Information Techonology
Keeping HV Health and safety connected, reliable and secured.
Contact us at it@hvhealthandsafety.com
What We Do
Our IT department leverages cutting-edge management technologies to ensure the seamless operation of our fleet of iOS and Windows devices. By integrating technology into every facet of our company, we enhance efficiency and reliability across the board.
We are dedicated to supporting our administrators, medics, patients, and clients by offering comprehensive break-fix services, driving process improvements, and expertly managing our extensive device fleet. Our commitment to technological excellence ensures that everyone can rely on quick and dependable solutions.
The Team
Rowland Soto and Abel George are the system administrators for HV Health and Safety. with years of technical experience between them, they have you covered. They are the only ones to contact when dealing with technical issues. For no reason should you contact anyone else nor share sensitive information such as passwords with anyone else. Administrators will not ask you for your password.
You can contact them using the ticket system or through microsoft teams.
The Team
Rowland Soto and Abel George are the system administrators for HV Health and Safety. with years of technical experience between them, they have you covered. They are the only ones to contact when dealing with technical issues. For no reason should you contact anyone else nor share sensitive information such as passwords with anyone else. Administrators will not ask you for your password.
You can contact them using the ticket system or through microsoft teams.
IT Service Policy
These are the IT service Policies that everyone must agree to use our services and technology. Please read them.
Purpose
The purpose of this policy is to outline the acceptable use of computer equipment at HV Health and Safety. These rules are in place to protect the authorized user and HV Health and Safety. Inappropriate use exposes HV Health and Safety to risks including virus attacks, compromise of network systems and services, and legal issues.
Scope
This policy applies to the use of information, electronic, and computing devices, and network resources to conduct HV Health and Safety business or interact with internal networks and business systems, whether owned or leased by HV Health and Safety, the employee, or a third party.
All employees, volunteers/directors, contractors, consultants, temporaries, and other workers at HV Health and Safety, including all personnel affiliated with third parties, are responsible for exercising good judgment regarding appropriate use of information, electronic devices, and network resources in accordance with HV Health and Safety policies and standards, local laws, and regulations.
Policy Detail
Ownership of Electronic Files
All electronic files created, sent, received, or stored on HV Health and Safety owned, leased, or administered equipment or otherwise under the custody and control of HV Health and Safety are the property of HV Health and Safety.
Privacy
Electronic files created, sent, received, or stored on HV Health and Safety owned, leased, or administered equipment, or otherwise under the custody and control of HV Health and Safety are not private and may be accessed by HV Health and Safety IT employees at any time without knowledge of the user, sender, recipient, or owner. Electronic file content may also be accessed by appropriate personnel in accordance with directives from Human Resources or the CEO.
General Use and Ownership
Access requests must be authorized and submitted from departmental supervisors for employees to gain access to computer systems. Authorized users are accountable for all activity that takes place under their username. Authorized users should be aware that the data and files they create on the corporate systems immediately become the property of HV Health and Safety. Because of the need to protect HV Health and Safety’s network, there is no guarantee of privacy or confidentiality of any information stored on any network device belonging to HV Health and Safety.
For security and network maintenance purposes, authorized individuals within the HV Health and Safety IT Department may monitor equipment, systems, and network traffic at any time. HV Health and Safety’s IT Department reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy. HV Health and Safety’s IT Department reserves the right to remove any non-business-related software or files from any system. Examples of non-business-related software or files include, but are not limited to; games, instant messengers, pop email, music files, image files, freeware, and shareware.
Security and Proprietary Information
All mobile and computing devices that connect to the internal network must comply with this policy.
System level and user level passwords must comply with the Password Policy. Authorized users must not share their HV Health and Safety login ID(s), account(s), passwords, Personal Identification Numbers (PIN), Security Tokens (i.e. Smartcard), or similar information or devices used for identification and authentication purposes. Providing access to another individual, either deliberately or through failure to secure its access, is prohibited.
