Laserfiche WebLink
longer qualify for system access will be the responsibility of the Security Official. The <br />Security Official may delegate these duties to appropriate parties. <br />S. Security Awareness and Training <br />The Policy will require any employee of ERMi J who is involved in the administration or <br />management of personal and/or credit information to certify in writing that they have received <br />training and have read and understood The Personal and/or Credit Use & Security Policy. <br />Employees will also be provided additional security training when available and appropriate. <br />This training may include (but not be limited to) security reminders, protection from malicious <br />software. <br />At least once per year, the Security Officer will review the Personal and/or Credit Use & <br />Security Policy with individuals involved in the administration and management of the <br />information. <br />6. Workstation Use and Security Access and Audit Controls <br />The Policy implements the following procedures to control access to personal and/or credit <br />information and manage access to workstations that can be used to access personal and/or <br />credit information. <br />Employees will be assigned unique user names and passwords for systems used to access <br />personal and/or credit information. <br />The following workstation procedures will be implemented to minimize the potential risk of <br />inappropriate use of personal and/or credit information to the extent possible and reasonable. <br />a. When accessing personal and/or credit information on a workstation, employees will reduce <br />visible windows or close programs whenever they are not physically present at the <br />workstation or when individuals not authorized to access the personal and/or credit <br />information can view the workstation. <br />b. Workstation screensavers will be set to engage at a reasonably short timeframe. <br />c. Workstations will be located in areas where viewing of personal and/or credit information <br />by unauthorized individuals is unlikely. <br />d. Users with portable workstations such as laptops or PDAs are not allowed to store personal <br />and/or credit information on workstation drives. All personal and/or credit information <br />should be stored on company servers subject to security procedures described in this policy <br />unless the Security Officer determines it is necessary for plan administration purposes to <br />store personal and/or credit information on portable workstations. <br />Employees who have been granted access to personal and/or credit information according to the <br />policies and procedures will be subject to the sanction policy if they allow unauthorized access to <br />personal and/or credit information by circumventing access control (e.g. sharing their unique <br />login I.D. and password). <br />7. Device and Media Controls and Integrity of Data, Destruction of Data <br />Any personal and/or credit information stored by the company in electronic storage media will <br />be subject to the following procedures to ensure that the personal and/or credit information is <br />not inappropriately used. <br />• All hardware, storage devices, and electronic media which contains or contained credit and/or <br />personal information will be erased, re -formatted or rendered unusable in a technically sufficient <br />manner prior to disposal, or re -use for other purposes, to assure no unauthorized access to credit <br />and/or personal information is possible in the future. Additionally, all papers containing <br />Commission adopted <br />