Versions Compared

Version Old Version 1 New Version 2
Changes made by

Jan Tenenberg

Jan Tenenberg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Vertic POLICY – IT CONTROLS  

J&M Vertic has developed this IT policy and procedure document under the standard IT protocols to manage the risk associated with ICD. Our goal is to fundamentally protect and deter incidents from occurring, but to also instigate appropriate actions to detect, respond and recover should an incident occur.

...

  • Where employees would like to install free or open-ware software, it must be authorised by IT in advance

DATA STORAGE

All J&M Vertic employees have been assigned an Office 365 account and as such have access to the Vertic SharePoint site. All work related material must be stored within this environment. If you are not sure where specifically to store data within this environment, please consult your LOB Manager.

...

All employees have been assigned an Office 365 account and as such have access to the J&M Vertic SharePoint site. All work related material must be stored within this environment. If you are not sure where to store data within this environment, please consult your LOB Manager.

...

Client data should never be taken off a client site without written permission from the client in advance.  You must advise what the data is, the purpose for taking it offsite, how it will be managed and stored, how long it will be in our possession and how it will be subsequently removed from J&M Vertic systems. 

Client data should never be emailed or saved to hard drives, personal computers, shared boxes (eg Dropbox) outside of the authorised client protocols.

Employees need to understand that this requirement extends beyond J&M Vertic policy, and could be deemed a criminal offence under Sovereignty legislation.  

...

At all times Vertic employees are responsible for appropriate access to systems they are working on at client’s sites.  Vertic  Vertic can only access systems in a manner prescribed by the client and using their own login and passwords.  Employees are never to share logins, unless written authorisation is provided by the client eg a group login on development environment to the Vertic Directors in advance.

...

Employees must be aware of security issues in their email communications, and must ensure that they do not disclose any confidential or Company material to any unauthorised person/s – to do so would breach their Confidentiality Agreement and / or their Contract of Employment with Vertic. Employees are not to transmit sensitive or confidential client materials via the Internet or Ee-mail, take client data offsite, unless authorised to do so. 

...