Acceptable Use Policy

Acceptable Use Policy

Acceptable Use Policy

 

Purpose

The purpose of this Acceptable Use Policy (AUP) is to outline the acceptable use of information technology resources, systems, and devices within the organization. These rules are in place to protect the employees, data, and systems of the company. Inappropriate use exposes the company to risks including virus attacks, compromise of network systems and services, and legal issues.

Scope

This policy applies to all employees, contractors, consultants, temporary staff, and other personnel using or accessing company-owned systems, networks, devices, and data. This includes both on-premises and remote access.

General Use and Ownership

  1. Company Property: All technology resources provided by the company, including computers, devices, software, and networks, are the property of the company. Users should have no expectation of privacy when using company resources.
  2. Monitoring: The company reserves the right to monitor and audit all activities conducted using company resources, including email, internet usage, and data storage.
  3. Personal Use: Limited personal use of company resources is allowed, provided it does not interfere with work duties, violate this policy, or affect the performance or security of systems. Excessive personal use may be subject to disciplinary action.

Acceptable Use

Users must:

  1. Use company systems and resources in a manner that is ethical, lawful, and aligned with the company’s business objectives.
  2. Ensure data confidentiality, integrity, and availability by following security guidelines, using strong passwords, and reporting any security incidents.
  3. Use approved communication tools for work-related purposes, such as email, messaging, or collaboration software.
  4. Keep software and operating systems updated and install only authorized software.
  5. Use VPN or other secure methods when accessing company resources remotely.

Unacceptable Use

The following actions are prohibited:

  1. Security Violations: Unauthorized access, hacking, or any actions that could compromise the security of the company’s network or systems.
  2. Data Misuse: Sharing, distributing, or accessing confidential or sensitive company data without proper authorization. Access to these permissions does not equate to authorization.
  3. Illegal Activities: Engaging in illegal activities or accessing illegal content using company resources.
  4. Harassment: Sending offensive, discriminatory, or harassing messages or content using company communication tools.
  5. Unauthorized Software: Downloading, installing, or using software not approved by the IT department, including illegal software, pirated content, or malware.
  6. Personal Devices: Connecting personal devices to company networks without prior approval from the IT department.
  7. Bandwidth Consumption: Excessive use of bandwidth or engaging in activities that could impact the performance of the network, such as streaming, downloading large files unrelated to work, or engaging in gaming activities.
  8. Social Media Misuse: Using company resources to engage in social media in ways that may harm the company’s reputation or violate other company policies.
  9. Outside Business Activities: Employees must not use company devices to access, transmit, or manage personal or non-company email accounts related to other businesses or external employment. Additionally, company devices are not to be used for any activities related to outside businesses, freelance work, or any form of external employment.

Display of Personal Images and Content

Employees are expected to maintain a professional work environment, and this extends to the digital workspace. The following guidelines apply to the display of images and content on company devices:

  1. Professional Content: All personal images, screen savers, PC backgrounds, and lock screens displayed on company-owned devices must be appropriate for a business environment. Content should be professional, non-offensive, and not contain material that could be deemed inappropriate, discriminatory, or offensive.
  2. Prohibited Content: The following are not allowed on company devices:
    • Images or content containing violence, nudity, or sexually suggestive material.
    • Content that includes discriminatory language or imagery based on race, gender, religion, age, or any other protected category.
    • Any political, religious, or controversial content that may not align with a professional business setting.
  3. Approval of Content: If there is any uncertainty about whether an image or content is appropriate, employees should seek guidance from their manager or the Human Resources department.
  4. Business Branding: Employees are encouraged to use company-provided backgrounds or branding materials when available, to maintain a consistent professional look across the organization.
  5. Personal Device Content: If personal devices are used for work purposes (e.g., in a Bring Your Own Device (BYOD) scenario), the same standards of professionalism apply to any business-related content displayed during work hours or in professional settings.

 

Network Security

  1. Users must follow the guidelines provided by the IT department regarding the use of firewalls, VPNs, antivirus software, and other security tools.
  2. Passwords should be strong, unique, and not shared. Users must change passwords regularly according to company policy.
  3. Report any suspicious activity, security incidents, or breaches to the IT department immediately.

Email and Communication Tools

  1. Use company-provided email and communication tools for official business.
  2. Do not open attachments or click on links from unknown or suspicious sources.
  3. Do not use email or other communication tools to send confidential information without appropriate security measures, such as encryption.

Internet Usage

  1. Access to the internet via company resources is provided for business purposes. Limited personal use is allowed, but users must not engage in activities that violate this policy.
  2. Do not visit websites that contain offensive, illegal, or inappropriate content.
  3. Do not engage in activities that violate intellectual property rights, such as unauthorized downloading or sharing of copyrighted material.

Consequences of Violation

Violations of this Acceptable Use Policy may result in disciplinary action, up to and including termination of employment. In cases involving illegal activities, the company may report incidents to the appropriate legal authorities.

Policy Review

This policy is subject to periodic review and may be updated to reflect changes in legal, business, or technical conditions. Users will be notified of any significant changes.

    • Related Articles

    • Mobile Device Setup Policy

      DOCUMENT #: IT-ALL-96 DEPARTMENT: IT Department DATE: 7/1/2024 AUTHOR: Adam Morrison APPROVED BY: Executive EFFECTIVE: 7/1/2024 Mobile Device Setup Policy Welcome Employee owner, As part of our commitment to providing you with the tools necessary for ...

    • Password security Standards

      Scope: This standard covers the minimum password requirements for all electronic devices owned or leased by A-Z Bus Sales that can be protected by a password. Purpose: To ensure that all electronic devices are secured by a password of a certain ...

    • Can I install software/hardware on computers

      Software installations require prior approval. You will need to email support@a-zbus.com in advance. We will then notify you with a decision regarding the software installation. Any software under consideration must have explicit licensing which ...

    • Mitel Settings

      Email or Username: Enter the first part of your email address Password: Temp password is 123456789 Leave "Use Windows Credentials" and "Domain" blank Server: 10.0.2.192

    • What A-Z Bus Sales applications will require MFA?

      Netsuite Outlook Teams OneDrive Office 365 applications including the Office 365 web page This list will be expanded as more applications are setup to use MFA