Phone:  (207) 338-0751

Email: [email protected]

Join Our Email List: NVC Sign Up Form

NVC IT Policies

Northport  Village Corporation

Data Security, Acceptable Use,  and Privacy Policies

The purpose of this policy is to establish policy guidelines to protect the Northport Village Corporation’s (“NVC”, “Village”) electronic processing and communication systems; to establish an understanding of acceptable uses; to protect information generated by or stored on any computer or communication system; and to protect NVC’s investment in technology.

This policy sets forth the principles for data security of information, including privacy policies when dealing with private information (such as certain information employees may provide to NVC). If you have access to any confidential information, including private employee information, you are responsible for acting with integrity.  Put simply, unauthorized disclosure or inappropriate use of this information will not be tolerated and may be illegal under state and Federal law. 

Information Security and Data Policy

NVC  respects the importance and integrity of all data that NVC receives, irrespective of its type or source. Keeping the data you use secure is as important. NVC commits to conducting its business in a manner  that reflects this respect by maintaining security procedures that are appropriate to the nature of the data and risks of misuse of such data. You must adhere to the following policies with regard to all equipment you use for performing work for NVC:

Passwords and Authentication:

  • Use strong passwords on all applications/services, computers, laptops, tablets, and smartphones for boot, sleep, screensaver, and administrative functions.
    • Passwords must meet the following minimum requirements:
      • Minimum of twelve characters (or the longest password allowed for mobile devices if limited to less than twelve characters)
      • Use a combination of numbers, uppercase and lower letters, and special characters 
      • Must not include common repeating, ascending, or descending character sequences 
      • Must not be reused across multiple systems or devices
  • Always use two-factor authentication when available.  
  • Never send passwords using email.
  • Never write down your passwords.
  • Never share your passwords with anyone else.
  • Create a password safe or use a password management tool (like the one built into your browser)
  • If using Security Questions to provide additional security for an account, only use private information about yourself that only you would know (for instance, don’t use a maiden name or birthdate).

Device Security:

  • Do not store confidential information locally on your personal computer or laptop without NVC’s permission. If you must, sensitive information must be encrypted.
  • Do not leave your computers, laptops, tablets, smartphones, or papers lying around unguarded.
  • Only connect to secure wireless networks that you trust.
  • Limit access to confidential information to those on a need to know basis.
  • Use anti-virus/anti-malware and firewall software on your computers and smart devices at all times.
  • Keep device software up to date via security patches, updates and upgrades.
  • Immediately report any suspected security breach, malware or phishing attack, or lost or stolen device to your supervisor 
  • Set up remote wipe facilities if available and implement a remote wipe if a device is lost or stolen.

The Core Principle:  Limited Access & Use.  The basis of this principle is to provide access to certain data only on a “need-to-know” basis, suitable to the proposed use of the data and its nature.  

Implementing Procedures.  The Technology Officer, or its designee(s), will develop and maintain procedures, guidelines and regulations to implement this Information Security and Data Policy.  Therefore, make sure that you follow the procedures provided by your supervisor.

Scope of Coverage.  This policy and the implementing procedures apply to all overseers, officers, employees, independent contractors, volunteers vendors and any other individuals and/or entities engaged by NVC.

Acceptable Use Policy

This Acceptable Usage Policy covers the security and use of all NVC information and IT equipment. It also includes the use of email, internet, voice and mobile IT equipment. This policy applies to all NVC overseers, officers,  employees, independent contractors and agents (hereafter referred to as ‘individuals’). 

This policy applies to all information, in whatever form, relating to NVC’s business activities, and to all information handled by NVC relating to other organizations with whom it deals. It also covers all IT and information communications facilities operated by NVC or on its behalf. 

IT Systems Access Control – Individual’s Responsibility.  Access to the NVC IT systems is controlled by the use of User IDs, passwords and/or tokens. All User IDs and passwords are to be uniquely assigned to named individuals and consequently, individuals are accountable for all actions on the NVC IT systems. 

Individuals must not: 

  • Allow anyone else to use their user ID/token/username and password on any NVC IT system. 
  • Leave their user accounts logged in at an unattended and unlocked computer. 
  • Use someone else’s user ID and password to access NVC IT systems. 
  • Leave their password unprotected (e.g. writing it down). 
  • Perform any unauthorized changes to NVC IT systems or information. 
  • Attempt to access data that they are not authorized to use or access. 
  • Connect any non-NVC authorized device to the NVC network or IT systems. 
  • Store NVC data on any non-authorized NVC equipment. 
  • Give or transfer NVC data or software to any person or organization outside NVC without NVC’s authorization.

