Overview

This policy is designed to give guidance and direction to staff on minimising the risk of a virus/malware infection, and what to do if they are encountered.

Purpose

The purpose of this anti-virus policy is to ensure the proper use of Check Your Premium Insurance Web Aggregator Private Limited (herein referred as “Check Your Premium”) system and make users aware of the virus threats.

Scope

This policy applies to all employees, vendors and agents operating on behalf of Check Your Premium.

Policy

Recommended processes to prevent virus problems:

  • Always run the corporate standard, supported anti-virus software is available from the corporate download site. Download and run the current version; download and install anti-virus software updates as they become available.
  • All computers and devices must have an antivirus installed.
  • All servers and workstations owned by the organization or permanently in use in the organization facilities must have antivirus.
  • All the installed antivirus must automatically update their virus definition. They must be monitored to ensure successful updating is taken place.
  • NEVER open any files or macros attached to an email from an unknown, suspicious or untrustworthy source. Delete these attachments immediately, then "double delete" them by emptying your Trash.
  • Delete spam, chain, and other junk email without forwarding, in with Check Your Premium.
  • Never download files from unknown or suspicious sources.
  • Avoid direct disk/floppy/pen drive sharing with read/write access unless there is absolutely a business requirement to do so.
  • Always scan a floppy diskette/pen drive from an unknown source for viruses before using it.
  • Back-up critical data and system configurations on a regular basis and store the data in a safe place.
  • New viruses are discovered almost every day. Periodically check the Anti-Virus.
Related Standards, Policies and Processes

None

Definitions and Terms

None

Revision History
Date of Change Responsible Summary of Change
1.Overview

Electronic email is pervasively used in almost all industry verticals and is often the primary communication and awareness method within an organization. At the same time, misuse of email can post many legal, privacy and security risks, thus it’s important for users to understand the appropriate use of electronic communications.

2.Purpose

The purpose of this email policy is to ensure the proper use of Check Your Premium Insurance Web Aggregator Private Limited (herein referred as “Check Your Premium”) email system and make users aware of what Check Your Premium deems as acceptable and unacceptable use of its email system. This policy outlines the minimum requirements for use of email within Check Your Premium Network.

3.Scope

This policy covers appropriate use of any email sent from a Check Your Premium email address and applies to all employees, vendors, and agents operating on behalf of Check Your Premium.

4.Policy

4.1 All use of email must be consistent with Check Your Premium policies and procedures of ethical conduct, safety, compliance with applicable laws and proper business practices.

4.2 Check Your Premium email account should be used primarily for Check Your Premium business-related purposes; personal communication is permitted on a limited basis, but non- Check Your Premium related commercial uses are prohibited.

4.3 All Check Your Premium data contained within an email message or an attachment must be secured.

4.4 Email should be retained only if it qualifies as a Check Your Premium business record. Email is a Check Your Premium business record if there exists a legitimate and ongoing business reason to preserve the information contained in the email.

4.5 Email that is identified as a Check Your Premium business record shall be retained in record.

4.6 The Check Your Premium email system shall not to be used for the creation or distribution of any disruptive or offensive messages, including offensive comments about race, gender, hair color, disabilities, age, sexual orientation, pornography, religious beliefs and practice, political beliefs, or national origin. Employees who receive any emails with this content from any Check Your Premium employee should report the matter to their supervisor immediately.

4.7 Users are prohibited from automatically forwarding Check Your Premium email to a third party email system. Individual messages which are forwarded by the user must not contain Check Your Premium confidential or above information.

4.8 Using a reasonable amount of Check Your Premium resources for personal emails is acceptable. Sending chain letters or joke emails from a Check Your Premium email account is prohibited. Check Your Premium employees shall have no expectation of privacy in anything they store, send or receive on the company’s email system. Check Your Premium may monitor messages without prior notice. Check Your Premium is not obliged to monitor email messages.

5.Policy Compliance

5.1-Compliance Measurement The IT Team will verify compliance to this policy through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.

5.2-Exceptions Any exception to the policy must be approved by the IT Team in advance.

5.3-Non-Compliance An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

6.Related Standards, Policies and Processes

None

7.Definitions and Terms

None

8.Revision History
Date of Change Responsible Summary of Change
1.Overview

Passwords are a critical component of information security. Passwords serve to protect user accounts; however, a poorly constructed password may result in the compromise of individual systems, data, or network. This guideline provides best practices for creation and protection of passwords. All staff, including contractors and vendors with access to Check Your Premium Insurance Web Aggregator Private Limited (herein referred as “Check Your Premium”) systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.

2.Purpose

The purpose of this policy is to establish a standard for creation of strong passwords and the protection of those passwords.

3.Scope

This guideline applies to employees, contractors, consultants, temporary and other workers, including all personnel affiliated with third parties with access to Check Your Premium Insurance Web Aggregator Private Limited (herein referred as “Check Your Premium”) systems, are responsible for taking the appropriate steps,. This guideline applies to all passwords including but not limited to user-level accounts, system-level accounts, web accounts, e-mail accounts, screen saver protection, voicemail, and local router logins.

4.policy

4.1-Password Creation 4.1.1-Users must use a separate, unique password for each of their work related accounts. 4.1.2-Every user must have a separate private identity for accessing IT network services. 4.1.3-Each identity must have a strong, private, alphanumeric password to be able to access any service. They should be at least 6 characters long.

4.2-Password Change 4.2.1-Each regular user may use the same password for no more than 45 days and no less than 3 days. The last 5 passwords may not be used again. 4.2.2-Password for some special identities will not expire. In those cases, password must be at least 12 characters long. 4.2.3-Password cracking or guessing may be performed on a periodic or random basis by the IT Team or its delegates. If a password is guessed or cracked during one of these scans, the user will be required to change the password.

4.3-Password Protection 4.3.1-Passwords must not be shared with anyone, including supervisors and coworkers. All passwords are to be treated as sensitive and confidential Check Your Premium information. Sharing of passwords is strictly forbidden. 4.3.2-Passwords must not be inserted into email messages, Alliance cases or other forms of electronic communication, nor revealed over the phone to anyone. 4.3.3-Passwords may be stored only in “password managers” authorized by the organization. 4.3.4-Do not use the "Remember Password" feature of applications (for example, web browsers). 4.3.5-Any user suspecting that his/her password may have been compromised must report the incident and change all passwords. 4.3.6-Identities must be locked immediately, if password guessing is suspected on the account.

4.4-Application Development Application developers must ensure that their programs contain the following security precautions:
4.4.1-Applications must support authentication of individual users, not groups. 4.4.2-Applications must not store passwords in clear text or in any easily reversible form. 4.4.3-Applications must not transmit passwords in clear text over the network. 4.4.4-Applications must provide for some sort of role management, such that one user can take over the functions of another without having to know the other's password.

5.Policy Compliance

5.1-Compliance Measurement The IT Team will verify compliance to this policy through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.

5.2-Exceptionst Any exception to the policy must be approved by the IT Team in advance.

6.Related Standards, Policies and Processes

None.

7.Definitions and Terms

None.

8.Revision History
Date of Change Responsible Summary of Change