VASA Fitness Computer Security Policy

 

1. Introduction

 

This Computer Security Policy establishes guidelines and best practices for employees of VASA Fitness regarding the protection and secure handling of computer systems, networks, and sensitive information. This policy applies to all employees, contractors, and third-party vendors who have access to VASA Fitness computer resources.

 

2. Acceptable Use of Computer Systems

2.1 Authorized Use

VASA Fitness computer systems, networks, and software are to be used solely for authorized business purposes. Personal use of these resources should be limited to breaks and non-working hours, as long as it does not interfere with productivity or violate any other policies of the company.

 

2.2 Prohibited Activities

The following activities are strictly prohibited and may result in disciplinary actions, including termination and legal consequences:

a) Unauthorized access to computer systems, networks, or data

b) Installation or use of unauthorized software or hardware

c) Distribution, possession, or viewing of offensive or inappropriate material

d) Engaging in activities that may introduce viruses or malware

e) Attempting to gain unauthorized access to other users' accounts or data

f) Sharing or disclosing confidential information without proper authorization

g) Any activity that violates applicable laws, regulations, or contractual obligations

 

3. Password and Account Security

3.1 Password Protection

Employees must create strong, unique passwords for their accounts. Passwords should be at least 12 characters long and include a combination of upper and lowercase letters, numbers, and symbols. Employees must not share their passwords with others or write them down in an insecure manner.

 

3.2 Password Management

Employees must change their passwords at least every 90 days and refrain from reusing old passwords. Passwords should not be stored in browsers or saved on shared or public devices. Multifactor authentication should be enabled for all accounts wherever possible.

 

3.3 Account Usage

Each employee is responsible for their individual user account and must not allow others to access their account. In case of suspected unauthorized access or compromise, employees must immediately report it to the IT department by submitting a ticket to helpdesk@vasafitness.com.

 

4. Protection of Personal and Financial Data

4.1 Handling of Sensitive Information

Employees must handle personal and financial information, including credit card details, cash, and customer data, with the utmost care. Such information should only be accessed on a need-to-know basis and must never be shared with unauthorized individuals or stored on personal devices.

 

4.2 Payment Processing

When processing payments, employees must adhere to PCI DSS (Payment Card Industry Data Security Standard) requirements. This includes using secure and approved payment systems, encrypting data transmissions, and securely storing cardholder information.

 

4.3 Data Encryption

Sensitive data, including customer information and financial data, must be encrypted when transmitted over public networks or stored on portable devices such as laptops or USB drives.

 

5. Physical Security

5.1 Equipment Security

Employees must ensure that their computers and other devices are physically secure. This includes locking their workstations when unattended, storing laptops in secure locations, and reporting any lost or stolen devices immediately to the IT department.

 

5.2 Clean Desk Policy

Employees must maintain a clean and organized workspace and refrain from leaving sensitive information or access credentials visible to unauthorized individuals. All physical documents containing sensitive data should be properly secured or shredded when no longer needed.

 

6. Reporting Security Incidents

6.1 Security Incident Reporting

Employees must report any suspected or confirmed security incidents, including unauthorized access, data breaches, malware infections, or lost/stolen devices, to the IT department as soon as possible. Prompt reporting enables the company to mitigate risks and take appropriate actions promptly.

 

7. Compliance with Policies

7.1 Employee Acknowledgment

By using VASA Fitness computer resources, employees acknowledge their understanding and agreement to comply with this Computer Security Policy.




VASA Fitness Physical Networking Equipment Policy

 

 

1. Introduction

 

This Physical Networking Equipment Policy outlines the guidelines and expectations for employees regarding the use, handling, and maintenance of physical networking equipment within the organization. It aims to ensure the security, reliability, and proper functioning of the network infrastructure while safeguarding the well-being of employees. All employees are required to comply with this policy.

 

2. Roles and Responsibilities

 

2.1. IT

 

IT is responsible for ensuring the availability and allocation of appropriate physical networking equipment for organizational needs.

IT will provide necessary training and resources to employees to handle networking equipment safely and efficiently.

IT will conduct regular inspections, audits, and maintenance activities to ensure equipment integrity.

 

2.2. Employees

 

Employees are responsible for using networking equipment only for authorized purposes related to their job responsibilities.

Employees must report any damage, malfunction, or security concerns related to networking equipment immediately to IT support via ticket at helpdesk.vasafitness.com or phone at 801 876-4935.

Employees should not attempt to repair or modify networking equipment unless authorized by the IT department.

 

3. Equipment Usage

 

3.1. Authorized Use

 

Networking equipment should be used solely for authorized business purposes.

Employees must not use networking equipment for personal activities, unless specifically authorized by the organization.

Unauthorized or excessive bandwidth consumption, including streaming media or downloading large files, is strictly prohibited.

 

3.2. Access Control

 

Employees should not allow unauthorized personnel to access networking equipment or related areas.

Equipment rooms, cabinets, and closets must be kept locked when not in use.

Employees should report any suspicious individuals or activities near networking equipment areas to their supervisor.

 

4. Equipment Maintenance

 

4.1. Preventive Maintenance

 

Networking equipment may require periodic preventive maintenance as per manufacturer recommendations.

Employees should follow maintenance schedules, guidelines, and procedures provided by the IT department or equipment manufacturer.

Any maintenance or repairs should be performed by authorized personnel only.

 

4.2. Reporting Issues

 

Employees must report any equipment malfunctions, damage, or safety hazards to the IT department promptly.

Equipment that poses a risk to employee safety or network integrity should be isolated or taken out of service, as authorized by IT, until the issue is resolved.

 

5. Security and Safety

 

5.1. Physical Security

 

Networking equipment areas must be physically secured to prevent unauthorized access.

Access to networking equipment rooms or closets should be limited to authorized personnel only.

Visitors should be accompanied by authorized personnel and closely monitored while in networking equipment areas.

 

5.2. Power Management

 

Networking equipment should be connected to appropriate power sources, surge protectors, or uninterruptible power supply (UPS) systems to protect against power fluctuations and outages.

Employees should not overload power outlets or use unauthorized power extension cords.

 

5.3. Environmental Factors

 

Networking equipment should be kept in a controlled environment to ensure optimal performance and longevity.

Employees should avoid exposing networking equipment to extreme temperatures, humidity, dust, or other environmental hazards.

 

6. Non-Compliance and Consequences

 

Non-compliance with this policy may result in disciplinary action, up to and including termination of employment.

Disciplinary measures will be determined by management based on the severity and frequency of the violation.

 

7.Policy Review

 

This policy will be periodically reviewed and updated by IT to ensure its effectiveness and alignment with evolving technologies and industry best practices.

Employees will be notified of any policy changes, and training sessions may be conducted to ensure awareness and compliance.