10.5
Access to Data Systems and Passwords Computer system passphrases are confidential and may never be shared with anyone. Employees are not permitted to bypass or attempt to override the established security systems in place. Employees are not to use accounts or passphrases issued to another employee. Should an employee need
will only be required to change it if the account becomes unsecured or compromised in some way. Employees must only use their passphrase for COPC Windows accounts and for no other accounts or services. Employees will never be asked for their passphrase; any attempt to retrieve a passphrase must be reported to the employee’s manager immediately. If an attempt at retrieving a passphrase is made, gather all possible information when reporting. Employees are required to log out or secure (lock) their workstation when away for any length of time. If access is required to a locked workstation, IT will be required to log the employee out and anything left open will be closed with the possibility of data loss.
to gain access into another user’s account, the manager should request approval from the CHRO of COPC. The passphrase will be reset for that account as appropriate, to maintain secure access. COPC uses passphrases as a security mechanism for all user accounts. Passphrases are, at minimum, twenty-six (26) characters in length and require some kind of special character (e.g. !,?,#). This passphrase will never expire, and users Email Employees must understand that any messages they send outside of the Company (i.e., over the internet) are not secure unless they are encrypted. Any email with PHI or PII must be encrypted when Data Confidentiality Employees should not disclose any of the data or information residing on the Company’s systems to anyone unless they are certain the person has the right and a need to receive it. The Company’s data and information should only be disclosed to non- Company personnel if the employee has received written permission from Company management. Proper Use of Data Systems Employees are prohibited from using the Company’s equipment or systems for any illegal purpose. Employees are also prohibited from attempting to interfere with or disrupt any network users, services, or equipment. Examples of such prohibited conduct includes forging, deleting, examining, copying, or modifying files and/ or data belonging to other users without their prior consent. Attempts to send unsolicited, nonbusiness-related junk mail, “for profit” messages, or chain letters is prohibited. Employees should not expect any privacy in creating, sending, or receiving communications in the workplace, regardless of whether they have been assigned
10.6
sent. Employees are not to initiate or forward chain emails. (Chain emails are sent to a number of people asking each recipient to send copies of the message to other people as well.)
10.7
In addition, employees may not remove any data or information from the Company’s systems in the form of tapes, discs, printed reports, USB drives, or any other media from the Company’s premises nor store any Company data in private, non- Company-owned cloud storage services, unless it is part of their normal job duties.
10.8
or use a password or security code. Further, employees should not expect any privacy in any of their communications, even those communications that have been deleted from the system, such as emails, since such messages may often be retrieved after being erased. COPC employees are not to use Company equipment in a manner that would violate any federal, state, or local laws, for personal gain, to send chain letters, to solicit money for religious or political organizations, for any use that might cause embarrassment to the Company or for any purpose unrelated to Company operations.
Questions and concerns can be directed to your immediate supervisor, Human Resources (614) 304-2080 or the Compliance Hotline (866) 539-5813
Made with FlippingBook - professional solution for displaying marketing and sales documents online