Aug 18 Acceptable Use Policy .au



[pic]

Acceptable Use Policy

Information Technology Department

All staff comprising employees and agents of Insurance My Way Australia(IMW) are governed by set guidelines outlined in this document on the acceptable usage of corporate electronic and technology systems.

Authorized by IMW Executive Management Group

1.0 Ownership of Information

IMW stakes claim on all information generated, replicated, processed, and stored by staff during the course of employ. Such information will extend to emails and other information stored on either Local Personal Computers or IMW Servers.

2.0 Privacy

IMW while reserving the right to protect the best interests of the company, will respect individual staff privacy by not knowingly reviewing, revealing, monitoring, or discussing information residing on corporate systems unless otherwise directed by a Senior Management Executive acting upon the going concerns of the company. The Senior Management Executives of Insurance My Way are:

- Managing Directors

- Business Development Manager

- Chief Operating Officer

- Chief Information Officer

3.0 Security

All staff are required to maintain and protect the integrity of data. While such policies are dictated by the Corporate Systems Division of IMW's Information Technology (IT) Department, all staff are responsible for taking the initiative to read available documentation, understanding measures and to effect enforcement of security precautions where possible. For instance an unlocked Workstation can be locked by anyone who witnesses that the machine has been left unattended for any amount of time.

4.0 Passwords

Staff are responsible to maintain password secrecy. This extends to any other access code used during the course of employ. Passwords should not be written down, stored in a retrieval system (without additional security measures in place),  nor communicated to anyone within or without the corporation. Passwords should also be changed frequently to prevent abuse. Passwords should be changed immediately if any staff feels that the integrity of secrecy at any time is in question.

Additionally, no access code should be visible (or written) on milkeys used to gain entry into the building. If such information is available, the staff should take the initiative to either remove it or make it non-legible.

5.0 Personal Activities

IMW discourages the use of corporate systems for personal activities. Dependent on situation, IMW reserves the right to charge staff (at commercial rates) for the abuse of corporate systems (Hardware or Software).

6.0 Virus Protection

Diskettes and email attachments increase the probability of virus attacks on IMW's corporate network. Where such an event may arise, Staff should take care to run Virus Inoculation Procedures regardless of existing precautions established by IMW's IT Department.

7.0 Access to Network

Only staff are allowed to access network systems, folders, and corporate data. Where such a situation occurs that an external person needs access, the Network Department should be notified and a request for such use be sent to support@.au. Appropriate security and supervision can then be arranged.

8.0 Bandwidth

All staff should take care not to abuse the bandwidth of our network. Large attachments or files (of over 300KB) should be carefully sent to specific recipients only where necessary. Such files should be compressed whenever possible. Any form of “Video Streaming” is not permitted at IMW.

9.0 Proper Use of Email

Thread of Discussion: respect the thread of any discussion over email and be careful that subject headers are pertinent to the ongoing conversation.

Flaming: at no time should an employee attempt to create dissension by responding in an outright negative or argumentative manner over emails. If this has to be done, wait 24 hours, and respond non-emotively. Our suggestion is to have a face-to-face (F2F) before sending the email off.

Forwarding: be careful of who’s in the To: and Cc: fields! Emails should not be forwarded indiscriminately to parties not privy to subject headers or threads of discussion. Always be aware who is attached to what e-mail groups setup on your own system, or who belongs to the e-mail aliases on the IMW Mail Server.

Hate Mail: At no time should employees be the originator of email that has sensitive content. This covers discrimination of any kind & harassment. Should employees be at the brunt of such hate mail, you should notify the Chief Information Officer or other senior management staff immediately.

Spamming: Do not send blanket emails to everyone@.au unless specifically authorized to do so, and use Personalized Mailing Group Lists or current e-mail aliases on your Email Client whenever appropriate. Respect any person who wishes to be removed from this mailing list, and remove them immediately.

Impersonation: No staff, even in jest, should assume another identity in responding to or forwarding email internally or externally in reference to IMW.

