This cybersecurity policy(policy) provides the basis of cybersecurity management within Brav Health Pty. Ltd .
This policy applies to all of Brav Health Pty. Ltd employees, contractors, volunteers, vendors and anyone else who may have any type of access to Brav Health Pty. Ltd systems, software and hardware.
Effective protection of business information creates a competitive advantage, both in the ability to preserve the reputation of Brav Health Pty. Ltd and in reducing the risk of the occurrence of negative events and incidents.
To avoid employees’ work account passwords being compromised, these best practices are advised for setting up passwords:
Emails can contain malicious content and malware. In order to reduce harm, employees should employ the following strategies:
If an employee is not sure that an email, or any type of data is safe, the employee should contact Lindy Andrews.
Logging in to any work accounts for personal devices such as mobile phones, tablets or laptops, can put Brav Health Pty. Ltd data at risk. Brav Health Pty. Ltd does not recommend accessing any Brav Health Pty. Ltd data from personal devices. However, if this cannot be avoided, employees are obligated to keep their devices in a safe place and not exposed to anyone else.
Employees are recommended to follow these best practice steps:
Data transfer is a common cause of cybercrime. Employees should follow these best practices when transferring data:
When working remotely, all the cybersecurity policies and procedures must be followed.
User accounts on work systems are only to be used for the business purposes of Brav Health Pty. Ltd and not to be used for personal activities.
Employees are responsible for protecting all confidential information used and/or stored on their accounts. This includes their user logins and passwords. Employees are prohibited from making unauthorised copies of such confidential information and/or distributing it to unauthorised persons outside of Brav Health Pty. Ltd .
Employees must not purposely engage in any activity with the intent to: harass other users; degrade the performance of the system; divert system resources to their own use; or gain access to Brav Health Pty. Ltd systems for which they do not have authorisation.
Employees must not install unauthorised software. The company may at any time introduce a whitelist of approved/trusted programs. If this occurs then only these programs may be used by employees.
Employees should perform daily backups of important new/changed data, software and configuration settings.
Employees must not use unauthorised devices on their workstations, unless they have received specific authorisation from Lindy Andrews.
Employees must not attempt to turn off or circumvent any security measures.
Employees must report any security breaches, suspicious activities or issues that may cause a cyber security breach to Lindy Andrews.
If this policy is breached, one or more of the following disciplinary actions will take place: