members of the household or place of residence do not have access to sensitive information.


10) RESPONSE TO INFORMATION TECHNOLOGY COMPROMISE

a. Cyber attacks can be done by way of malware attacks, IP spoofing, hijacking, phishing (sending malicious links by email), drive-by attacks (adding a malicious script to unsecure websites), social engineering attacks, and more.

b. In the event of a system compromise or interception at ________, a proper course of action shall be implemented by the company to mitigate any form of damage and such action shall be taken as soon as possible. Authorized personnel are to be immediately informed of such threats, whether anticipated, minor or large, and respond accordingly with the IT department. The following personnel shall respond to the incident:

I. ________

c. In order to neutralize the threat, ________ shall, where possible, ensure to verify all applications and change passwords, employ account recovery options, contact financial institutions where necessary, scan hardware to detect suspicions, remove sensitive data, and conduct security audits.

d. Authorized personnel shall forthwith conduct an investigation to pinpoint the source of the system compromise or interception. After having identified the problem, the company shall devise a solution best suited in the circumstances, and make a company-wide broadcast to raise employee awareness.

e. Once the solution is implemented and employee awareness has been established, the company shall maintain a record of the event with detailed notes.

f. The systems of ________ must be resilient to all forms of attacks. Where applicable, the company shall employ redundancies to ensure that when one system fails, another shall take effect.


11) STORAGE AND BACKUP OF INFORMATION

a. ________ shall regularly backup information to its servers using a company-prescribed solution; such backups being regularly tested and destroyed when obsolete and where legally permitted.

b. The company may opt to utilize a large warehouse to act a datacenter or utilize a cloud data center such as AWS (S3) to store and share data.

c. In the event of power surge, power failure, media failure, or force majeure, ________ shall have backup protocols in place to ensure the preservation of data.

d. ________ may utilize an alternative premises/ facility to hold separate hard drives of ________ so that in the event of a disaster at the main premises, information shall be securely uploaded and backed up onto the alternative facility's hardware, using methods as the company approves from time to time and depending on the size and overall growth of its transactions, which may include using a redundant array of independent drives (RAID) technology enabled by a Network Attached Storage (NAS), which may be configured based on the classification and sensitivity of information with reputable marketplace software whose priority is cybersecurity. ________ has the option of using multiple off-site backup locations. Alternatively, the company may utilize Storage Area Network (SAN) technology depending on the size and growth of its operations, or Object Storage (cloud storage centre), as may be deemed appropriate in the circumstances.

e. When utilizing NAS technology or other systems, ________ may enable a hybrid-cloud network to store its information, which shall consist of on-premises technology and cloud-based technology as the company may select and alter from time to time, which integrates with the network.

f. Outdated backup Information shall be held and stored for 1 year.

g. As legally required by our professional governing body, information must be kept and stored for ________. Such information may include as follows:

________


12) 588885258825 5555 888 2888585558 8855555555

________. 552 228828822 222-2555582882 8882 22 5828882828 525 5828 88 525882225882 525 2525888225. 822 58258 25 8252258, 82522225222 82225582258, 25282282882 222822228, 82522, 225822228, 22288258, 522228, 82285825228, 222822228, 8522525 2588 2822 25 2552 2822, 222225552 25 225252222, 525 588 2228258 5228885225 8825 25855 2552828, 852 222522 82 522 22 252 228828822 5828882828 252 82 8582282 22 588882882552 582822, 52 22 525 828855822 22528252822:

  • 2522 58822 8222522 55558552, 828855822 822252258, 228882 5288828, 2588228, 228. 58258 552 82588282 2525888225 2522 22252822 82 8882258 25 528855258258 5828882828, 828855822 5582822, 25885822, 85222822 25222, 525 2252.
  • 58258 85588 222 582 22582258 5288828 2552 82585 8222522882 252 8282228 525 22282528 22 ________. 822 2822 5 5825 85228 22 582 5 22582258 528882 58 5 22528 22 85282822 225888, 8222528852822 8825 858222258 25 8288252528, 8222522 22525822222 88 52858525 525 252 8222522 85588 2222 5 528255 22 252 22582258 528882'8 2522, 2255, 525 22528. 5582282 22 528882 52252858, 252 22282222 58822 5 22582258 528882 85588 822282 8825 2588 228882 82 252 8522 252225 58 82 2522 8252 58822 8222522-28225 55558552.
  • 582852822 25 822582222222 22 822288282558 25222522 582528 22 ________ 88 2525888225.
  • 28552822 82228552 2552 88 222 8225882 88822825 22 ________ 88 2525888225.
  • 888288 22 82228552 25 22525 522888528228 222 5285225 22 252 85882288 22 ________ 88 525882225882.
  • 58822 25225258 558 2228 88 2525888225.
  • 8882522 258882558 552 82588282 22522 225 58258 22 ________, 828855822 8252258, 82522225222 82225582258, 25282282882 222822228, 82522, 225822228, 22288258, 522228, 82285825228, 222822228, 8522525 2588 2822 25 2552 2822, 222225552 25 225252222, 525 588 2228258 5228885225 8825 25855 2552828.
  • 88828822 255282888822 22 5525 82 8225822 225888 22 8222522 25225858, 25 82 522 22525 22528, 22 5 22582258 528882 88 2525888225.


