//Health & Safety Policy

At Public Outreach, we are invested in your health and safety.

Safety is everyone’s responsibility at Public Outreach. It is the responsibility of managers, leaders and employees to follow safety rules, laws and regulations, to properly carry out Public Outreach safety program and policies and to continually be vigilant of health and safety. All staff members are expected to do their part to help maintain our safety and health standards.
Public Outreach will make every reasonable effort to provide a safe and healthy work environment and to protect employees from incurring injury while on the job. However, we require all staff members to be dedicated to reducing the risk of illness and injury.
Managers will be held accountable for the health and safety of the employees under their supervision. Managers are responsible for ensuring that employees work in compliance with established safe work practices and procedures.
Employees will be trained in their specific work tasks to protect their health and safety.

Every employee must protect his or her own health and safety by working in compliance with the law and by following safe work practices and procedures established by Public Outreach Canada.
Accommodation to staff seeking assistance with their mental or physical ability concern:

Any staff required assistance with Mental health or any other disabilities, please contact your local HR to start the process. Also note that, your privacy is our utmost priority and we would like to keep you safe and happy during your tenure with PO.

ROLES AND RESPONSIBILITIES PURSUANT TO HEALTH AND SAFETY LAWS AND POLICY

As an Employer, Public Outreach must:

• • Take all reasonable steps to ensure the health and safety of all staff;
• • Comply with Health & Safety laws, regulations, policies and procedures;
• • Remedy any workplace conditions that are hazardous to health or safety of staff;
• • Ensure that staff are made aware of all known health and safety hazards to which they are likely to be exposed to in their work;
• • Establish occupational health and safety policies and programs in accordance with laws and regulations    which meet industry standards and best practices;
• • Provide staff with training and supervision necessary to ensure the health and safety of staff; and
• • Consult and cooperate with designated health and safety representatives.

All Supervisors, Coaches and Managers must:

• • Ensure the health and safety of all workers under their direct supervision;
• • Be knowledgeable about health and safety laws, regulations and programs;
• • Ensure that staff under their direct supervision is made aware of all known health or safety hazards in the area where they work;
• • Ensure that staff comply with health and safety laws, regulations, policies and procedures; and
• • Consult and cooperate with designated health and safety representatives for the workplace.

All Staff must:

• • Take reasonable care to protect their health and safety and the health and safety of others;
• • Comply with Health & Safety laws and regulations, as well as Company policies and procedures;
• • Carry out work in accordance with established safe work policies and procedures;
• • Wear clothing appropriate for the work they do;
• • Not engage in horseplay or similar conduct that may endanger themselves or any other person;
• • Not be impaired by alcohol, drugs, or other substances while at work;
• • Inform a Manager about hazards and risks to their health and safety and/or the health and safety of others.
• • Cooperate with the managers and health and safety representatives in investigations and development of health and safety programs.
• • Not engage in conduct which constitutes discrimination, harassment, and/or violence.

//Emergency Procedures

If you believe that your work may place, or is placing, you or another worker in imminent danger, you are obligated to refuse to perform the work in question.

PREPARATION:

There is no strategy that works for every situation, but the likelihood of a successful resolution is much greater if you have prepared to address possible health and safety risks ahead of time. It is important for all staff to identify a plan for exiting a workplace situation in the event of an incident.

HARASSMENT

Harassment ranges from a mild annoyance to a serious threat and can be in verbal, physical, or written form. Someone’s speech or actions which are threatening and which cause you to feel uncomfortable or unsafe may constitute harassment.

If you are in a situation in which you feel unsafe, remove yourself from it as quickly as possible. Do not put yourself in unnecessary danger.  Ensure your co-worker/buddy is informed of the situation.

Fundraisers are to inform a manager or Human Resources in the event they observe or experience Harassment in circumstances relating to work.  As early as possible, an Incident Report should be filled out detailing the situation and resolution.

VIOLENCE

If you observe or are exposed to a person who engages in physical violence to person or property, or threatens physical violence:

• 1. Stop work and remove yourself from any danger.  Fundraisers should leave together ideally.
  2. Call 911 if emergency services are required.
  3.  Do not confront an individual perpetrating or threatening physical violence.
  4.  Do not leave a safe position until told to do so by emergency responders.
  5.  Report the incident to the Fundraising Manager, or the next available person on the Contact Tree.

FIRE

If You Discover Fire or Smoke:

• Remain calm. Leave the fire area, closing doors behind you if applicable.
  Immediately evacuate via the nearest designated fire exit if applicable.
  Do not go back for any personal belongings.
  Activate the nearest fire alarm.
  When safe to do so, call 911. Provide your name, building address, and the location of the fire and/or smoke.
  Report to your Pre-determined Meeting Point and contact your Fundraising Manager or next available person on the Contract Tree.
  Do not return to the site of the fire/smoke until it is declared safe by a Fire Official and the alarm condition has been cleared.

EMERGENCY – MEDICAL

In the event that you are confronted with a medical emergency involving your co-worker or a member of the public:

Assess the situation: If the person is conscious ask them to tell you if anything hurts.
If they are unable to move themselves, do not move the person unless they are in imminent danger of further injury, e.g., an approaching fire.
Call 911 as soon as possible.
Contact your Fundraising Manager or next available person in the Contact Tree.
FIRST AID CONSIDERATIONS
We do not expect our staff to engage in any form of medical assistance or treatment to members of the public or to other staff members.  In the case of the injury to another staff member, first aid should only be offered by a staff member who is trained and certified to give first aid treatment.
If you are considering applying first aid, ask yourself the following:

• 1. Is immediate action needed in order to save a life?
• 2. Will I place myself or the patient in harm or jeopardy?

FIRST AID IS MINOR CARE ONLY.  DO NOT JEOPARDIZE YOUR HEALTH OR THE HEALTH OF THE PATIENT. WAIT FOR PROFESSIONAL HELP IF YOU ARE NOT ABLE TO PROVIDE FIRST AID SAFELY OR IF YOU DO NOT HAVE A CURRENT FIRST AID CERTIFICATE.

EARTHQUAKE

What to do during an earthquake: The basic rule is to duck, cover, and hold.  Follow these guidelines:

Get under a table or desk if you can and stay there until the shaking stops.
Grab a table leg or other solid object and hold on until the shaking stops.
Stay away from objects that might fall on you, and keep well away from glass.
If you’re in a car, stop the vehicle as soon as possible, preferably in an area away from bridges, trees, and power lines.  Stay in the vehicle.
Next Steps:

• -Wait until earthquake passes
  -Call manager or Natasha
  -Check on other staff to make sure they’re okay
  -Call emergency services if any injuries are sustained – DO NOT TRY TO HELP THEM YOURSELF
  -Look out for fires; this is the most common hazard after an earthquake
  -Once everything is secured, wait for further instructions

Evacuation – The only reasons for leaving a building due to earthquake are as follows:  The building is on fire, there is structural damage to the building or there is a gas leak.
If you must evacuate, follow these guidelines:

• -Follow the evacuation procedure for your building.
  -Don’t panic.
  -Stay clear of the outside of the building – windows may shatter, raining glass down on the ground below.
  -Proceed to the designated meeting area(s).  Listen for directions from Emergency Services.
  -Never re-enter the building unless it is declared safe by a Fire Official.

