Acceptable Use Policy
Information Resources Acceptable Use Policy
Purpose
- To ensure with applicable statutes, regulations, and mandates regarding the management of Information Resources compliance.
- To establish prudent and acceptable practices regarding the use of AECS Information Resources
- To educate individuals who may use AECS Information Resources with respect to their responsibilities associated with such use
- Protect the confidentiality of AECS Information Resources
- Encourage the productive and effective usage of AECS Information Resources
Scope
This policy applies to employees, contractors, consultants, temporaries, and other workers at AECS, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by AECS.
Policy
General
- Users are responsible for protecting any information used and/or stored on/in their AECS accounts according to the ISMS Information Classification and
- Handling Procedure
- Users must report any weaknesses in AECS computer security, any incidents of possible misuse or violation of this agreement to the proper authorities by contacting AECS IT Security Manager/ Representative.
- AECS reserves the right to audit networks and systems use on a periodic basis to ensure compliance with this policy
Employees must not
- Attempt to access any data or programs contained on AECS systems for which they do not have authorization or explicit consent
- Share their AECS account(s), passwords, Personal Identification Numbers (PINs), Security Tokens (i.e. Smartcard), digital certificates, or similar Information or devices used for identification and authorization purposes
- Make unauthorized copies of copyrighted software or use nonstandard shareware or freeware software without AECS IT Management approval unless it is on the AECS standard software list
- Purposely engage in activity that may harass, threaten or abuse others, degrade the performance of AECS Information Resources, deprive an authorized AECS user access to an AECS Information Resource, obtain additional resources beyond those allocated or circumvent AECS computer security measures
- Download, install or run security programs or utilities that reveal or exploit weakness in the security of a system. For example, users must not run password cracking programs, packet sniffers, port scanners, or any other non-approved programs on any AECS Information Resource
E-mail Usage
- The use of the E-mail System should primarily be for work-related matters. The use of E-mail system for personal non-work-related communications is allowed provided such use is limited and conforms to policies and standards outlined in this E-mail Policy.
- Official email communications shall only be conducted using the AECS email system and the use of personal email accounts for official matters shall be avoided.
- Third party users shall use their own official email when communicating with AECS email system, unless they have been provided AECS Email account (E.g.consultants / Doctors / Specialists / Fellows / Trainees etc)
- AECS respects the privacy of its employees but reserves the right to access all e-mail messages for reasons, including but not limited to, the following.
- comply with investigations of wrongful acts from law enforcement agencies
- troubleshoot and facilitate recovery of the E-mail System; and enforce antivirus and content security management.
Access to individual e-mail accounts shall only be done when the consent of higher management of the individual concerned, and the appropriate HR representative is obtained.
- When using the E-mail System, users shall conduct themselves in a responsible, professional, and courteous manner and avoid actions that are unethical, illegal or may cause disruption to the E-mail System or to other users. The following actions are prohibited:
- Indecent, obscene, pornographic, or illegal
- Offensive or abusive or could be considered to be a personal attack, rude or personally critical, sexist, racist, or generally distasteful
- Encourage or promote activities resulting in unproductive use of organization time
- That are outside of the scope of your responsibilities – for example, unauthorized selling/advertising of goods and services
- That might affect or have the potential to affect the performance of, damage or overload the organization’s system, network, and/or external communications in any way
- That might be defamatory or incur liability on the part of the organization or adversely impact on the image of the organization
- That result in a breach of copyright or license provision with respect to both programs and data
- Do not circulate chain-mails or send unsolicited e-mails, including “junk mail” or other advertising materials to other users or mailing list.
- Do not use the corporate e-mail address to subscribe to mailing lists, to post in newsgroups, to register for Internet or e-commerce services that are not work-related, unless for work related purpose
- Do not send unnecessary attachment, which is not work-related matters, to mailing lists
- Do not attach a large file onto an e-mail.
- Do not impersonate someone else’s e-mail address
- Do not provide information from the organization’s address book or distribution lists to unauthorized parties
- Do not make false or misleading statements, including false or inaccurate
- representations of AECS products or policies
- Do not make comments or remarks that are insulting or defamatory of any person or organization
- Do not circulate e-mail messages which are indecent, threatening, or offensive character or would cause feelings of enmity, hatred or ill-will between persons of different religious beliefs or faith, different sexes and different races.
Dealing with E-mail
- Users should be aware of the risks of opening documents with macros, postscript files, and installing programs received via e-mail.
- Users shall avoid making or accepting an offer to or from a third party unless it is clear that this is subjected to a written contract, signed by both parties.
- Users shall take appropriate care to protect the confidentiality of their e-mail messages from being accessed by unauthorized parties. This will include –
- Exercising care over the E-mail password and not to disclose the e-mail
- password to unauthorized parties
- Changing e-mail passwords regularly
- Logging off when leaving the computer using a screensaver with password-option enabled
- Avoid misdirecting e-mails messages to wrong e-mail addresses; a
- Not disseminating organization-confidential e-mail messages and documents to persons not authorized to receive them.
Archiving E-mails
- E-mail users are responsible for ensuring that important e-mail messages are retained for the appropriate duration.
- E-mail users shall move old e-mail message to archive location (local drive/media) and discard messages whose content has expired and is no longer valid
- E-mails messages which deemed important may also be printed as hardcopy documents for filing or be archived and stored in some external hard disc
Internet Usage
- Users are required to respect and comply with all legal protections provided by patents, copyrights, trademarks, and intellectual property rights for any software and /or materials viewed, used or obtained via the Internet using AECS networking or computing resources.
- Using AECS networking and computing resources to make or attempt unauthorized entry to any network or computer accessible via the Internet is prohibited.
- Access to the Internet from AECS owned, home based, computer must adhere to all of the same policies that apply for use from within AECS facilities.
- Employees must not allow family members or other non-employees to access AECS computer systems.
- By default, there’s no internet service given to third party personnel. Exception for this must be requested and approved by Security manager and strictly controlled.
- Employees are encouraged to find new ways to utilize Internet resources to enhance their performance or existing job-related skills
- Employees may not use the organization’s access to the Internet for personal entertainment, information, or financial gain other than the provided privileges. Use of the Internet for soliciting money or for political cause is strictly forbidden.
- Internet access is restricted with following mechanisms:
-
- Content filtering: Users are not allowed to access certain sites or material deemed inappropriate in the workplace during certain period.
- Quality of Service: Connection bandwidth and queuing priority is classified based on jobs necessity of user. Jobs with constant need of internet access deserve a higher bandwidth.
- Employee using the Internet is acting as an agent of AECS and must always therefore maintain the highest degree of professionalism. All communications with external organizations must constantly demonstrate this professionalism.
- The use of abusive, vulgar, or objectionable language on the Internet is unacceptable. Additionally, using the Internet for the intentional harassment or harm of an individual or organization is prohibited.
The employee may not visit illegal or pornographic sites, nor distribute illegal or pornographic material. Sexually related, derogatory or racially intolerant web sites and material is also forbidden.