Authorized users may access, use, or share HV Health and Safety proprietary information only to the extent it is authorized and necessary to fulfill the users’ assigned job duties. All PCs, laptops, and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less. All users must lock down their PCs, laptops, and workstations by locking (WIN + L) when the host will be unattended for any amount of time. Employees must log off or restart (but not shut down) their PC after their shift.
HV Health and Safety proprietary information stored on electronic and computing devices, whether owned or leased by HV Health and Safety, the employee, or a third party, remains the sole property of HV Health and Safety. All proprietary information must be protected through legal or technical means. All users are responsible for promptly reporting the theft, loss, or unauthorized disclosure of HV Health and Safety proprietary information to their immediate supervisor and/or the IT Department. All users must report any weaknesses in HV Health and Safety computer security and any incidents of possible misuse or violation of this agreement to their immediate supervisor and/or the IT Department. Authorized users must use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses, e-mail bombs, or Trojan Horse codes.
Unacceptable Use
Users must not intentionally access, create, store, or transmit material which HV Health and Safety may deem to be offensive, indecent, or obscene. Under no circumstances is an employee, volunteer/director, contractor, consultant, or temporary employee of HV Health and Safety authorized to engage in any activity that is illegal under local, state, federal, or international law while utilizing HV Health and Safety-owned resources.
System and Network Activities
The following activities are prohibited by users, with no exceptions:
- Violations of the rights of any person or company protected by copyright, trade secret, patent, or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by HV Health and Safety.
- Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution from copyrighted sources, copyrighted music, and the installation of any copyrighted software for which HV Health and Safety or the end user does not have an active license is prohibited. Users must report unlicensed copies of installed software to IT.
- Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
- Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.
- Using a HV Health and Safety computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws.
- Attempting to access any data, electronic content, or programs contained on HV Health and Safety systems for which they do not have authorization, explicit consent, or implicit need for their job duties.
- Installing any software, upgrades, updates, or patches on any computer or information system without the prior consent of HV Health and Safety IT.
- Installing or using non-standard shareware or freeware software without HV Health and Safety IT approval.
- Installing, disconnecting, or moving any HV Health and Safety owned desktop computer without prior consent of HV Health and Safety’s IT Department.
- Purchasing software or hardware, for HV Health and Safety use, without prior IT compatibility review.
- Purposely engaging in activity that may;
- degrade the performance of information systems;
- deprive an authorized HV Health and Safety user access to a HV Health and Safety resource;
- obtain extra resources beyond those allocated; or
- circumvent HV Health and Safety computer security measures.
- Downloading, installing, or running security programs or utilities that reveal passwords, private information, or exploit weaknesses in the security of a system. For example, HV Health and Safety users must not run spyware, adware, password cracking programs, packet sniffers, port scanners, or any other non-approved programs on HV Health and Safety information systems. The HV Health and Safety IT Department is the only department authorized to perform these actions.
- Circumventing user authentication or security of any host, network, or account.
- Interfering with, or denying service to, any user other than the employee’s host (for example, denial of service attack).
- Using any program/script/command, or sending messages of any kind, with the intent to interfere with or disable a user’s terminal session, via any means, locally or via the Internet/Intranet/Extranet.
Access to the Internet at home, from a HV Health and Safety-owned computer, must adhere to all the same policies that apply to use from within HV Health and Safety facilities. Authorized users must not allow family members or other non-authorized users to access HV Health and Safety computer systems. HV Health and Safety information systems must not be used for personal benefit.
Incidental Use
As a convenience to the HV Health and Safety user community, incidental use of information systems is permitted.
The following restrictions apply:
- Authorized Users are responsible for exercising good judgment regarding the reasonableness of personal use. Immediate supervisors are responsible for supervising their employees regarding excessive use.
- Incidental personal use of electronic mail, internet access, fax machines, printers, copiers, and so on, is restricted to HV Health and Safety approved users; it does not extend to family members or other acquaintances.