13) APPLICABLE LAWS

________ ensures compliance with all applicable legislation, including, but not limited to:

  • the Criminal Code (R.S.C., 1985, c. C-46);
  • Canada's anti-spam legislation (CASL);
  • the National Security Act, 2017 (S.C. 2019, c. 13);
  • the Communications Security Establishment Act (S.C. 2019, c. 13, s. 76);
  • the Security of Information Act (R.S.C., 1985, c. O-5);
  • the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5);
  • applicable jurisprudence;
  • intellectual property laws;
  • privacy laws.


14) CONTACT

Should you have any questions or concerns arising from this Policy, or need to report an incident, kindly contact ________ using the following information:

________

________

T: ________

________


15) ACKNOWLEDGEMENT

I have received and reviewed this Workplace Technology Security Policy and understand my obligations contained in this Policy. Failure to comply with this Policy may result in disciplinary action, up to and including termination.

I understand that ________ reserves the unilateral right to make changes, future amendments, and modifications as they see fit.

I further acknowledge that ________ may perform random audits through various means to ensure compliance with this Policy.





_________________________
Employee Signature





_________________________
Employee Name (Print)





_________________
Date

See your document
in progress

WORKPLACE TECHNOLOGY SECURITY POLICY

of

________



1) INTRODUCTION

a. This Policy is revised as of: ________

b. The purpose of this Policy is to ensure cybersecurity of our information systems. ________ relies on its technology and systems in order to communicate and serve its customers, which requires security protocols to prevent unauthorized access to confidential information and data breaches.

c. ________ ensures compliance with all applicable laws concerning data privacy of its customers, employees, retention, and confidentiality. ________ further ensures compliance with the profession's governing statute.


2) SCOPE

a. This Policy applies to all individuals who utilize the computational resources of ________, including, but not limited to, all workers, independent contractors, prospective employees, staff, personnel, officers, agents, consultants, employees, whether full time or part time, temporary or permanent, and all members affiliated with third-parties (hereinafter, "employees" or "users").


3) OBJECTIVE

a. The primary objective of this Policy is to ensure cybersecurity of company communications, to foster secure transactions between all stakeholders, maximize organizational awareness on how to prevent and mitigate risks, establish company protocols to manage risk, and to ensure compliance with legal and regulatory requirements.

b. Cybersecurity is a collective effort among all members of an organization. This requires participation of all users to prevent and mitigate risk of cyberattacks, vulnerabilities, information leakage, and system and network compromises. We expect full participation and compliance from our users. Any breach of this Policy or non-compliance may result in disciplinary action, up to and including termination.


4) ACCEPTABLE USE OF TECHNOLOGY

a. Acceptable use is the employer's criteria on what users of the company can do with office hardware and software, including what users can do if they have access to the Internet via the company's network and equipment, and access to the company's Intranet, if any.

b. Employees should, at all times, use their best judgment when utilizing the Internet during working hours and accessing such via the company's networking resources. Use of the Internet while using company hardware, whether remotely working or on-premises, shall be restricted to business use.

c. Employees shall have limited Internet access as the company may, in its sole discretion, prescribe from time to time. Such limited access will be exclusively for work-related purposes and to be used in the performance of duties.

d. Inappropriate use of the Internet may result in disciplinary action. This includes access to explicit content, gambling, hacking, illicit activities, cyberbullying, spyware, fraud, spamming, etc. The Information Technology (IT) team will utilize filtering and block certain websites from being used and will work in tandem with Human Resources to make these filtering decisions. Should employees require use of a specific website that has been blocked, an IT ticket may be submitted.

e. Software from third-party vendors may be critical for certain tasks undertaken at ________. The accepted use of such software will be based on the licensing arrangement with the third-party vendor, or based on a Software as a Service Agreement for applications with cloud features and for which a subscription may apply, whether payable monthly, annually or otherwise.

f. When accessing the Internet and utilizing public material, users may not reproduce copyrighted material without the prior approval of the owner.

g. Private internet browsing and sending communications should be done using personal hardware using personal data and not Company networks.

h. Employees retain a diminished, but reasonable expectation of privacy with respect to company property and/or items stored on or within company property. The hardware owned by the Company is subject to audits and investigations in order to ensure cybersecurity, on-premises safety and manage processes. Employees should therefore caution personal use on company-issued hardware as audits and investigations may reveal such personal uses.


