The purpose of this policy is to safeguard information and data belonging to Rent 2 Own Co.,Ltd, within a secure environment. To control fraud issues, access company IT equipment.
The purpose of this policy is to safeguard information and data belonging to Rent 2 Own Co.,Ltd, within a secure environment. To control fraud issues, access company IT equipment.
Key IT Security principles
Key IT Security principles
Internet Access Policy
Internet Access Policy
Office equipment Laptop, Desktop, Mac book can access with office primary network like CEO.O Wi-Fi, Operation Wi-Fi, and etc … )
All personal devices like smart phone, tablets shall not access primary network but can access with “R2O Guest Wi-Fi” on every floor.
Viber must not use on office computer except Call Center and Contact Center
Must use Slack app for internal chat room.
Shall not share attached files with the Slack app, it is only for chat rooms by text message.
Can share attached files with Google Drive by email, but for only internal communication.
Everyone must not share company data outside the company.
Personal Email, Gmail must not login on office computer and must not use for job
Every computer shall not download any file from Google Drive, shall not sync with google drive application (must not use by offline )
Every employees’ company data must store on cloud (Google Drive)
Must not use any usb stick on office computer
All office computers shall have a strong password with standard user permission.
Must not have personal profile, data in office equipment computer, tablet
Equipment Access Policy
Equipment Access Policy
Every employee must sign on “IT Equipment Access From” from the IT department, to be responsible for your office equipment.
And if you leave the company, you should inform the HR department and IT department first, through your line manager.
And if the equipment will be damaged by yourself(user fault), you should inform HR and IT through your line manager.
Key IT Security measures
Key IT Security measures
Access control
Access control
Access rights are granted based on the least privilege and the need to know principles. The least privilege principle in access control means there are no access rights at the beginning and the user is only given access rights necessary for his / her type of work, but no higher.
The required access rights shall also be explicitly approved by the Information owner.The need to know principle in access control means the Information owner is responsible to access needs of the user requesting access rights and allow only those access rights which are reflecting the relevant needs of the user.
Information classification
Information classification
Information shall be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification. From the confidentiality point of view, there are four levels of Information classification:
Public – Information explicitly approved for public distribution like web pages, sales brochures and press releases, etc.
Internal – Information used within the Group which is not protected by legal, regulatory requirements or contractual obligations.
Restricted – Information protected by legal, regulatory requirements or contractual obligations. Unauthorized disclosure of Restricted Information could cause serious impact or risks to the Group, its shareholders, partners or clients.
Confidential – Information on business strategy and other crucial decisions, strategic projects and their results etc. Unauthorized disclosure of Confidential Information could cause very serious impact or risks on the Group, its shareholders, partners or clients.
Personal integrity
Personal integrity
Companies shall select employees who are trustful and who are able to manage all their authorities and responsibilities.
All employees shall receive appropriate awareness education and training and regular updates in organizational policies and procedures, as relevant for their job function.
All personal Information relevant to employment shall be classified as Restricted and protected in accordance with the defined rules.
End user rules of behaviour
End user rules of behaviour
The end user is exclusively responsible for securing Information by using all their passwords and other authentication information. Specifically, the end user shall:
keep password confidential, ensuring that it is not disclosed to any other parties, including people of authority,
Page updated
Report abuse