You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > Computer Help > Security Policy
Security Policy
print icon
Christian Reynolds
Apr 03, 2025
views icon 28

Security Awareness and Acceptable Use Policy

1. Purpose

This policy defines the standards for responsible and secure use of Tekton Research's systems, data, and technology resources. It aims to safeguard the confidentiality, integrity, and availability of information—especially Protected Health Information (PHI)—and ensure compliance with HIPAA and internal security requirements.

2. Scope

This policy applies to all Tekton Research employees, contractors, interns, and third-party users who access or handle Tekton Research systems or data.

Employees must review, accept, and sign to acknowledge their understanding and compliance with this policy.

3. Workstation & Access Control

3.1 Personal Use and Access

3.1.1 Workstation Assignment

  • Workstations are assigned for individual use.
     

  • Do not share your workstation or use another’s without manager or IT approval.
     

3.1.2 Password and PIN Security

  • Follow platform-specific password strength requirements, including character types and minimum length as enforced by the system.
     

  • Use strong, unique passwords:
     

    • If not otherwise dictated by platform requirements, use at least 8 characters, a mix of uppercase/lowercase letters, numbers (non-repeating), and special characters
       

    • Do not include anything that can be easily guessed like your name, birthdate, nickname, school affiliation, pet's name, etc.
       

    • Do not reuse previous passwords
       

  • Change your password regularly.

  • Always use Multi-Factor Authentication (MFA) when available.
     

  • You are required to use 2FA with Google Workspace and any other system that suggests it. Ensure compliance at all times.
     

  • Do not share your computer, office, or pharmacy access credentials.
     

  • Do not write down passwords or store them in unsecured locations.
     

3.1.3 Screen Locking

  • Lock your screen before leaving your workstation.
     

  • Use Ctrl + Alt + Del and select "Lock," or use Windows + L.
     

  • Closing the lid may not always lock the device. Verify behavior in system settings.
     

 

4. Data Storage & Protection

4.1 PHI and HIPAA Compliance

4.1.1 Handling PHI

  • Handle PHI in compliance with HIPAA.
     

  • Do not store PHI on personal or unauthorized devices.
     

  • Grant PHI access only to authorized personnel for work-related purposes.
     

  • Do not transmit PHI via unapproved or unencrypted channels.
     

  • Report suspected HIPAA violations immediately to IT or Compliance.
     

4.1.2 Local Storage Restrictions

  • Do not store sensitive files locally (e.g., Word, Excel, scanned IDs, passwords, credit card data).
     

  • Save documents to approved storage only: Google Drive (My Drive on G:), Complion, or other Tekton systems.
     

  • Storing files in secure cloud platforms ensures they are backed up and protected from theft.
     

4.1.3 External and Cloud Storage Restrictions

Unless otherwise specified in an approved process, employees must obtain IT approval before using any external storage devices, such as USB drives, external hard drives, or SIM cards. Additionally, unapproved cloud storage services—including OneDrive, Dropbox, SharePoint, and iCloud—must not be used under any circumstances. All storage methods must align with Tekton’s security protocols and be reviewed by IT before implementation.

4.1.4 Ownership of Work Content

All documents, files, and materials created, edited, or stored using Tekton’s resources are considered the intellectual property of Tekton Research. Employees may not delete, alter, or distribute such materials without explicit approval from management or IT.

4.2 Data Governance Reference

4.2.1 Policy Alignment

  • This policy aligns with Tekton’s Data Governance Program, which outlines data classification, access, and lifecycle responsibilities.
     

  • Employees must adhere to data retention, disposal, and handling requirements defined by policy.
     

  • Refer to the Data Governance Policy or contact IT for clarification.
     

5. Device Security

5.1 Mobile and Endpoint Protection

5.1.1 Mobile Device Security

  • Secure your work phone using a PIN and biometric lock.
     

  • Lock devices when unattended.
     

  • Reset phones to factory settings before disposal or transfer.
     

5.1.2 Lost or Stolen Device Reporting

Any lost or stolen device must be reported immediately to your supervisor. IT, Human Resources, and Regulatory should also be notified as soon as possible so that access to Tekton systems can be quickly locked down to prevent unauthorized access or data compromise.

5.1.3 Security Incident Reporting

If you suspect a breach or unauthorized access involving any Tekton system—such as networks, devices, or applications—report it immediately to your supervisor or IT. Timely reporting helps minimize risk and enables prompt response.

 

6. Email & Communication Policy

6.1 Communication Expectations

6.1.1 Professional Conduct

  • Be respectful, clear, and professional in all communications.
     

  • Do not provide technical or policy information outside your expertise.
     

6.1.2 Confidentiality

  • Never share passwords via email or text.
     

  • Comply with confidentiality and data protection guidelines.
     

6.1.3 Feedback and Corrections

  • Acknowledge feedback constructively.
     

  • Correct any shared misinformation promptly.
     

6.1.4 Prohibited Content

Avoid sending, posting, or forwarding content that is discriminatory, offensive, false, or misleading. Such behavior is unacceptable and may result in disciplinary action.

 

7. Internet Usage Policy

7.1 Usage Guidelines

7.1.1 Acceptable Use

Internet access must be used solely for business purposes, including job-related research, system access, communication, and professional development.

7.1.2 Unacceptable Use

Users must not engage in activities that compromise system integrity or security. This includes downloading illegal or explicit material, sharing confidential data with unauthorized recipients, attempting unauthorized access (hacking), or visiting malicious websites.

Additionally, employees may not install or use unapproved software or applications on Tekton-owned devices, nor should they use personal apps or browsers to access company systems or download files from unverified or suspicious sources.

 

7.1.3 Monitoring and Privacy

All use of Tekton’s internet, email, and other digital systems is subject to monitoring for security and compliance purposes. Users should have no expectation of privacy when using company-provided systems or services, including email, internet access, and cloud applications.

 

8. General Security Practices

8.1 Standard Protocols

8.1.1 Practical Security Awareness

  • Do not leave confidential information in open view.
     

  • Destroy sensitive materials securely.
     

  • Be alert to phishing and social engineering.
     

8.1.2 Device Configuration

  • Devices are pre-configured for secure site operation.
     

  • Do not troubleshoot or change settings independently. Contact IT for issues.
     

8.1.3 Physical and Wireless Network Access

Connecting devices to Tekton’s wired or wireless networks is strictly prohibited without prior IT approval. This includes use of unauthorized network extension equipment such as access points, repeaters, or mesh boosters. Allowing others to connect without authorization is also not permitted.

8.1.4 When in Doubt, Ask

If you are uncertain about how to proceed with any system, technology, or data-related task, consult IT before taking action. It is always better to ask than to risk a security breach or system disruption.
 


 

Feedback
0 out of 0 found this helpful

close button
scroll to top icon