Data Security User Responsibilities

Data Security User Responsibilities #

Source: OASIS Open Data Security User Responsibilities Policy.

Overview #

OASIS depends on all staff to maintain the security and integrity of its information systems and data. This policy applies to every staff member, contractor, and vendor with access to OASIS systems, networks, or data — regardless of device or location. Adherence to these responsibilities is not optional; it is a condition of access.

Questions or security incidents should be reported to the Director of Information Technology.

Your Responsibilities #

Authentication and Credentials #

  • Protect your login credentials at all times. Do not share passwords, tokens, or access credentials with anyone — including colleagues.
  • Use strong, unique passwords for each system. Use 1Password (OASIS’s password manager) to generate and store them.
  • Change passwords promptly if you suspect they have been compromised.

Data Handling #

  • Handle all organizational data with care. Access only the data your role requires.
  • Treat member data, financial information, personnel records, and any other sensitive or confidential information with heightened care.
  • Do not store sensitive data on personal devices or in personal cloud storage unless explicitly authorized.

Device Security #

  • Ensure any device used for work — including personal devices — meets OASIS’s security requirements, including current operating system and application updates.
  • Lock your screen when stepping away from your workstation. Log off during extended inactivity.
  • Your company device is enrolled in JumpCloud MDM. Do not disable, circumvent, or tamper with MDM management.

Acceptable Use #

  • Use OASIS internet and email services appropriately and professionally.
  • Do not access inappropriate, offensive, or unauthorized content on OASIS systems or networks.
  • Do not install unauthorized software on OASIS-managed systems.
  • Do not disable security features, firewalls, or monitoring tools.
  • Do not engage in hacking, unauthorized access, or any activity that could compromise OASIS’s cybersecurity.

Software Updates #

  • Keep all software current. Apply operating system and application updates promptly. Do not defer security patches.

Reporting Incidents #

Report suspected cybersecurity incidents, phishing attempts, or security vulnerabilities immediately to the Director of Information Technology. Do not attempt to investigate or remediate on your own. Early reporting minimizes damage.

Cooperate fully with any investigation or request for information related to a security incident.

Training #

All staff are required to participate in cybersecurity awareness and training programs. Completion is not optional.

Enforcement #

Violations of this policy may result in disciplinary action up to and including termination of access, termination of employment or contract, and referral to law enforcement where activities are illegal.