Provisions: For purposes of this document, information technology (IT) will refer to the hardware, software, and infrastructure that will be used to provide automated solutions to Jay Group. Information Technology (IT) will refer to the staff and consultants responsible for implementing and maintaining said automated solutions for Jay Group.
This document establishes information technology (IT) planning, acquisition, support, and security procedures for Jay Group.
Its purpose is to provide the procedures and policies for the coordination of the Organizations’ automated IT solutions to preserve integrity of the data and systems within Jay Group’s established network infrastructure and support resources.
Information Technology is responsible for managing the selection process, operation, maintenance, and distribution of automated technology solutions related to the computer systems of Jay Group. IT develops and maintains the infrastructure of the network which includes wiring, network connectivity hardware, internet service, network access for staff and/or consultants, and any other associated hardware or software that enables electronic access and storage of materials on Jay Group computers and related systems.
Information Technology also is responsible for the security and integrity of Jay Group’s electronic assets. These responsibilities include the development, dissemination, and continuous updating of procedures and policies related to the computer systems and electronic assets of Jay Group. These responsibilities also include the review of the technical credentials for consultants, vendors, technical staff, and technology partners for Jay Group. Along with the review of the technical credentials for staff positions at Jay Group that require specialized technical ability and experience, the IT staff is also responsible for assessing the technical suitability for employment with Jay Group for all projects and departments. Certain aspects of the security integrity, and continued operation of the network and computer systems is also the responsibility of the users of those systems. This document will outline those responsibilities and the procedures for integrating the networked computer systems into the day-to-day operations of Jay Group.
Policy: Jay Group provides all employees with access to computer systems and office automation systems for use relevant to individual job responsibilities and professional development. To ensure that information technology and information services are used to further Jay Group philosophy and objectives and to provide structure regarding its use, the following guidelines will apply.
Applicability: All employees, clients, vendors, independent sales representatives, as well as anyone else connecting to Jay Group Systems are covered under this policy.
Logical security of Jay Group’s data and computer systems is the responsibility of all employees and consultants who are provided access to the systems.
Non-employees of Jay Group will not be provided access to organizational data files or computer systems without prior written request for that access by the department Manager
IT will provide access to computer systems and data appropriate to the employee’s job responsibilities.
Any breach of security procedures for the computer systems and/or organizational data will be corrected immediately by IT, without notification to the employee responsible for the breach of security.
Jay Group maintains areas of the building designated for network operations. These areas house servers and other crucial equipment vital to the operation of the network. These areas will remain locked at all times and access will be given to authorized personnel only.
Jay Group issues mobile equipment to some employees. Additional requirements apply as follows:
PC Security
Requests for assistance with computer systems will be submitted via the Help Desk Request Form available on JayNet.
Employees may be provided remote access to Jay Group’s network. Access will be granted only to those employees who require this access to complete or fulfill their job responsibilities.
Misuse of remote access privileges will result in cancellation of the remote access.
Non employees required to remotely access Jay Group systems are required to use a secure VPN connection, run antivirus software with up-to-date antivirus, and run a personal firewall.
New employee information will be submitted to IT by the supervisor immediately after position acceptance. A minimum of 5 days notification is needed prior to the first day of employment to allow time for ordering and receipt of equipment and software, updating inventory records, system personalization, reconfiguration of existing equipment, and network service access assignments.
Submission of new employee information is handled through a help desk security request. This form logs the new employee information into a database for reference by the IT staff that will create the necessary access accounts.
Upon receipt of the New Employee Request, IT will initiate network access appropriate to the employee’s responsibilities. This access information will be provided by the manager or supervisor through the above mentioned form.
Upon completion of the system and account setup process, the security request will be marked completed and the supervisor will receive an email stating that the request is complete.
The new employee and her/his manager or supervisor need to coordinate with Training and Development for initial computer training. Initial orientation to the computer systems will vary based on the user’s experience and job responsibilities at Jay Group.
The new employee will receive her/his password and login information for access to network services at the time of training.
It is the employee’s responsibility to schedule further training as necessary.
