_private/qwestly-docs/Policies/Physical Security Policy.md

Table of Contents

Physical Security Policy

Purpose

To protect Qwestly's information systems, equipment, and data through appropriate physical security controls in our distributed work environment.

Scope

This policy applies to all Qwestly team members (currently 3 employees) and covers:

  • Home offices and remote work locations
  • Company-provided equipment (laptops, mobile devices)
  • Physical documents and printed materials
  • Temporary work locations (co-working spaces, travel, client sites)

Policy

Home Office Security

All team members must:

  • Use a dedicated workspace when possible, separate from household traffic
  • Lock devices when stepping away (automatic screen lock after 5 minutes max)
  • Store company laptops in a secure location when not in use (locked room/drawer preferred)
  • Use strong WiFi passwords (WPA3 encryption) and avoid public networks for sensitive work
  • Ensure privacy during video calls to prevent unauthorized viewing of screens/information

Equipment Protection

  • All company laptops must be password protected and encrypted
  • Mobile devices accessing company email/data must have screen locks enabled
  • Report lost, stolen, or damaged equipment immediately to the team
  • Do not leave devices unattended in vehicles or public spaces
  • Use cable locks for laptops when working in public spaces

Document Security

  • Shred or securely dispose of any printed confidential information
  • Do not leave sensitive documents visible to family members or visitors
  • Store any physical customer/candidate information securely
  • Clear desk/workspace of confidential materials when not actively working

Visitor and Third-Party Access

  • Escort any service providers who need access to work areas
  • Ensure confidential information is secured before allowing household members into workspace
  • Do not conduct confidential calls/meetings when others can overhear

Travel and Temporary Workspaces

  • Keep company devices in carry-on luggage when flying
  • Use hotel safes for equipment when not in room
  • Assess security of temporary workspaces (co-working spaces, coffee shops)
  • Use VPN for all internet connections outside home/office

Incident Reporting

Report immediately to the team:

  • Device theft, loss, or suspected compromise
  • Unauthorized access to work areas or equipment
  • Any security concerns or potential vulnerabilities

Responsibilities

  • All team members: Follow this policy and report security concerns
  • CTO (Dominick): Policy owner, incident response coordination
  • CEO (Adam): Policy approval and resource allocation for security measures

Implementation

  • This policy effective immediately upon approval
  • Annual review or after any security incidents
  • Team discussion of security practices during monthly meetings

Document History

Version Date Description Written by Approved by
1.0.0 6/13/25 Dominick Pham Adam Boender