In accordance with the Comprehensive Written Information Security Program (WISP) adopted by Hamra Enterprises, the following policy will be followed and enforced in efforts to protect the personal information of our guests, vendors and employees. The WISP defines “personal information” (PI) as an individual’s first and last name OR first initial and last name in combination with any of the following: social security number, driver’s license or state-issued ID number, bank account number, credit or debit card number.
The purpose of the WISP is to protect against anticipated threats to the security of personal information, protect against the unauthorized access of PI which can lead to identity theft or fraud, and to ensure the security and confidentiality of all general personal information.
- Akshit Shah has been designated “data security coordinator.” His responsibilities will include: implementation and training, testing of the safeguards, regular evaluation of our internal security measures as well as the security measures taken by our third party vendors.
- The people required to be trained in the WISP program are: Office Staff, DMs, IT department, Café Managers, Shift Supervisors, Catering Sales Coordinators and any other employee deemed responsible for the security of PI.
- Employees are prohibited from removing any documents containing PI from the café, unless it is required as a normal work function (i.e. MIT orientation, etc.).
- Passwords unique to an individual should never be shared with any other individual (i.e. back office computer login, etc.). Passwords or combination locks should never be written down; only committed to memory. Passwords and combination locks should be changed once every 90 days, or upon termination of employment.
- Documents containing PI that require disposal must be done so in a proper manner, such as utilization of a crosscut shredder (including catering slips which contain credit/debit card numbers).
- PI should not be emailed to outside recipients, nor should PI be emailed with an unencrypted email server; always use the email server provided by Boston Bread.
- All employees should feel empowered to notify their supervisor if a breach is observed. This will help protect the overall success of Boston Bread and its security program.
- Security measures will be reviewed on a periodic basis.
- Employees who fail to comply with the guidelines set forth will be disciplined in an appropriate manner. Retraining may apply.
In addition to reviewing this WISP Adherence policy, the full Hamra Enterprises Comprehensive Written Information Security Program can be requested through the Human Resource Department.