From SJA

Contents 1 Overview 2 Purpose 3 Scope 4 Policy 5 Enforcement

Overview

The Electronic Information system of The St. John Council for Alberta (aka St. John Ambulance Alberta, SJA) represents the largest, single asset of SJA. The protection and security of the electronic information systems is critical to the very survival of SJA. Much of the information contained on these systems is sensitive and proper precautions must be taken to ensure integrity and security. These systems are only to be used for business purposes in serving the interests of SJA, and of our clients and customers in the course of normal operations. Effective security is a team effort involving the participation and support of every SJA employee and affiliate who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly.

Purpose

The purpose of this policy is to outline the appropriate use of and precautions necessary for the protection and proper use of SJA information and data, whether electronic or otherwise.

Scope

This policy applies to employees, contractors, consultants, temporaries, volunteers, and other workers at SJA, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by SJA. Sensitive information contained on the network systems consists of information that should not be seen by unauthorized persons. This document is superseded by the SJA Network Acceptable Use Policy.

Policy

1. All data stored on SJA computers or on SJA property is the property of SJA.
2. SJA Data is to be accessible to only those that need to access it.
3. SJA Data is not to be given or sold to persons or organizations outside of SJA without written approval from the SJA Executive Director or persons authorized to do so by the Executive Director.
4. SJA Data is not to be transmitted without taking proper security precautions. See the Data Security Guidelines for proper procedural information.

It is the responsibility of the all users to ensure proper precautions are taken to minimize the risk unauthorized data disclosure.

Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.