Information Security Policy

Information Security Policy
Latest Information Security Policy for Omega World Travel

Information security is every employee’s responsibility. As our policy states, technology can be inherently insecure. Therefore you must treat the information you can access as confidential and/or sensitive. Our clients have an expectation of privacy as I'm sure you do with your own personal information. Clients can be customers to Omega World Travel or in my case, you are my clients.

Understand the procedures and processes listed in this email will assist in limiting the liability of Omega World Travel, our clients and in some cases you.

**Very Important - In addition we will be activating a filter in our email system for outgoing emails to assist with information processing. This filter will review numbers for credit card and social security. If a match to our filter is found, the email will not be sent to the recipient. You will then get an email indicating “This message violates our email policy”.

Below are some recommended best practices and FAQs:

Who can receive information that is considered confidential and or sensitive in nature?
Only parties directly involved with the subject matter.
(If your manager or supervisor, is not directly involved they should not receive the information)

How can information that is considered confidential and or sensitive in nature be distributed?
Email – File attachment only and the attachment must be encrypted. Original file deleted from computer and then deleted from recycle bin.
Telephone – Only with known, trusted party involved with subject matter.
Print – placed in a file folder, mark printed copies with a date to shred, store in locked cabinet.

When communicating information that is considered confidential and or sensitive in nature via email with encrypted file you must have the person receiving the information on the phone to confirm file that is being attached is encrypted.

Information can have different levels of confidentiality and sensitivity and should be treated as such.

List of information considered confidential and sensitive:
Require: Encryption, Communicate with parties directly associated with subject matter
• Credit Card Numbers
• Social Security Numbers
• TSA Information – gender/birth date/ full name
• Credit Card Reconciliation
• Passwords
• Logins
• Lists that compile information (example – Name, Ticket Number, Credit Card, and Ticket Price ie. ARC reports etc.)

Require: Communicate with parties directly associated with subject matter, Encryption when deemed necessary by parties involved.
• Lists of client names
• Lists of financial information
• Lists of new clients
• Lists of ARC Numbers

Require: Communicate with parties directly associated with subject matter.
• Proposals
• Traveler Itineraries

Email has become a primary form of communication and considered secure, due to communication directly to an individual or parties. Email is NOT a secure form of communication.

When receiving information that is considered confidential and or sensitive please process the information and delete the email, then delete the email from your deleted folder.

If you should receive information where you are not directly involved with the subject matter, delete and advise person to remove you from further communications.

Confidential and or sensitive information should only be placed in trash receptacle after shredding. Some offices have secure shredding receptacles, USE THEM.

Examples of EMAIL disclaimers:
These can be placed within your email signature file.

1. The above terms reflect a potential business arrangement, are provided solely as a basis for further discussion, and are not intended to be and do not constitute a legally binding obligation. No legally binding obligations will be created, implied, or inferred until an agreement in final form is executed in writing by all parties involved. If you received this communication by mistake, please don't forward it to anyone else (it may contain confidential or privileged information), please erase all copies of it, including all attachments, and please let the sender know it went to the wrong person. Thanks.

2. PRIVACY/CONFIDENTIALITY NOTICE: This e-mail communication may contain private, confidential, or legally privileged information intended for the sole use of the designated and/or duly authorized recipient(s). If you are not the intended recipient or have received this communication in error, please notify the sender immediately by email or by telephone at 1-703-359-0200, and delete all copies of this e-mail, including all attachments, without reading them or saving them to your computer or any attached storage device. If you are the intended recipient, you will need to secure the contents conforming to all applicable state and/or federal requirements related to the privacy and confidentiality of such information, including the HIPAA Privacy guidelines.

3. PRIVACY/CONFIDENTIALITY NOTICE: This e-mail communication may contain private, confidential, or legally privileged information intended for the sole use of the designated and/or duly authorized recipient. If you are not the intended recipient or have received this communication in error, please notify the sender immediately by email or by telephone at 703-359-0200, and delete all copies of this e-mail, including all attachments, without reading them or saving them to your computer or any attached storage device. If you are the intended recipient, you will need to secure the contents conforming to all applicable state and/or federal requirements related to the privacy and confidentiality of such information.

If you should have any question please fill out our a support request.

Thank You