Professional Documents
Culture Documents
Itp Final102518
Itp Final102518
Policy Statement:
Vulnerability of information is caused by the person who access the system. Thus,
it is practical to have measures in access role in the system.
The Gwynn Store System shall ensure that all person who access the system have
valid credentials given by the authorized personnel. Once the credentials are acquired,
the employee/s shall keep their passes and restrict them from sharing it. The Gwynn Store
System shall audit all the employee who uses the system to track the responsible person
in case system error occur.
This policy let Gwynn Store System to prevent unauthorized person to access the
information and system of the organization.
1
Gwynn Store IT Policies and Procedures Manual
Scope:
The policy applies to all endpoint, mobile devices or application which a user can
access the system and all personnel affiliates to the firm’s organization.
Policy Terms:
Access Role – refers to the role of the employee in the organization. The user
interface that the employee can access will depend on the role he/she acquire/
Audit – refers to the list of users who access the system
Credentials – refers to confidential data in accessing the system
Enforcement:
This policy will enforce the implementation of rules and regulations in terms of
accessing the system. Only authorized personnel shall access the system. Every
employee shall be given credentials to access the system depending on their role
Violation of this policy may result of disciplinary action or dismissal/termination
depending on how the action damage the organization.
Related Information:
System Accessibility Policy
Internet and Email Usage Policy
Personal Use Policy
Ethical Responsibility
2
Gwynn Store IT Policies and Procedures Manual
1. Basic Information such as: Name, Age, Birthday, Address, Contact Number,
Email Address;
2. Individual’s marital status, color, religion; and
3. Issued by government agencies peculiar to an individual which includes, but
not limited to, social security numbers, previous or current health records,
licenses or its denials, suspension or revocation, and tax returns
3
Gwynn Store IT Policies and Procedures Manual
4
Gwynn Store IT Policies and Procedures Manual
Policy Statement:
This Internet Usage Policy applies to all employees of Gwynn General
Merchandise who have access to computers and the Internet to be used in the
performance of their work. Use of the Internet by employees of Gwynn General
Merchandise is permitted and encouraged where such use supports the goals and
objectives of the business. However, access to the Internet through Gwynn General
Merchandise is a privilege and all employees must adhere to the policies concerning
Computer, Email and Internet usage.
Scope:
The policy applies to all endpoint, employees or the owner.
Policy Terms:
Internet – refers to the network which allow the user to connect world wide.
5
Gwynn Store IT Policies and Procedures Manual
Email – refers to the message received using internet. It allow the user have a format in
their content. This is mostly use for business transaction like ordering, delivery and etc.
Browsing – refers to the act of searching through a browser.
Enforcement:
Violation of these policies could result in disciplinary and/or legal action leading up
to and including termination of employment. Employees may also be held personally
liable for damages caused by any violations of this policy. All employees are required to
acknowledge receipt and confirm that they have understood and agree to abide by the
rules hereunder.
Related Information:
System Accessibility Policy
Internet and Email Usage Policy
Personal Use Policy
Ethical Responsibility
6
Gwynn Store IT Policies and Procedures Manual
Access to the Internet will be approved and provided only if reasonable business
needs are identified. Internet services will be granted based on an employee’s current
job responsibilities.
Allowed Usage
Internet usage is granted for the sole purpose of supporting business activities
necessary to carry out job functions. All users must follow the corporate principles
regarding resource usage and exercise good judgment in using the Internet. Questions
can be addressed to the IT Department.
Acceptable use of the Internet for performing job functions might include:
Prohibited Usage
Information stored in the wallet, or any consequential loss of personal property.
Other activities that are strictly prohibited include, but are not limited to:
Accessing firm’s information that is not within the scope of one’s work. This
includes unauthorized reading of customer account information, unauthorized
7
Gwynn Store IT Policies and Procedures Manual
E-mail Confidentiality
Users should be aware that clear text E-mail is not a confidential means of
communication. The company cannot guarantee that electronic communications will be
private. Employees should be aware that electronic communications can, depending on
the technology, be forwarded, intercepted, printed, and stored by others. Users should
also be aware that once an E-mail is transmitted it may be altered. Deleting an E-mail
from an individual workstation will not eliminate it from the various systems across
which it has been transmitted.
