1. Introduction

This policy outlines guidelines for securing company-owned technology resources at SunWater Spa. Its purpose is to protect company equipment, systems, and networks while promoting responsible technology usage by all employees.

2. Acceptable Use

• Technology resources, including desktop computers, laptops, tablets, phones, and peripherals provided by SunWater Spa, are intended for work-related purposes.

• Personal use of company devices and networks should be limited.

3. Password Security

• Where applicable, use strong passwords for any and all accounts, and change them periodically for added security.

4. Email Usage

• @sunwaterspa.com email accounts are monitored by SunWater Spa and should only be used for work-related communication.

• Be cautious of suspicious emails and report them promptly to management. 

5. Internet Usage

• SunWater Spa monitors all activity on the SW-Secure and SunWater Spa networks.

• Use the internet responsibly and avoid unauthorized sites and downloads.

• Personal browsing on company devices should be kept to a minimum. 

6. Data Protection

• Customer data, including personal contact information and credit card information, should never be recorded or stored outside of our 3rd party scheduling and client management systems (e.g., Book4Time, WaiverFile, RingCentral)

• If personal data must be handwritten, promptly enter the transcribed data into the appropriate secured software system and then immediately shred the transcription.

• Never transmit credit card information via email. 

7. Software and Updates

• Keep software up-to-date to protect against security vulnerabilities. Report any system updates needed for the device's operating system to management. 

• Install only approved software on company devices. Consult with management if any software not already installed is needed for work-related tasks. 

8. Remote Work

• In some cases remote work is an option, and all necessary technology resources will be provided by the company.

• Treat all company-provided equipment as if it were your own. Report any concerns with devices or equipment functionality promptly to management.

9. Incident Reporting

• Report any security incidents or concerns with any technology resource promptly to management.

10. Compliance

• Adhere to this policy to maintain a secure technology environment.

• Any exceptions must be approved by management.

• This policy will be reviewed periodically to ensure relevance and effectiveness.

Created and updated js and dar 5/24/24