5) USER ACCESS, PASSWORDS AND CONTROL

a. Users with access to the hardware and information technology of ________ are encouraged to review all accounts on a monthly basis.

b. All members of ________ who utilize company devices and access the company's network must practice the following safety measures in the workplace:

  • Avoid clicking on suspicious links sent by email, including spam mail;
  • Avoid webpages without security features;
  • Do not access malicious software;
  • Do not download software without prior approval from the company;
  • Do not share passwords under any circumstances, and if employees have any suspicions that passwords have been compromised, employees are required to effect a password change and notify the IT department of suspicious activity;
  • Dual authentication should be utilized for all user-accounts;
  • When sending confidential information by email, a secure encryption of files is necessary;
  • Regularly update software and OS systems as needed in order to patch and fix security vulnerabilities.

c. Employees must ensure that hardware is password-protected and ensure that each user-account, including desktop applications or online web applications, utilize unique passwords that are distinct from one account to another. In other words, do not use the same password for everything.

d. Temporary passwords will be provided to new users whenever they require use of new software or technology for purposes related to their roles; and upon receipt of the temporary password and successful login of new software, users are required to create a new password immediately with the necessary safety criteria.

e. Every 3 months, passwords must be changed.


6) MOBILE DEVICES AND WORK

a. Users wishing to use mobile devices, including cell phones, tablets, laptops or desktops for remote employees, to access workplace communications, such as, but not limited to, Gmail, Google hangouts, Outlook, and any other platform where users can access company communications and company data requires the endorsement of ________. This subsection applies whether or not workers are telecommuting.

b. Employees using mobile devices for work shall ensure that all data being stored is encrypted using company-approved encryption software. Mobile devices shall also be equipped with remote wipe technology in the event of a lost or stolen device. Such lost or stolen device needs to be reported to management immediately.

c. Where applicable, a Cloud VPN shall be used by users of the company to access information from any location, thus enabling secure transmission of data from the company to the end-user.

d. Whether a device is owned by the company or personally, if users are using a remote connect system from a mobile device to access the company's network, such device will require the company's approval.

e. Any connection to the network from remote workers shall require company approval and monitoring. Technology such as Windows Remote Desktop or any Virtual Desktop Infrastructure, which allows users to connect to the company network and telecommute, gives them access to the company's network and thus exposes the company to greater vulnerabilities. Therefore, scrupulous company oversight on such matters is needed. The company shall also require software configurations to be implemented prior to allowing users to remotely connect to the company network. This process is completed prior to the employee's start date. Personal devices connecting to the network using Virtual Desktop are permitted with appropriate configurations and company oversight.

f. Giving family members or other members of the household access to company software and hardware is prohibited.

g. Remote employees shall use a company-approved VPN software for remote work. Any associated VPN fees shall be covered by the employer.

h. Employees using a VPN shall ensure that only the employee using such VPN has access to the network of ________.

i. Subject to company approval, if employees use personal devices, these devices must be configured in the same manner as if they were company-owned hardware, and will include remote wipe technology.


7) NETWORK PROTECTION AND MANAGEMENT

a. The company shall utilize segregated networks in order to maintain safety of the information that it stores on its servers. As business partnerships and information sharing augments, ________ shall complement such increased access with proper security measures.

b. Clients or customers of ________ who wish to utilize company WiFi while on the premises shall access the segregated network, which is entirely separate from the company's main servers that holds important business information.

c. Where applicable, network firewalls shall be installed and maintained for utmost security. ________ shall monitor user-access and traffic to the network, including a hybrid-cloud network, and shall monitor company dataflow.

d. Where applicable, ________ shall utilize malware software and detection tools to prevent system attacks.

e. To meet its objectives, ________ may implement DNS Filtering to prevent users from accessing malicious webpages or web applications that may expose the company's systems to malware and vulnerabilities.

f. Devices that wirelessly connect to the company network are subject to approval and company oversight, as provided under the above section Mobile Devices and Work.

g. Use of wireless access points on the company's premises must be secure.

h. The company may, from time to time, opt to use a honeypot or sinkhole to protect its network from potential cyber attacks by implementing an artificial network, and to prevent cyber attackers from targeting the company's IP address by implementing a server to block malicious and unwanted traffic.