CAUTION INTERACTING WITH THE PUBLIC

When dealing with members of the public who do not appear stable, Public Outreach advises staff not to engage except where necessary to disengage or deescalate a situation.

If you encounter a potentially unstable, aggressive or disturbing member of the public on turf:

• Do not engage with someone who is behaving irrationally or erratically
  If you are approached by someone you do not know, do not share any information with them about your co-workers and especially not their turf location.
  Remove yourself from your current turf location to avoid further incident.  Inform your coach/leader/manager of your movement and concerns.
  Tell your manager or HR; provide them with the person’s location and behavior details.  You may be required to fill out an Incident Report.

If you encounter someone of this nature in the office:

• If you are working alone or after hours, please lock the door and then make the required calls.  Do not open it for anyone you do not know.
• If someone is already in the office creating a disturbance, ask them clearly and calmly to leave.  If you are not comfortable doing so, do not assume someone who is physically larger than you is comfortable dealing with the situation!
• Inform management or a human resources representative of the issue.
• If you cannot find an appropriate authority, please call the non-emergency police line
• If anything is taken by the individual, DO NOT FOLLOW THEM.  Make notes of what was taken and report it to the police.

Incident Report: Staff involved in any emergency or harassment related incident must fill out an Incident Report within 24 hours  The report is available on the Staffsite:

Taxis and Public Transportation may be available to assist staff in retreating to a safe location in the event of a serious incident.  Keep a receipt of any costs incurred in getting to a safe location and provide it to your Manager for reimbursement.

//Harassment Policy

Public Outreach is committed to continually striving for equity, safety and respect in the workplace.  We are committed to providing a working environment for employees that is free of harassment and discrimination in which all employees are treated with respect and dignity.  Accordingly, workplace harassment and/or discrimination will not be tolerated at Public Outreach.  Any Public Outreach employee found to have engaged in conduct constituting workplace harassment or discrimination will be disciplined accordingly, up to and including termination from employment for cause.

Public Outreach recognizes that employees may be subject to workplace harassment or discrimination by individuals who conduct business with us. In these circumstances, we will endeavour to correct clients and contractors, as well as to support and assist any Public Outreach employee subjected to such treatment. 

Public Outreach encourages reporting of all incidents of discrimination or harassment, regardless of whom the offender may be.  In the case that an offender is a direct manager, Public Outreach has a policy of establishing upper management, human resource representatives and Employee Assistance Programs which may be alternatively reached.

This policy applies in any location where employees are engaged in Public Outreach business activities. This includes Company-owned or leased facilities and vehicles, and any outside facilities being utilized by Company employees for business activities authorized by Public Outreach.

This policy also applies to any 3rd party hired by Public Outreach to perform a service within a business location or to provide a service.  Eg., Harassment of staff by an electrician contracted to work for Public Outreach must be reported for resolution as much as harassment by another staff person.

This policy does not prohibit management from exercising managerial functions which fall within their rights and responsibilities, provided this is done in an appropriate manner. Such functions include, but are not limited to, conducting performance appraisals, addressing performance and conduct issues, delegating work assignments, and determining work locations and schedules for staff.  

Further, this Policy is not meant to inhibit relationships based on mutual consent or normal social contact/interaction between employees, subject to any applicable legislation or Employer policy.  Consensual relationships should be acknowledged as discussed by the Personal Relationships at Work policy.



Definitions

Discrimination in Employment:

Discrimination in employment means unequal treatment or differential treatment in employment practices (such as recruitment, hiring, compensation, promotion, assignment) on a prohibited ground (including race, colour, ancestry, place of origin, political belief, religion, marital status, mental or physical disability, sex, gender, age, criminal background, family status, and sexual orientation) or on any other legislatively prescribed ground.

At Public Outreach, we consider all people regardless of their origins, orientations, or dis/abilities worthy of protection from discrimination and harassment.  

Workplace Harassment:

Workplace harassment means engaging in a course of vexatious gesture, comment or conduct against a worker in a workplace that is known or ought reasonably to be known to be unwelcome. Workplace harassment may also relate to a form of discrimination on a prescribed ground as set out in the applicable provincial human rights legislation (including race, colour, ancestry, place of origin, political belief, religion, marital status, mental or physical disability, sex, gender, age criminal background, family status, and sexual orientation) or on any other legislatively prescribed ground that is likely to cause offense or humiliation to the employee, or that might reasonably be perceived by that employee as placing an improper discriminatory condition on employment or on an opportunity for training or promotion. The conduct, comment, or gesture need not be deliberate or conscious, and will be assessed according to objective standards of reasonableness.

Examples of conduct which may constitute workplace harassment include, but are not limited to:

• unwelcome derogatory or demeaning comments, jokes, gossip, innuendo or taunting:
• insults, challenges or communication, or display of offensive or derogatory pictures or other material based on the above areas, or are targeting or referencing any of the areas as described above.

Sexual Harassment :

Sexual harassment is a form of Workplace Harassment and means any unwelcome conduct, comment, gesture, or contact of a sexual nature that is likely to cause offence or humiliation to any employee, or that might on reasonable grounds, be perceived by that employee as placing a condition of a sexual nature on securing or continuing employment or an opportunity for training or promotion.  The conduct, contact or comment need not be deliberate or conscious and will be assessed according to objective standards of reasonableness.

Examples of conduct which may constitute sexual harassment include, but are not limited to:

• derogatory or demeaning comments, jokes, or innuendoes of a sexual nature;
• unwanted physical contact which is sexual in nature such as touching, pinching, grabbing, or  brushing against an employee’s body;
• sexually suggestive gestures;
• repeated or persistent leering at a person’s body;
• sexual assault;
• the display of sexually suggestive objects, pictures, or written material; compromising invitations; and/or
• A reprisal or threat of a reprisal, perceived by the subject as placing a condition of a sexual nature on employment by a person in authority after such sexual solicitation, advance, or inappropriate touching is rejected.

