To accomplish its mission, Winrock must safeguard its assets; be vigilant in safeguarding confidential information; protect information that, if disclosed, could adversely impact Winrock’s mission, good name, legal status and business reputation, and ensure that it complies with legal requirements for non-disclosure of private information.
Confidential information (including sensitive information) should be kept secure, with access limited to those who have a need to know in order to perform their role and only used for authorized purposes. Confidential information includes, but is not limited to, information including:
Employees are required to ensure that all confidential information in hardcopy or electronic form is secure in their work area at all times.
Confidential information protection extends to information of Winrock donors or funders and partners, grantees, and contractors.
Employees’ confidential information protection obligation extends beyond Winrock employment for three years.
Use and disclose confidential information only to those who have a need to know to perform their job and only for authorized purposes.
Properly label confidential information to indicate how it should be handled, distributed, and destroyed.
Use only Winrock information systems to store and communicate information about the organization.
Immediately report any loss or theft of confidential information to your manager.
Abide by all protocols, operation procedures, and system requirements to use, store, and maintain confidential information of Winrock.
Limit external discussions of confidential Winrock information to secure locations and without others present.
Do not send confidential information to unattended printers or fax machines.Table of Contents