8) NETWORK AND INFORMATION SECURITY

a. New information systems must be secure, and include measures such as user authentication; privileged access to limited users; and availability, confidentiality and integrity of information.

b. Where applicable, secure application techniques must be utilized for secure coding.

c. When ________ utilizes third-party software for purposes related to the company's objectives and to facilitate the company's functionality, the company must ensure that the third-party provider adheres to security principles in all of its architecture layers.

d. When ________ contracts work to an outside company for purposes related to the company's objectives and to facilitate the company's functionality, such as IT infrastructure, controls shall be utilized to ensure that there shall be no network compromises or any threats emanating from the supply chain.


9) PHYSICAL SECURITY OF PREMISES AND WORKSTATION

a. The premises, including any area in which company hardware can be found, is protected. Where applicable, server rooms of ________ containing all of the data at the company and its information shall be locked and secured everyday prior to leaving the premises. Only authorized personnel may access the server rooms of the company. Access requests by unauthorized personnel may only be granted in the narrowest of circumstances, including, for example, to replace a failed harddrive as soon as practicable. An entry and exit log must be kept for anybody accessing such rooms with appropriate controls in place to prevent log entry and exit tampering.

b. Rooms with sensitive information should not be labelled so as to draw attention, and they should be kept locked at all times unless such rooms are being utilized by authorized personnel.

c. Where applicable, if the company uses off-site backup facilities to store data, such facilities shall be secured and locked to prevent cybercriminals from physically accessing the datacenter and accessing the company's hardware for malicious purposes. Cybercriminals often make for great fraudsters, so it is crucial that ________ not allow anyone access to a storage facility other than authorized personnel.

d. When stepping away from a workstation, whether working remotely or otherwise, employees shall ensure that their workspace perimeter does not reveal sensitive information, and that any confidential information is not visible on their computer screen. Employees should put their computer on sleep mode when stepping away from their workstation to prevent dissemination of important information. Employees should, at all times, use their best judgment when walking away from their computer to ensure colleagues, family members or other members of the household or place of residence do not have access to sensitive information.


10) RESPONSE TO INFORMATION TECHNOLOGY COMPROMISE

a. Cyber attacks can be done by way of malware attacks, IP spoofing, hijacking, phishing (sending malicious links by email), drive-by attacks (adding a malicious script to unsecure websites), social engineering attacks, and more.

b. In the event of a system compromise or interception at ________, a proper course of action shall be implemented by the company to mitigate any form of damage and such action shall be taken as soon as possible. Authorized personnel are to be immediately informed of such threats, whether anticipated, minor or large, and respond accordingly with the IT department. The following personnel shall respond to the incident:

I. ________

c. In order to neutralize the threat, ________ shall, where possible, ensure to verify all applications and change passwords, employ account recovery options, contact financial institutions where necessary, scan hardware to detect suspicions, remove sensitive data, and conduct security audits.

d. Authorized personnel shall forthwith conduct an investigation to pinpoint the source of the system compromise or interception. After having identified the problem, the company shall devise a solution best suited in the circumstances, and make a company-wide broadcast to raise employee awareness.

e. Once the solution is implemented and employee awareness has been established, the company shall maintain a record of the event with detailed notes.

f. The systems of ________ must be resilient to all forms of attacks. Where applicable, the company shall employ redundancies to ensure that when one system fails, another shall take effect.


11) STORAGE AND BACKUP OF INFORMATION

a. ________ shall regularly backup information to its servers using a company-prescribed solution; such backups being regularly tested and destroyed when obsolete and where legally permitted.

b. The company may opt to utilize a large warehouse to act a datacenter or utilize a cloud data center such as AWS (S3) to store and share data.

c. In the event of power surge, power failure, media failure, or force majeure, ________ shall have backup protocols in place to ensure the preservation of data.

d. ________ may utilize an alternative premises/ facility to hold separate hard drives of ________ so that in the event of a disaster at the main premises, information shall be securely uploaded and backed up onto the alternative facility's hardware, using methods as the company approves from time to time and depending on the size and overall growth of its transactions, which may include using a redundant array of independent drives (RAID) technology enabled by a Network Attached Storage (NAS), which may be configured based on the classification and sensitivity of information with reputable marketplace software whose priority is cybersecurity. ________ has the option of using multiple off-site backup locations. Alternatively, the company may utilize Storage Area Network (SAN) technology depending on the size and growth of its operations, or Object Storage (cloud storage centre), as may be deemed appropriate in the circumstances.

