1. Purpose and Scope
The purpose of this Physical Security Policy is to establish guidelines for protecting Speak Ai Inc.'s ("Speak Ai") physical assets and ensuring the safety and security of employees working remotely in the Greater Toronto Area (GTA), Ontario, Canada. This policy applies to all employees, contractors, and third parties who have access to Speak Ai's assets and facilities.
2. Policy Statement
Speak Ai is committed to ensuring the physical security of its remote work environment and protecting its assets from physical threats. This policy outlines the measures and controls implemented to safeguard equipment, data, and personnel.
3. Remote Work Environment Security
Home Office Security: Employees are required to ensure that their home office environments are secure. This includes securing personal computers and other work-related equipment when not in use.
Secure Storage: Employees must store all Speak Ai assets, such as laptops and documents, in a secure location when not in use. Sensitive documents should be stored in locked cabinets or drawers.
Access Control: Employees should not allow unauthorized individuals to access their work equipment or view confidential information. Family members, friends, and visitors must not be permitted to use Speak Ai devices or access Speak Ai data.
4. Equipment Security
Asset Management: All hardware assets provided by Speak Ai must be recorded in an asset management system. Employees are responsible for the care and security of these assets.
Device Encryption: All company-provided laptops and mobile devices must be encrypted to protect data in case of loss or theft.
Antivirus and Firewall: All devices must have up-to-date antivirus software and firewalls enabled to protect against malware and unauthorized access.
5. Data Security
Backup Procedures: Employees are responsible for following Speak Ai's data backup procedures to ensure that important data is regularly backed up to secure cloud storage.
6. Incident Reporting
Security Incidents: Any security incidents, such as theft, loss, or unauthorized access to Speak Ai assets or data, must be reported immediately to the IT Team at [email protected]. An incident report should include details of the incident, affected assets, and any actions taken.
Response Plan: The IT Team will respond to reported incidents by investigating the cause, assessing the impact, and implementing measures to prevent recurrence.
7. Employee Training and Awareness
Security Training: All employees must undergo regular training on physical security practices, including securing their remote work environment, protecting equipment, and handling sensitive information.
Ongoing Awareness: Continuous awareness programs will be conducted to keep employees informed about the latest security threats and best practices for maintaining physical security.
8. Compliance and Auditing
Policy Compliance: Compliance with this policy is mandatory for all employees, contractors, and third parties who access Speak Ai's assets. Non-compliance may result in disciplinary actions.
Regular Audits: Regular audits will be conducted to ensure adherence to physical security controls and identify areas for improvement.
9. Policy Review
This policy will be reviewed annually or as needed to ensure its effectiveness and alignment with industry best practices and emerging security threats. Changes to the policy will be communicated to all employees.
10. Contact Information
For any inquiries or issues related to this Physical Security Policy, please contact the IT Security Team at [email protected].