DESTRUCTION OF RECORDS
Corporate records are shredded based upon above timelines, and removed by an authorized document destruction service provider.  

ACCESS OF RECORDS
The CEO, CFO, VP of administration, controller, and director of administrative services are authorized personnel to have access to corporate records, with limited access by the corporate administrative coordinator for filing and retrieval purposes.
 

Network and Data Security

Information is considered an important asset of Mains’l Services, Inc., and restrictions are imposed for controlled data access.  Mains’l Services, Inc. considers it important to provide access to information to authorized users only. This operating procedure defines the processes to be used to protect the confidentiality, integrity, availability, and reliability of all information technology resources used to support the needs of our internal and external stakeholders, and to implement and enforce that level of security which will provide for the protection of data and information technology resources from accidental or intentional unauthorized disclosure, modification, or destruction by persons within or outside of Mains’l Services, Inc.

All Mains’l Services, Inc. technology equipment has up to date antivirus software installed, which automatically scans for viruses in real time.
                            

1.    Access to the Network – Local and Remote Access
Access to the Mains’l Services, Inc. intranet (agency network) is restricted.  Each user has a confidential personal identifier (user name and password.)  Personal identifiers are not to be shared with anyone for any reason.  Upon gaining access to the network, user’s access and ability to view, add or modify information is governed by permissions.  These permissions allow access to information which is appropriate to his or her job responsibilities.  Access rights are authorized by the executive assistant and chief financial officer and configured by the ITS/DSO.  Mains’l Services, Inc. Technology and Systems Use Policy and Procedure must be reviewed by all authorized users before intranet access will be given.

Mains’l Services, Inc. complies with all HIPAA data privacy requirements (see Notice of Privacy Practices for Employees, and Notice of Privacy Practices for Consumers.)

Supervisors of authorized users are responsible for immediately notifying the ITS/DSO upon termination, transfer, or resignation for the purpose of system access adjustment or termination.

2.    Access to the FTP site    

A.    Security of Mains’l Services, Inc.’s file transfer protocol (FTP) site is the sole responsibility of the ITS/DSO.  

• Access to the Mains’l Services, Inc. FTP site is restricted and governed by the ITS/DSO, under the requirements of the contracted services contract.  Upon approval by the chief financial officer, each user receives a confidential personal identifier (user name and password), assigned by the ITS/DSO.  The chief financial officer communicates the personal identifier information to the appropriate agency personnel.  Personal identifiers are not to be shared with anyone for any reason.  
• Upon gaining access to the site, user’s access and ability to view, add or modify information is governed by permissions.  These permissions allow access to information which is appropriate to his or her role.  Access rights are authorized by the chief financial officer and configured by the ITS/DSO.
• Mains’l Services, Inc. Technology and Systems Use Policy and Procedure must be reviewed by all employees who require access to the FTP site, before access will be given; in addition, employees will be required to review and sign any policies, procedures, and security agreement forms, as required by contracted entities.  
• Supervisors of authorized users are responsible for immediately notifying the chief financial officer upon termination, transfer, or resignation for the purpose of system access adjustment or termination.

B.    Data Handling

• All data transferred from contracted entities to Mains’l Services, Inc. is downloaded from the secure FTP site to the secure local area network.  Files are unencrypted and converted to the appropriate financial management system.   Data is processed as outlined by the contracted entity.  Once data is processed, it is uploaded to the secure FTP site.
• Again, only authorized users have access to files on the FTP site.

3.    Equipment 

• The information technology specialist/data security officer (ITS/DSO) and executive assistant are responsible for the purchase and installation of the computer software and hardware, and for maintaining the equipment.  In the event computer equipment must leave the facility for repair, hard drives are removed to ensure profile and, thereby, data security.  Prior to computer equipment being exchanged to another user within the agency, authorized users profile is deleted from computer to enforce data privacy.  Storage of company data in local hard drives is prohibited.  In the event computer equipment is leaving the facility to a non authorized user/entity, hard drives formatted to wipe out any traces of sensitive information.  The ITS/DSO is the only authorized personnel to complete the formatted and removal/disposal process.
• Confidential data may not be stored on any unencrypted mobile device, with the exception of the ITS/DSO.   Back up tapes are the only removable media allowed to store data for the sole purposes of back up.

4.    Physical/Site Security

• Mains’l Services, Inc. main headquarters is geographically located in a non-disaster related plain. The facility has strict security levels, governed by the vice president of administration and ITS/DSO. The data center is climate controlled (with its own cooling system), has strict security access, and is monitored for fire and security.  All network server equipment is housed in racks and cages for additional limited access.  All equipment is raised off the floor, at least ten (10) inches, to prevent water damage.  In addition, the headquarters is monitored for fire and security 24/7. 
• The ITS/DSO is responsible for site security and uses preventive measures necessary to minimize the risk of destruction, theft and other losses of equipment, software, and data. The ITS/DSO evaluates the physical location and conditions surrounding the site and take the necessary precautions to protect it.  The ITS/DSO annually evaluate the effectiveness of the site’s security and will report any new findings to contracted entities.  In addition, Mains’l Services, Inc. has an IT Disaster Recovery Plan, which is reviewed and revised, as necessary, minimally on an annual basis.
• It is the responsibility of the individual using the data to maintain appropriate confidentiality and the responsibility of the individual’s supervisor to ensure that the employee has adequate training on protection of information.

5.    Training and Agreement

• Supervisors are responsible for ensuring authorized users receive rules, policies, procedures, and guidelines on departmental information security.  All authorized users will sign a Training and Security Agreement
   

When a person identifies an issue, concern, or recommendation for a change or addition to Mains’l policy, procedure, or form please use the following steps.
1.    The Policy Team should be informed in writing of the issue, concern or recommendation. 

• Email to policyteam@mainsl.com

2.    The person responsible on the Policy Team for the identified policy area works with his or her strategic             partners to identify if a change should be made. 
3.    A written response is provided to the person who brought forward the issue, concern or recommendation, informing them of the decision of the policy team. 
4.    If it is determined that a change will be made, the procedures for developing and writing policies, procedures and forms should be followed. 

Developing and writing policies and procedures: The following steps should be followed when completing a revision or creating a new policy and procedure:
1.    The person responsible on the Policy Team for making the change works with his or her strategic partners to revise or create the new wording. 

• All applicable rules and regulations are checked to ensure compliance.

2.    The reason a policy and procedure is being revised or created and the wording changes are to be explained in an email to the Policy Team.  
3.    The Policy Team talks with people who would be impacted by the change to get feedback. 
4.    The Policy Team either approves or denies the proposed changes through email or a meeting.
5.    Policies and procedures that are in draft form, because they are new or being revised, should be saved in a separate folder titled DRAFT Policies and Procedures in the policy and procedure manual folder on the M Drive.

• Save the document with the policy and procedure title and the word DRAFT. 

6.    A date of any revision should be put on the bottom right hand corner of the last page of the document. Revision dates should be on the page itself, not in the footer. The format is Arial font size 9. The revision date should look like this: Rev. 11/6/15
7.    If the policy and procedure is new, it should list the date of creation. Creation dates should be on the page itself, not in the footer. The format is Arial font size 9. The creation date should look like this: Created 11/6/15
8.    Once a draft is approved, it is moved by the Policy Administrator to the official policies and procedures location. 
9.    Policies and procedures that are no longer valid given an end date are archived by the Policy Administrator up to seven years and then destroyed. 
10.    If a draft is not approved, the person who created it or the Policy Administrator delete the draft.
Format 
Mains’l policies and procedures are written and maintained following the format described below to ensure clarity and consistency:

a.    Body Text: Policy, procedure and internal controls should be typed in Arial font 11 with narrow 0.5” margins and single spacing with one space between paragraphs and two spaces between the end of the policy, procedure, and internal controls. 