e. When utilizing NAS technology or other systems, ________ may enable a hybrid-cloud network to store its information, which shall consist of on-premises technology and cloud-based technology as the company may select and alter from time to time, which integrates with the network.

f. Outdated backup Information shall be held and stored for 1 year.

g. As legally required by our professional governing body, information must be kept and stored for ________. Such information may include as follows:

________


12) 588885258825 5555 888 2888585558 8855555555

________. 552 228828822 222-2555582882 8882 22 5828882828 525 5828 88 525882225882 525 2525888225. 822 58258 25 8252258, 82522225222 82225582258, 25282282882 222822228, 82522, 225822228, 22288258, 522228, 82285825228, 222822228, 8522525 2588 2822 25 2552 2822, 222225552 25 225252222, 525 588 2228258 5228885225 8825 25855 2552828, 852 222522 82 522 22 252 228828822 5828882828 252 82 8582282 22 588882882552 582822, 52 22 525 828855822 22528252822:

  • 2522 58822 8222522 55558552, 828855822 822252258, 228882 5288828, 2588228, 228. 58258 552 82588282 2525888225 2522 22252822 82 8882258 25 528855258258 5828882828, 828855822 5582822, 25885822, 85222822 25222, 525 2252.
  • 58258 85588 222 582 22582258 5288828 2552 82585 8222522882 252 8282228 525 22282528 22 ________. 822 2822 5 5825 85228 22 582 5 22582258 528882 58 5 22528 22 85282822 225888, 8222528852822 8825 858222258 25 8288252528, 8222522 22525822222 88 52858525 525 252 8222522 85588 2222 5 528255 22 252 22582258 528882'8 2522, 2255, 525 22528. 5582282 22 528882 52252858, 252 22282222 58822 5 22582258 528882 85588 822282 8825 2588 228882 82 252 8522 252225 58 82 2522 8252 58822 8222522-28225 55558552.
  • 582852822 25 822582222222 22 822288282558 25222522 582528 22 ________ 88 2525888225.
  • 28552822 82228552 2552 88 222 8225882 88822825 22 ________ 88 2525888225.
  • 888288 22 82228552 25 22525 522888528228 222 5285225 22 252 85882288 22 ________ 88 525882225882.
  • 58822 25225258 558 2228 88 2525888225.
  • 8882522 258882558 552 82588282 22522 225 58258 22 ________, 828855822 8252258, 82522225222 82225582258, 25282282882 222822228, 82522, 225822228, 22288258, 522228, 82285825228, 222822228, 8522525 2588 2822 25 2552 2822, 222225552 25 225252222, 525 588 2228258 5228885225 8825 25855 2552828.
  • 88828822 255282888822 22 5525 82 8225822 225888 22 8222522 25225858, 25 82 522 22525 22528, 22 5 22582258 528882 88 2525888225.


13) APPLICABLE LAWS

________ ensures compliance with all applicable legislation, including, but not limited to:

  • the Criminal Code (R.S.C., 1985, c. C-46);
  • Canada's anti-spam legislation (CASL);
  • the National Security Act, 2017 (S.C. 2019, c. 13);
  • the Communications Security Establishment Act (S.C. 2019, c. 13, s. 76);
  • the Security of Information Act (R.S.C., 1985, c. O-5);
  • the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5);
  • applicable jurisprudence;
  • intellectual property laws;
  • privacy laws.


14) CONTACT

Should you have any questions or concerns arising from this Policy, or need to report an incident, kindly contact ________ using the following information:

________

________

T: ________

________


15) ACKNOWLEDGEMENT

I have received and reviewed this Workplace Technology Security Policy and understand my obligations contained in this Policy. Failure to comply with this Policy may result in disciplinary action, up to and including termination.

I understand that ________ reserves the unilateral right to make changes, future amendments, and modifications as they see fit.

I further acknowledge that ________ may perform random audits through various means to ensure compliance with this Policy.





_________________________
Employee Signature





_________________________
Employee Name (Print)





_________________
Date

HOW TO CUSTOMIZE THE TEMPLATE

Answer the question, then click on "Next".


The document is written according to your responses - clauses are added or removed, paragraphs are customised, words are changed, etc.


At the end, you will immediately receive the document in Word and PDF formats. You can then open the Word document to modify it and reuse it however you wish.


OK