9
Gwynn Store IT Policies and Procedures Manual
Policy Statement:
Every business involves the use of some sort of equipment which employees need
to do their job, and this equipment is generally provided by the business. While some
personal use of business equipment is realistically to be expected, problems can arise
when the personal use is excessive.
Scope:
The policy applies to all endpoint, employees or the owner.
Policy Terms:
Device – refers to technology equipment that make manual work automated.
Internet – refers to the network which allow the user to connect world wide.
Email – refers to the message received using internet. It allow the user have a format in
their content. This is mostly use for business transaction like ordering, delivery and etc.
10
Gwynn Store IT Policies and Procedures Manual
Enforcement:
Violation of these policies could result in disciplinary and/or legal action leading up
to and including termination of employment. Employees may also be held personally
liable for damages caused by any violations of this policy. All employees are required to
acknowledge receipt and confirm that they have understood and agree to abide by the
rules hereunder.
Related Information:
Acceptable Use Policy
11
Gwynn Store IT Policies and Procedures Manual
12
Gwynn Store IT Policies and Procedures Manual
13
Gwynn Store IT Policies and Procedures Manual
Scope:
The policy applies to all employee of the Gwynn Store that serve the company’s
client and customers to maintain the company’s asset and properties securely protected
as well as its consistency and integrity.
Policy Terms:
Violation–any unethical act of a human.
Termination–a forced removing of employees due to violation of the company’s
implemented rules and regulations.
Unethical–act of not doing the right thing that could cause harm to other people.
Asset –any company’s property from manpower up to infrastructure.
Enforcement:
14
Gwynn Store IT Policies and Procedures Manual
Violation of this policy may result to instant termination and in worst a lifetime
imprisonment once the unethical employee brought an enormous damage to the
company that may result to a loss of asset’s and property.
Related Information:
Security Awareness Policy
Surveillance Policy
15
Gwynn Store IT Policies and Procedures Manual
17
Gwynn Store IT Policies and Procedures Manual
2. Security Awareness
Security and privacy awareness and training is an important aspect in protecting
the Confidentiality, Integrity, and Availability (CIA) of sensitive information. Employees
are the first line of defense and must be made aware of the security risks associated with
the work performed at Gwynn Store.
Scope:
This policy applies to all Gwynn Store employees and contractors and anyone else
needing access to Gwynn Store information and its systems.
18
Gwynn Store IT Policies and Procedures Manual
Policy Terms:
Training – teaching a person a particular skill or behavior
Information Security Officer - responsible for establishing and maintaining vision
strategies and program to ensure information assets and technologies are protected.
Annually – once a year, every year
Enforcement:
Violation of this policy may result in loss of system usage privileges, disciplinary
action, up to and including the termination or expulsion
Related Information:
Security Awareness and Training Policy
19
Gwynn Store IT Policies and Procedures Manual
20
Gwynn Store IT Policies and Procedures Manual
21
Gwynn Store IT Policies and Procedures Manual
a. Environment Calamity
b. Accidents
c. Disease, present health document
d. Family or relative’s emergency will depend on the judgement of the
manager.
c) Employee already attended same seminar and training. In this case, employee
shall present a certificate similar to the topic of the seminar and training.
22
Gwynn Store IT Policies and Procedures Manual
3. Information Security
Information is vitally important asset in a Firm. Thus, it is the firm's responsibility to
make sure that information is kept safe and used appropriately. Failure to protect
information may result to breaches of confidentiality, failures of integrity, or interruptions
to the availability of that information, causing the Firm financial and reputational
damage.
Therefore, the Firm has adopted an Information Security Policy that complies with
stringent legal requirement and provides the necessary assurance that data held and
processed by the Firm is treated with the highest appropriate standards to keep it
secure.
