Information Security Policy

The shop handles information daily and must have adequate safeguards to protect both our privacy and that of our suppliers and customers. We must comply with various regulations.

The Directors, staff and volunteers each have a responsibility for ensuring our company’s systems and information are protected from unauthorised access and improper use. This applies to all circumstances and to conversation as well as paper, and computer records.

We must all:

– Handle all information in a manner befitting its ownership, sensitivity and confidentiality; this means:

  • Protect sensitive cardholder and account information;
  • Always leave desks clear of data and lock computer screens when unattended;
  • Keep passwords and computer accounts secure;
  • Refrain from disclosure of personnel or financial information unless authorised

– Ensure we do not  incur unreasonable expense or undermine the reputation of the shop when using the shop information and telecommunication systems.

  • This is a matter of good sense and has never been a problem here but lets not forget that the media have carried reports of people using e-mail, internet and other corporate resources to engage in actions that were considered offensive, threatening, discriminatory, defamatory, slanderous, pornographic, obscene, harassing or illegal.
  • Customers using our WiFi should also respect this aspect of our policy. We will put a note on the WiFi password slip drawing attention to this policy.
  • The shop reserves the right to monitor, access, review, audit, copy, store, or delete any electronic communications or data processed on its premises, equipment, systems and network;

– Request approval from management prior to establishing any new software or hardware, and third party connections or contracts; this means:

  • Refrain from installing unauthorised software or hardware, including modems and any equipment with wireless access unless you have explicit management approval

Report information security incidents, without delay, to the duty manager

If you are unclear about any aspect of the policy you should seek talk to a Director.