Computer Use Policy

Here's the <Company> Computer Security policy. For your convenience, we've included the legal interpretation in black type and the <Company> user-friendly interpretation in blue!

Your computer terminal, PC, systems and networks are the property of <Company>. All computer related activity must be directly related to providing greater value for the shareholders of this company. Your computer related activities must NOT intentionally compromise the company's ability to carry on operations, compromise security of its assets or information, be used for personal financial gain, or at the expense or well being of any of <Company>'s employees, suppliers or customers.
Computer equipment is owned and provided by <Company>. Please use the equipment for <Company> business only. Don't try to circumvent or compromise security.

Your use of computer equipment and facilities must be authorized by the owner of the information or a senior manager. You must obtain permission to use another's computer, account or user id from the owner of the account, who is responsible for it's use. All electronic files belong to somebody. You should assume them to be private and confidential unless the owner has explicitly made them available to others.
Don't look at other people's files unless they tell you it's okay to do so!

Data Ownership
You are the owner of your data and it is your responsibility to ensure that it is adequately protected against unauthorized access. That means that you must avail yourself of the access controls and other security measures that the company has provided for you and take prudent and responsible steps to limit access to your passwords and accounts. Never leave your desktop "signed on". When you leave for lunch, a break or at the end of the day, sign off your PC. Leaving PCs "signed on" and unattended, is an invitation for anyone to access your files or use your system identity without your knowledge. You are ultimately responsible for all activities done with your userid. Protect it.
Don't share your user id or passwords.

Mainframe Data Ownership
All data resident on <Company> mainframes is the sole property of <Company>. You may not download, transfer or otherwise distribute files outside <Company> without express permission from the senior IT executive. Information intended as Sales related (product information or information concerning the customer ordering process) or for Government compliance (MSDS, Audits) is exempted.

Data Backup
You are responsible for the proper backup of all personal data residing on the hard drive of your computer. The Systems department is responsible for backup of all data residing on network servers and mainframes.
If your data isn't on the Network servers or mainframe, backup is YOUR responsibility. The Helpdesk can advise you how to store your files on our Network servers.

Password Security
Keep your passwords and accounts confidential. You should change your passwords frequently and avoid using your name, your spouse or friend's names or a password that could be easily guessed. Do not leave your PC or Terminal unattended without logging out first. It is every <Company> employee's responsibility to secure data on their PCs and Networks.
Passwords should be:
A minimum of 6 characters in length
Should not be a proper name or date
Should contain a mixture of letters and numbers
Should never be shared with another employee
Should never be written down and stored in or around your desk.
Should be changed at least 3 times per year (NOTES, Network and RAS access if any).

Unauthorized Access to Files and Directories
You must not engage in any activity that is intended to circumvent computer security controls. That means you must not attempt to crack passwords, to discover unprotected files or to decode or make visible, hidden, system or encrypted files. This includes creating, modifying or executing programs that are designed to surreptitiously penetrate computer systems. You must not access the accounts of others with the intent to read, browse, modify, copy or delete files or directories unless you have specific authorization to do so. Do not use any account for a purpose not authorized when the account was established, including personal and commercial use.
Don't try to get around existing security measures. Don't pry into other people's files. Always use your OWN userid when accessing systems.

Unauthorized Use of Software
All software should be requested through the Helpdesk for several reasons:
<Company> can negotiate corporate discounts for software, which everyone can take advantage of
If the Helpdesk orders the software, they can also schedule the installation on your desktop/laptop
By centrally purchasing software, the company can more easily track licenses - otherwise the responsibility rests with the end-user.
We can more easily manage versions of the same software to insure file version compatibility within our company.

You are prohibited from downloading from the web or FTP server and loading any software on any computer system without approval from the IT department and your supervisor. That includes commercial, shareware, and freeware software. All software to be used on company computers can only be installed by the IT Department, following all licensing agreements and procedures. The IT staff will inspect the computers periodically to verify that only approved and licensed software has been installed. Vendor licensing regulations will be followed for all commercial software downloaded over the Internet. Trial versions of programs should be deleted after the trial period, or the software should be procured through approved procedures. It is the responsibility of each employee, (managed by the unit Controller) to show proof of purchase for any non-standard software installed on any PC in his or her facility. This includes, MS Project, Visio, and CAD applications among others.

Further you are expressly prohibited from using the company computer and equipment to make illegal copies of licensed or copyrighted software. Copyrighted software must only be used in accordance with its license or purchase agreement. You do not have the right to own or use unauthorized copies of software or make unauthorized copies of software for yourself or anyone else. You are prohibited from using software that is designed to destroy data, provide unauthorized access to the computer systems or disrupt computing processes in any other way. Using viruses, worms, Trojan Horses and any other form of invasive software is expressly forbidden. Violation of this policy may result in disciplinary action.
Use your <Company> computer with the software provided. Don't load your own software without express permission from the IT Department and your supervisor. Do not make illegal copies of software.

All employees are required to use the anti-virus software installed on your system. You are prohibited from tampering with this software or turning it off. All disks that are inserted into the company's computers must first be scanned for viruses or signs of other forms of malicious software.
Don't disable the anti-virus software that is loaded on your computer. Inform your IT Department immediately if the anti-virus software is not configured to check all discs inserted into the floppy drive.

Use for For-Profit Activities
The company's computer systems are for the sole use of the company. You are prohibited from using the company's computer systems for personal or private financial gain, unless that use has been specifically authorized.
<Company> computers are for <Company> business ONLY.

Do not use the company's computer systems to harass anyone. This includes the use of insulting, racist, obscene, or suggestive electronic mail; tampering with other's files; and invasive access to other's equipment. In addition, users of any electronic communication facilities-such as electronic mail, networks, bulletin boards, and newsgroups are obliged to comply with the restrictions and acceptable practices established for those specific facilities. Certain types of communications are expressly forbidden. This includes the random mailing of messages, the sending of obscene, harassing or threatening material; or the use of the facilities for commercial or political purposes.
Use common courtesy when using emails.

All hardware, software and computer related supplies and documentation are the sole property of the company. They must not be removed from the company without proper authorization. All hardware, software and computer related supplies must be disposed of within the guidelines established by authorized company computer system personnel.
Be careful NOT to throw away computer disks that contain information. Diskettes and computer tapes should be erased prior to disposal.
When disposing of computer related materials, like printed reports or diskettes, make sure they don't contain sensitive information! If they do, shred the reports or format the diskettes.

Waste & Abuse
You must avoid any activity around your workstation or laptop that may result in damage to your computer, software or information. The company's computer systems are a valuable resource and they must not be wasted or abused. Be considerate of your fellow workers if you must share computer resources. Avoid monopolizing systems, connect time, printers, disk space and other computer resources.
Using the company's computer systems to store personal data and to play computer games is not permitted.
Don't be a systems resource hog! Please play games on your home computer, not ours.

Do not use company owned or any other network accessible by company computers-whether local, national or international for any activity other than company-related business. This includes but is not limited to, surfing the Internet, engaging in online discussions in newsgroups and bulletin board services; attempting to access other computer systems without authorization; posting commercial messages; and transmitting viruses, worms or other invasive software.
Use company computers and equipment for company business only.

The Information Technology department has sole responsibility for the operation, access, services, specifications, performance management, security and server software run on our shared Global network. The reasons for this are:
IT needs to know what's running on our networks for operations planning, bandwidth management, security, support and manageability of all devices, services and protocols.
Under some conditions, IT will allow (as in the case of software development engineering) for standalone networks to be built and managed by others. This is done with the prior approval of IT and with the understanding that those operating the standalone networks are solely responsible for the support of that network, the backup of data and all devices attached to it. Under no circumstances will "test/development environment" networks be connected to our production environment.
Wide Area Network (WAN) services and connections may only be ordered and managed by IT. This function is managed globally, under a worldwide Corporate contract and it is imperative that it be managed centrally to obtain Global pricing, assure proper communications connections and router configurations.

The company will investigate any alleged abuses of its computer resources. As part of that investigation, the company may access the electronic files of its employees. If the investigation indicates that computer privileges have been violated, the company may limit the access of employees found to be using computer systems improperly. Further, the company may refer abuse to senior managers or law enforcement authorities. Although the company wishes to ensure that the privacy of all its employees is protected, in the course of its investigation, the company may reveal private, employee related information to other employees.
Any files stored on <Company>'s systems MAY have their privacy compromised in the event of a security or abuses investigation.

Your Responsibility
You are responsible for your own actions, should you violate the company's computer-use guidelines, you will be disciplined and in the case of extreme abuse or disregard of the guidelines, your employment may be terminated. You are also required to participate in assuring the legal and ethical use of company computers and user accounts. Any violation of these guidelines should be reported to your supervisor or a senior manager.
Play by the rules or suffer the consequences!

Workplace Monitoring
The company has the obligation to ensure that its computer resources are used properly and within the guidelines established by the company. In pursuit of that goal, the company reserves the right to monitor our systems and services (such as Internet access) for signs of illegal or unauthorized activity.
We can check on how our systems are being used from time to time.

Moving Computers
All IT computing equipment is properly accounted for by the <Company> Accounting department and the IT department. Computing equipment should not be relocated without the assistance of the IT department.
Don't move your computer without notifying the Help Desk.

Non-Expressly Prohibited Activities
Because an activity is not expressly prohibited by this policy does not mean that it is implicitly authorized. Any computer-related activity, which jeopardizes company operations, security, assets or adversely affects, the well being of its employees is forbidden.
If you're not sure whether what you want to do is okay - ask first!

Global Application of IT Policies
The policies that appear within this section are written for a North American audience. These policies are written to provide our worldwide employees with an understanding of how to use technology within <Company> and what constitutes acceptable and unacceptable behaviors.

In cases where these policies could potentially violate local national laws, (for example, employee privacy, system & employee monitoring or potential employee disciplinary actions) they will be administered in accordance with the laws of the employee's country.
Internet and Web Use Policy

1. The use of the Internet is a privilege provided by the company. No employee should have expectations of privacy as to his or her Internet usage. Management reserves the right to analyze Internet activity and usage patterns as well as grant or deny Internet access at their discretion without prior notification.

2. Any personal use must not interfere with normal business activities, must not involve solicitation, must not be associated with any for-profit outside business activity, and must not potentially embarrass the company.

3. The display of any kind of sexually explicit images or documents on any company system is a violation of Company policy. In addition, sexually explicit material may not be downloaded, archived, stored, distributed, edited or recorded using our network or computing resources.

4. When communicating via e-mail over the Internet, your e-mail address contains a company-related domain name ( Consequently, you become an ambassador of the company whenever you send electronic mail from the company e-mail system. Therefore, no communications or commitments should be made via e-mail that you otherwise would not be authorized to make on company letterhead.

5. Employees are reminded that discussion groups, chat rooms and newsgroups are public forums. It is inappropriate to reveal confidential company information, customer data, trade secrets, and any other material covered by existing company communication policies in these forums.

6. Each employee using the company Internet system shall identify him or herself honestly, accurately and completely when participating in discussion groups, chat rooms, or newsgroups.

7. All existing company policies apply to one's conduct on the Internet including, but not limited to, activities which would be considered sexual harassment, discriminatory or inflammatory communication toward others based on race, color, national origin, gender, marital status, sexual orientation, age, disability, or religious or political beliefs.

8. Company communications systems and equipment, including electronic mail and Internet systems, along with their associated hardware and software, are for official and authorized purposes only. Managers may authorize incidental use which: does not interfere with the performance or professional duties; is of reasonable duration and frequency, serves a legitimate company interest, such as enhancing professional interests or education, and does not overburden the system or create any unreasonable additional expense to the company.

9. Access to the Internet from a company-owned home computer or through company-owned connections must adhere to all the same policies that apply to use from within company facilities. Employees should not allow family members or other non-employees to access company computer systems.

10. It is impossible to define all possible unauthorized use, therefore disciplinary action may occur after other actions if the circumstances warrant it. Examples of other behavior deemed unacceptable which would result in disciplinary action include:
Unauthorized attempts to break into any computer.
Using company time and resources for personal gain.
Theft or copying electronic files without permission.
Sending or posting company confidential files outside the company or inside the
company to unauthorized personnel.
Refusing to cooperate with a reasonable security investigation.
Sending chain letters through e-mail.