Scope:
23
Gwynn Store IT Policies and Procedures Manual
Policy Terms:
Asset - the property of a deceased person subject by law to the payment of his or
her debts and legacies
Data Privacy Act- comprehensive and strict privacy legislation “to protect the
fundamental human right of privacy, of communication while ensuring free flow of
information to promote innovation and growth.” (Republic Act. No. 10173, Ch. 1, Sec.
2).
Database - a usually large collection of data organized especially for rapid search
and retrieval (as by a computer)
Enforcement:
Defilement of this policy may come to the consequence of penalizing action, up
to and counting the dissolution or dismissal, as well as personal and civil and/or
criminality.
Related Information:
Information Access Policy
Authorization for Information Modification Policy
Personal Data Privacy Policy
Password Policy
24
Gwynn Store IT Policies and Procedures Manual
25
Gwynn Store IT Policies and Procedures Manual
Scope:
The business’ policy is implemented to any endpoint, mobile devices or
application which necessitates submission of information through the system, as well as
all users of the system.
Policy Terms:
Modification - the making of a limited change in something
Access - permission, liberty, or ability to enter, approach, or pass to and from a place or
to approach or communicate with a person or thing
Enforcement:
Defilement of this policy may come to the consequence of penalizing action, up
to and counting the dissolution or dismissal, as well as personal and civil and/or
criminality.
26
Gwynn Store IT Policies and Procedures Manual
Related Information:
27
Gwynn Store IT Policies and Procedures Manual
2. Any changes in the company, if it would affect wide operation of the system like
changing business model, it should be all planned after the initial approval.
3. All the planned changes must be discussed or checked if ready for implementation
and wait for final approval
4. On roles and responsibilities of the managers, there should be included that they
must be overseeing all of the modifications that are going to be done in the system.
28
Gwynn Store IT Policies and Procedures Manual
Scope:
The policy applies to all endpoint, mobile devices or application which a user
acquires personal information.
Policy Terms:
Personal Information/Data – refers to the basic information of a person (such as:
name, birth date, address, salary)
Enforcement:
Any breach of these policies will be deemed an infringement and dealt with
accordingly which could result in suspension of access privileges or in severe cases, legal
authorities will be involved.
29
Gwynn Store IT Policies and Procedures Manual
Related Information:
Information Access Policy
Authorization for Information Modification Policy
Personal Data Privacy Policy
Password Policy
30
Gwynn Store IT Policies and Procedures Manual
1. Basic Information such as: Name, Age, Birthday, Address, Contact Number,
Email Address;
2. Individual’s marital status, color, religion; and
3. Issued by government agencies peculiar to an individual which includes, but
not limited to, social security numbers, previous or current health records,
licenses or its denials, suspension or revocation, and tax returns
31
Gwynn Store IT Policies and Procedures Manual
2. If incase, the business firm need to use personal information, the Personal
Information Controller shall request a consent to Data Subject to use their
personal information;
3. Requisition can be sent thru: email, message and, phone call;
4. Requisition Letter should include the following: information that the firm will
use, purpose of using the information;
5. The purpose shall of requisition shall be clearly stated;
6. Using Personal Data is strictly limited to information stated in the request
letter and shall not exceed to the agreement. Any breach of this policy shall
accuse of unauthorize use of personal data;
7. Unauthorize using of personal data shall condemn according to the
respective punishment depending on the weight of the offense;
8. Personal Information Holder bears responsibility for and consequences of
misuse of Personal Information.
Personal Information from former employee shall be disposed after departure to the
firm.
32
Gwynn Store IT Policies and Procedures Manual
Scope:
The policy applies to all employees of the Gwynn Store, System and Database
administrator that are responsible for keeping the password secured and limited to the
authorized and the user itself.
Policy Terms:
System Administrator –the one who manages the configurations of the system.
Database Administrator –responsible for keeping data securely protected in back end
of the system.
System User –any company employee who use the system.