 

Responsibilities

All members of management and supervisory personnel have the explicit responsibility and duty to maintain an environment free from harassment and discrimination and to take immediate and corrective action to prevent any form of harassment or discrimination of our employees.  Managers and supervisors are expected to identify and address inappropriate workplace behavior, as defined by this Policy, investigate incidents in violation of this Policy, take appropriate disciplinary/corrective action where applicable and generally demonstrate a willingness to address concerns with any employee.

All employees are expected to adhere to this Policy and assist in the implementation and enforcement of this Policy by promptly reporting violations to the Human Resources Department and by cooperating during any investigations.

Public Outreach’s Human Resources Department is responsible for the administration of this policy.

Human Resources is responsible for advising employees and managers regarding this Policy and appropriate legislation, for educating them as to what may be offensive to others or is contrary to the equal access workplace standards, and for conducting a confidential investigation of complaints.

Employee Recourse

If you believe you are the victim of or a witness to harassment, sexual harassment, or discrimination, you are to contact your Manager, Senior Manager, Human Resources, or a Health & Safety Representative immediately. Further, you are expected to follow the Workplace Harassment, Discrimination or Violence Complaint Procedure set out in this Handbook.  

All complaints will be considered with privacy and confidentiality as the most important point; in the event you feel you have been harassed or discriminated against in any way by your manager, please seek any one of the above alternatives to pursue your issue with.

Management will investigate and deal with all concerns, complaints, or incidents of workplace harassment or discrimination in a reasonable and timely manner while respecting the privacy of all concerned to the greatest extent practicable.  No details will be disclosed to any parties not already privy to the information or necessary to the resolution process.

 

If the complaint has merit, disciplinary action will be taken against any employee offender up to and including termination from employment for cause.   The course of action and corrective actions taken will be communicated to the victim.

Nothing in this policy prevents or discourages a worker from exercising his or her rights to file a complaint of harassment or discrimination under the applicable human rights legislation, or health and safety legislation, where applicable, within the time limits specified by that legislation.

Note: The workplace violence policy should be consulted whenever there are concerns about violence in the workplace.

lf you wish to have further information regarding this Policy, please contact Human Resources at 1 888 326-5535 x4000.

//Workplace Violence Policy

Public Outreach is committed to providing staff with a safe, healthy work environment that is free of violence. Public Outreach staff members have the right to be treated with dignity and respect.

This Policy applies to activities that occur while on Public Outreach premises, on location (turf), as well as to work-related activities and events including social events (e.g. conferences, parties, travel).

Workplace violence is defined in the Occupational Health and Safety Act as follows:

 

“Workplace violence” means,

(a) the exercise of physical force by a person against a worker, in a workplace, that causes or could cause physical injury to the worker, (b) an attempt to exercise physical force against a worker, in a workplace, that could cause physical injury to the worker, (c) a statement or behavior that it is reasonable for a worker to interpret as a threat to exercise physical force against the worker, in a workplace, that could cause physical injury to the worker.

 

Examples of workplace violence include, but are not limited to: verbal abuse, bullying, pushing, physical assaults, as well as property damage, including vandalism and theft.  Workplace violence also includes domestic violence that could cause physical injury to a worker in a workplace.  Public Outreach will not tolerate acts of workplace violence. A staff member who subjects another to workplace violence will be subject to disciplinary action up to and including termination of employment (for cause).

 

Managers and Supervisors are responsible for:

• – Complying with the Workplace Violence Policy and Program;
• – Ensuring all reporting, investigations and documenting of incidents is thorough and complete;
• – Ensuring that staff are trained and educated on violence prevention and response procedures;
• – Encouraging employees to report violent incidents or risk; and
• – Advising staff of Aspiria, Human Resources, and other available resources.

 

Employees are responsible for:

• – Adhering to the Workplace Violence Policy and Program and any other supporting program(s);
• – Attending education and training sessions;
• – Reporting any violent incidents or threats; and
• – Providing input into hazard investigations and investigations.

 

If you feel that you or anyone else is in immediate danger, contact Emergency Services (911). Further, you are expected to follow the Workplace Harassment, Discrimination or Violence Complaint Procedure set out in this Handbook.

 

If you are the victim of, or a witness to, a violent incident or threat of violence at work or any work- related event, you are to contact your Manager, Senior Manager, Human Resources, or Health & Safety Representatives.    

 

Management will investigate and deal with all concerns, complaints, or incidents of workplace harassment or discrimination in a reasonable and timely manner while respecting the privacy of all concerned to the greatest extent practicable.

 

if you wish to have further information regarding this Policy, please contact Human Resources.

 

Note: The workplace violence policy should be consulted whenever there are concerns about violence in the workplace.

 

VIOLENCE

If you observe or are exposed to a person who engages in physical violence to person or property, or threatens physical violence:

•   1. Stop work and remove yourself from any danger. Fundraisers should leave together, ideally.
•   2. Call 911 if emergency services are required.
•   3. Do not confront an individual perpetrating or threatening physical violence.
•   4. Do not leave a safe position until told to do so by emergency responders.
•   5. Report the incident to the Fundraising Manager, or the next available person on the Contact Tree.

//Complaint Procedure

Any employee who feels that he/she has experienced workplace harassment, discrimination or violence may file a complaint under this Policy, or initiate proceedings, without fear of reprisal.

If you believe that you have been subjected to workplace harassment, discrimination on a prohibited ground, or workplace violence:

Step 1:

• Request that the person immediately stops the behavior/action whenever reasonable. Do so as soon as you experience any form of unwelcome comment or conduct. Although this may be difficult to do, telling the person that you do not appreciate or are uncomfortable with his or her actions is often enough to stop the behavior. Remind the person that the conduct is against Company Policy. If you are not comfortable with approaching the person, go to Step 3.
• If you believe that someone who is not a worker, e.g. a customer, member of the public, etc., has subjected you to harassment, discrimination,  or violence, please report the incident to your direct supervisor immediately. Such behavior from non-workers is not acceptable and will be dealt with under this Policy.



Step 2:

• Keep a record of the incident(s) including dates, location, witnesses, your response to the individual, and any other pertinent information.
• If allegations of workplace harassment, discrimination or violence are made against you, keep a record of your version of the alleged incident. If you believe the complaint is unfounded or made in bad faith, discuss the matter with your immediate supervisor, senior management,  or with Human Resources.

Step 3:

• If the violent, discriminatory,  or harassing behavior does not stop, bring the complaint immediately to the attention of your immediate supervisor, upper management,  or Human Resources. If the offender is your immediate supervisor or another member of management, bring your complaint to the attention of any managerial staff member with whom you are comfortable dealing and/or to Human Resources.

 

Any formal written complaint file by an employee must contain:

• name(s) of the respondent(s) to the complaint;
• the date or dates of the incident(s);
• location(s) of the incident(s);
• details of the incident(s);
• names of any witnesses.

 

Human Resources will then address the issue with the alleged offender in accordance with Step 4.

 

Step 4:

• A manager in Human Resources will review the complaint and may determine that an investigation is warranted if there is sufficient evidence to indicate that harassment, discrimination, or violence may have occurred. Temporary measures will be implemented to protect the complainant and/or victim, if necessary.
• Confidentiality will be maintained at all times, except where the disclosure of names is necessary for the purpose of investigating the complaint, when taking any action in relation to the complaint, and/or where disclosure is required by law.

 

Note: Whether or not a formal complaint is filed, the Company may be obligated to proceed with an investigation if it appears that applicable legislation and/or the policy has been violated.

If the investigation reveals evidence to support the complaint of workplace violence, discrimination or harassment, appropriate measures will be taken. These may include disciplinary action up to and including termination of employment.

 

If resolution is not achieved, an employee may still exercise his or her rights under the applicable human rights and/or health and safety legislation, as appropriate.

Where the complaint is determined to be abusive, frivolous, vindictive, or made in bad faith, the Company will take appropriate action towards the complainant, which may include disciplinary action up to and including termination of employment.

 

A request for an external person, can be retained to conduct a workplace harassment investigation (for example, but not limited to, when the alleged harasser is a president, owner, high-level management or senior executive).

 

Reprisal against an individual who has filed a complaint in good faith or who has been named as a witness or respondent in a complaint, whether or not the complaint was substantiated and whether or not the complaint was resolved through any of the procedures set out in this Policy, may itself become an incident of workplace harassment and could result in disciplinary action being taken by the Company, up to and including termination of employment.

 

Results of the investigation

Within 10 days of the investigation being completed, the worker who allegedly experienced the workplace harassment and the alleged harasser, if they are a worker of the employer, will be informed in writing of the results of the investigation and any corrective action taken or that will be taken by the employer to address workplace harassment.  

 

All records of the investigation will be kept confidential. Records will be kept for at least one year.

 Incident Report link:

https://docs.google.com/forms/d/e/1FAIpQLSfvykxR07Qi69s0LndzQnFov02vJNT_8LWIkywnSFYSrq2WVw/viewform

 

(Please note – If for some reason you aren’t able to follow the above steps, you can drop an email to humanresources@publicoutreachgroup.com and we will make sure the situation is handled in a timely manner)

//Hot Weather Policy

Fundraising in summer requires that you come to work prepared to beat the heat!  

Your coaches and managers are great resources for summer tips to help you deal with the heat. You are expected to follow guidelines with regard to appropriate attire and use of sunscreen.  Make sure you speak up and ask questions. Public Outreach veterans have lots of wisdom to share!

To be safe in summer, some basic guidelines include:

Being covered

Take care of your skin and your eyes—broad spectrum sun screen should be worn every day and reapplied throughout the day as necessary. Sunglasses with UV protection or a hat will also help keep you comfortable. Layer up for those days when it drizzles in the morning and becomes bright by the afternoon.  If you’ve been recently burned, cover that skin with loose, breathable fabric for extra protection. You can be covered by your turf, too—speak to your coach if you’ve yet to pitch from a shady side of the street.

Being hydrated

You must bring a reusable water bottle to work.  Don’t just rely on your morning coffee! Caffeine is a diuretic and, when combined with a hot day, can lead to dehydration.  Water is a critical requirement for a summer day outside! If you’ve forgotten or lost your water bottle, ask your coach for a replacement.

Being aware of the elements

Overexposure to sun and heat or dehydration can lead to illnesses cause symptoms such as weakness, excessive perspiration, low blood pressure, nausea, confusion or blurred vision.   So be aware of your body. If you experience these symptoms or illness of this nature, make your coach or manager aware and find a cool space to take a break and drink water.

You must be energized and ready to hit the streets and doors in summer, so take steps to take care of yourself.

Extreme Heat

In the event of extreme heat, your manager may choose to end/cancel a shift after it has already begun.  If this occurs, you will be paid for either the hours worked or the minimum required hours applicable for your province, whichever is more.  If you are available to reschedule a canceled shift to later in the week, please speak to your manager to work out a make-up shift.

You may elect to personally leave a shift at any time if you feel that the weather poses a health and safety risk.  You are still responsible to make your coach or manager aware if you must leave assigned turf or work altogether. If you require medical attention and/or time off on account of your reaction to the weather, your manager may request a doctor’s note.   You may always work with your manager to try to reschedule shifts if you took some time off.

For questions or concerns regarding the Hot Weather Policy, email humanresources@publicoutreachgroup.com  or call 1-888-326-5535 ext. 4000.

//Cold Weather Policy

It’s all about prep, prep, prep, whether it’s winter or summer. You’re not going to have fun if you’re worrying about your toes! In order to keep warm and toasty while you’re out pacing, we’ve got a few things to help…

Winter Clothing Allowance: If you need to invest in brand-new gear, Public Outreach provides a variable stipend for staff based on days worked. Put it toward whatever you need this winter–for a list of great items to invest in, speak to your FM or one of your veteran coaches.

Additional Gear: Heat packs will be available to all staff, every shift, as needed. Heat packs will never be rationed, but as they are disposable please be conscious of your use. Heat packs are most effective when used as directed – check the instructions.  Your toes should be enclosed by the pack for optimal warmth.  We are always on the lookout for more environmentally friendly options and your suggestions are welcome! Email or call Human Resources (humanresources@publicoutreachgroup.com or 1-888-326-5535 ext. 4000).

Door teams are expected to use the removable cleats for their boots during all snowy/icy weather.  If you do not have the “yak trax” or “ice grippers” that work for your size foot, please let Human Resources know immediately.

Breaks and Petty Cash: Your supervisor should ensure that you are getting enough breaks, and that you have enough warm liquids (tea, hot chocolate, etc.) If you’re really feeling the cold, be sure to speak up.

Our very first concern is always your Health & Safety. If you feel any weather conditions are unsafe to work in, please notify your manager or coach immediately. As a staff member, you are actually obligated to refuse any work you feel would pose an imminent risk and can do so without fear of reprisal. Speak with your manager and we will make every effort to help you make up a shift at another time.

Appropriate Dressing: We expect that you’ll come to work prepared. In winter, what you wear and how you wear it will make all the difference. Staying warm is all about layering. Keep synthetic materials close to your skin, with a heavier layer on top (wool is a good one) and then ensure that your outer layer is wind/waterproof. Invest in great boots and gloves, and by great, we don’t mean stylish – we mean fully waterproof, heavy duty and warm. Wool socks are also a fantastic investment. Layer socks so that one layer wicks sweat away from the body while another continues to insulate and keeps you warm! If you are unprepared for work, managers may send you home to dress appropriately for your safety

Ensure that you remove layers during your breaks – being indoors with all your gear on will make you sweat and make you that much colder later in the day.