11. Managers are responsible for ensuring that assigned personnel understand Internet acceptable use policy.

12. Web pages must follow existing approval procedures regarding company documents, reports, memos, marketing information, etc. All content on company WWW servers connected to the Internet must be approved by the persons responsible for the content. No confidential material may be made available on the Web site.

13. Users are forbidden to download, install or run Web server software. The senior IT executive must approve the operation of any web server.

14. All users who require access to Internet services must do so by using company-approved software and Internet gateways. All other forms of Internet access (such as via dial-out modems) from sites connected to the company WAN are prohibited.

15. A firewall has been placed between our private networks and the Internet to protect our systems. Employees must not circumvent the firewall by using modems or network tunneling software to connect to the Internet.

16. Some protocols have been blocked or redirected. If you have a business need for a particular protocol, you must raise the issue with your manager and the IT Help Desk.

17. You are responsible for your own actions, should you violate the company's guidelines, you will be disciplined and in the case of extreme abuse or disregard of the guidelines, your employment may be terminated. You are also required to participate in assuring the legal and ethical use of company computers and user accounts. Any violation of these guidelines should be reported to your supervisor or a senior manager.

Global Application of IT Policies
The policies that appear within this chapter are written for a North American audience. These policies are written to provide our worldwide employees with an understanding of how to use technology within <Company> and what constitutes acceptable and unacceptable behaviors.

In cases where these policies could potentially violate local national laws, (for example, employee privacy, system & employee monitoring or potential employee disciplinary actions) they will be administered in accordance with the laws of the employee's country.

Electronic Communications Policy

Company Property
As a productivity enhancement tool, <Company> encourages the business use of electronic communications (notably voice mail, electronic mail, and fax). Electronic communications systems, and all messages generated on or handled by electronic communications systems, including back-up copies, are considered to be the property of <Company>, and are not the property of users of the electronic communications services.
Use email, but remember that you're using a company owned & operated system.

Authorized Usage
<Company> electronic communications systems generally must be used only for business activities. Incidental personal use is permissible so long as: (a) it does not consume more than a trivial amount of resources, (b) does not interfere with worker productivity, and (c) does not preempt any business activity. Users are forbidden from using <Company> electronic communication systems for charitable endeavors, private business activities, or amusement/entertainment purposes. Employees are reminded that the use of corporate resources, including electronic communications, should never create either the appearance or the reality of inappropriate use. Sending unsolicited junk mail, chain letters, electronic greetings and jokes via the company e-mail system should be discouraged.
You can use email occasionally for personal reasons (excluding running a personal business!) as long as it doesn't interfere with your job performance.

Default Privileges
Employee privileges on electronic communication systems must be assigned such that only those capabilities necessary to perform a job are granted. This approach is widely known as the concept of "need-to-know." For example, end-users must not be able to reprogram electronic mail system software. With the exception of emergencies and regular system maintenance notices, broadcast facilities must be used only after the permission of a department manager has been obtained.
You will be provided the rights to perform the work you need to accomplish.

User Separation
Where electronic communications systems provide the ability to separate the activities of different users, these facilities must be implemented. For example, electronic mail systems must employ user-IDs and associated passwords to isolate the communications of different users. But fax machines that do not have separate mailboxes for different recipients need not support such user separation.
Everyone will receive his or her own unique email user id.

User Accountability
Regardless of the circumstances, individual passwords must never be shared or revealed to anyone else besides the authorized user. To do so exposes the authorized user to responsibility for actions the other party takes with the password. If users need to share computer resident data, they should utilize message forwarding facilities, public directories on local area network servers, and other authorized information-sharing mechanisms. To prevent unauthorized parties from obtaining access to electronic communications, users must choose passwords, which are difficult to guess (not a dictionary word, not a personal detail, and not a reflection of work activities).
You may not share one email id among a group of people. You don't share your bank card PIN numbers do you?

No Default Protection
Employees are reminded that <Company> electronic communications systems are not encrypted by default. If sensitive information must be sent by electronic communication systems, encryption or similar technologies to protect the data must be employed.
Using email is no more or less secure than writing on a piece of paper.