Password –an identification of system user.
Enforcement:
Any violation of this policy may result to loss of data and company’s confidential
information. Whoever is responsible for this violation may result to termination and
33
Gwynn Store IT Policies and Procedures Manual
imprisonment to System and Database Administrator once they’ve broken the company
trust by giving confidential data such as password to non-employee or outsiders.
Related Information:
Information Access Policy
Authorization for Information Modification Policy
Personal Data Privacy Policy
Password Policy
34
Gwynn Store IT Policies and Procedures Manual
35
Gwynn Store IT Policies and Procedures Manual
Emergencies, disasters, accidents and injuries can occur at any time and without
warning. Being prepared physically and mentally to handle emergencies is an individual
as well as an organizational responsibility.
36
Gwynn Store IT Policies and Procedures Manual
It applies to all types of disaster preparedness activities. This policy tells what
should do before, during and after the disaster. Problems encountered by the system that
is not being affected by the disaster is out of this scope.
Policy Terms:
Impact – how disaster can damage the business process of the system.
Enforcement:
Being not aware in this policy may lead to serious damage to the system, like
backing-up etc. and it may cause panic to employee.
Related Information:
Disaster Awareness and Preparedness Policy
37
Gwynn Store IT Policies and Procedures Manual
2. After-the-calamity
2.1. Any employees should be able to communicate with the people who have
been affected from the inevitable instant catastrophe like customers and be
able to explain them the subsequent actions after the calamity.
2.2. Employee should guarantee the customers return of money once the
transaction has been made before the calamity struck.
2.3. The employee should immediately call any medical assistance once their
co-employee and customers were hit by the calamity.
2.4. The medical expenses of all affected employees and customers should be
carried by the company.
2.5. Any loss from the customer’s asset will be also carried by the company.
2.6. Any transactions made from the day when the calamity struck the store
should have a real-time backup from other branches since it is generic.
38
Gwynn Store IT Policies and Procedures Manual
5. Change Management
The policy is designed to provide a managed and orderly method in which
changes to the information technology environment are requested, tested and approved
prior to installation or implementation. The purpose of this is to ensure that all elements
are in place, there is no negative impact on the system, and to inform parties for the
modification.
Because the technology doesn’t stop from developing, the system is still a work
in progress in terms of securing it and making it more efficient. As the time goes by,
there are many practices and techniques are developed. Changes would be inevitable.
Changes would be often. The changes could affect the company and the system. The
changes that would be done must be managed to maintain the organization of all.
Scope:
The policy applies to all changes to infrastructures, tools, other policies,
management, and process, transactions, and service provided of the firm.
Policy Terms:
Training – teaching a person a particular skill or behavior
Information Security Officer - responsible for establishing and maintaining vision
strategies and program to ensure information assets and technologies are protected.
Annually – once a year, every year
Enforcement:
Modification of the steps in this policy may result in loss of system usage privileges,
disciplinary action, up to and including the termination or expulsion. This would be
prevented with the proper permission from the owner.
Related Information:
Change Authorization Policy
Modification of Transaction Policy
40
Gwynn Store IT Policies and Procedures Manual
41
Gwynn Store IT Policies and Procedures Manual
42
Gwynn Store IT Policies and Procedures Manual
Scope:
The policy applies to all endpoint, employees or the owner which a user can access
the computer. It also covers the modification in the system, major or minor.
Policy Terms:
Transaction: an instance of buying or selling something; a business deal
Modification: the act of modifying something; a change made
Stakeholders: a person with an interest or concern in something, especially a
business
Credentials: a qualification, achievement, personal quality, or aspect of a person’s
background, typically when used to indicate that they are suitable for something
Access: means of approaching or entering a place
Module: a software component or part of a program that contains one or more
routines.
