Information Security Policy
Enter Your Hours, LLC depends on its computers, data, and information processing capabilities to provide constant, reliable service to our customers. Every employee is made aware of the security risks and must act in a way that protects the integrity of our data systems. This policy outlines the security structures used to maintain that integrity.
Scope
This policy applies to all employees and customers of Enter Your Hours, LLC as well as data center support staff. The policy is also applicable to all software, databases and structures developed for EnterYourHours.com.
Responsibility for Computer Security
The security contact is responsible for ensuring that the company has adequate computer security and that this policy is observed. Each Enter Your Hours, LLC and data center employee are responsible for protection of our assets, including computers and data. Employees should notify the security contact whenever he or she sees actions that seem to go against this policy.
Security Roles
Administrative – Only the company CIO, system administrator and data center support staff, on a permission basis, will have full administrator rights.
Developer – Developers will be limited to FTP and SQL Server access only for databases and websites that the developer is currently working on. Once a developer is no longer with the company, all passwords to which the developer had access will be changed.
Client – Customer access is limited to software or service use only, and only for that customer’s account.
Confidentiality
All Enter Your Hours, LLC developers are required to sign a confidentiality agreement and must adhere to the strict security standards outlined in the agreement. No employee shall divulge company or client information to outsiders.
Computer Location, Facilities, and Data Backups
The Enter Your Hours, LLC application and website servers are housed offsite in a secure data center.
Closed Circuit Television (CCTV), personalized access cards and highly secure man traps ensure only authorized
personnel have facility access. All door access is monitored, recorded and time stamped on an individual card basis.
The Network Operations Center (NOC) is manned 24 hours a day, 7 days a week and security officers are present round-the-clock.
Database backups occur on a 21-day rolling basis. The latest 7 days of data backups are stored off site.
Firewall
Only the company CIO and system administrator are authorized to make changes to the server firewall. A Juniper firewall limits all traffic except that which is specifically allowed on a per-need basis. Juniper has a solid track record of delivering best-in-class networking and security products
Sanctions
All security incidents, actual or suspected, shall be documented by the security contact and will be addressed immediately. Any violators that have access to the data system will promptly have their access privileges revoked. This includes offending Enter Your Hours, LLC employees and, when appropriate, customers and their employees. The security contact will also adjust security procedures if needed to prevent future incidents.
Security Policy Updates
A yearly review of the Enter Your Hours, LLC security policy will be made to keep in step with the evolving needs, and with changes in local personnel and the external environment.
Contacts
Actual or suspected security incidents should be reported promptly to the security contact:
Carlos Zapata
Chief Information Officer
Enter Your Hours, LLC
Phone: 866-456-9326 ext 715
Email: czapata@enteryourhours.com
|