again the most minor of normally overlooked clauses have saved our collectives asses when things turn rough with a particular client. Proposal Kit IS the reason we are still in business; a PROFITABLE BUSINESS after all these years."
company name CONFIDENTIAL Incident Report. Security Date Reported. current date Employee. contract first name contract last name Department. department Supervisor. supervisor manager Date Time of Injury. Insert Incident Date and Time Point of Contact POC Information Name. Phone. Job title of signator authorized signature or signer. Email. Instructions. Point of Contact must complete the following form and file it with the Security Department as well as the Human Resources Department.
The following is high level description of the incident for summary purposes only. Distribution of this report is limited to the following departments on NEED TO KNOW basis only. If you have any questions related to this summary please contact Contact at Contact Method for more information. Description of Incident Intrusion Describe the injury as well as the events or what happened to cause this incident. Attach additional pages if necessary. Witnesses Did anyone witness the incident or evidence of the incident after it occurred. Yes No. Name of Witnesses. Type of Intrusion Please check all that apply. Intrusion Data Breach. Theft. Malware Trojan Virus. Compromised System Physical Intrusion. Other.
Intrusion Location and Information. Name Address Phone if applicable Notes. Effect of Intrusion Please check all that apply. Loss of Data Unauthorized Access of Data. Theft. Degradation of Service Interruption of Service. Physical Damage to System Unauthorized Escalation of Privileges Physical Intrusion. Other. Additional Information.
Notes. Systems Affected Insert the systems this intrusion affected. Notes. Intrusion Discovery Describe how where and by whom this intrusion was first detected.
Notes. Communication Notification Describe the notifications and communication that were carried out at every step. Also describe any initial notification follow up resolutions and communication that still need to be made at this stage. Notes. Evidence and Documentation Describe the evidence and documentation logging files etc. that have been gathered at each step and indicate by whom they were gathered. Attach additional sheets if necessary. Notes. Incident Response
Describe the work flow of the incident response including personnel involved at each stage and all actions taken. Attach additional sheets if necessary. Notes. Corrective Action Taken and Incident Resolution Describe the corrective actions taken including names of parties responsible for those actions to address each system impacted by the intrusion. Attach additional sheets if necessary. Notes. Conclusion and Findings Insert conclusions reached at this stage. Attach additional sheets if necessary. Conclusions may include.
The root or proximate cause of this incident. Precautions that could have prevented this. The direct and indirect impact on the Company and its systems customers users employees etc. The estimated cost to investigate respond to and correct the intrusion. The steps that have been taken to prevent the incident from happening again and to limit further interruption. The additional actions research or communication that need to happen. Notes.
Point of Contact Signature. Date. Supervisor Signature. Date. For Office Use Only Received By signator authorized signature or signer. Human Resources Manager Date Security Department Manager Date cc. Insert Executive Here if Applicable address address city state or province zip or postal code Phone phone number
SMARTPHONE AND PERSONAL DIGITAL ASSISTANT PDA USAGE POLICY The purpose of this policy is to set forth Company Smartphone and Personal Digital Assistant PDA Usage Policy by which employees and contractors will abide while using leasing or otherwise making use of Personal Digital Assistant PDA devices. The intention of this policy is to provide proper guidance to employees and contractors who make use of PDAs during the course of their work with company name. As an employee or contractor of company name you are required to comply with this policy at all times. Terms and Conditions The Personal Digital Assistant PDA Usage Policy is as follows. 1. Definitions. For the purpose of this Smartphone and Personal Digital Assistant PDA Usage Policy PDA shall be defined as hand held computing device tablet or phone smartphone that provides Internet access wireless or otherwise software applications communication and email services and network connectivity through cellular Wi Max Wi Fi or other networks. 2. Approved List of Devices Hardware.
Due to the changing nature of Smartphone and PDA devices company name shall only support limited number of hardware devices and configurations. This is done in order to provide employees with high level of support while ensuring enough flexibility for employees to select the appropriate PDA that meets their job requirements. This approved list is subject to change and may be amended to adapt to specific Company needs and requirements. The following hardware shall be supported. Insert Supported Hardware Here 3. Approved List of Software and Technologies. In order to effectively interface with Company resources networks mail servers and other communication systems the following software and technologies shall be required to be used for the following Company tasks. There shall be no exception to this list without prior written approval from IT Department Manager etc. Due to the changing nature of PDA devices company name shall only support limited number of hardware devices and configurations. This approved list is subject to change and may be amended to adapt to specific Company needs and requirements. The following required software and technologies shall be used for the following tasks. Email Calendar Client Insert Supported Software or Requirement Here Docking Hot Synch or other Synchronization Systems
Insert Supported Software or Requirement Here Operating Systems OS Insert Supported Software or Requirement Here Virtual Private Networking VPN Insert Supported Software or Requirement Here FTP SFTP or SSH Access Insert Supported Software or Requirement Here Instant Messenger IM or Chat Programs Insert Supported Software or Requirement Here
Other Software Systems Insert Supported Software or Requirement Here 4. Use of Personal PDAs. Employees may use PDAs that they own or lease provided that they meet the above guidelines AND that they have written permission from IT Department Manager etc. 5. PDA General Usage Policies. Use of PDAs by Company employees and contractors shall be governed by the Company Internet Access and Asset Usage Policy as well as the Company Wireless Network Usage Policy. Copies of these policies may be obtained from the Company Human Resources Department.
