TOMs - Technical & Organisational Measures

Encryption: Full Disk Encryption (BitLocker/FileVault) must be active on all devices used for E Co. work.
Access Control: Devices must be password/biometric protected with a maximum 5-minute auto-lock.
Credentials: Multi-Factor Authentication (MFA) must be enabled on all accounts (Email, Shared Drives, etc.).

Storage: Use E Co. Cloud storage (Google Drive). Avoid local downloads; where necessary, delete immediately after use.
Connectivity: The use of unsecured public Wi-Fi is prohibited unless a reputable VPN is utilized.
Disposal: Securely delete local digital files and cross-cut shred any paper notes containing personal data.

No Public Training: You are prohibited from inputting E Co. Confidential Information or Personal Data (PII) into AI tools (e.g., standard ChatGPT) where "Chat History & Training" is enabled.
Approved Modes Only: Use only Enterprise/Private modes where data is not used for model improvement.
Data Masking: Use placeholders (e.g., "Client X") instead of real names or specific identifiers when using AI for reasoning or drafting.
Human-in-the-Loop: You are 100% responsible for the accuracy of AI-generated content. All outputs must be fact-checked and verified.

Notify privacy@ecoltdgroup.com within 24 hours of any suspected breach or lost device.

Report abuse