• Headings should be bolded. 
• Sub-headings should be listed by letter and bolded if there is a title word or phrase such as the ones in this section. 
• Steps that are to be followed in a specific order should be listed by number. 
• Lists should be bulleted with the open circle bullet as seen within this policy. 
• When there is a heading that only applies to a subgroup of people who will be reading the policy or procedure, the heading should also have a bottom border that puts a solid line across the page.

b.    Header: The Header contains the Mains’l logo sized to 0.66 x 1.3 in the left corner and has a 0.1” margin. Centered on the page is the title of POLICIES AND PROCEDURES in bolded Arial font size 16. The header should look like the header on this policy and procedure. 

c.    Footer: The footer contains the title of the policy and procedure in caps, Arial font size 9, centered and the page number in the right corner and has a 0.3” margin. The footer should look like the footer on this page. 

d.    Policy: Policies tell what we do. Policies are clear, simple statements of how Mains’l intends to conduct services, actions and business. Each policy should:

• provide clarity for decision making,
• change infrequently and set a course of action for the foreseeable future,
• help ensure compliance with applicable laws and regulations, 
• reduce agency risk, and
• list the purpose of the policy our position, rules, regulations or directions that must be followed.

e.    Procedure: Procedures tells how we do things.  Procedures describe how each policy will be put into action and should be written in a format that is easy to follow, using numbers or bullets to list steps to be followed. Each procedure should outline:

• who will do what, 
• what steps they need to take,
• which forms or documents to use.

f.    Internal Controls: Internal controls help ensure that we do things the way we say we do them. They provide quality assurance and support people to be successful in knowing and following policies and procedures. 

Maintaining policies and procedures
The Mains’l web portal provides 24/7 access to policies and procedures for portal users, including all Mains’l employees, participant directed service recipients and their employees. The documents on the Mains’l web portal are the official electronic storage and access point for Mains’l policies and procedures. 

A folder on the agency M: drive, contains the word versions of each current and draft version of the policies and procedures. The M:drive is where individuals with approval to create and revise policies and procedures are to access and store the documents. 

To maintain an organized system of change control, and to ensure consistency, individuals should not keep separate copies or versions of policies or procedures in other locations. Instead, departments should forward policies and procedures, to be hosted on the website, to the Policy Administrator. 

Notification of changes to policies and procedures
The policy team determines when notifications of policy and procedure changes are issued, who will receive them, and the timeline for implementation of the change. Communication regarding changes is saved in the folder titled Communication of Changes within the policy and procedure on the M Drive. 

A member of the Mains’l policy team or their designee sends notification when a policy and procedure change occurs. Determining who should be notified is based on what in the policy or procedure has been changed and who is impacted by the change. Common recipients of change notifications include employees, people we support, and funders. 

a.    Minnesota notification requirements: 

1. We must provide a written notice to all persons or their legal representatives and case managers at least 30 days before implementing any procedural revisions to policies affecting a person's service-related or protection-related rights (found in 245D.04) and maltreatment reporting policies and procedures. 
2. We must provide an annual notice to all persons, or their legal representatives, and case managers for licensed services of any procedural revisions to policies required by 245D. 
3. All of the notifications must: 

• Explain the revision that was made. 
• Include a copy of the revised policy and procedure. 
• If not sent 30 days before implementing the change, explain the reasonable cause for not providing the notice at least 30 days before implementing the revisions.

4.    Before implementing revisions to any required policies and procedures, we inform all employees of the revisions and provide training on implementation of the revised policies and procedures.
5.    Upon request, Mains’l provides the person, or the person's legal representative, and case manager with copies of the revised policies and procedures.

b.    California notification requirements:

1. We provide a written notice to all persons or their legal representatives and case managers at least 30 days before implementing any procedural revisions to policies affecting a person's service-related or protection-related rights and maltreatment reporting policies and procedures. 
2. We provide an annual notice to all persons, or their legal representatives, and case managers for licensed services of any procedural revisions to policies required by statute. 
3. All of the notifications must: 

• Explain the revision that was made. 
•  Include a copy of the revised policy and procedure. 
• If not sent 30 days before implementing the change, explain the reasonable cause for not providing the notice at least 30 days before implementing the revisions.