* All PDAs provided to employees and contractors may not be used for commercial or other activities from which they directly or indirectly personally profit or have profit motive. * All PDAs must have the Company required applications and security software installed prior to accessing Company resources or networks. Employees must have the Company IT Department review and certify that all PDAs meet the Company Network Security Policy prior to their use. * All PDAs shall make use of access control systems and encryption. * All PDAs and software running on PDAs must use complex passwords and secure digital certificates for remote access. * All PDAs shall make use of self updating or software that automatically updates itself to ensure that the devices comply with the Company Network Security Policy. * All PDAs whether owned by the employee or not shall be subject to on demand audits by the IT Department or Managers to ensure compliance with the Company Network Security Policy.
* All PDAs provided to employees and contractors must be serialized and recorded into Company Inventory. This includes all PDAs purchased by employees or contractors that they are later reimbursed for. 6. PDA Usage and Your Health and Safety. Improper usage or overuse of PDAs can lead to injury tendinitis or swelling of tissues and joints. The following is provided to help you avoid such injury while you use your PDA. If you have questions or concerns or would like demonstration of these safety techniques please contact the Human Resources Department. Proper use of your PDA includes.
* Taking frequent breaks from using your PDA. * Immediately stopping use if you experience any of the following symptoms. pain in your thumb fingers wrist joints or anywhere else on your body. * Immediately stopping use if your hands or extremities feel numb or are tingling. * Avoiding typing for more than few minutes at time. * Avoiding typing only with your thumb. * Making sure that your wrists are in an upright position and not flexed or bent when typing. Try placing support underneath your PDA whenever possible. The American Physical Therapy Association recommends the following simple exercises. * Tap each finger with the thumb of the same hand. Repeat five times. * Alternate tapping the palm of your hand and the back of your hand against your thigh as quickly as you can. Repeat times.
* Open your hands and spread your fingers as far apart as possible. Hold for seconds and repeat eight times. * Fold your hands together and turn your palms away from your body as you extend your arms forward. You should only feel gentle stretch. Hold for seconds and repeat eight times. * Fold your hands together turn your palms away from your body and extend your arms overhead. You should feel the stretch in your upper torso and shoulders to hand. Hold for seconds and repeat eight times. 7. Responsibility and Storage of PDAs. Company employees and contractors accept responsibility for any loss or damage that may occur that is deemed by the Company to be excessive and beyond what would be consider normal wear and tear. The following guidelines have been provided to aid employees and contractors with the physical safety and responsible storage of their PDAs. * PDAs should never be stored in locked car glove compartment rooftop luggage system trunk or in plain view in order to avoid theft and damage from severe temperature changes. * Employees or contractors traveling by air must carry all PDAs onboard their flight with them. This is to prevent accident loss or theft of sensitive data from checked baggage as well as potential damage that may occur from storing the PDA in non pressurized environment. * PDAs should never be put through the metal detectors at airport security screening checkpoints. Employees or contractors should be aware that they may be required to power up their PDA at such checkpoints and failure to do so may result in the PDA being impounded or seized by Airport Security. To ensure compliance with Company policies you should make sure that your PDA is sufficiently charged prior to traveling by air.
8. Modification of Agreement. Company reserves the right to add modify or delete any provision of this Agreement at any time and without notice. Company reserves the right to restrict any access right at any time whether violation of this Agreement occurs or not. Company reserves the exclusive right and will be the sole arbiter as to what constitutes violation of any of these provisions. 9. Improper or Illegal Conduct. Failure to adhere to the policies and provisions of this Agreement may result in disciplinary actions and or termination. The following shall be construed as violations. a Allowing access to any restricted information by individuals or purposefully allowing individuals to gain access to PDA for non company or non authorized activities. b Allowing any dangerous or restricted software or application to be installed on the PDA at any time. c Engaging in any behavior with PDA that would violate the Company Wireless Network Usage Policy or Company Internet Access and Asset Usage Policy.
