Policies

IT Department Policy for Tolo Travel & Tours

Section 1: Password Security

  1. Complex Passwords:
    • Employees must create passwords with a minimum length of 12 characters, including a mix of uppercase and lowercase letters, numbers, and symbols. Passwords should not contain easily guessable information such as birthdates, names, or common words.
    • Passwords must be unique for each account and changed every 90 days to maintain security.
  1. Password Sharing Prohibition:
    • Under no circumstances should employees share their passwords with anyone, including colleagues, supervisors, or IT support staff. The IT department will never request passwords via email or phone for any reason.
  1. Utilizing Password Managers:
    • Employees are required to utilize the company-provided password manager for storing, and managing, complex passwords associated with work-related accounts and systems.

Section 2: VPN Usage Guidelines

  1. Company-Approved VPN:
    • Employees are required to use the company-provided VPN when accessing company resources remotely. Personal VPNs on work devices are strictly prohibited unless explicitly authorized by the IT department.
  1. Responsible VPN Use:
    • The company VPN should solely be used for authorized work-related activities. Any misuse, including accessing unauthorized websites or services, is strictly prohibited and may result in disciplinary action.

Section 3: Device Security Protocols

  1. Locking Devices:
    • All work devices (laptops, tablets, smartphones) must be configured to lock automatically after a period of inactivity. Employees are required to manually lock devices when stepping away from their work area.
  1. Physical Security:
    • Employees are responsible for the physical security of their devices. Devices should not be left unattended in public places or visible in unattended vehicles. Devices must be stored securely when not in use, and access to work areas should be restricted to authorized personnel.

Section 4: Care of Laptops and Work Devices

  1. Physical Care:
    • Employees are expected to handle company-issued laptops and devices with care to prevent damage. Avoid exposure to extreme temperatures, moisture, or physical impact that may compromise device functionality.
    • Notify the IT department immediately in case of any accidental damage or malfunction. Do not attempt repairs without authorization to prevent voiding warranties or causing further damage.
  1. Device Maintenance:
    • Regularly update and maintain devices as per IT guidelines. Software updates, antivirus scans, and security patches should be applied promptly to ensure device security.

Section 5: Compliance

  1. Compliance:
    • All employees are required to adhere to these policies to maintain the security and integrity of company data and resources.