home

ACST Policies & Guidelines

HelpDrawerRealmRealm AccountingMinistryPlatformGivingTest Giving_VersionsPDSACSConnectShepherdGrowth MethodHeadMasterRefresh WebsitesTrust CenterGo MethodMissionInsiteACST Content StandardsACST Policies & Guidelines
HelpDrawerRealmRealm AccountingMinistryPlatformGivingTest Giving_VersionsPDSACSConnectShepherdGrowth MethodHeadMasterRefresh WebsitesTrust CenterGo MethodMissionInsiteACST Content StandardsACST Policies & Guidelines

What would you like to know more about?

Show Contents

thumbnailACST Policies & Guidelines

Corporate Policies

Incident Reporting Policy

Purpose

ACS Technologies Group, Inc. ("ACST") has a responsibility to safeguard sensitive information. In the event it is believed that sensitive information has been compromised, it must be reported immediately so that appropriate action may be taken. Reporting such incidents in a timely manner can help ACST comply with state and federal law, as well as with this policy.

Scope and Applicability

This policy applies to all ACST employees, contractors, and service providers.

Policy

  • Reporting Lost/Stolen System Access Tokens - All system access tokens, including dynamic password authentication tokens, passwords, keycards, etc. that are lost or stolen, or are suspected of being lost or stolen, must be immediately reported to the Chief Ventures Officer or your direct supervisor.

  • Reporting Loss of ACST Property - Individuals must report the loss of ACST hardware, software, or information which has been entrusted to your direct supervisor or the Chief Ventures Officer immediately upon realizing the loss.

  • Reporting Security Violations - All information-related security violations must be reported in a timely manner so that prompt remedial action may be taken. All known vulnerabilities, in addition to all suspected or known violations, must be communicated to the Chief Ventures Officer quickly and confidentially.

  • Reporting of Data Security Violations Externally - Reporting security violations or hardware/software problems or vulnerabilities to any party outside ACST without the prior written approval of the Chief Ventures Officer is strictly prohibited. Additionally, ACST employees are prohibited from publicly disclosing information about the individuals, organizations, or specific systems that have been compromised or damaged unless authorized to do so. Likewise, the specific methods used to exploit system vulnerabilities must also be kept private. It is the responsibility of the Chief Ventures Officer, in conjunction with the Executive Leadership Team ("ELT"), and legal counsel, to disclose or report security violations and hardware/software problems or vulnerabilities to the public.

Enforcement

Any employee found in violation of this policy may be subject to corrective action, up to and including termination of employment. Service Providers found in violation of this policy may be subject to financial penalties, up to and including termination of contract.

Variance Process

The Chief Ventures Officer is responsible for the review, documentation, and management of any and all exceptions to this policy.

Last updated: May 28, 2025