10. Consequences of Violation. If Company becomes aware of an alleged violation of any of the terms contained in this Agreement or any other policy that has been posted on its web site made available to employees or contractors via email or posted in any other form Company shall initiate an investigation. During the investigation Company may restrict access to the employees PDA whether personally owned or otherwise in order to prevent further possible unauthorized activity. Company may at its sole discretion restrict suspend or remove employees PDA without notice or refund or pursue civil remedies as it deems necessary. Company shall notify the appropriate law enforcement department of any such violations. Company shall not be responsible for any payment refunds or compensation in any way for service disruptions or termination resulting from violations of this Agreement. Effective Date. current date
company name WIRELESS NETWORK USAGE POLICY This policy sets forth guidelines for expected conduct and defines the conditions under which an employee contractor vendor or any other person user may use Wireless Networks or other Internet Access Points including but not limited to. Company Internet access; its private network ; its vendors suppliers and partners networks and its email system or any other access point or connection resource while conducting business for or on behalf of the Company. 1. Introduction. The Company makes available its various assets hardware software services and computer network in order to allow its employees access to resources to effectively execute their job functions and duties. This policy defines the Companys official policy regarding Internet connectivity and usage. Before access to the Internet via the company network is approved the user is required to read and sign the Wireless Network Usage Policy.
2. Definitions. Authorized Use Authorized Use shall mean any use of wireless network access points or hot spots which is deemed to be necessary and consistent with the execution of the individual duties and obligations of employees contractors and staff associated or employed by the Company. Authorized Users Authorized Users shall mean all current employees contractors vendors or staff who are authorized by the Company to use specific network or computing resource by the department responsible for overseeing or managing the resource. Non authorized Users Non authorized Users shall mean anyone including but not limited to employees contractors vendors staff or anyone else who are NOT authorized by the Company to use specific network or computing resource by the department responsible for overseeing or managing the resource. Mobile Computing Equipment or Devices Mobile Computing Equipment or Devices shall mean any handheld PDA cell phone or other computing or communication device which is not physically connected to Company network environment.
Public Wireless Networks Public Wireless Networks or Internet Hotspots shall mean any device appliance or broadcast which offers access to the Internet. Untrusted Wireless Networks Untrusted Wireless Networks shall mean an insecure Public or Private Wireless Network or Internet Hotspot which offers access to the Internet and which does not employ SSL or secure encryption. 3. Company Wide Standards. Use of mobile computing devices by Company employees and contractors shall be governed by the Company Internet Access and Asset Usage Policy as well as this Company Wireless Network Usage Policy. Copies of all Company policies may be obtained from the Company Human Resources Department. Users are expected to use mobile computing equipment responsibly and professionally and shall make no intentional use of the equipment or internet services in an illegal malicious or obscene manner.
The following rules shall apply to all use of Wireless Networks by mobile computing devices. * Access to internal Company network resources or internal systems from public wireless networks must be obtained using secure encrypted connections and secured at the device level through virtual private network VPN session and connection. * Employees may make personal use of the Internet subject to the Company Acceptable Use Policy see below so long as there is no negative security impact or impact on the performance of the employees obligations and duties that creates an unreasonable cost to the Company. * Sending or receiving personal email shall be allowed so long as any email that is sent using Company email account has the authorized company disclaimer at the bottom of the email stating that the contents of this message may not represent the views of the Company. * Use of any company mobile computing equipment or accessing company network resource or Internet access point implies an agreement to abide by all Company policies and procedures in existence governing such use. * Use of any company mobile computing equipment must be secured in accordance with the security standards set forth in the Company Network Access and Security Policy. * Mobile computing devices or wireless access may not be used for commercial or other activities from which they directly or indirectly personally profit or have profit motive. * All mobile computing devices must have the Company required Applications and Security Software installed prior to accessing Company resources or Networks. Employees must have the Company IT Department review and certify that all mobile computing devices meet the Company Network Security Policy prior to their use.
* All mobile computing devices shall make use of access control systems and encryption. * All mobile computing devices and software running on mobile computing devices must use complex passwords and secure digital certificates for remote access. * All mobile computing devices must be configured to require hardware BIOS password upon start up which must be changed every months. * All mobile computing devices shall make use of self updating or software that automatically updates itself to ensure that the devices comply with the Company Network Security Policy. * All mobile computing devices whether owned by the employee or not shall be subject to on demand audits by the IT Department or Managers to ensure compliance with the Company Network Security Policy. * All mobile computing devices provided to employees and contractors must be serialized and recorded into Company Inventory. This includes all mobile computing devices purchased by employees or contractors that they are later reimbursed for. * All mobile computing devices that connect to an untrusted network must meet the following minimum security and safety standards including.
o The most recent versions of Company approved anti virus and firewall applications must be installed. o The most recent versions of spyware and malware applications must be installed. o All digital certificates used must be current and non expired. o All logins and access must be conducted over SSL HTTPS. o Active intrusion detection and countermeasures must be in place. o Internet and network activity monitoring and reporting must be active and enabled. 4. Training and Education. Employees who will use mobile computing devices and wireless Internet access may be required to participate in network security awareness training in order to educate themselves on the specific dangers and risks that may accompany access to public wireless Internet access points. The goal of such training is to equip our employees with the knowledge and tools they need in order to comply with Company policies concerning data and network security while traveling outside of the Company office. Department managers shall document and retain evidence of training provided to each user.
