SHELL COX WELLNESS BUSINESS IT POLICY

1. Purpose

This policy establishes the principles and guidelines for using information technology (IT) resources at Shell Cox Wellness. It aims to ensure the security, integrity, and reliability of all IT systems and data, particularly given our reliance on audio-visual content and customer interactions.

2. Scope

This policy applies to all employees, contractors, and third parties who access or manage Shell Cox Wellness’s IT systems, including hardware, software, internet, email, mobile devices, and digital platforms.

3. Acceptable Use

·         - IT equipment and systems must be used primarily for business purposes.

·         - Users must not install unauthorized software or apps.

·         - Use of company internet or devices to access offensive, illegal, or inappropriate material is strictly prohibited.

·         - Social media usage on company accounts must follow approved guidelines and content calendars.

4. Data Protection and Privacy

·         - All personal data (staff, customers, partners) must be handled in accordance with Shell Cox Wellness’s GDPR policy.

·         - Audio, video, or photo files involving clients must only be stored, processed, or distributed with appropriate consent.

·         - Sensitive data must be stored in secure, access-controlled systems (e.g., password-protected folders or encrypted storage).

5. Passwords and Access Control

·         - Strong passwords are required for all devices, apps, and systems (minimum 8 characters, mix of cases, numbers, symbols).

·         - Passwords must be changed every 90 days.

·         - Sharing of login credentials is prohibited.

·         - Access levels will be defined by role and reviewed quarterly.

6. Equipment and Devices

·         - All devices must be approved and configured by the IT administrator.

·         - Mobile devices used for work (including for music playback or sound therapy apps) must be protected by PIN or biometric security.

·         - Loss or theft of company devices must be reported immediately.

7. Email and Communication

·         - Company email accounts must be used for all business correspondence.

·         - Phishing or suspicious messages must be reported to IT support.

·         - Confidential customer or business data must not be transmitted via unsecured email.

8. Software and Media Usage

·         - Only licensed or approved software may be used.

·         - Any music, sound libraries, or meditation content must have proper usage rights or licenses.

·         - Users are not permitted to download or distribute copyrighted content without authorization.

9. Backup and Storage

·         - Business-critical files must be backed up weekly to a secure cloud or physical drive.

·         - Media content (e.g., meditation tracks) must be stored in designated folders for access by authorized staff only.

10. IT Support and Maintenance

·         - All IT issues must be reported to the designated IT support lead or contractor.

·         - Regular updates, patching, and antivirus scans will be scheduled and maintained.

·         - Staff must not attempt to fix or alter IT systems without authorization.

11. Breach of Policy

·         - Breach of this policy may result in disciplinary action, up to and including termination of contract or employment.

·         - Where appropriate, legal action may also be taken.

12. Review and Updates

This policy will be reviewed annually or when significant changes to IT systems or operations occur.