- Incidental use must not result in direct costs to HV Health and Safety without prior approval of management.
- Incidental use must not interfere with the normal performance of an employee’s work duties.
- No files or documents may be sent or received that may cause legal action against, or embarrassment to, HV Health and Safety.
- Storage of personal email messages, voice messages, files, and documents within HV Health and Safety’s information systems must be nominal.
- All messages, files, and documents — including personal messages, files, and documents — located on HV Health and Safety information systems are owned by HV Health and Safety, may be subject to open records requests, and may be accessed in accordance with this policy.
Purpose
The purpose of this Password Policy is to establish guidelines for creating and managing secure passwords to bolster the security of HV Health and Safety’s IT systems and safeguard sensitive information from unauthorized access. By adhering to these rules, users can contribute to a more resilient cybersecurity environment and mitigate the risk of password-related security breaches.
Audience
This policy applies to all personnel who have, or are responsible for, an account (or any form of access that supports or requires a password) on any system that resides at any HV Health and Safety facility, has access to the HV Health and Safety network, or stores any non-public HV Health and Safety information.
Policy Detail
User Network Passwords
Passwords for HV Health and Safety network access must be implemented according to the following guidelines:
- Passwords must be changed every 90 days.
- Passwords must adhere to a minimum length of 8 characters.
- Each password must include at least one symbol (!, @, #, etc.) OR one number (0-9) to enhance complexity and resistance to password guessing attacks.
- Passwords must not be easily tied back to the account owner such as: username, social security number, nickname, relative’s names, birth date, etc.
- Passwords cannot be reused for 1 year.
System-Level Passwords
All system-level passwords must adhere to the following guidelines:
- Passwords must be changed at least every 6 months.
- All administrator accounts must have 12-character passwords which must contain three of the four items: upper case, lower case, numbers, and special characters.
- Non-expiring passwords must be documented listing the requirements for those accounts. These accounts need to adhere to the same standards as administrator accounts.
- Administrators must not circumvent the Password Policy for the sake of ease of use.
Password Protection
- The same password must not be used for multiple accounts.
- Passwords must not be shared with anyone. All passwords are to be treated as sensitive, confidential HV Health and Safety information.
- Stored passwords must be encrypted.
- Passwords must not be inserted in e-mail messages or other forms of electronic communication that is not encrypted.
- Passwords must not be revealed over the phone to anyone.
- Passwords must not be revealed on questionnaires or security forms.
- Users must not hint at the format of a password (for example, “my family name”).
- HV Health and Safety passwords must not be shared with anyone, including IT staff, co-workers, managers, or family members, while on vacation.
- Passwords must not be written down and stored anywhere in any office. Passwords must not be stored in a file on a computer system or mobile device (phone, tablet) without encryption.
- If the security of an account is in question, the password must be changed immediately. In the event passwords are found or discovered, the following steps must be taken:
- Take control of the passwords and protect them.
- Report the discovery to IT.
- Users cannot circumvent password entry with an auto logon, application remembering, embedded scripts, or hard coded passwords in client software. Exceptions may be made for specific applications (like automated backup processes) with the approval of IT. For an exception to be approved, there must be a procedure to change the passwords.
- PCs must not be left unattended without enabling a password-protected screensaver or logging off the device.
- Security tokens (i.e. smartcards, RSA hardware tokens, etc.) must be returned upon demand or upon termination of the relationship with HV Health and Safety.
Regular Rotation
Passwords should be changed regularly to reduce the risk of unauthorized access due to compromised credentials. It is recommended to change passwords at least every 90 days.
Multi-Factor Authentication (MFA)
- Where available, users are encouraged to enable multi-factor authentication (MFA) to add an additional layer of security to their accounts.
- MFA methods may include SMS codes, authenticator apps, or hardware tokens, which help verify the identity of users before granting access to accounts.
IT Services Feedback Form
GIve us feedback on services performed. This is not the form to submit service tickets