43
Gwynn Store IT Policies and Procedures Manual
Enforcement:
The employees have their roles and must have credentials to log in on the system
according to their role. Every user must only access their part on the system. The access
of other user’s module is prohibited without authorization. Employees who deliberately
violate this policy will be subject disciplinary action up to and including termination. Not
following the steps on modification without any proper permission from the owner should
result to either disciplinary action, loss of access to the system, up to termination. Not
following the guidelines on modification could lead into the big risk of loss of data in the
system
Related Information:
Change Authorization Policy
Modification of Transaction Policy
44
Gwynn Store IT Policies and Procedures Manual
45
Gwynn Store IT Policies and Procedures Manual
10. Must state clearly in the documentation (reference, this policy’s policy number
3) :
- When the modification did took place?
- What was modification in the system?
- Why the modification/s were done?
11. Major modification can be classified as modification that could affect the system
widely, such as changing the credit card mode of payment into visa or debit
card only.
46
Gwynn Store IT Policies and Procedures Manual
This policy contains the guidelines on the scenario where employees are allowed
to use the devices and not. It also ensures that the personal devices of the employees
cannot be use to cause damage to firm's reputation.
Scope:
The business’ policy implements to all endpoints, from all the personnel involved
to any varieties of devices that necessitates association to the business’ equipment and
services.
Policy Terms:
Devices - a piece of equipment or a mechanism designed to serve a special
purpose or perform a special function
47
Gwynn Store IT Policies and Procedures Manual
Enforcement:
Defilement of this policy may come to the consequence of penalizing action, up
to and counting the dissolution or dismissal, as well as personal and civil and/or
criminality.
Related Information:
Device Responsibility Policy
External Device Use Policy
48
Gwynn Store IT Policies and Procedures Manual
49
Gwynn Store IT Policies and Procedures Manual
This policy will enforce the implementation of rules and regulations in terms of
using external devices to unauthorizedly acquire information in the system. The policy will
restrict the employee from plugging storage medium that will allow them to seize a copy
of the organization’s document such as: flash drives, external hard drives, Data Cable.
This will ensure that the software system used by the firm is harm-free from worms
and viruses and cannot be used as a medium of theft of firm’s confidential information.
50
Gwynn Store IT Policies and Procedures Manual
This policy applies to all storage medium devices that can store files and contains
harmful files such as viruses and may be used as a medium of unauthorizedly acquiring
confidential information and document of the business organization.
Policy Terms:
Storage Medium – refers to the devices that can store files such as flash drives,
external hard drives, and data cable.
Viruses, Worms, Trojan Virus – refers to computer viruses that can cause
malfunction to the system.
Enforcement:
Any breach of these policies will be deemed an infringement and dealt with
accordingly which could result in suspension of access privileges, disciplinary action or in
severe cases, legal authorities will be involved.
Related Information:
Device Responsibility Policy
External Device Use Policy
51
Gwynn Store IT Policies and Procedures Manual
52
Gwynn Store IT Policies and Procedures Manual
7. Vendor Access
Third parties may play an important role in the support of software and
operations. They ma remotely view, copy, modify data, and monitory system
performance. Setting limits and controls on what can be seen, copied, modified, and
controlled by the third parties will reduce the risk of loss of revenue, liability, loss of
trust, and embarrassment of Gwynn Store.
Scope:
The Gwynn Store Vendor Access Policy applies to all personnel or organization
outside that can access the Gwynn Store Management System.
53
Gwynn Store IT Policies and Procedures Manual
Policy Terms:
Third party access – refers to the personnel or organization outside the firm that
access the system.
Vendor – Person or Firm who exchanges goods or services for money.
Enforcement:
Violation of this Policy may result in disciplinary action which may include
termination for employees, termination of business relationships for contractors or
consultants, dismissal for interns and volunteers, or suspension or expulsion for students.
Additionally, individuals are subject to loss of Gwynn Information Resources access
privileges and civil and criminal prosecution.
Related Information:
Vendor Responsibility Policy
54
Gwynn Store IT Policies and Procedures Manual
1. Access the system with given credentials to the Gwynn Store Manager. Refer to
the System Accessibility Policy on how to acquire and use Gwynn Store System
Credentials.