4.    Before implementing revisions to any required policies and procedures, we inform all employees of the revisions and provide training on implementation of the revised policies and procedures.
5.    Upon request, Mains’l provides the person, or the person's legal representative, and case manager with copies of the revised policies and procedures.

Categories
Policies and Procedures are grouped by category and in alphabetical order by name. Each policy and procedure is assigned to one of the following categories. 
a.    Human Resources: Policies and procedures related to employees.
b.    Finance: Policies and procedures related to accounting, budgeting, and other financial functions.
c.    Services and Supports: Policies and procedures related to the services and supports provided by Mains’l.
d.    Medical: Policies and procedures related to the medical health and wellbeing of the people we support.
e.    Corporate: Policies and procedures that are of a general administrative or operational nature. 
f.    Participant Directed Services: Policies and procedures related to Financial Management Services and Participant Directed Services. 

Forms
Form development, maintenance, notification and categories follow a similar process to policies and procedures. The location of forms is dependent on the form itself. Forms are typically located in the Forms folder.

 

Hardware and Software Authorized Users and Installation

End User Hardware

Computers are provided to those employees requiring such technology to perform day to day services and business at Mains’l Services and its subsidiaries.

Desktops are routinely provided to office personnel and 24-hour program site locations.  Laptops are provided to those employees whose position requires mobility. Employees who are authorized to use laptop computers are required to sign a “Portable Equipment Agreement” before equipment is authorized for use (see “Portable Equipment Agreement.”)  Use of personal computers is permitted with limited access to agency information via terminal servicers and website only; personal computers are not supported by IT personnel.

All computer hardware and peripherals, whether desktop or laptops, are owned by Mains'l and are set up and installed by information technology (IT) department personnel.  

Employees authorized to use computer equipment owned by Mains’l include those given possession of the computer (senior leadership team members, directors, senior managers, managers, office personnel, etc.)  Other employees who may operate the technology include support coordinators and direct support professionals; however, the accountability of the computer remains with those employees who have been given possession.  Any users of computer equipment owned by Mains’l are expected to comply with this Information Technology Use Policy and Procedure.  

People who receive services from Mains’l may use computers which are owned by the agency, at the discretion of the manager and their supervisor.  The manager is responsible for any and all computer use at their site.

Server Hardware

Mains’l Services currently uses Cloud technology to deliver database services, applications, e-mail, file storage, and public services.  See IT Plan for specifications.

Software

Mains’l complies with software copyrights and adheres to the terms of all software licenses to which the organization is a party.  Employees may not copy or duplicate any software for use in other Mains’l locations, or for their personal use, as it may subject Mains’l and/or the employee to civil and criminal penalties. In addition, only software approved by the IT department may be used on Mains’l computers. Software is installed exclusively by IT department personnel. Standard software installed includes Microsoft Office Suite:  Microsoft Word, Excel, and Outlook.  Other programs installed may include Access, Provider Pro, Publisher, internet access software, or other approved software.  If unauthorized programs are used on Mains’l computers, discipline, restitution, and/or employment separation may result.

Assistive technology needs are addressed on an individual basis.  Employees will discuss needs with their supervisor, who will notify IT personnel of any necessary adaptations.

Training, Use, and Care of Hardware and Software

Training

All authorized computer users will receive initial orientation/training from IT department personnel.  Employees will be directed to receive training on this policy and procedure within two weeks of receiving equipment.  Employees are expected to have general knowledge of computer technology.  Employees are also expected to independently obtain additional training classes appropriate to their level of competency/job description requirements.  Classes
may be provided by IT department personnel on an individual or group basis; outside coursework may be obtained independently by authorization of the employee’s supervisor.