New Employees will be provided a copy of the Information Security Policy. They are required to read and then sign the acceptance form, along with their supervisor. This form is to be retained by HR within the employees file. Spot checks may be done by IT management to verify signing of form.
For security reasons, IT will need to be informed of employee separations immediately by HR or employee manager when HR is unavailable.
In situations of employee involuntary separation, IT must be informed simultaneously.
Access to data files used by the terminating employee will be reassigned after a help desk security request has been submitted. Files to be reassigned will be identified by the department manager of that employee. This information needs to be relayed to IT to coordinate the transfer of files and security of any sensitive data.
Administrators and operators must be defined to prevent, detect, and correct unauthorized access to the network’s hardware, software, and data to ensure the network’s continued operation and security surrounding the network.
IT Management is responsible for identifying and defining the specific individuals that will perform administrator and operator functions.
These individuals will be responsible for maintaining the overall security of the network and will be responsible for enforcing all network compliances affecting Jay Group as well as any industry standard security measures.
All administrators must be adequately trained to perform their required functions and responsibilities.
Administrators are responsible for:
Administrators are responsible for procedures for network configuration.
Administrators are responsible for network security monitoring.
Administrators are responsible for tracking and reporting violations and suspicious activity immediately to management.
Administrators are responsible for ensuring network directories and shares are adequately maintained including:
For continued functionality and operation of a network, appropriate action must be taken to ensure the configuration is planned and properly implemented.
Provisions: Electronic communications, including computer files, voice mail, electronic mail (“e-mail”), are not anonymous. Sender and receiver can be determined and the content of any message may be viewed by others within Jay Group. A password is not intended to ensure the privacy of electronic communications. Instead, it serves to provide a minimum level of security to Jay Group media by restricting access to only those who bear valid passwords. Preventing a person from outside of Jay Group from gaining access to Jay Group internal media is not the same as affording privacy to the communications of media users. However, ALL work-related information should be regarded as confidential. This policy reaffirms Jay Group’s policy on Confidentiality as outlined on pages X – X of the Employee Handbook. – HR – is this in our handbook?
Confidentiality Statement: E-mail is not a private form of communication and should not be used to send personal information or discuss private matters about anyone, including yourself, unless disclosure of that information within Jay Group is acceptable to you. This also applies to voice mail and computer files. Any defamatory, threatening or derogatory remark about any person or group of persons is prohibited. Any employee who violates this policy may be subject to disciplinary action, up to and including termination.
**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the information contained in this message. If you have received this e-mail in error, please notify the sender and delete this e-mail message. The contents do not necessarily represent the opinion of Jay Group.
Internet access is primarily provided by Jay Group for business purposes only. Any personal use of the internet should be kept to a minimum. If a user is found to be using the internet for excess personal use or creates a business impact as a result of their actions said user may have their access severely limited or shut off. Such a violation could involve disciplinary action as well as termination.
Jay Group uses a product called Websense to restrict access to unsafe sights or those deemed inappropriate for viewing by HR. If a sight is blocked and the user requires access to it for business purposes they may submit a request by following the instructions on the block page. These will be reviewed by both HR and IT and a determination will be made.
Only those employees or officials who are authorized to speak to the media, to analysts or at public gatherings on behalf of Jay Group may speak/write in the name of the company to any newsgroup or chat room. Other users may participate in newsgroups or chats in the course of business when relevant to their duties, but they do so as individuals speaking for themselves.
Jay Group has established an Internet firewall to ensure the safety and security of the company’s networks. Any employee who attempts to disable, defeat, or circumvent any company security will be subject to disciplinary action.
Uses that violate Jay Group’s policies:
No employee may use the Internet to access or convey information in an unlawful manner, or for any unlawful purpose.
Other inappropriate uses:
Downloading documents, programs, and other executable files:
Anonymous or encrypted communications:
Interception of electronic communications:
Internet access privileges:
Internet security:
Jay Group tracks all internet usage for all employees, visitors or vendors, while using Jay Group provided equipment and or connected to the corporate network, no exceptions.
Jay Group reserves the right to review and disclose such records or information with or without prior notice.
