Destiel

Destiel Access and Security Policy

This Access and Security Policy outlines the guidelines and procedures for managing access to Destiel's information systems and ensuring the security of organizational data. This policy aims to protect the confidentiality, integrity, and availability of Destiel’s resources.

1. Purpose

The purpose of this policy is to establish a framework for granting, monitoring, and managing access to Destiel's information systems and to ensure the security of organizational data.

2. Scope

This policy applies to all volunteers, employees, contractors, and any other individuals who are granted access to Destiel's information systems.

3. Access Management

Authorization

  • Access to Destiel’s information systems will be granted based on the principle of least privilege, ensuring individuals have the minimum level of access necessary to perform their duties.
  • Access requests must be approved by the individual’s supervisor and the IT department.

User Accounts

  • All users will be provided with unique user accounts. Sharing of user accounts is strictly prohibited.
  • User accounts will be created, modified, and disabled by the IT department upon approval.

4. Password Management

  • Users must create strong passwords that comply with Destiel’s password policy.
  • Passwords must be changed at regular intervals and must not be reused.
  • Users are responsible for maintaining the confidentiality of their passwords and must not share them with others.

5. Security Measures

Data Protection

  • All organizational data must be stored on approved systems and devices. Storage of organizational data on personal devices is prohibited.
  • Data encryption must be used for sensitive and confidential information.

Access Controls

  • Access controls must be implemented to restrict access to sensitive information based on the user’s role and responsibilities.
  • Access to systems and data must be logged and monitored regularly.

6. Use of Online Subscriptions and Shared Accounts

  • Volunteers are prohibited from changing login credentials or account settings for any online subscriptions or shared accounts provided by the Organization.
  • Unauthorized changes or misuse of these accounts may result in termination and legal actions.

7. Incident Reporting

  • All security incidents, including unauthorized access, data breaches, and any other suspicious activities, must be reported immediately to the IT department.
  • The IT department will investigate and take appropriate actions to mitigate the incident.

8. Training and Awareness

All users will receive training on access and security policies and procedures. Regular updates and refreshers will be provided to ensure ongoing awareness and compliance.

9. Monitoring and Compliance

  • All activity across Destiel.org and Office 365 is monitored to ensure compliance with organizational policies.
  • Regular audits will be conducted to ensure adherence to this policy and identify any potential security risks.

10. Consequences of Non-Compliance

Non-compliance with this policy may result in disciplinary action up to and including termination of volunteer or employment status.
Legal actions may be pursued in cases of unauthorized access, data breaches, or other violations of this policy.

11. Acknowledgment and Acceptance

By signing below, the individual acknowledges that they have read, understood, and agree to adhere to the terms and conditions outlined in this Access and Security Policy.

Volunteer Name:  
Date: December 9, 2024

Volunteer Signature: 

Leave this empty:

Signature arrow sign here


Signature Certificate
Document name: Destiel Access and Security Policy
lock iconUnique Document ID: 61edf1b0154c45b6f9403fae2d375d4c215f9662
Timestamp Audit
November 17, 2024 12:05 pm CSTDestiel Access and Security Policy Uploaded by Team Destiel - IP 108.92.171.89