Care of Equipment

All users are expected to treat agency computers as fragile and valuable property.  Users are expected to:

• Protect computers they use from theft, undue shock, or similar physical damage.  
• Extreme care is required with food and beverages, which cannot be permitted to spill onto or near computers or system components. 
• Contact IT department immediately if malfunction of equipment is suspected. 
• Notify IT department if desktop computer equipment needs to be removed for any reason.
• Not store laptops and other peripheral equipment in very hot or cold environments for extended periods of time, such as car trunk.

If equipment is damaged during the user’s possession, and it is the determination of the IT department that damage was caused by user misuse or neglect, the user is responsible to fully reimburse Mains’l for repairs.  The human resources and finance departments are responsible to ensure payment is received.

If equipment is lost or stolen, outside of a Mains’l owned facility/leased property; employee is responsible for the replacement costs.  The human resources and finance departments are responsible to ensure payment is received.  User will receive temporary equipment until the replacement can be procured.

Network and Data Security

Information is considered an important asset of Mains’l and restrictions are imposed for controlled data access.  Mains’l considers it important to allow access to information to authorized users only, with information being accessed only by those who need it.                            

1. Access to the Network – Office and Remote Access

Access to the Mains’l network permits the user to access their e-mail, automation applications, office (word processing, spreadsheet and presentation graphics), and any specialized applications which have been configured for their use, whether they are in the office or off-site.   Pre-determined security access rights to information (user groups) have been created based on position responsibilities.  Each user has a confidential password.  Passwords are not to be shared with anyone for any reason.  Those employees assigned a Mains’l computer have the authority to allow other users access to their computer.  However, a generic account is provided for their access; this Technology and Systems Use Procedure will be reviewed by the manager before computer access is given, and a signature record is completed and placed in their personnel file by the manager.
        
Password Security Policy

All Mains’l employees who access our network file system are required to change their password for security purposes, as dictated by domain services.  Employees are required to update their password every 90 days.    

The current password requirements are:

• At least six (6) characters long
• Include a combination of letters and numbers
• May not be reused for a period of two (2) years

Employees will not write down passwords.  Employees will not share passwords with others.  If access to information is required, and access is available only through another employee’s account, permission needs to be obtained by the employee’s supervisor.  Supervisor will contact the IT department for direction and assistance in obtaining necessary information.   Password will then be reset by IT department personnel.  If passwords or security is breached, or believed to be breached (stolen equipment, hackers/viruses may have compromised security, etc.), employee will notify the IT department immediately for protection resolution.

2.     Access to the Network – Wireless

Wireless access to the Mains’l network is protected by the Wi-Fi Protected Access II (WPA2) security protocol.  Employees/authorized users are provided access to the network according to their personal access limits. Guest users are provided wireless access to the internet only.  

3.    Permissions within the Network
Upon gaining access to the network, the user’s access and ability to view, add or modify information is governed by permissions.  These permissions allow access to information which is appropriate to his or her job responsibilities and/or on a need to know basis.  Access rights are configured by the IT department.

4.    Virtual Private Network
Communication between Minnesota and satellite offices exists through firewalls configured to communicate through the internet by using secure Virtual Private Network connections (VPNs).  All VPN connections are configured by IT department personnel.

5.    Firewalls
Mains’l Services uses Watchguard firewalls as the agency’s defensive barrier to unapproved ports.   IT department personnel are the only authorized employees to configure port access.

Mains’l adapts to HIPAA data privacy requirements (see Notice of Privacy Practices for Employees, and Notice of Privacy Practices for Consumers.)   Data is stored in appropriately apportioned folders within the Mains’l network. Data for people receiving services is not stored on external disks, with the exception of media for back up purposes.  All computers owned by Mains’l are configured to auto lock when not in use/are idle after ten (10) minutes. 

All information is permanently removed by an IT department professional, before any computer equipment is removed from agency use/inventory, including laptops, desktops, fax machines, smartphones, copier/scanner/multifunction units, etc.

