Security Policy
Fast Easy Accounting Store Data Security Policy
Data security policy: Employee requirements
1.0 Purpose
Fast Easy Accounting must protect restricted, confidential or sensitive data from a loss to avoid reputation damage and to avoid adversely impacting our customers. The protection of data in scope is a critical business requirement, yet flexibility to access data and work effectively is also critical.
It is not anticipated that this technology control can effectively deal with the malicious theft scenario, or that it will reliably detect all data. Its primary objective is user awareness and to avoid accidental loss scenarios. This policy outlines the requirements for data leakage prevention, a focus on the policy and a rationale.
2.1 Scope
2.1 Scope
1. Any employee, contractor or individual with access to Fast Easy Accounting systems or data including:
- Financial
- Restricted/Sensitive
- Confidential
3.1 Policy Employee requirements
1. You need to agree to uphold the acceptable use policy.
2. If you identify an unknown, un-escorted or otherwise unauthorized individual in Fast Easy Accounting, you need to immediately notify Randal L. DeHart or the nearest senior officer of Fast Easy Accounting.
3. Visitors to Fast Easy Accounting must be escorted by an authorized employee at all times. If you are responsible for escorting visitors, you must restrict them appropriate areas.
4. You are required not to reference the subject or content of sensitive or confidential data publicly, or via systems or communication channels not controlled by Fast Easy Accounting. For example, the use of external e-mail systems not hosted by Fast Easy Accounting to distribute data is not allowed.
5. Please keep a clean desk. To maintain information security you need to ensure that all printed in scope data is not left unattended at your workstation.
6. You need to use a secure password on all Fast Easy Accounting systems as per the password policy. These credentials must be unique and must not be used on other external systems or services.
7. Terminated employees will be required to return all records, in any format, containing personal information.
8. You must immediately notify Randal L. DeHart or the nearest senior officer of Fast Easy Accounting. in the event that a device containing in scope data is lost (e.g. mobiles, laptops, etc.).
9. In the event that you find a system or process which you suspect is not compliant with this policy or the objective of information security you have a duty to inform Randal L. DeHart or the nearest senior officer of Fast Easy Accounting. so that they can take appropriate action.
10. If you have been assigned the ability to work remotely, you must take extra precaution to ensure that data is appropriately handled. Seek guidance from Randal L. DeHart or the nearest senior officer of Fast Easy Accounting. if you are unsure as to your responsibilities.
11. Please ensure that assets holding data in scope are not left unduly exposed, for example, visible in the back seat of your car.
12. Data that must be moved within Fast Easy Accounting is to be transferred only via business provided secure transfer mechanisms (e.g. encrypted USB keys, file shares, email, etc.). Fast Easy Accounting will provide you with systems or devices that fit this purpose. You must not use other mechanisms to handle in scope data. If you have a query regarding the use of a transfer mechanism, or it does not meet your business purpose, you must raise this with Randal L. DeHart or the nearest senior officer of Fast Easy Accounting.
13. Any information being transferred to a portable device (e.g. USB stick, laptop) must be encrypted in line with industry best practices and applicable law and regulations. If there is doubt regarding the requirements, seek guidance from
Randal L. DeHart or the nearest senior officer of Fast Easy Accounting.
Data security policy: Data Leakage Prevention - Data in Motion
1.0 Purpose
Fast Easy Accounting must protect restricted, confidential or sensitive data from a loss to avoid reputation damage and to avoid adversely impacting our customers. The protection of in scope data is a critical business requirement, yet flexibility to access data and work effectively is also critical.
It is not anticipated that this technology control can effectively deal with the malicious theft scenario, or that it will reliably detect all data. Its primary objective is user awareness and to avoid accidental loss scenarios. This policy outlines the requirements for data leakage prevention, a focus on the policy and a rationale.
2.1 Scope
1. Any Fast Easy Accounting device which handles customer data, sensitive data, personally identifiable information or company data. Any device which is regularly used for e-mail, the web or other work related tasks and is not specifically exempt for legitimate business or technology reasons.
2. The Fast Easy Accounting information security policy will define requirements for handling of information and user behavior requirements. This policy is to augment the information security policy with technology controls.
3. Exemptions: Where there is a business need to be exempted from this policy (too costly, too complex, adversely impacting other business requirements) a risk assessment will be conducted being authorized by security management.
3.1 Policy
1. Where there is an active concern of data breach, the IT incident management process is to be used with specific notification provided to Randal L. DeHart or the nearest senior officer of Fast Easy Accounting.
4.1 Technical guidelines
Technical guidelines identify requirements for technical implementation and are typically technology specific.
1. The technology of choice is Randal L. DeHart or the nearest senior officer of Fast Easy Accounting.
2. The product will be configured to identify data in motion to Browsers, IM Clients, E-mail clients, Mass storage devices and writable CD media.
5.1 Reporting requirements
1. Report incidents to Randal L. DeHart or the nearest senior officer of Fast Easy Accounting.
2. High priority incidents discovered by IT should be immediately flagged with Randal L. DeHart or the nearest senior officer of Fast Easy Accounting.
Data security policy: Workstation
1.0 Purpose
Fast Easy Accounting must protect restricted, confidential or sensitive data from a loss to avoid reputation damage and to avoid adversely impacting our customers. A collection of global regulations (such as Randal L. DeHart or the nearest senior officer of Fast Easy Accounting.) also requires the protection of a broad scope of data, which this policy supports by restricting access to data hosted on Randal L. DeHart or the nearest senior officer of Fast Easy Accounting. devices.
2.1 Scope
1. All Fast Easy Accounting workstations – desktops and laptops
2. All Fast Easy Accounting virtual machines.
3. Exemptions: Where there is a business need to be exempted from this policy (too costly, too complex, adversely impacting other business requirements) a risk assessment will be conducted being authorized by security management.
3.1 Policy
1. Fast Easy Accounting’s Acceptable Use Policy (AUP) and security awareness training must require users to notify Randal L. DeHart or the nearest senior officer of Fast Easy Accounting. if they suspect, they are not in compliance with this policy as per the AUP.
2. The AUP and security awareness training must require users to notify Randal L. DeHart or the nearest senior officer of Fast Easy Accounting. of any device which is lost or stolen.
3. The Randal L. DeHart or the nearest senior officer of Fast Easy Accounting. the help desk will be permitted to issue an out-of-band challenge/response to allow access to a system in the event of failure, lost credentials or other business blocking requirements.
4. Configuration changes are to be conducted through the Randal L. DeHart or the nearest senior officer of Fast Easy Accounting. change control process, identifying risks and noteworthy implementation changes to security management.
4.1 Technical guidelines
Technical guidelines identify requirements for technical implementation and are typically technology specific.
1. Randal L. DeHart or the nearest senior officer of Fast Easy Accounting will review the process.