Attachments: All staff are encouraged not to open any attachments received in email without knowing the proper source of the attachment. This is to prevent the spread of viruses, which are usually spread in such a manner. The standard procedure is to “Detach” attachments into a specified local folder, and then scan the selected folder for possible Viruses.

10.0 Webmail Service

The webmail system is a web-based email access facility made available for use by IMW’s staff and is a popular way to get access to corporate emails outside the company. However, there is concern about the security of terminals used to access the webmail facility outside of IMW.

For instance, using webmail from your home is generally acceptable as long as your home machine has not been hacked. You can never be to careful.

We discourage accessing webmail using public terminals, such as those at the airport, MacDonald’s, web cafés etc.. since there is a real danger of having someone easily record your keystrokes and/or steal your password. This is especially bad since most of the people using webmail have privileged access on our systems.

Minimally, you should:

- Not use a public computer to access IMW’s webmail facility.

- Don’t use a stranger’s computer.

- Don’t use someone’s computer unless you think they can be trusted.

- Don’t use any computer unless you have verified the following:

o Nobody is watching you use the computer

o The computer is not under video surveillance

o No unusual hardware is installed. In particular look for such things as unusual adapters between the keyboard and the computer.

o The computer is running anti-virus software with the latest updates.

o No unknown programs are running  (e.g., under Windows 95/98/ME, press

 Ctrl-Alt-Del for a basic, but slightly incomplete, list; make sure you know what all the programs listed there are.  Under Windows NT, check both the process list and the services list). In both instances check in the “Task Bar” to see what applications are running in the background.

o Any programs/plugins that are known to tell remote sites which web sites you visit are disabled.  e.g.,  Comet Cursor, Netzip Download Demon, "keywords" and "smart browsing" services, and any  "pay-to-surf" clients.

o If a terminal program is being used, keystroke logging and buffer

 logging are turned off.

o Caching of SSL (Secure Socket Layer) pages is turned off in the browser.

- Web Page History should be deleted when finished using the browser.

- Cache should be deleted when finished using the browser.

- If using Netscape, location bar history should be deleted when finished using the browser.

- When finished using Webmail, the "log out" feature of Webmail must be used.

11.0 Mobile Devices

Laptops: Employees using mobile computing devices for company-related work during the course of employment with IMW, whether be it personal or office-issued machines, must ensure that enough precautions be taken with the unit to discourage theft and reduce possibility of misplacement. Minimally operating systems passwords must be enabled. Ideally both operating systems password and BIOS system password have to be enabled. Please use such devices to store the most nominal amount of information required for your remote needs.

PDA: All staff utilizing Personal Digital Assistants, whether they are synchronized with your corporate computer system or not MUST password enable the PDA. The same with mobile devices as mentioned above, users must ensure that enough precautions be taken with the unit to discourage theft and reduce possibility of misplacement. For example, do not leave your PDA on your desk unattended without locking the device. When you do leave your PDA (as in leaving the immediate vicinity of the location you cradle your PDA), please minimally ‘Turn Off and Lock Device’ – which is a security feature common to most PDAs. Ideally, please password lock and stow away your PDA. Any corporate information stored in the PDA must be marked Private, so that any non-authorized usage of your PDA will not be able to access this data. The Network Department will take adequate steps to store such devices that are left unattended without a password lock when alerted.

12.0 Copyright Infringement

At no time will an IMW employee breach international or Australian copyright or licensing regulations.

13.0 Document Management

All staff should review files to ensure the efficiency of storage space utilized. This goes for e-mail attachments and e-mail “Archiving” also.

14.0 Warnings to Note: IMW reserves the right to exercise rights of employment for any staff who violates this Acceptable Use Policy.

Immediate dismissal: accessing pornography, misappropriation of corporate

data, revelation of trade secrets to any non-employee of IMW without proper authorization, disclosure of information to a third party not constrained by a Confidentiality Statement or not in the best interest of the corporation as determined by corporate strategy ceteris paribus, impersonating some other person, and aiding/abetting a hacker/phreaker/denial of service attack.

Written Warnings: all others.