HIPAA Business Associate Agreements
When Mains’l requires the services of third parties ("business associates") to conduct its operations, all business associates (BA) will complete and sign standard HIPAA BA agreements, as required by HIPAA.  Agreements for any information technologies services will be attained by IT department personnel, and will be filed by director of human services.

Please refer any questions concerning the necessity for a BA agreement in a particular situation to the director of human resources, who acts as the privacy officer. 

Back Up

Data is secured with a daily back up, performed by IT department personnel, or appointed designee.   Full backups are run on a daily basis; backup tapes are maintained offsite by IT department personnel.  Monthly backups are stored off site in a secure location.  All documents created by employees are saved and stored on the Mains’l server/intranet; documents are not to be stored on individual drives, as they are not backed up.

Document Imaging

Mains’l uses Fortis document imaging software to store and archive electronic documents and information.  Electronic filing provides for faster search and retrieval of documents, reduces lost or misfiled documents, and reduces the amount of physical space needed to store hard copy documents. Stored information is maintained in accordance with state and federal government guidelines.  The federal government guidelines supersede all state requirements.

Audit controls are built within the Fortis system, with the ability to track, with date and time, those persons who have viewed or modified documents, as stated by HIPAA. Access to view, print, and modify documents are determined by user groups.  User groups are authorized by the senior leadership team, are set up by the IT department, and administered by the support services specialist.                         

Electronic Filing/Scanning Process:
1.    Management personnel, including managers, directors, and senior leadership team members, receive training within three months of employment.  
2.    Employees authorized to electronically file documents will routinely manage the records from their department and scan as required.  Each person will scan their department documents when the document(s) are no longer active documents.
3.    Employees scan documents directly into the document imaging software at the main office.  After scanning is complete, employees preview the pages to ensure all documents are scanned appropriately and are legible.
4.    Employees add indexing requirements for each document type as required by each department’s guidelines, along with any additional information in the notes field on the indexing menu.
5.    Documents have to be admissible in court, and will remain in effect as the agency’s retention schedule dictates.

Anti Virus

The agency’s computer systems contain information significant to Mains’l.  Computer viruses endanger this information.  The agency has established the procedures and policies in this document to help reduce this risk.   In addition, all networked computers have software that helps the agency reduce the risk of viruses, automatically detects and deletes viruses, and is monitored by the IT department.   

Internet

Mains’l provides internet access at the office and program site locations.  If employees wish to work at home or away from the 24-hour site locations, internet access costs are incurred by the employee.

The use of the internet to gain access to external and internal resources should be carefully managed.  Access is based on appropriate business need.  Users may only download (copy) word processing documents, electronic spreadsheets, and text files.  User may never download program files, without authorization from the IT department.  This includes free software such as screensavers, wallpapers, toolbars, free antivirus, and performance enhancing software.  All internet configurations are set up and maintained by IT department personnel. 

E-Mail

All those authorized for computer use are assigned an e-mail address by IT department personnel.   All e-mail messages are the property of Mains’l and should be used for business related purposes only.   E-mail addresses become part of a global address list.  Other users will assume they can send e-mail to all persons in the global address list; therefore, each e-mail user should check regularly, and respond to e-mails within 24 hours.
Employees have access to their e-mail accounts without accessing the file system via the www.mainsl.com web site.

Viruses infiltrate the network through e-mail attachments from e-mail addresses with whom you typically are not familiar.  Employees receiving e-mails and/or attachments they believe are suspicious should forward the message (without opening the attachment) to IT department personnel.

Employees will use caution when transmitting internal e-mail.  E-mail messages will not contain offensive material. It is prohibited to transmit any inflammatory material; material with abusive language; sexually, culturally, or racially offensive or insulting material; or obscene, vulgar, or profane material.  If unacceptable use of e-mail is confirmed on Mains’l computers, discipline, restitution, and/or termination may result.

All users are responsible for managing a regular process of deleting outdated e-mail correspondence that is no longer of value to the organization.