Backup Supplies: On the off chance that you forget warm socks or gloves one day, your office should have a small supply of items that you can borrow. If you realize midway through the day that your new mitts are not holding up, speak to your supervisor or manager about picking up something on turf to stay comfortable! Don’t be shy – remember, your health and safety is the most important.

Extreme Cold: Managers are always reviewing conditions based on their specific locale and medium needs to ensure the workplace, wherever that may be, is safe for all involved. Excessive ice or wind may prompt a manager to cancel the shift after the day has begun. If this occurs, either the hours worked or the minimum applicable hours for your province will be paid out, whichever is more.

//Internal Responsibility System

The IRS refers to an internal system where each individual has direct responsibility for health and safety.  Each person is expected to take initiative on health and safety issues and to resolve health and safety issues and make improvements on an on-going basis.  

For the IRS to function successfully, each staff member of Public Outreach is expected to accept their personal obligations with regard to health and safety.

Provincial Health and Safety laws and regulations are based on the IRS concept and include rights and obligations that require all employers and employees to participate in the process to continually improve health and safety in our workplace.

 

There are several fundamental staff rights that facilitate the IRS:

The Right to Know – all staff have the right to know about hazards that may impact them at a workplace. All staff members also have a right to know about control measures put in place to protect them from the identified hazards.

 

The Right to Participate – all staff have a right to participate in the creation and maintenance of a healthy and safe work environment.   Staff members are asked to participate in the development of health and safety programs and to participate in hazard identification and control exercises.

 

The Right to Refuse – all staff have a statutory right to refuse work that they reasonably and in good faith believe would pose a risk of imminent danger, and are free to do so without the risk of reprisal. If a staff member thinks their work may put them or another staff member in imminent danger, they must refuse to do it.  Staff will continue to be paid for their shift in the case of a good faith work refusal.Human Resources: 1 888 326-5535 ext. 4000 / humanresources@publicoutreachgroup.com

//Reporting Incidents

REPORTING HAZARDS & RISKS

 

Incident Report Form

Staff must refuse to perform any work that they reasonably and in good faith believe would expose them or their fellow workers to a health or safety risk or imminent danger.   

Our health and safety program strives to identify and control hazardous situations before they result in incidents.  If you identify a hazard, it is your responsibility to report it. Recommended guidelines for responding to emergency situations are found at the beginning of this document.

Staff must immediately report the hazard or emergency/incident to the Fundraising Manager or next available person on the Contact Tree, and fill in an Incident Report Form attached to this Handbook as Appendix “A” and can also on the Public Outreach staff site: http://publicoutreachstaff.org/Staff_EN/health-safety/

The hazard should also be reported to a Health and Safety Representative for the workplace using the Hazard Report Form found at the end of this Handbook as Appendix “B” and can also on the Public Outreach staff site: http://publicoutreachstaff.org/Staff_EN/health-safety/

Staff will continue to be paid for the time spent investigating provided that the work refusal is during a scheduled shift.

In the event that the hazard requires immediate control please contact your Fundraising Manager or the next available person on the Contract Tree (refer to page 3).

REPORTING A HEALTH AND SAFETY INCIDENT (other than an incident of harassment, discrimination or workplace violence)

Incident Report Form

Any accident, incident, or “near miss,” no matter how slight the injury or damage is, must be reported to the Fundraising Manager or local Human Resources Representative immediately for appropriate action.  

The Fundraising Manager is responsible for ensuring that the Workplace Health and Safety Representatives are informed of the incident and provided with the Incident Report.  

Staff involved in, or having knowledge of, an incident must fill out an Incident Report within 24 hours after the incident.  The report is to be provided to the Fundraising Manager or next available person on the Contact Tree.  

The Incident Report template is found at the end of this document at Appendix  “A”, and can also be found on the Staff site at http://publicoutreachstaff.org/Staff_EN/health-safety/

ASSESSMENT AND FOLLOW UP

The Fundraising Manager will assess the situation together with the staff involved in, or who observed the incident, as well as one or more Workplace Health and Safety Representatives in the case of a critical or fatal injury. Assessment should include contacting security or emergency services to get details of the emergency where applicable.

 

In the case of a work refusal, if the incident occurred at a turf location, depending on the results of the assessment, a decision will be made by management as to whether the turf location will still be used for the remainder of the shift. If the decision is to end the shift early, the Fundraising Manager will specify if staff members are to be assigned to other work locations, or given the remainder of their shift off. If the work location is deemed to be safe following an assessment, the shift schedule may be rearranged to bring in other staff members if management determines that this is necessary.

The Fundraising Manager is to communicate with staff to inform them of the incident and specify what steps have been taken to prevent another incident.

 

GETTING INVOLVED IN HEALTH & SAFETY

Staff members are expected and encouraged to be actively involved in the health and safety efforts of Public Outreach through participation in health and safety training, application of health and safety concepts on the job,  and through hazard and incident reporting.

 

If you would like to become formally involved in the health and safety initiatives and maintenance at Public Outreach, please contact your Coach, Fundraising Manager, Human Resources, or JHSC members.

 

STAYING HEALTHY WHILE WORKING: BE KIND TO YOUR BODY!

Recommendations for Footwear*

• Wear shoes that provide a firm grip for the heel.
• Wear shoes that allow freedom to move your toes.
• Ensure that shoes have arch supports.
• Use padding under the tongue if you suffer from tenderness over the bones at the top of the foot.
• Use a shock-absorbing cushioned insole.
• Don’t wear flat shoes.
• Don’t wear shoes with heels higher than 5 cm (2 inches).
• Don’t rush into buying a pair of shoes. Try them out before buying.

 

Recommendations while standing*

• Keep moving! Change positions frequently.
• Use your breaks to relax.
• Exercising may also help.

*Source: Canadian Centre for Occupational Health & Safety

 

WHMIS Workplace Hazardous Materials Information System

 

The Workplace Hazardous Materials Information System (WHMIS) is Canada’s national workplace hazard communication system.  Its prime objective is to provide health and safety information to employees so that they can take the necessary precautions to avoid injury, illness and death.  

Under WHMIS, employers in workplaces with hazardous materials are required to identify those materials, ensure that proper data sheets on the materials are readily available and containers are properly labeled, and ensure that employees are properly trained in handling and use of the materials.

Employees are required to follow procedures with regard to workplace hazards and hazardous materials and to familiarize themselves with the safety data sheets applicable to their workplace.  