For additional clarification on how these policies impact your use of NVC issued equipment, please see the Equipment Policy in the addendum.

Internet and Email Conditions of Use.  Use of NVC internet and email is intended for official user only use. Personal use is permitted where such use does not affect the individual’s business performance, is not detrimental to NVC in any way, not in breach of any term and condition of employment or of this policy and does not place the individual or NVC breach of statutory or other legal obligations.  All individuals are accountable for their actions on the internet, and NVC email and IT  systems. 

Individuals must not: 

  • Use NVC internet access or NVC email for the purposes of harassment or abuse. 
  • Use profanity, obscenities, or derogatory remarks in communications via NVC email or to NVC personnel, vendors, or citizens. 
  • Use NVC internet access or NVC email to access, download, send or receive any data (including images), which NVC considers offensive in any way, including sexually explicit, discriminatory, defamatory or libelous material. 
  • Use the NVC email system in a way that could affect its reliability or effectiveness, for example distributing chain letters or spam. 
  • Place any confidential information on the internet that relates to NVC, alter any information about it, or express any opinion on behalf of NVC unless they are specifically authorized to do so. 
  • Send unprotected sensitive or confidential information belonging to NVC. 
  • Make official commitments through the internet or email on behalf of NVC unless authorized to do so. 
  • Use NVC internet access or NVC email to download copyrighted material such as music media files, film and video files without appropriate approval. 
  • Use NVC internet access or NVC email to in any way infringe any copyright, database rights, trademarks or other intellectual property. 
  • Connect NVC devices or equipment to the internet using non-standard connections. 

Clear Desk and Clear Screen Policy 

In order to reduce the risk of unauthorized access or loss of information, NVC enforces a clear desk and screen policy as follows: 

  • Personal or confidential NVC business information must be protected using security features.
  • Computers containing NVC’s confidential information (or that have auto log-ons to NVC systems) must be logged off/locked or protected with a screen locking mechanism controlled by a password when unattended. 
  • Care must be taken to not leave NVC or client confidential material on printers or photocopiers that third parties can access. 
  • All NVC printed matter must be disposed of using confidential waste bins or shredders and in compliance with federal, state, and local law. 

Working Remotely

Working away from the office must be in line with the following policy provision: Desktop computers, laptops, media, and mobile devices containing NVC data and information used outside NVC premises must be subject to the following controls: 

  • Equipment and media taken off-site that contain NVC data and information must not be left unattended in public places and not left in sight in a car or other vehicle. 
  • Laptops that contain NVC data and information must be carried as hand luggage when traveling (except where prohibited by security regulations or officials) and must be password protected. 
  • Information should be protected against loss or compromise when working remotely (for example at home or in public places). 
  • Particular care should be taken with the use of mobile devices such as laptops, mobile phones, smartphones and tablets. They must be protected at least by a password or a PIN (and biometric authentication is strongly suggested) and, where available, encryption. 

Mobile Storage Devices 

Mobile devices such as memory sticks, CDs, DVDs and removable hard drives that contain NVC data and information must be used only in situations when network connectivity is unavailable or there is no other secure method of transferring data and must be wiped after use. 

Authorized Software 

Employees must use only software that is authorized by  NVC on NVC authorized computers. Authorized software must be used in accordance with the software supplier’s licensing agreements. 

Return of Equipment and Data Upon Termination of Employment/Engagement, or Expiration of Term 

All NVC equipment and data, for example laptops and mobile devices including telephones, smartphones, USB memory devices and CDs/DVDs, must be returned to NVC at termination of employment, unless otherwise agreed upon by NVC management in writing. 

Employee Privacy

NVC collects only personal information about employees that relates to their employment.  Only people with a business-related need to know are given access to this information, and either the Chair of the Personnel Committee or its designee must authorize any release of the information to others.  Personal information, other than that required to verify employment or to satisfy legitimate investigatory or legal requirements, will be released outside NVC only with employee approval.  

