WDLT Employee Handbook

DATA PROTECTION

User Access Removal Process/Timeliness:

User access should be removed or modified whenever it is no longer needed,

regardless of the level of sensitivity of the information.

User access removal/modification requests should be submitted through our

company process no later than 24 business hours after it is determined the access is

no longer needed.

SYSTEM REQUIREMENTS

Third Party Systems:

Most systems we use for operations are third party systems (e.g., Therap, Microsoft,

Paycom), with their own secure requirements for user access, usernames, and

passwords. In addition to the protections built into the software/system, whenever

possible, we have modified the third-party system requirements to align with our

protocols for security and confidentiality.

We do not and will not partner with any software company that does not meet our

minimum required system security requirements and that does not continue to

invest in and prioritize data security/system security.

User Login, Passwords, Two-Step Authentication, etc., Requirements:

It is the responsibility of users of our systems and that access our information to

follow all security requirements and to do whatever is deemed necessary to protect

our information.

Users accessing our systems must follow the required login and passwords formats

as defined by the system and must reset passwords according to the system rules

and time requirements. Passwords to systems should be unique to each system (not

the same password for all systems) and should be securely stored to limit

unauthorized access.

Two-step authentication must be enabled on company accessed systems.

Users are only permitted to have one account to access systems / information and

access should be granted utilizing company information, such as an employee’s

company email instead of a personal email account

Made with Publuu - flipbook maker