Respecting Privacy Rights
Except as otherwise specifically provided, employees may not intercept or disclose, or assist in intercepting or disclosing, electronic communications. <Company> is committed to respecting the rights of its employees, including their reasonable expectation of privacy. <Company> also is responsible for servicing and protecting its electronic communications networks. To accomplish this, it is occasionally necessary to intercept or disclose, or assist in intercepting or disclosing, electronic communications.

No Guaranteed Message Privacy
<Company> cannot guarantee that electronic communications will be private. Employees should be aware that electronic communications could, depending on the technology, be forwarded, intercepted, printed, and stored by others. Furthermore, others can access electronic communications in accordance with this policy.
Assume that all your email communications are public. Your messages can be forwarded, printed and stored.

Regular Message Monitoring
It is the policy of <Company> NOT to regularly monitor the content of electronic communications. However, the content of electronic communications may be monitored and the usage of electronic communications systems will be monitored to support operational, maintenance, auditing, security, and investigative activities. Users should structure their electronic communications in recognition of the fact that <Company> will from time to time examine the content of electronic communications.
Occasionally, email systems (including email content) will be monitored by Technical staff in the performance of normal systems maintenance.

Statistical Data
Consistent with generally accepted business practice, <Company> collects statistical data about electronic communications. As an example, call detail reporting information collected by telephone switching systems indicates the numbers dialed, the duration of calls, the time of day when calls are placed, etc. Using such information, technical support personnel monitor the use of electronic communications to ensure the ongoing availability and reliability of these systems.
Systems technical support may track all company email activity, in the same way that your phone company keeps track of your personal long distance calls.

Incidental Disclosure
It may be necessary for technical support personnel to review the content of an individual employee's communications during the course of problem resolution. Technical support personnel may not review the content of an individual employee's communications out of personal curiosity or at the behest of individuals who have not gone through proper approval channels.
When resolving an email problem, technical support people could accidentally view the content of one of your emails.

Message Forwarding
Recognizing that some information is intended for specific individuals and may not be appropriate for general distribution, electronic communications users should exercise caution when forwarding messages. <Company> sensitive information must not be forwarded to any party outside <Company> without the prior approval of a local department manager. Blanket forwarding of messages to parties outside <Company> is prohibited unless the prior permission of your supervisor has been obtained.
Be careful who you forward messages to. Respect the privacy of the person who sent you the message.

Purging Electronic Messages
Messages no longer needed for business purposes must be periodically purged by users from their personal electronic message storage areas. After a certain period -- generally six months -- electronic messages backed-up to a separate data storage media (tape, disk, CD-ROM, etc.) will be automatically deleted by systems administration staff. Not only will this increase scarce storage space, it will also simplify records management and related activities.

Personal Mail box size will be limited to 100mg. Once your mailbox reaches this point, your e-mail functionality will be affected.
Inbound (internet) e-mails will be limited to 5mg in size. Any emails exceeding the 5mg size will be returned to sender as "undeliverable."
Internal e-mails will be limited to 5mb in size. IT will offer some alternative solutions (Winzip, FTP services) for those individuals who need to send/receive large files.
Keep your email room clean.

Temporary Email Users
If the company provides access to electronic mail to external users such as consultants, temporary employees, or partners, they must read and sign the electronic communications policy statement.

Do Not Share
Users must not allow anyone else to send email using their accounts. This includes their supervisors, secretaries, assistants and any other subordinates.

The use of Consumer IM products (eg. MSN and Yahoo!) is permitted for intercompany use (non-<Company> partners). The interaction with external, non-authenticated services opens channels for the inadvertent or deliberate exchange of Intellectual Property. Therefore, all the principles outlined in <Company>'s Electronic Communications and Internet Usage Policies apply to Instant Messaging.

The preferred methods of electronic File Transfer are either: email or FTP (file transfer protocol). Both are better suited for attachments, are designed to handle higher bandwidth communications, and can regulate acceptable file sizes

Global Application of IT Policies
The policies that appear within this chapter are written for a North American audience. These policies are written to provide our worldwide employees with an understanding of how to use technology within <Company> and what constitutes acceptable and unacceptable behaviors.

In cases where these policies could potentially violate local national laws, (for example, employee privacy, system & employee monitoring or potential employee disciplinary actions) they will be administered in accordance with the laws of the employee's country.