5. Sensitive and Confidential Information. Every employee contractor or staff member has the obligation to protect sensitive and confidential information. All mobile computing users who make use of wireless networks must use VPN encryption protocols when sending or transmitting sensitive or confidential information in any form. No employee contractor or staff member should ever access an internal company network resource without being secured by VPN encryption protocols as all Company internal networks network resources or other internal assets shall be deemed sensitive and confidential information. 6. Definition of Unacceptable Use of Wireless Networks. Unacceptable use shall be defined as but not limited to the following examples. * Using the Internet for personal commercial purposes. * Sending bulk unsolicited email Spam.
* Engaging in file sharing or Peer to Peer Networking P2P. * Accessing Social or Professional Networking Sites MySpace. com Facebook. com etc. Blogging Platforms Blogger Blogspot etc or other sites that are non essential to the performance of your job duties and obligations. * Disseminating any confidential information about the Company or its customers. * Downloading or using excessive amounts of internal Company bandwidth or external Internet resources i. e. paid Internet access billed to the Company or reimbursed in some way to employee contractor or staff member for non essential non work related activities. * Downloading Shareware or Freeware programs or software that have not been authorized while on wireless network.
* Installing ANY software on Company computer or other asset without prior approval from manager or supervisor while on wireless network. * Compromising the security of the Company network company computers or any other company resource by engaging in unacceptable usage of the Internet. * Knowingly causing someone to view content that may be deemed as obscene immoral or illegal or that may cause the Company to be held liable for discrimination or obscenity. * Knowingly causing disruption or interference with any network or user whether associated with the Company or not. * Searching for requesting acquiring storing or disseminating images text or data that are pornographic whether legal or not or that negatively depict race religion sex age or creed. * Conducting third party business or personal business enterprise not benefiting the Company participating in political or religious activity engaging in illegal or fraudulent activities or knowingly disseminating false or otherwise libelous materials. * Engaging in online gaming or gambling while on wireless network. * Accessing any Company resource or asset that is not within the scope of the users normal work and job functions. Examples include but are not limited to. customer information personnel files and data or any other documents not required for the proper execution of the users normal job functions or duties.
* Any other illegal purpose whether listed here or not whether through wireless network or not that would encourage or conduct criminal activity offense exposure to civil liability or otherwise violate any regulations local state national or international law including without limitations US export control laws and regulations. 7. Consequences of Violations. Violations of the Wireless Network Usage Policy are logged and documented. Violations may lead to revocation of the employees Internet access privileges and or may lead to disciplinary action including termination. The Company also reserves the right to pursue legal remedy for damages incurred as result of an employees violation. Certain illegal activities will require that Company immediately notify or comply with the proper authorities upon discovery. The Company reserves the right to examine any users Email Account Web Logs Chat Logs or any other information passed through Company resources or Network or stored on Company computers at any time and without prior notice.
8. Inappropriate Use of Resources. Inappropriate use of resources shall be defined as engaging in any activities by users that are inconsistent with the business needs and goals of the Company. Engaging in any activity that adversely affects the users productivity will not be tolerated. When you access the Internet for business purposes you are representing the Company with each site or activity you engage in. Special attention must be paid to such activities that do not directly contribute to the fulfillment of the employees job description or duties. 9. Responsibility for Online Activities. Users are responsible for their online activities. Each employee must indemnify the Company from all claims of loss whether direct or indirect and from any consequential losses suffered by the Company due to breach of the Company Wireless Network Usage Policy. Company is not responsible for users who display store or otherwise transmit any personal information such as passwords banking information credit card numbers social security or tax ID numbers or make use of Internet passports or wallets. Company shall not be held liable for damages resulting from any loss of such information abuse by other parties or any consequential loss of personal property or injury resulting from the storage or loss of such information.
The practices described in this Wireless Network Usage Policy are current as of current date. Company reserves the right to modify or amend this policy at any time. Appropriate notice will be given to all employees contractors vendors or other users of Company resources governed under this Agreement concerning such amendments. Effective Date. current date I hereby declare that have read and fully understand my duties and obligations set forth in the above Wireless Network Usage Policy for company name and will uphold these duties and obligations at all times. EXECUTED as of the date first written above. contract first name contract last name By signator authorized signature or signer. Job title of signator authorized signature or signer. Date when the contact was signed
company name By signator authorized signature or signer. Job title of signator authorized signature or signer. Date when the contact was signed Company Initials Employee Initials