1. Our Commitment to Information Security

Our Mission: The Phil Labor Information Technology (IT) department is committed to protecting the information, data, and technology assets of both our company and our clients. We strive to maintain robust and vigilant internal controls to ensure the highest levels of data protection against failure, damage, or compromise. Our security controls are guided by Australian privacy law and cybersecurity best practices.

2. Your Role in Protecting Our Information This policy applies to everyone with access to Phil Labor’s information assets, including all employees, contractors, consultants, and business partners.

As our company grows, protecting our information becomes more critical than ever. This document establishes the framework for our security practices. It is your responsibility to understand and adhere to these policies and to report any conduct that violates them.

As part of your employment, you must sign an acknowledgment form confirming you understand and agree to comply with our IT, data protection, and hardware security policies.

3. Core Security Principles

Legal Compliance: We comply with all relevant legal, statutory, and regulatory requirements for protecting and handling information, including the Australian Privacy Act 1988 and its Notifiable Data Breaches (NDB) scheme.
Timely Reporting: You must immediately report all information security violations, problems, or potential threats to the designated IT Help Desk. This information will only be shared with those who have a valid ‘need-to-know’ for investigatory purposes.
Active Enforcement: All personnel are responsible for proactively enforcing these security policies.

4. Acceptable Use of Company Technology

4.1 Business Purpose and Limited Personal Use All company communication systems—including computers, email, and IP phones—are company property and must be used for business purposes.

We understand that occasional, brief personal use may be necessary. However, this use must not interfere with your work and should be kept to a minimum.

4.2 Expectation of Privacy You should have no expectation of privacy in anything you create, store, send, or receive on company systems. Phil Labor reserves the right to monitor all aspects of its computer systems and network to ensure policy compliance. This includes tracking websites visited, reviewing materials downloaded or uploaded, and monitoring communications.

4.3 Prohibited Activities Company resources must not be used for any of the following:

Receiving, viewing, sharing, or distributing offensive or prohibited materials.
Soliciting for any outside business or commercial purpose.
Promoting political activities or lobbying.
Distributing chain letters or unauthorized solicitations.
Downloading, installing, or playing games.
Accessing inappropriate websites, including but not limited to sexually explicit, hacking, or pirated software sites.
Any activity that violates federal, state, or local laws.

5. Managing Your Devices and Data

5.1 Physical Security You are responsible for the physical security of all company-provided equipment and data.

Keep portable computers (laptops) physically secure at all times.
Protect all removable media, such as USB flash drives, disks, and notes.

5.2 Using Personal Devices (BYOD) If you use a personal device for work, management reserves the right to review and manage company-related data on that device. We may review activity and analyze usage patterns to ensure compliance with this policy. You may not knowingly disable any company-installed monitoring software.

5.3 Lost, Stolen, or Damaged Devices You must protect all devices used for work from loss, damage, or theft.

Immediately notify management if a device is lost, stolen, or damaged.
Phil Labor is not responsible for any loss or damage to your personal data. If IT cannot repair a work-related issue on a personal device, you may be responsible for the cost of replacement.

5.4 Data Backups You are responsible for ensuring that all locally-held company information on your computer is properly backed up and recoverable. The IT team may instruct you to back up data to a secure cloud service, such as OneDrive, Dropbox, or Google Drive.

6. Access Control and Passwords

6.1 Access to Information Access to information is granted based on your job responsibilities and a valid “need-to-know.” Unauthorized access to another person’s account is strictly prohibited. The sharing of user IDs is not allowed.

6.2 Password Security Your passwords are the first line of defense for our systems.

You MUST:

Keep your passwords confidential and well-protected.
Provide your passwords to IT personnel for secure documentation when required.

You MUST NOT:

Write passwords down and leave them in an unsecured location.
Share your passwords with anyone, including coworkers.
Send passwords via unencrypted email.

6.3 Unattended Computers You must protect your computer from unauthorized access when you are away from your desk.

Lock your computer if you will be away for 10 minutes or less. The system must require a password to unlock.
Shut down your computer if you will be away for more than 30 minutes.

7. Software and Security Tools

Virus Protection: Company-provided antivirus software (like Windows Defender) and firewalls must be installed and active on all computers at all times.
Copyright Compliance: Installing pirated or unlicensed software on company machines is prohibited.
Unauthorized Tools: You are prohibited from using security testing tools, network sniffers, port scanners, or password crackers. Only authorized IT personnel with explicit approval may use these tools.

8. Data Breach Response and Policy Violations

Internal Reporting is Mandatory. Violation of this policy may result in disciplinary action, up to and including termination of employment. It may also lead to criminal or civil liability. The IT team will work with Human Resources (HR) to ensure all personnel understand the consequences of non-compliance.

External Notification. In the event of a serious data breach that is likely to result in serious harm, Phil Labor will fulfill its external reporting obligations under the Notifiable Data Breaches (NDB) scheme. This may include notifying the Office of the Australian Information Commissioner (OAIC) and affected individuals.

9. Contact Information

For questions, suggestions, or to report an issue, please contact the IT Help Desk at [email protected].