55
Gwynn Store IT Policies and Procedures Manual
Scope:
This policy applies to all firm’s officers, directors, employees, affiliates, contractors
that may collect, process, or have access to Data. It is the responsibility of all above to
56
Gwynn Store IT Policies and Procedures Manual
familiarize themselves with this Policy and ensure adequate compliance with it. The policy
covers all data processed or control in whatever medium such data is contained in.
Policy Terms:
Destruction – refers to the destroying of data.
Retention – refers on the time span of controlling the data.
Backups – refers on having more than one record or file of a system or information.
Enforcement:
Violator shall receive appropriate penalties and any breach of this policy shall be
referred to the owner or whoever authorized to handle the incident. Violation of this policy
may result to loss of the firm’s system data and important information needed and
termination of employment depending on the decision of the owner.
Related Information:
Media Destruction Policy
Back-up Policy
57
Gwynn Store IT Policies and Procedures Manual
58
Gwynn Store IT Policies and Procedures Manual
Scope:
The policy covers all data processed or control in whatever medium such data is
contained in. Including the personal data, transactions, process in the system.
Policy Terms:
Back-up- the stored copy of somewhat in the system
Data- information stored in the system.
Enforcement:
Not following the procedures for backing up in the policy procedure, would harm
the data that should be contained and retained by the system. The back-up saves mustn’t
be disclosed with other people who’s not responsible and not part of the business and not
part of the decision-making individuals. The back-up data should be stored properly and
should be secured. Any violation in this policy would lead into, disciplinary actions, loss
of access in the system, termination, up to criminal offense.
59
Gwynn Store IT Policies and Procedures Manual
Related Information:
Media Destruction Policy
Back-up Policy
60
Gwynn Store IT Policies and Procedures Manual
Plan- must plan to make sure anything is organized. Must include the following:
Review- review the parts of the system or data that would be backed up
Disseminate- the plan about backing up must be disseminated for the knowledge of all
the involved.
Implement- the back-up operation must be implemented on the day when it is planned
to be implemented.
Documented- the operation done must be documented for bookkeeping. Also for future
data referencing.
3. The data that are going to be backed up must have validity of 5 years from the
very day of the data being saved.
4. The business process of the specific branch must be shutdown to prevent
parallel data entry.
5. The back-up operation should be done weekly and be done after business hours.
6. If the data that are backed-up came to its expiry, the data would be archived, and
should be deleted after another 5 years from the day it was archived.
61
Gwynn Store IT Policies and Procedures Manual
9. Incident Response
Incident response is an organized approach to addressing and managing the
aftermath of a security breach or cyber-attack, also known as an IT incident, computer
incident or security incident. The goal is to handle the situation in a way that limits damage
and reduces recovery time and costs.
Any incident that is not properly contained and handled can -- and usually will --
escalate into a bigger problem that can ultimately lead to a damaging data breach or
system collapse. Responding to an incident quickly will help an organization minimize
losses, mitigate exploited vulnerabilities, restore services and processes, and reduce the
risks that future incidents pose.
62
Gwynn Store IT Policies and Procedures Manual
This policy will help the business on informing all individuals of the business
about the incidents that happened or might happen and the proper action when those
incidents occur.
Scope:
The business’ policy is implemented to any endpoint, mobile devices or
application which necessitates submission of information through the system, as well as
all users of the system.
Policy Terms:
Camera Surveillance - is surveillance by means of a camera that monitors or
records visual images of activities on premises or in any other place;
Enforcement:
63
Gwynn Store IT Policies and Procedures Manual
d) disclose any data it collects through monitoring and auditing activities to support
(company) policy or law enforcement.
e) Take any other disciplinary action, which may include termination of employment.
Related Information:
Surveillance Policy
Information Security Incident Response Policy
64
Gwynn Store IT Policies and Procedures Manual
4. All personnel with access rights will be provided video and data protection training.
Training is provided for each new member of the staff and periodic workshops on
video and data protection compliance issues are carried out at least once every
65
Gwynn Store IT Policies and Procedures Manual
two years for all employees with success rights. After the training each employee
member signs a confidentiality undertaking.
