SunWater Spa Email Policy and Procedures

1.      Login for Google Admin - admin@sunwaterspa.com

2.      Naming Convention - firstname.lastname@sunwaterspa.com

3.      Email Groups and Aliases

o   tech@sunwaterspa.com – facilities and IT – goes to spa director and IT manager

o   everyone@sunwaterspa.com – all users in the organization

o   info@sunwaterspa.com – goes to cloud@sunwaterspa.com

4.  Two-Factor Authentication (2FA)—This is not enforced for all accounts

5.  Password Requirements –

o   Must be at least 8 characters long.

o   Must include a combination of uppercase letters, lowercase letters, numbers, and special characters.

o   Must not be easily guessable or based on personal information (e.g., name, birthdate)

o   Must be changed every 180 days.

o   Cannot reuse any of the last 5 passwords.

o   Passwords must be stored securely and never shared.

o   Users are encouraged to use a password manager for secure storage.

o   Users must maintain the confidentiality of their passwords.

o   Users must report any suspicious activity or potential breaches immediately.

6.  Access Control

o   Access to Google Admin is restricted to the IT Manager and the Spa Director

o   The company reserves the right to access and monitor email accounts to ensure compliance with this policy.

o   Employees should have no expectation of privacy regarding email communications.

7.  Email Policies and Best Practices

o   Use company email primarily for business-related purposes.

o   Personal use should be minimal and not interfere with work responsibilities.

o   Maintain a professional tone and language in all emails.

o   Use clear and concise subject lines and content.

o   Do not share confidential or sensitive company information via email without proper authorization.

o   Use encryption for sending sensitive data when necessary.

o   Do not use company email for illegal activities, harassment, or transmitting offensive content.

o   Avoid using company email for personal business or commercial purposes unrelated to the company.

o   Do not open attachments or click links from unknown or suspicious sources.

o   Report any suspicious emails to the IT department immediately.

o   Use the company signature template for all business emails.

o   Avoid using all caps, excessive punctuation, or informal language.

o   Regularly delete unnecessary emails to manage mailbox size and performance.

o   Use clear, descriptive, color-coded labels for the organization of emails.

8.  Access and Monitoring –

o   The company reserves the right to access and monitor email accounts to ensure compliance with this policy.

o   Employees should have no expectation of privacy regarding email communications.

9.  Training and Support

o   Provide Email Best Practices to all employees with an email address.

o   Provide support and training for all employees not familiar with gmail or as needed.

10.   Monitoring and Maintenance

o   Perform regular audits of email accounts and access logs.

o   Check for unauthorized access and compliance with policies

o   Test recovery procedures regularly.

o   Stay updated with new features and security updates from Google.

o   Upgrade plans as the company grows and needs evolve.

11.   Employee Departures

o   Immediately suspend the departing employee’s email account to prevent unauthorized access.

o   Set up email forwarding to a manager or relevant team member to ensure business continuity.

o   Review the departing employee’s emails for important information.

o   Delete the account after 90 days and transfer drive data to deborah.rector@sunwaterspa.com

Updated 11/15/24