Clay & Craft Renovations specializes in integrating cutting-edge smart home technologies into historically significant properties, creating unique security requirements for our IT systems. Our business environment includes:
The storage and transmission of sensitive client financial information and property details, requiring strict confidentiality protections
Integration of Internet of Things (IoT) devices that connect to both our systems and client networks, creating potential vulnerability points
Compliance with multiple regulatory frameworks including HIPAA for accessibility modifications and various state-specific building regulations
Management of proprietary renovation techniques and designs that represent valuable intellectual property
Storage of detailed security system configurations for high-value residential properties, requiring exceptional protection from unauthorized access
This policy outlines acceptable use requirements for Clay & Craft Renovations’ information technology resources. You must comply with this policy to protect company and client information, maintain regulatory compliance, and safeguard our reputation for excellence and trustworthiness.
For questions regarding this policy, contact the Information Security Department at 667-556-4445 or admin@hq.clayandcraftrenovations.com.
2.1. This policy applies to all Clay & Craft Renovations employees and contractors. Contractors are subject to the same requirements as employees unless specifically noted.
2.2. This policy covers all technology resources provided by Clay & Craft Renovations, including computers, mobile devices, servers, networks, applications, and any cloud services used for company business.
2.3. This policy applies to all locations including the Owings Mills Operations Center, field offices (Baltimore, Philadelphia, Wilmington), renovation sites, client properties, and remote work settings.
3.1. You must use company technology resources primarily for business purposes to perform your job responsibilities.
3.2. You are permitted limited personal use of company resources provided it does not interfere with job performance or consume significant resources. Contractors are prohibited from any personal use of company technology.
3.3. You must protect your authentication credentials (usernames, passwords, access cards) and never share them with anyone, including coworkers, managers, or IT staff.
3.4. You must lock your computer screen whenever you leave it unattended, even for a few minutes.
3.5. You must only access the systems and information necessary for your specific job role, following the principle of least privilege.
3.6. You must report any suspicious activities or security incidents to the Information Security Department immediately.
4.1. You are prohibited from accessing, creating, storing, or transmitting material that is illegal, harassing, or offensive to others.
4.2. You are prohibited from attempting to access systems, accounts, or data without proper authorization.
4.3. You are prohibited from disabling or bypassing any security controls on company devices, including antivirus software, firewalls, and content filters.
4.4. You are prohibited from installing any software on company devices without written approval from the IT Department.
4.5. You are prohibited from using company resources for personal business, political activities, or other non-company business.
4.6. You are prohibited from sharing company or client information through personal email, messaging applications, or unauthorized cloud storage services.
4.7. You are prohibited from connecting company devices to public Wi-Fi networks without using the company Virtual Private Network (VPN).
5.1. Your communication through company email and systems represents Clay & Craft Renovations. You must maintain professionalism in all electronic communications.
5.2. You must use your “@clayandcraftrenovations.com” email account for all company business. Personal email accounts must never be used for company business.
5.3. You are prohibited from opening suspicious email attachments or clicking on links from unknown senders. You must report suspicious emails to the Information Security Department.
5.4. Your internet browsing on company devices is monitored and recorded. Websites with malicious or inappropriate content are blocked.
5.5. You must limit streaming media (videos, music) during business hours to avoid network slowdowns.
6.1. You must classify and handle information according to its sensitivity following company data classification guidelines.
6.2. You must encrypt sensitive company and client information when storing it on portable devices or transmitting it over networks.
6.3. You must treat client property layouts, smart home configurations, and security system details as confidential information requiring appropriate protection.
6.4. You must protect the company’s proprietary renovation techniques and design specifications from unauthorized access.
6.5. You must back up important work data according to your department’s backup procedures.
6.6. You must securely dispose of information following the Digital Media Sanitization, Reuse, & Destruction Policy.
7.1. You must password-protect all mobile devices used to access company information with complex passwords and enable automatic screen locking.
7.2. You must enable remote wipe capabilities on mobile devices containing company data to allow deletion of data if the device is lost or stolen.
7.3. You must report lost or stolen devices that contain company information to the Information Security Department immediately.
7.4. You must use the company VPN when accessing company resources remotely to ensure secure communications.
8.1. Violations of this policy will result in disciplinary action up to and including termination of employment or contract.
8.2. The Information Security Department and Human Resources are responsible for enforcing this policy.
8.3. You are required to report any suspected policy violations to your manager or the Information Security Department.
8.4. The company will conduct regular compliance reviews and security assessments to ensure adherence to this policy.
8.5. This policy will be reviewed annually and updated as needed to address new technologies and risks.