 

Hazard Identification Forms

Hazard Identification forms are supplied by Public Outreach as a tool for employees to bring forward identified hazards within the workplace and are attached as Appendix “B” to this Booklet. To complete the form, please fill out all areas as clearly as possible. Completed forms are to be handed in to your Manager with copy to the Human Resources Department.



//Accessibility Policy & Resources (Ontario)

This 2014-21 accessibility plan outlines the policies and actions that Public Outreach will put in place to improve opportunities for people with disabilities

STATEMENT of COMMITMENT

Public Outreach is committed to treating all people in a way that allows them to maintain their dignity and independence. Equal opportunities, integration and inclusion have been and continue to be key priorities in Public Outreach, and are embedded within our culture.  We are committed to meeting the needs of people with disabilities in a timely manner, and will do so by preventing and removing barriers to accessibility and meeting accessibility requirements under the Accessibility for Ontarians with

Disabilities Act (AODA) and the related Integrated Accessibility Standards Regulation (the “IASR”).

 

POLICY DEVELOPMENT & AVAILABILITY

 As part of Public Outreach’s commitment to meeting its obligations under the AODA, Public Outreach has developed a multi-year plan which outlines the strategy to prevent and remove barriers.  The plan will be reviewed and updated by Public Outreach at least once every five (5) years and as required.

Public Outreach will maintain its accessibility policies in a written format. They will be available to the public and will be provided in an accessible format upon request.

 

INFORMATION and COMMUNICATIONS

When providing information to or communicating with a person with a disability, we will provide on request the information and communication in an accessible format or with a communication support. We will work in consultation with the person with the disability to provide them with the information in a manner that takes their disability into consideration.

 

ACCESSIBLE WEBSITE

Public Outreach  are committed to working towards an accessible website and website content that will comply with the World Wide Web Consortium Web Content Accessibility Guidelines initially at Level A and moving towards Level AA standards.

 

EMPLOYMENT

Our employment practices will include notification of the availability of accommodation for applicants with disabilities, as well as supports for staff with disabilities. Where employee needs dictate, we will provide individualized workplace emergency response information to employees who have a disability.

Our performance management, redeployment and career development processes will take into account the accessibility needs of its employees with disabilities.

 

INDIVIDUAL ACCOMMODATION PLANS & RETURN TO WORK PROCESS

Public Outreach will continue to work alongside staff in preparing and documenting individual accommodation plans.  Key components to the development of accommodation plans include:

• Working in close partnership with the staff member to develop the plan;
• Considering the staff member on an individual basis;
• Obtaining medical or expert opinion on accommodation for the staff member, and supporting the staff member in securing such information;
• Protection of the staff member’s personal information;
• Informing the staff member of the return to work and accommodation process;
• Identifying when the plan will be reviewed, and completing the reviews in collaboration with the staff member and manager;
• Ensuring the plan is provided in a format that respects the staff member’s needs; and
• Keeping the lines of communication open at all times to ensure the needs of the staff member are being met.

 

TRAINING

Public Outreach will provide training to staff and persons involved in developing policies for our organization.  Public Outreach will also provide training to all others who provide goods, services or facilities on behalf of our organization

Training will cover:

• Accessibility requirements from the Integrated Accessibility Regulation and Accessible Customer Service Standard;
• How the Human Rights Code pertains to persons with disabilities; and
• Changes that are made to the accessibility policies.

 

PUBLIC OUTREACH’S MULTI-YEAR ACCESSIBILITY PLAN

Public Outreach will by January 1, 2014:

• Continue to provide individualized emergency workplace information to employees with disabilities when necessary;
• Create accessibility policies and plans and make them publicly available; and
• Ensure all new websites and content on those sites conform with WCAG 2.0, Level A.

 

Public Outreach will by January 1, 2015:

• Provide training on IASR requirements and on disability-related obligations under Ontario Human Rights laws and regulations, as well as similar legislative provisions across the country; and
• Make existing feedback processes accessible to persons with disabilities, upon request.

 

Public Outreach will by January 1, 2016:

• Notify public, employees and potential candidates with disabilities that accommodations can

be made in recruitment and assessment processes;

• Notify new hires and employees of our policies for accommodating employees with disabilities;
• Put in place a written process to develop individual accommodation plans for employees with a disability;
• Put in place a return to work process for employees that have been absent due to a disability; and
• Take into account the accessibility needs of your employees with disabilities if:

– Using performance management

– Offering career development or advancement

– Redeploying employees

 

Public Outreach will by January 1, 2021:

• Ensure Public Outreach’s internet websites and web content conform with WCAG 2.0 Level AA, except for exclusions set out in the IASR.

 

For more information on our accessibility training and IASR training and compliance, please see:

Our Accessible Customer Service Training Package

Our Accessible Customer Service Plan – Providing Services to Individuals with Disabilities

Our Integrated Accessibility Standards Regulation

Our Individualized Emergency Response Plan Consent Form

Our Accommodation Process for Staff with Disabilities

Our Return to Work Process

Otherwise, contact Public Outreach’s Human Resources Department

By telephone at 1 888 326-5535 ext. 4000

In writing to:

Public Outreach Canada
Attn:  Human Resources
3rd Floor
347 College St.
Toronto, ON  M5T 2V8

Electronically to humanresources@publicoutreachgroup.com

//Privacy Policy on Employee Information

DOWNLOAD IT

Privacy Policy on Employee Information (15-Feb-2012)

Andrea Kenchington

HR Director

Human Resources Division 

This document outlines Public Outreach Canada’s privacy policy for employee information as required under the national Personal Information Protection and Electronic Documents Act (PIPEDA) which came into force on January 1, 2001.  PIPEDA applies to personal information collected, used or disclosed by private sector organizations.  PIPEDA also covers donor and client information, the policy for which is covered under a separate document, Public Outreach Data Security Policy.

The policy attempts to balance the right of employees to protect their personal information against the need of the company to collect, use and disclose such information by using the “Reasonable Person Standard”.   This standard holds that the company can collect, use and disclose personal information as far as a reasonable person would consider appropriate in the circumstances.  Typical Public Outreach business uses for personal information would include the need to contact staff, communicate with staff, human resource planning and analysis, inform clients about staff, create sales material about our workforce and donor performance analysis.

Personal employee information covered under this policy includes:

• Name, age, weight, height
• Home address and phone number
• ID numbers
• Race, ethnicity, sexual orientation
• Marital status, religion
• Medical information, employment information
• Income, purchases and spending habits
• Blood type, DNA, fingerprints
• Photographs, video
• Opinions about the individual (including notes from interviews or performance reviews)

The policy applies to employee information found on a variety of documents such as personnel records, emails, computer files, websites, applications, forms, surveys or video recordings, etc.

