Data Management/Security
Among many other things that separate solid from weaker companies in the recycling industry, the effective management of internal systems and networks is critical. To assure data is secure and managed properly, Hesstech employs the following internal IT policies:
Acceptable Encryption Policy
The purpose of this policy is to provide guidance that limits the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively.
Anti-Virus Guidelines
Recommended guidelines to prevent virus problems
Audit Policy
The purpose of this policy is to set forth the agreement regarding network security scanning by the internal IT department for Hesstech.
DB Credentials Policy
This policy states the requirements for securely storing and retrieving database usernames and passwords (i.e., database credentials) for use by a program that will access a database running on Hesstech's networks.
Email Use Policy
The purpose of this policy is to prevent tarnishing the public image of Hesstech or its customers. It also addresses personal use and privacy.
Data Protection Policy
This summarizes the data protection measures we have in place including, but not limited to, server room features and our backup methods.
Backup/Restore/Data Recovery Procedures
This document provides specific direction on our backup and restoration procedures.
IT Acceptable Use Policy
The purpose of this policy is to outline the acceptable use of computer equipment at Hesstech. These rules are in place to protect the employee, Hesstech, and its customers. Inappropriate use exposes risks including virus attacks, compromise of network systems and services, and legal issues.
Mobile Media Data Protection Policy
The purpose of this policy is to establish an authorized method for controlling mobile computing and storage devices that contain or access information resources at Hesstech.
Password Policy
The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change.
Remote Access Policy
The purpose of this policy is to define standards for connecting to Hesstech's network from any host. These standards are designed to minimize the potential exposure to Hesstech or its customers from damages that may result from unauthorized use of Hesstech resources.
Risk Assessment Policy
Hesstech's IT department performs periodic information security Risk Assessments (RAs) for the purpose of determining areas of vulnerability, and to initiate appropriate remediation.
Server Malware Protection Policy
The purpose of this policy is to outline which server systems are required to have anti-virus and/or anti-spyware applications.
Server Security Policy
The purpose of this policy is to establish standards for the base configuration of internal server equipment that is owned and/or operated by Hesstech.
User Access Control Policy
The purpose of this policy is to set forth requirements for user access to internal IT resources. Access is controlled and limited to only those that need access to resources to perform their job duties.
Virtual Private Network Policy
The purpose of this policy is to provide guidelines for Remote Access PPTP, IPSec or L2TP Virtual Private Network (VPN) connections to the Hesstech network.
Wireless Communication Policy
This policy prohibits access to Hesstech networks via unsecured wireless communication mechanisms.
Back to Top |
