Acceptable Use Policy
The Acceptable Use Policy not intended to impose restrictions that are contrary to YOUR COMPANY policies, but rather to establish a culture of trust and integrity. YOUR COMPANY is committed to protecting its employees, partners, and the company from illegal or damaging actions by individuals, whether committed knowingly or unknowingly.
Internet/intranet/extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, Web browsing, and FTP, are the property of YOUR COMPANY. You are expected to use these systems for business purposes in the interests of the company, our clients, and our customers in the course of normal operations. Please review Human Resources policies for further details.
Effective security is a team effort involving the participation and support of every YOUR COMPANY employee and affiliate who deals with information and/or information systems. It is your responsibility as a computer user to know these guidelines, and to act accordingly.
This policy outlines the acceptable use of computer equipment at YOUR COMPANY. These rules protect you and YOUR COMPANY. Inappropriate use exposes YOUR COMPANY to risks including virus attacks, compromise of network systems and services, and legal issues.
This policy applies to employees, contractors, consultants, temporaries, and other workers at YOUR COMPANY, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by YOUR COMPANY.
4.1. General Use and Ownership
1. While YOUR COMPANY’s network administration desires to provide a reasonable level of privacy, you should be aware that the data you create on corporate systems remains the property of YOUR COMPANY. Because of the need to protect YOUR COMPANY’s network, management does guarantee the confidentiality of information stored on any network device belonging to YOUR COMPANY.
2. You are responsible for exercising good judgment regarding the reasonableness of personal use. Individual departments are responsible for creating guidelines concerning personal use of Internet/intranet/extranet systems. In the absence of such policies, you should follow departmental policies on personal use, and, if there is any uncertainty, consult your supervisor or manager.
3. YOUR COMPANY recommends encrypting any information that you consider sensitive or vulnerable. For guidelines on information classification, see the Information Sensitivity Policy. For guidelines on encrypting email and documents, see the Awareness Initiative.
4. For security and network maintenance purposes, authorized individuals within YOUR COMPANY may monitor equipment, systems and network traffic at any time, per the Audit Policy.
5. YOUR COMPANY reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.
4.2. Security and Proprietary Information
1. The user interface for information contained on Internet/intranet/extranet-related systems should be classified as either confidential or non-confidential, as defined by corporate confidentiality guidelines found in Human Resources policies. Examples of confidential information include, but are not limited to: company private, corporate strategies, competitor sensitive, trade secrets, specifications, customer lists, and research data. You should take all necessary steps to prevent unauthorized access to this information.
2. Keep passwords secure and do not share accounts. As an authorized user, you are responsible for the security of your passwords and accounts. Change system level passwords quarterly; change user level passwords every six months.
3. Secure all PCs, laptops and workstations with a password-protected screensaver with the automatic activation feature set at 10 minutes or less, or by logging-off (Ctrl-Alt-Delete) when the host will be unattended.
4. Use encryption of information in compliance with the Acceptable Encryption Use policy.
5. Because information contained on portable computers is especially vulnerable, exercise special care. Protect laptops in accordance with «Laptop Security Tips».
6. Newsgroup postings from a YOUR COMPANY email address should contain a disclaimer stating that the opinions expressed are strictly your own and not necessarily those of YOUR COMPANY, unless posting is in the course of business duties.
7. All hosts used by the you that are connected to the YOUR COMPANY Internet/intranet/extranet, whether owned by you or by YOUR COMPANY, must continually execute approved virus-scanning software with a current virus database (unless overridden by departmental or group policy).
8. Use extreme caution when opening email attachments received from unknown senders. These attachments may contain viruses, email bombs, or Trojan horse code.
4.3. Unacceptable Use
The following activities are, in general, prohibited. In special cases, you may be exempted from these restrictions during the course of your legitimate job responsibilities (for example, systems administration staff may need to disable the network access of a host that is disrupting production services).
Under no circumstances is an employee of YOUR COMPANY authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing YOUR COMPANY-owned resources.
The lists that follow are by no means exhaustive, but provide a framework for activities that fall into the category of unacceptable use.
4.4. System and Network Activities
The following activities are strictly prohibited, with no exceptions:
1. Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by YOUR COMPANY.
2. Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books, or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which YOUR COMPANY or the end user does not have an active license.
3. Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws. Consult appropriate management prior to export of any material that is in question.
4. Introducing malicious programs into the network or server (e.g., viruses, worms, Trojan horses, email bombs, etc.).
5. Revealing your account password to others or allowing use of your account by others. This includes family and other household members when working at home.
6. Using a YOUR COMPANY computing asset to procure or transmit material that is in violation of sexual harassment or hostile workplace laws in the user’s local jurisdiction.
7. Making fraudulent offers of products, items, or services originating from any YOUR COMPANY account.
8. Making statements about warranty, expressly or implied, unless it is a part of normal job duties. 9. Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which you are not an intended recipient or logging into a server or account that you are not expressly authorized to access, unless these duties are within the scope of regular duties. “Disruption” includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
10. Port scanning or security scanning, unless you previously notify YOUR COMPANY.
11. Executing any form of network monitoring that will intercept data not intended for your host, unless this activity is a part of your normal duties.
12. Circumventing user authentication or security of any host, network, or account.
13. Interfering with, or denying service to, any user other than your host (for example, a denial of service attack).
14. Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user’s terminal session, via any means, locally or via the Internet/intranet/extranet.
15. Providing information about, or lists of, YOUR COMPANY employees to parties outside YOUR COMPANY.