Policy Template for Acceptable Use

The purpose of this policy is to outline the acceptable use of {{organization.name}}’s computing and network resources (IT resources) as well as other organizational assets. These rules are in place to protect the employee and {{organization.name}}, as inappropriate use exposes {{organization.name}} to risks including virus attacks, compromise of systems and services, and legal issues.

This policy applies to employees, contractors, consultants, temporaries, and other workers at {{organization.name}}, including all personnel affiliated with third parties. This policy also applies to all IT resources that are owned or leased by {{organization.name}}.

Users of {{organization.name}}’s IT Resources are expected to abide by the following guidelines that are built around the underlying principles of acceptable use of organizational assets:

• Comply with all local and applicable international laws.

• Comply with customer’s contractual security obligations and requirements.

• Comply with all information security policies, regulations, procedures, and rules.

• Respect and protect the intellectual property rights of {{organization.name}}, its customers and other users within {{organization.name}}.

• Refrain from sharing passwords or accounts with anyone, including trusted friends or family members. Users will be held responsible for any actions performed using their accounts.

• Practice the same level of etiquette in all communication using {{organization.name}}’s IT resources as expected in non-electronic communication.

• Respect others when using {{organization.name}}’s IT resources.

• Only access files or data if they belong to you or are publicly available, or the owner of the data has permitted you to access them.

• Use corporate e-mail accounts, Internet IDs and web pages for corporate-sanctioned communications.

• Use the Internet/intranet and e-mail judiciously. The use of the Internet/intranet and email may be subject to monitoring for security and/or network management reasons.

• The distribution of any information through the Internet, computer-based services, e-mail, and messaging systems is subject to the scrutiny of the IT team and Security Team. {{organization.name}} reserves the right to determine the suitability of this information.

• While {{organization.name}}'s IT department desires to provide a reasonable level of privacy, users should be aware that the data they create on the corporate systems remains the property of {{organization.name}}.

• Employees must use extreme caution when opening email attachments received from unknown senders, which may contain viruses or other malware.
   

Following usages of {{organization.name}}’s IT Resources are prohibited. Under no circumstances, an employee of {{organization.name}} is authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing {{organization.name}}-owned resources.

The lists below are by no means exhaustive but attempt to provide guidelines for activities which fall into the category of unacceptable use:

• Circumvention of any security measure of {{organization.name}}, its customers or another entity.

• Intentionally interfere with the normal operation of the network, including the propagation of computer viruses and sustained high volume network traffic that substantially hinders others in their use of the network.

• Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by {{organization.name}}.

• Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of copyrighted sources and the installation of any copyrighted software for which {{organization.name}} or the end user does not have an active license is strictly prohibited.

• Reveal or publicize {{organization.name}}’s confidential or proprietary information which includes, but is not limited to: financial information, new business and product ideas, marketing strategies and plans, databases and the information contained therein, customer lists, technical product information, computer software source codes, computer/network access codes, and business relationships.

• Visit Internet sites that contain obscene, hateful or any objectionable material.

• Make or post indecent remarks, proposals, or materials on the Internet.

• Download any software or electronic files without implementing anti-virus protection measures approved by {{organization.name}}.

• Intentional use, distribution or creation of viruses, worms, or other malicious software.

• Operating a business, usurping business opportunities, organized political activity, or conducting activity for personal gain.

• Implying that the user is representing, giving opinions, or otherwise making statements on behalf of {{organization.name}} without prior authorization or using {{organization.name}} trade names, logos, or trademarks without prior written authorization.

• For business needs and based on approval, if BYOD (Bring Your Own Devices) arrangements are in place i.e. Personally owned workstations or mobile devices are used for business purposes, users shall not create or store confidential or sensitive information on personally owned workstations.

• Sending unsolicited email or other types of electronic messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (spam).

• Use of unsolicited emails originating from within {{organization.name}}'s networks or from other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by {{organization.name}} or connected via {{organization.name}}'s network.

• Solicit emails that are unrelated to business activities or for personal gains.

• Send confidential emails without suitable encryption.

Blogging and using social media by employees, whether using {{organization.name}}'s property and systems or personal computer systems are also subject to the terms and restrictions outlined in this policy. Limited and occasional use of {{organization.name}}'s systems to engage in blogging or other social media is acceptable, provided that it is done professionally and responsibly, does not otherwise violate {{organization.name}}'s security policies. Blogging or using social media from {{organization.name}}'s systems is also subject to monitoring.

• As such, Employees are prohibited from revealing any {{organization.name}} confidential or proprietary information, trade secrets or any other confidential information when engaged in blogging.

• Employees shall not engage in any blogging or social media use that may harm or tarnish the image, reputation or goodwill of {{organization.name}} and any of its employees.

• Employees are also prohibited from making any discriminatory, disparaging, defamatory or harassing comments when blogging or using social media.

• Employees may also not attribute personal statements, opinions or beliefs to {{organization.name}} when engaged in blogging or using social media.

• If an employee is expressing his or her beliefs or opinions in blogs, the employee may not, expressly or implicitly, represent themselves as an employee or representative of {{organization.name}}. Employees assume any risks associated with blogging or using social media.