Data Security Policy

Data Security Policy

Netspective Unified Process
 

This policy is to safeguard data and information belonging to the Netspective Communications LLC by maintaining a secure environment. All staff members and authorized individuals using Netspective Communications LLC facilities must adhere to the principles that govern the retention, use, and disposal of information. [FII-SCF-009-DCH-12]

Authorized Users of Information Systems

The Netspective Communications LLC’s Data Security Department formally authorizes all users of Netspective Communications LLC’s information systems. Authorized users will receive a unique user identity and must not disclose their associated password to anyone else. Authorized users are responsible for taking all necessary precautions to protect Netspective Communications LLC information in their possession. They must not copy or transport confidential, personal, or private information without considering the following:

  • Obtaining permission from the information owner.
  • Assessing the risks associated with potential loss or unauthorized access.
  • Ensuring the information’s security during transport to its intended destination.

Acceptable Use of Information Systems

Users of the Netspective Communications LLC’s computer systems must strictly use their accounts for Netspective Communications LLC business purposes only and refrain from engaging in personal activities during working hours. Limited personal use is allowed during breaks or mealtimes, but it must be lawful, honest, and respectful towards others’ rights and sensitivities.

  • Users are prohibited from engaging in deliberate activities aimed at harassing other users, degrading system performance, misusing system resources, or gaining unauthorized access to Netspective Communications LLC systems.
  • Users must not connect unauthorized devices to their PCs or workstations unless they have explicit authorization from their manager or the designated IT personnel. Downloading unauthorized software from the Internet onto their PCs or workstations is strictly prohibited.
  • Unauthorized use of the system may constitute illegal behavior and theft, which could result in civil or criminal prosecution.

Access Control

  • The control of access to critical information resources, which need protection against unauthorized disclosure or modification, is the fundamental element of this Data Security policy.

  • Access control entails assigning permissions to individuals or systems that have authorization to access specific resources. Access controls are present at various system layers, including the network. Usernames and passwords are used to implement access control. Additionally, other access control methods can be employed at the application and database levels to impose further restrictions on access.

  • Furthermore, application and database systems can restrict the availability of applications and databases to users based on their job responsibilities.

Normal User Identification

All users must have a unique username and password to access the systems. Users must keep their password confidential and must not share it with management, supervisory staff, or any other employees. Additionally, users must adhere to the following rules for password creation and maintenance:

  • Passwords should not be common words found in English or foreign dictionaries. This means avoiding the use of common nouns, verbs, adverbs, or adjectives, as they can be easily cracked using standard hacking tools.
  • Passwords should not be displayed or easily accessible near computer terminals.
  • Passwords must be changed every 60 days.
  • User accounts will be frozen after 90 days of failed logon attempts.
  • Logon IDs and passwords will be suspended after 60 days of inactivity.

In addition to these rules, please consider the following important points:

  • Users are prohibited from accessing password files on any network infrastructure component. Unauthorized access to password files on servers will be monitored. Copying, reading, deleting, or modifying password files on any computer system is strictly forbidden.

Log

  • Users are not allowed to logon as a System Administrator. If users require such elevated access to production systems, they must request a Special Access account. - Employee Logon IDs and passwords will be deactivated promptly in case of termination, firing, suspension, leave, or any other termination of employment. - If an employee forgets their password, they must contact the IT department to have a new password assigned to their account. The employee must provide identification (e.g., employee number) to the IT department. - Employees are responsible for all transactions that occur during their logon sessions using their password and ID. Employees must not logon to a computer and then allow another individual to use the computer or share access to the computer systems.

Confidentiality of Information

Any information or documents that are not to be made public are designated as “Confidential Information.” The Netspective Communications LLC considers this information invaluable, and therefore, all employees who handle such information in the course of their duties are expected to follow these guidelines:

  • Store all confidential documents in locked file cabinets or rooms that are accessible only to those with a business “need-to-know.”
  • Protect all electronic confidential information using firewalls, encryption, and passwords.
  • Clear desks of any confidential information before leaving at the end of the day.
  • Avoid leaving confidential information visible on computer monitors when leaving workstations.
  • Mark all confidential information, whether in written or electronic form, as “confidential.”
  • Dispose of confidential information properly, ensuring that printed documents are shredded before discarding.
  • Refrain from discussing confidential information in public places.
  • Avoid using email to transmit sensitive or controversial information.
  • Limit the acquisition of confidential client data, such as social security numbers, bank accounts, or driver’s license numbers, to cases where it is integral to the business transaction. Restrict access to such data on a “need-to-know” basis.
  • Before disposing of an old computer, use software programs to securely erase the data contained on the computer or have the hard drive destroyed.

Security of Information

Netspective Communications LLC must regularly back up information stored on computer systems to ensure it can be restored when necessary. It is our responsibility to take utmost care in the destruction of sensitive information. When disposing of electronic information related to customers, administrative, and commercial matters, it must be done securely. Sensitive or confidential paper documents should be placed in shredding bins or destroyed as instructed by your department head.

User Responsibilities

  • Users of the system play a crucial role in maintaining data security by following the necessary procedures outlined in the data security policies. It is mandatory for users to promptly report any weaknesses in the Netspective Communications LLC’s computer security, incidents of misuse, or violations of this policy to their immediate supervisor.

  • Employees are expected to:

    • Adhere to data security procedures and policies.
    • Safeguard their user ID and passwords.
    • Notify the IT department of any data security inquiries, issues, problems, or concerns.
    • Assist the IT department in resolving data security problems.
    • Ensure that all IT systems supporting their tasks are regularly backed up to mitigate the risk of loss and minimize recovery costs.
    • Be aware of the vulnerabilities associated with remote access and report any intrusions, misuse, or abuse to the IT department.
    • Understand their responsibilities when storing, securing, transmitting, and disposing of critical information related to the Netspective Communications LLC’s activities, operations, customers, partners, or strategic information about its products and services.

Monitoring of the Computer System

  • The Netspective Communications LLC possesses the right and ability to monitor electronic information generated or transmitted by individuals utilizing Netspective Communications LLC computer systems and networks, which encompasses email messages and internet usage. It is not the Netspective Communications LLC’s policy or intention to continuously monitor all computer activities conducted by employees or other system users.

  • Users of the systems should acknowledge that the Netspective Communications LLC reserves the right to monitor usage, including but not limited to internet usage patterns (such as accessed sites, duration of online sessions, and time of access), as well as employees’ electronic files and messages, to the extent necessary for ensuring compliance with legal requirements and Netspective Communications LLC policies regarding the appropriate use of the internet and other electronic communications.

System Administrator

System administrators, network administrators, and data security administrators shall possess access to the host systems, routers, hubs, and firewalls that are essential for carrying out their responsibilities. All passwords of system administrators will be promptly deleted once an employee with access to these passwords is terminated, dismissed, or no longer employed by the Netspective Communications LLC.

Managers Duty

Supervisors/Managers should promptly and directly contact the Netspective Communications LLC IT Manager to report any change in employee status that necessitates terminating or modifying employee logon access privileges.

Employee Agreement on Data Security Policy

I acknowledge that I have received a copy of the Netspective Communications LLC Data Security policy. I have read and understood the policy. I understand that if I violate the policy, I may face disciplinary action, including termination. Furthermore, I will contact my supervisor if I have any questions regarding any aspect of the policy.

Dated: EMPLOYEE: [Employee’s Authorized Signature] [Employee’s Printed Name and Title] COMPANY: [Company’s Authorized Signature] [Company’s Printed Name and Title]


Approved by
Ajay Kumaran Nair on August 9, 2023 |
Last Updated by
Sreejith K on August 9, 2023