It should be understood by those applying this policy at PO that both PIPEDA and the legal interpretations since its enactment are evolving.  That is not unsurprising given the quick evolution of information and electronic technology.  How we create, send, store and receive information is an ever changing process.  Therefore readers are asked to consider this a living document that requires ongoing review and sensitivity to emerging conditions.  This document outlines the general policy principles and is followed by an appendix of specific procedures and practices.

Personal Information Management

Public Outreach is responsible for personal employee information collected, used and disclosed for business purposes and will assign a privacy officer to ensure compliance with the policy’s principles.

Personal employee information will be collected, used or disclosed for the purposes reasonably required to establish, manage or terminate an employment relationship between the company and the individual.  Other uses include communication with staff, human resource planning and analysis, information to clients about our workforce, creation of sales material about our workforce and donor performance analysis.

The collection of personal information will be limited to that which is necessary to the operation of Public Outreach’s business.  Information should be collected by fair and lawful means.

Employees will have knowledge and informed consent for the collection, use and disclosure of personal information.

Personal information should not be used or disclosed for purposes other than those for which it was originally intended as described above, except with the informed consent of the individual.  Personal information should be retained only as long as necessary for the fulfillment of those purposes.

Personal information should be as accurate, complete and up-to-date as is necessary for the purpose for which it is intended.

Maintenance of personal information

Personal information will be protected by security safeguards appropriate to the sensitivity of the information.  Specific details are to be found in the appendix.

Access to Personal Information

Public Outreach will make this policy readily available to staff.

Upon request, an individual will be informed of the existence, use and disclosure of his or her personal information and will be given access to that information.  An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

An employee will be able to address the compliance of Public Outreach practices according to this policy to the designated privacy officer.

Appendix: Procedures and Practices

Public Outreach Canada’s contact for employee privacy and data security is the Human Resources Department:  1 888 326-5535 x4001

Maintenance of Personal Information

Personal contact information such as home address, personal email and phone numbers will be stored on Google Docs.  Contact information will be maintained by each separate team and only authorized members of staff will be provided permission to access.  Authorized staff would include managers and supervisors of that team, relevant administration staff, Human Resources/People and Culture staff, payroll staff and senior directors.

Personal information in the form of electronic files will be maintained in server or computer directories that can only be accessed by authorized staff via a password login system.  All staff computers will have password login system for employees who regularly use them.

Personal information collected in a physical form such as completed application forms, photocopies of identification documents, or interview and performance review notes and will be maintain in an appropriate storage location such as a filing cabinet which can be locked.  Only authorized staff will be provided with keys to this storage.

Personal employee information should not be maintained on Public Outreach’s staff or public website.

Access to Personal Information

This policy will be made available to staff on Public Outreach’s staff site.

Human Resources will respond to requests for access to personal information or a complaints regarding non-compliance from employee within 30 business days of receiving a written notice.

//Data Security Policy

DOWNLOAD IT

Data Security Policy

Andrea Kenchington

HR Director

Human Resources Division

This document outlines Public Outreach data security policy as required under the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) which came into force on January 1, 2001.  PIPEDA applies to donor and client information.  PIPEDA also covers personal employee information collected, used or disclosed by private sector organizations.  The policy for employee personal information is which is covered under a separate document, Public Outreach Privacy Policy.

It should be understood by those applying this policy at PO that both PIPEDA and the legal interpretations since its enactment are evolving.  That is not unsurprising given the quick evolution of information and electronic technology.  How we create, send, store and receive information is an ever changing process.  Therefore readers are asked to consider this a living document that requires on-going review and sensitivity to emerging conditions.  This document outlines the general policy principles and is followed by an appendix of specific procedures and practices.

Public Outreach is the custodian of extensive information holdings and relies upon this information management, policy and program initiatives. The management of donor information requires PO to protect confidentiality, integrity and availability of the information assets in its care. This policy applies to all employees, management, vendors, contractors, business partners and any other parties who have access to company and client data.

Information Management

Public Outreach is responsible for donor information collected, used and disclosed for business purposes and will assign a security officer to ensure compliance with the policy’s principles. The collection of client and donor information will be limited to that which is necessary to the operation of Public Outreach’s business.  Information should be protected by fair and lawful means.

Data information covered under this policy includes 2 types of data:

1. Proprietary Data which is private data that is the property of PO, such as finance records, contact information, internal reports, canvass information, personnel records, payroll and related items.

2. Client Data which relates to such areas as client files and documents, donor information which includes age, address & financial information.

Proprietary data is comprised of three classifications:

1. Public. This is defined as information that is generally available to anyone within or outside of the company. Access to this data is unrestricted, may already be available and can be distributed as needed. Public data includes, but is not limited to, marketing materials, company policies relating to dealing with external persons and organizations and other data as applicable.

Employees may send public data to anyone outside of the company.

2. Private. This is defined as corporate information that is to be kept within the company. Access to this data may be limited to specific departments or officers of the company and cannot be distributed outside of the workplace.  Private data includes, but is not limited to, pricing, profit margins, response rates, work phone directories, organizational charts, company financial information, company policies (except for those specifically identified as Public) and other data as applicable.

Employees may not disclose private data to anyone who is not a current employee of PO.

3. Confidential. This is defined as corporate information that may be considered potentially damaging if released and is only accessible to specific groups. Confidential data includes, but is not limited to, personal donor information, contact information, tax forms, accounting data, security procedures and other data as applicable. PO considers it a top priority to protect the privacy of its employees, clients, and donors.

Only authorized employees may handle confidential data.

Data Maintenance

Both Client and Proprietary information will be protected by security safeguards appropriate to the sensitivity of the information.  Specific details are to be found in Appendix A.

Acceptable Use Policy

PO does not wish to unduly restrict or interfere with our established creative culture but we are committed to protecting our employees, clients and partners from illegal or harmful actions. Data flow is intrinsically an IT issue and as such as all IT infrastructure including computers, software, storage media, email accounts and internet access points are the property of Public Outreach and are to be used strictly for business purposes. It is every employee’s responsibility to know the rules and guidelines for proper IT usage. Specific details are to be found in Appendix B.

Appendix A: Data Maintenance

Public Outreach’s Information Security Officer is Dean Mercer, Director of Fulfillment and IT .

The security officer will ensure that staff dealing with both proprietary and client information understand that they are not permitted to collect, use or disclose said information for purposes other than those for which it was originally intended.

The security officer will ensure that relevant staff complies with the maintenance and storage practices and policies outlined in the section below.

Physical & Environmental Security

This section identifies requirements for the protection from environmental and human threats to information processing offices. Requirements for the installation, operation, protection and maintenance of computer equipment are identified to preserve the confidentiality, integrity and availability of information and information systems.