Definition Table

|Bandwidth |The capacity of our information transmission. |

|Anti-virus Software |Software that protects your computer against viruses. Should be updated regularly |

| |with patches or updates which teaches the program about new methods of protection. |

|Cache |A date store. Eg. A web cache exists on browsers to store webpages that you’ve |

| |visited. |

|Client PC |a client is a Personal Computer that sits on a network of some sort and accesses a |

| |server. |

|Computer Virus |a program that attacks and changes system functionality. |

|Data |data is used interchangeably with 'Information' in context of this document to |

| |represent stored knowledge, an example of which is the collection of customer |

| |profiles and product information. |

|Denial of Service Attack |An attack to burden systems sufficiently so that our service deliverable is not able |

| |to be accessed by the customer. |

|Email Client |Any program that helps you manage emails. |

|Hacked |A computer which has had security defeated by an individual or group that has not |

| |been granted previous permission to it. |

|Hacker |A person who attempts to infiltrate/bypass/defeat security or gateways on systems for|

| |a variety of reasons. |

|History |Referring to Web History or the URLs that a particular browser has visited over the |

| |past x days. This can be seen from internet options. |

|Information |see 'Data'. |

|Local Personal Computers |referring to the nodes of client machines residing on IMW's network. |

|e-mail aliases |A lists of all internal/external e-mail groups defined on the IMW IMAP Mail Server. |

|Personalized Mailing Group Lists |A list of email addresses set up on your email client that sends a message to that |

| |group of contacts (predetermined by you to be appropriate for such an email). |

|Phreaker |A person who attempts to infiltrate a phone network for a variety of reasons. |

|Plugins |Add-ons to a software platform that allows the running of additional information that|

| |was not available within the original program. |

|Server(s) |A computer designated to perform a certain set of functions in |

| |the corporate computer system. |

|SSL |Secured socket layer – a type of encryption method. |

|System |we use the term 'Systems' to cover all electronic and computer |

| |equipment either connected or not connected to the company's intranet or internet |

| |owned by IMW and used in business processing. |

|Terminal |Interchangeable with PC or Client. |

|Virus Inoculation Procedures |Processes to eradicate a Computer Virus. |

|Web-based Email |Accessing your email using a web browser, rather than an email client accessing to an|

| |ISP’s ‘POP’ or corporate IMAP account. |

|Workstation |Used interchangeably with ‘Personal Computer’ or Client machine. |

Management reserves the right to change this Acceptable Use Policy at any time. A general broadcast of such changes to the email everyone@.au will signify that the policy is in force and enforceable. If at any time there is a disparity between the guidelines as highlighted above, such summary judgment will rely on the sole discretion of the Chief Information Officer (CIO).

If you have difficulty understanding any of the above, please contact Network Administration on Ext 425/220 or email support@.au. If at any time you are in a situation in which you need to refer to another officer of the company, please email the Chief Operations Officer david@.au.

Version Changes

|Version |Broadcasted |Description of Changes |

|1.0 |Aug, 21 2000 |First document. |

|1.1 |Sept 25, 2000 |Section 2.0: Added in Definition of ‘Senior Management’. Added definition of Personalized |

| | |Mailing Group Lists, Email Client, Hacker, Phreaker, and Denial of Service. Added |

| | |Impersonation and Attachments to Proper Use of Email. Added Impersonation and Attack to |

| | |Immediate Dismissal. |

|1.2 | |Added Proper Use of Webmail |

|1.3 |Nov 6, 2000 |Updated most entries and included sign-off Agreement |

|1.4 |Nov, 21 2000 |Edited by Janette Poupel to expand on User Sign-off page |

|1.5 | |Mobile Devices section added in. |

Attachment to

Acceptable Use Policy

Agreement

between

Insurance My Way Australia Pty Ltd, and

Confidential

I hereby state that I have read and understood the Insurance My Way Acceptable Use Policy and as a condition of my employment I agree to accept and bide by the principles, behaviour and policies outlined.

___________________ ___________________

EMPLOYEE SIGNATURE CHIEF OPERATING OFFICER

___________________ ___________________

DATE DATE

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download