5. All transfer of video content and disclosures outside administration are
documented and are subject to a rigorous assessment of the necessity of such
transfer and the compatibility of the purpose of the transfer with the initial security
and access control purpose of the processing.
6. The images or video content are retained for a maximum of 30 days. Thereafter,
all images are deleted or overwritten. If any images/video or records content
needs to be stored for further investigation or evidence in a security incident, it
may be retrieved as necessary
66
Gwynn Store IT Policies and Procedures Manual
Scope:
The business’ policy is implemented to any endpoint, mobile devices or
application which necessitates submission of information through the system, as well as
all users of the system.
Policy Terms:
Information security incident - a suspected, attempted, successful, or imminent threat
of unauthorized access, use, disclosure, breach, modification, or destruction
of information; interference with information technology operations
Enforcement:
Defilement of this policy may come to the consequence of penalizing action, up
to and counting the dissolution or dismissal, as well as personal and civil and/or
criminality. Failure to report an information security incident may subject the user to
disciplinary action including, but not limited, to suspension of the user’s access to
electronic information resources. Users also should be aware of other possible
67
Gwynn Store IT Policies and Procedures Manual
Related Information:
Surveillance Policy
Information Security Incident Response Policy
68
Gwynn Store IT Policies and Procedures Manual
a) Unfiltered data capture provides response teams with insights into endpoint
behavior, not just previously discovered attack patterns and behaviors.
69
Gwynn Store IT Policies and Procedures Manual
b) External threat intelligence helps rapidly identify threats you haven’t seen yet,
but other companies have. Once again, if you know what you are dealing with,
you can respond more quickly.
70
Gwynn Store IT Policies and Procedures Manual
Table of Content
1. Acceptable Use Policy ...................................................................................................... 1
1.1 System Accessibility Policy ............................................................................................................ 1
1.1.1 Policy Statement................................................................................................................. 1
1.1.2 Policy Procedure: ..................................................................................................................... 3
1.2 Internet and Email Usage Policy ............................................................................................... 5
1.2.1 Policy Statement....................................................................................................................... 5
1.2.2 Policy Procedure ...................................................................................................................... 7
1.3 Personal Use Policy ...................................................................................................................... 10
1.3.1 Policy Statement..................................................................................................................... 10
1.3.2 Policy Procedure .................................................................................................................... 12
1.4 Ethical Responsibility Policy ................................................................................................... 14
1.4.1 Policy Statement..................................................................................................................... 14
1.4.2 Policy Procedure .................................................................................................................... 16
2. Security Awareness .........................................................................................................18
2.1 Security Awareness and Training Policy.................................................................................... 18
2.1.1 Policy Statement..................................................................................................................... 18
2.1.2 Policy Procedure .................................................................................................................... 20
3. Information Security ........................................................................................................23
3.1 Information Access Policy ............................................................................................................ 23
3.1.1 Policy Statement..................................................................................................................... 23
3.1.2 Policy Procedure .............................................................................................................. 25
3.2 Authorization for Information Modification Policy ................................................................ 26
3.2.2 Policy Statement..................................................................................................................... 26
3.2.2 Policy Procedure .................................................................................................................... 28
3.3 Personal Data Privacy ............................................................................................................. 29
3.3.1 Policy Statement..................................................................................................................... 29
3.3.2 Policy Procedure .................................................................................................................... 31
3.4 Password Policy ....................................................................................................................... 33
3.4.1 Policy Statement..................................................................................................................... 33
3.4.2 Policy Procedure .................................................................................................................... 35
4. Disaster Response/Business Continuity Plan ...............................................................36
4.1 Disaster Awareness and Preparedness Policy ......................................................................... 36
71
Gwynn Store IT Policies and Procedures Manual
72
Gwynn Store IT Policies and Procedures Manual
73