Violations of electronic communications policy
All e-mail and associated system resources are the property of Jay Group. E-mail is subject to the same restrictions on its use, and the same review process, as is any other company-furnished resource provided for the use of employees. Its use and content may be monitored at any time.
E-mail usage must be able to withstand public scrutiny. Users must comply with all applicable legislation, regulations, policies and standards. This includes complying with copyright and license provisions with respect to both programs and data.
Users may not:
Users must not send, forward and/or reply to large distribution lists concerning non-Jay Group business. In addition, users must consider the impact on the network when creating and using large, work-related distribution lists.
Alleged inappropriate use of the e-mail technology will be reviewed by management on a case by case basis and may, for employees, lead to disciplinary action up to and including dismissal. For contractors, it may lead to cancellation of the contractual arrangement.
Users are responsible for ensuring that their use of e-mail technology is appropriate and consistent with this policy.
Users should carefully consider the intended audience, tone, formality, and format for all e-mail messages.
Any message received which is intended for another person should be returned to the sender. All copies of the misdirected message should be deleted after it has been returned to the sender. An incorrectly addressed message should only be forwarded to the intended recipient if the identity of that recipient is known and certain.
The sending of large attachments (for example, greater than 10 megabytes) to large distribution lists should be avoided because of the impact on the network. If there is a need to send a large e-mail, please contact the help desk at extension 6320 for assistance.
If a message is sent to a distribution list, recipients should consider whether the response needs to go to everyone on the list or just to a select group.
The misinterpretation of an e-mail message may occur. Missing body language and tone can cause what was meant as a casual or humorous message to be taken other than intended. If a message generates an emotional response, the recipient should carefully consider what an appropriate or professional response is. Also, the recipient should consider if a response is needed at all and react accordingly.
E-mail is not to be used as a personal advertisement tool. E-mail is not to be used to sell, or exchange personal items.
In this day of constantly proliferating computer viruses, Jay Group needs to be concerned about protecting the data that is stored on its computer systems from contamination by both annoying and destructive programs.
Server Protection:
Client Protection:
This software must scan all local drives at the workstation whether the file is received from a data source at Jay Group, or from and outside source (floppy disk, Intranet, Internet, email).
This software must detect known viruses, spyware and malware, report the detection to centralized management system and be able to take appropriate automated action.
The software must be capable of receiving automatic updates from a central server that continually checks for new updates.
The Administrator for Virus Protection is responsible for the following:
This policy will be reviewed every six months or sooner as deemed necessary by the Data Security Team. Notification of changes to these policies and procedures will be disseminated to all staff by the Human Resources.
APPENDIX A
Logon/Logoff Procedures
Password Policy
Data Center Access List
Security Request Form
Mobile Equipment Form
When a user logs onto Jay Group systems he/she has the ability to access sensitive electronic data for both Jay Group and our clients. Your Username and Password are what gives you this access. Certain User profiles have more access rights than others. This is the reason why users are prohibited from sharing their profiles with other users. Sharing your username is not the only security risk that we face. Securing you PC when you are not at your desk is just as important. The following are a few guidelines that Jay Group employees must follow:
Guidelines:
Department Supervisors and Managers are responsible for the creation of all new employee security requests.
The Security Administrators are responsible for the maintenance and auditing of all security including passwords for Jay Group logons.
All individuals that are provided with a user logon to any system are responsible for the confidentiality of those logons. Your logon consists of a username and password and will not be shared or discussed with any other employee. A violation of this policy will result in one of the following:
If the violation is of sufficiently serious nature, suspension and/or discharge on any of the Offenses may be exercised. The employee may also be held legally liable depending upon the seriousness of the offense.
Writing your password down and keeping it in a visible or guessable area is also a breach of security and will be treated the same.
The following criteria are on a system-by-system basis and may vary slightly.
An audit of all company level passwords will be conducted on a random basis by the security administrator to ensure that the password policy is being enforced and that a password has not been “forced” to be outside the requirements of the password policy. Any passwords that have been created outside of the policy guidelines will be changed when found and require the user to reset that password immediately.