Public Outreach has two types of facilities.  Type I facilities are those which do not handle confidential proprietary or client data and therefore lower security standards are required.  For instance, canvass-only offices are Type I facilities.

Type I facilities must employ the following physical safeguards:

• Physical security perimeter to place computers, people and information in secure areas.
• Physical entry controls such as lockable doors to ensure that only authorized personnel are allowed access.
• Confidential proprietary and client information collected in a physical form will be maintained in an appropriate storage location such as a filing cabinet which can be locked.  Only authorized staff will be provided with keys to this storage.

Type II facilities are those which handle confidential proprietary or client data, for example those that house client services, finance, fulfillment and stewardship teams.

Type II facilities must employ the following physical safeguards:

• Physical security perimeter to place computers, people and information in secure areas.
• Physical entry controls to ensure that only authorized personnel are allowed access. Locked doors, electronic keypads or fobs must be used for information processing facilities.
• Information processing facilities must be equipped with doors that close automatically.
• Proprietary information collected in a physical form will be maintained in an appropriate storage location such as a filing cabinet which can be locked.  Only authorized staff will be provided with keys to this storage.
• Access to information processing areas must be controlled, and where possible separated from canvasser facilities.

Information Exchange Policies, Procedures & Agreements

Information exchange policies, procedures and controls must be documented and implemented to protect the exchange of information through all types of electronic communication services. Services can be delivered by external parties and by computer networks and by all services that exchange information.

Information Owners and Information Custodians must ensure the terms and conditions for exchanging information assets with external parties is documented in an agreement. The agreement must define:

• Custody and control accountabilities.
• Authority of a custodian to publish, grant access to or redistribute the information.
• Purpose and authorized uses of the information.
• Primary contacts, for agreement, governance and management.
• Requirements for protecting information according to its security classification.
• Technical standards for transmission, recording or reading information or software.
• Responsibilities for reporting privacy and security incidents and breaches.
• Liability, accountability and mitigation strategies, for attempted, suspected or actual privacy and security incidents and breaches.

Network Management & Controls

A range of controls must be implemented to achieve and maintain security within the network. Security features, service levels and management requirements of all network services must be documented and included in any network service agreement.

Wireless Fidelity (Wi-Fi) is becoming a very common standard. The security officer must ensure that wherever Wireless Local Area Networks are employed that certain controls are utilized:

• Strong link layer encryption, such as Wi-Fi Protected Access
• The use of strong, frequently changed, automatically expiring encryption keys and passwords
• Virtual Private Network (VPN) tunnel technology
• The use of Desktop Terminal Services (DTS) technology
• Intrusion detection systems, firewalls and Media Access Control (MAC) address filtering

When remote access data transmission is required, employees must use a secured path. Secured paths for information transmission utilize controls such as SSH, SSL or VPN tunnels, FTP and Encryption.

Removable Media Management

All removable computer media (USB drives, DVD-r) must be managed with controls appropriate for the sensitivity of the data contained on the media. Since transportable media increases the risk of information compromise it must be handled and stored so as to prevent unauthorized information disclosure or misuse.

Information managers, owners and custodians must:

• Ensure that use of portable storage devices is managed and controlled to mitigate risks.
• Document processes for authorizing use of portable storage devices.
• Ensure personnel using portable storage do not transport restricted or confidential information.
• Securely dispose of the media in a manner appropriate for the sensitivity of the contained data.

Data Loss Prevention (DLP) Controls & Policies

Information Custodians must protect PO information systems from malicious attacks (viruses, worms) by undertaking proactive measures and ensuring the following policies are strongly enforced:

Email Policy

Email that’s created, compiled, sent or received on Public Outreach’s information systems are the property of Public Outreach. PO email systems are to use a spam filter (such as Google’s Postini) to filter for possible malicious software before delivery.

Proprietary Data transmitted by email must be appropriately protected.  Staff should avoid emailing sensitive information since these emails can end up on cell phones which are difficult to completely secure. Instead proprietary files should be shared via Google Docs or Filesanywhere to authorized staff. Proprietary information will be stored on Google Docs or Filesanywhere, maintained by each separate team and only authorized members of staff will be provided permission to access.  Authorized staff would include managers and supervisors of that team, relevant administration staff and senior directors.

Confidential client data should never be sent or received via email. If a file must be sent via email it must be encrypted. Instead client files should be transferred via secure file transfer protocol (FTP).

Password Policy

Passwords are the last line of defense against a malicious attack. There are certain characteristics that ensure that they are not easily compromised.

All PO passwords must meet a certain criteria. The security officer will ensure that each employee uses only strong passwords that meet the following standards:

• No Fewer than 8 characters
• Cannot be found in a dictionary (any language)
• Should contain UPPER and lower characters
• Combines digits, letters and symbols (@#$%^)
• Should not be based on personal information
• Is changed regularly
• Should be committed to memory (not be written down) or stored using encrypted password manager software such as mSecure

Encryption Policy

Lost or stolen hardware regardless of password logins are still susceptible to data loss. Encryption of all company hard drives adds another layer of protection. All PCs, notebooks and thin clients must use a minimum 128-bit encryption solution (256-bit is preferable) via:

• An O/S integrated encryption solution such as MS BitLocker and TPM chip (128-bit)
• A 3rd Party encryption software such as Sophos Safeguard (256-bit)
• A FIPS 140-2 Level 2 certified Self-encrypting hard drive (S.E.D.) (128-bit)

Anti-Virus Policy

Anti-virus software is to be installed on all PO systems. All clients that connect to our network must have company approved anti-virus software and have up to date virus definitions.

Backup Policy

Information Custodians must conduct a Security Threat and Risk Assessment to identify safeguards for backup facilities and media that are commensurate with the value and sensitivity of the information and information systems. Safeguards include:

• Using encryption to protect the backed up information. (256-bit encrypted NAS)
• Using digital signatures to protect the integrity of the information.
• Physical and environmental security.
• Setting Access controls.
• Adhering to manufacturer recommendations for storage conditions and maximum shelf-life.
• Maintaining an offsite remote data backup to avoid DL from physical disasters such as a fire.
• Information systems must be backed up and the recovery process tested regularly.

Equipment Decommission Policy

Public Outreach will ensure secure disposal or re-use of all its equipment. This “cradle to the grave” policy maintains that all data and software must be erased from equipment prior to disposal or re-deployment.

Mobile Phone Policy

As mobile devices such as Smart Phones and Tablets are becoming more and more ubiquitous they are used more and more to access email and files. All company phones and tablets must be password protected and encrypted. Remote wipe software must also be activated and every employee must report their lost or stolen handset to the security officer as soon as it is found to be missing.