E-Mail Encryption

Mains’l Services uses ZixCorp services for all outbound external e-mail transmissions, which automatically encrypts private information within text documents.  For those documents containing private information within non-text documents (PDF files), typing the word SECURE (in capital letters) in the Subject line will encrypt e-mail transmission, as well. Private information includes, but is not limited to, Personal Health Information (PHI), including dates of birth, addresses, social security numbers, etc.

Voicemail

Voicemail boxes within the Mains’l telephone system are issued to personnel who require a method for others to leave messages when they are not available.  Voicemail boxes should be protected by a PIN which cannot be the same last four digits of the telephone number of the voicemail box.  Employees will routinely delete saved voicemail messages that are no longer relevant.  Once voicemail messages are deleted, they are not retrievable.

Personal Communication Devices

Mains’l is committed to providing excellent service to both employees and customers.  In order to provide 24-hour communication, personal communication devices (PCDs) are issued to managers, directors, senior leadership team members, and other personnel as identified (nurses, maintenance, navigators, etc.)  PCDs are either cellular phones or smart phones, which enable users to access the internet, including e-mail.  Employees will meet with IT department personnel to receive a PCD during the first two weeks of employment.  

PCDs are issued for Mains’l business.  Employees are responsible for exercising good judgment regarding the reasonableness of personal use. 

All employees who are issued PCDs will protect their device, using passwords, patterns, and/or biometrics, depending on the individual device.

PCD invoices payable by Mains’l are monitored by IT department personnel and authorized for payment by the executive assistant.  

Mains’l’s current MN and CA cellular plan includes unlimited voice and text messages; and 360GB of data. Overage costs include downloads (i.e., ring tones), international calls, and application subscriptions.   All cell phone overages/charges over $5.00, for non-business purposes, will be paid by the employee.  The Systems Administrator will notify the employee of any necessary payment.  The employee will complete an Employee Payroll Telephone Deduction form and submit to the payroll department.  

Mains’l’s current cell phone contract renews every two (2) years.  At this time, employees are eligible for upgrades. All employees will receive a device of their choosing up to $100.00 dollars in value.  If employees choose to upgrade past the standard replacement device, employees will be required to pay the difference.  Additionally, employees are reimbursed for a phone case (up to $20.00 dollars) and a screen protector (up to $10.00 dollars)

Any expenses incurred by employees using their personal cellular phone or PCD are required to be authorized, in advance, and approved by the employee’s management supervisor. All Expense Reimbursement Procedures will be followed.

Utilizing PCDs while driving can be a safety hazard.  Texting, surfing the internet, or answering e-mail is illegal, even at a stop light.  Drivers should use PCDs while parked or out of the vehicle.  If employees need to use PCDs while driving, Mains’l recommends the use of hands-free enabling devices.

Care of Communication Devices

If communication devices are damaged or lost during the user’s possession, the user may be required to reimburse Mains’l for replacement. If the phone/line is eligible for replacement, employees will receive a standard replacement; if the phone/line is not eligible for an update at time of incident, employee is responsible for the replacement cost. A Portable Equipment Agreement will be signed by employee before receiving a PCD.

When an employee having possession of a PCD terminates employment from Mains’l, the communication device will be returned to the employee’s supervisor.  If the employee purchased their own device, the phone number and company data are removed and the device is returned to the employee.

Bluetooth

Hands-free enabling devices, such as Bluetooth, may be issued to authorized personnel.  Caution shall be taken to avoid being recorded when connecting Bluetooth adapters; Bluetooth 2.0 Class devices have a range of 330 feet.

Enforcement

Any employee found to have violated this policy and procedure may be subject to disciplinary action, up and to including termination of employment.

Disaster Recovery Plan

Mains’l has a Disaster Recovery Plan that is updated annually, at a minimum.  The Disaster Recovery Plan is built on the foundation that preparation and precautions are created and implemented to prevent disasters to the greatest extent possible.