Uprise Telecommuting and Mobile Procedure Policy

Objective

 The objective of this procedure is to ensure that security of information and systems, accessed through teleworking and mobile working are given due importance. It is essential that employees have the knowledge that security procedures and policies exist and they are understood and adhered to.

 

Scope

The scope of these procedures includes all persons/parties who have access to information and information systems belonging to or under the control of the IT Department. Processing devices that can be used as part of teleworking or mobile working include: PCs (home based, touchdown centres etc.), laptops and notebooks, tablet PCs, smart phones, personal digital assistants (PDAs), digital cameras, mobile phones and any other mobile device that record and/or process information. Removable media is anything that data can be copied, saved and/or written on to which can then be taken away and restored onto another computer (e.g. CD, DVD, flash drives, USB data sticks, portable hard drives).

 

Responsibilities

Uprise information security officer is responsible for ensuring that all employees and managers are aware of security policies and that they are observed. Managers need to be aware they have a responsibility to ensure employees have sufficient, relevant knowledge concerning the security of information and systems. Designated owners of systems, who have responsibility for the management of the information systems and information, need to ensure that staff are aware of their responsibilities towards security. Designated owners of systems and information need to ensure they uphold the security policies and procedures.

 

Procedure

 

1.      For teleworking and mobile working, access to IT information, networks and applications (including email) can be attained via any internet connection.

 

2.      It is possible to access Uprise email from a remote location (such as home) using non-wireless or wireless technology. This should only be attempted using a web browser via a VPN.

 

Employees must ensure when using any service to access and transmit sensitive data that https is displayed at the start of the address line and the padlock symbol is displayed on the browser window.

 

3.      Connection to the Uprise network, for accessing CRM and other applications, through VPN should only be attempted using the domain login and password credentials which employees are issued with.

 

4.      Extra care should be taken to properly close all applications, network connections and web browsers when using PCs, mobile devices and software not officially provided by Uprise. Passwords, logon credentials and sensitive files can be left behind on un-trusted devices, making them readily available to subsequent users.

 

5.      Users conducting teleworking/mobile working should not allow or give permission for unauthorised users (including family and friends) to use that PC/mobile device.

 

6.      Any information concerning passwords, usernames, network credentials or requirements/ability used to access Uprise’ information and systems by teleworking/mobile working must not be shared with other staff, unauthorised users, third party vendors, family, friends or members of the public.

 

7.      A password should be set up and used on all mobile equipment that can be locked by use of a password. For example, android devices can be set locked using a password and this facility should not be disabled by the user.

 

8.      In the event that a user becomes aware of an information or data breach or accidental disclosure, this matter must be reported immediately via the Uprise  Incident Reporting Procedures. In such an event, password for the user ID of the affected user will be reset immediately to minimise the risk.

 

Jay Spence