Equipment Policy

Purpose

The purpose of this policy is to outline the process by which NVC acquires computer hardware equipment as well as the purchasing of personal computer systems and laptops for team members.

Unlike many organizations, we don’t prohibit our team members from using their own equipment, but such use is always subject to our applicable policies.

Scope

This policy applies to all team members regarding the purchase of all computer equipment or peripherals issued by NVC.

Standard Computer Configurations

A standard configuration will be established by the Technology Officer. Any upgrades to the hardware configuration beyond the scope of standard configurations will need to be requested in writing and approved by the Technology Officer.  

Standard software on machines will include:

  • Current supported version of Mac OS operating systems, or Windows, if applicable
  • Current pre-installed applications
  • Any software installed by NVC IT to maintain compliance with IT and security requirements

Additional Peripheral Devices. Standard equipment provisioned will only include a laptop. If there is another piece of equipment required to do your job, please email your manager with the request and explain why that equipment is needed to do your job. Your manager will review and revert to NVC Equipment Team for approval. 

Note: All computers and computer equipment issued by NVC are the property of NVC unless otherwise indicated in writing and must be returned upon termination of your employment or engagement with NVC.

Equipment Tracking and Assignment 

Assignment. Assignment of equipment will be made by NVC and requires that the recipient sign and return an Equipment Assignment Agreement Form.

Tracking. Once approval is given to procure equipment or peripherals, please ensure that the receipt for those items are forwarded to NVC Equipment Team. Specifically, this email should be cc’d when the following items are purchased:

  • Laptops/desktop computers
  • Printers
  • Monitors
  • Carrying Cases
  • Cell Phones
  • Microphones
  • Speakers
  • Keyboards
  • Mice
  • Speakers

Equipment Use and Security Requirements

  • Your use of NVC owned equipment is contingent upon your adherence to the NVC Acceptable Use policy.
  • NVC owned computers must be secured in office or at home when not in use
  • Do not leave computers unattended in a car, which can promote theft, as well as damage from temperature extremes
  • If an NVC owned computer is lost or stolen, notify your direct manager, NVC IT, and the Equipment team immediately
  • Specialized software must be approved for use by the Technology Officer prior to purchase and installation on NVC owned devices
  • Your device may be subject to additional security restrictions and requirements
  • Non-NVC team members are not permitted to use NVC owned computers, with the exception of instructional or demonstrative use.
  • You must not use NVC devices while operating a moving vehicle

All use of NVC owned devices and equipment are covered by the Acceptable Use policy and applicable security policies.

Damage and Loss

If any equipment assigned to you appears to be damaged, defective, or in need of repair, you must report via email to your direct manager and the NVC Equipment Team immediately. Prompt reporting of damages, defects, and the need for repairs could prevent deterioration of equipment and possible injury to NVC personnel or others.  

It is your responsibility to take appropriate precautions to prevent damage to or loss/theft of your assigned equipment. You may be responsible for certain costs to repair or replace the computer if the damage or loss is due to negligence or intentional misconduct. Policies for appropriate use of NVC property may be used to determine whether liability due to negligent behavior exists.

If your equipment is lost or stolen you must report the loss to the proper authority (such as the local Police or Constabulary) immediately.  You must obtain a police report. The police report should include the serial number for the lost equipment. You will need to provide NVC with a copy of the police report within 48 hours of the discovery of the loss. NVC IT must also be alerted to any lost or stolen equipment to assess the possibility of a data breach. State and Federal law requires notification of a breach without unreasonable delay.

Return of NVC Equipment

  • NVC owned equipment must be returned to the Equipment team upon termination, resignation, end of contract, or separation unless other arrangements have been made in writing. Please reach out to NVC Equipment Team for instructions and return information. Failure to do so may result in a garnishment of your wages or compensation due, to the extent allowable under applicable law.
  • When returning computers or similar equipment, please make sure that the cord and/or charger is included. 

Bring Your Own Device Policy (BYOD)

You are permitted to use devices you personally own, such as PCs, laptops, smartphones and tablets, to access NVC resources during your employment or engagement provided that you follow all information, data security, acceptable use policies, and required software installations outlined above, and that you immediately and permanently delete all NVC information when your employment or engagement ends. NVC IT does not provide support for personal devices, and use of your personal device is at your own risk (including the risk of data loss or corruption) and at your own expense. You must not use your device while operating a moving vehicle.