CODE OF CONDUCT FOR INTERNET, , DOCUMENT AND COMPUTER USE ETC Foundation

Transcription

1 CODE OF CONDUCT FOR INTERNET, , DOCUMENT AND COMPUTER USE ETC Fundatin ETC Management Date 16 July 2014 Electrnic file name ETC Cde f Cnduct fr Internet, , Dcument and Cmputer Use Fr Apprval: J.H.J. Dusseljee Directr ETC Fundatin

2 TABLE OF CONTENTS CODE OF CONDUCT FOR INTERNET, , DOCUMENT AND COMPUTER USE 3 CODE OF CONDUCT FOR INTERNET AND USE 4 1 SCOPE OF THE CODE OF CONDUCT 4 2 ASSUMPTIONS 4 3 OBJECTIVES 4 4 USE 4 5 PROHIBITED USE 5 6 INTERNET USE 5 7 USE OF SOCIAL MEDIA 5 8 PROHIBITED INTERNET USE 6 9 CONDITIONS FOR MONITORING 6 10 MONITORING 7 11 RIGHTS OF THE EMPLOYEE 7 12 COMPUTER USE 7 13 DOCUMENT USE 8 14 FINAL DETERMINATION 8 * * * ETC Cde f Cnduct fr Internet, , Dcument and Cmputer Use 2

3 CODE OF CONDUCT FOR INTERNET, , DOCUMENT AND COMPUTER USE This cde f cnduct has been cmpiled in accrdance with: Article 7:611 and 7:660 f the Civil Cde (Burgerlijk Wetbek) The Persnal Infrmatin Prtectin Act (Wet Bescherming Persnsgegevens) Article 27 sectin 1 subsectins k and l f the Wrks Cuncil Act (Wet p Ondernemingsraden) The cde takes int accunt that: The Fundatin and its emplyees agree t treat each ther as a gd emplyer and gd emplyees respectively (art. 7:611BW). The use f the internet and is indispensable fr emplyees t prperly functin within the Fundatin. There are risks attached t the use f the internet that make it necessary t set clear rules f cnduct. Due t the existence f such risks, emplyees are expected t act respnsibly in using the internet and ing. ETC Fundatin is entitled t present regulatins fr the utilisatin f the internet and , and t take measures t ensure the apprpriate use f these tls within the institutin (article 7:660 BW). The present cde f cnduct cvering peratinal prcedures and regulatins are as fllws: ETC Fundatin is entitled t review persnal data fr the purpses f mnitring adherence t this cde f cnduct. ETC Fundatin emphasises the need t prtect the right t privacy and respect the fundamental rights and freedms f the emplyees invlved when mnitring and internet use. The present cde f cnduct has been agreed with the supprt f the Cmpany Cuncil. In the event f a suspected r prven breach f the cde f cnduct utlined belw, this will be brught t the ntice f the Management Team thrugh the line manager invlved. The Management Team will subsequently take apprpriate actin. This may include a penalty prprtinate t the severity f the miscnduct, and may be anything frm a warning t a dismissal. ETC Cde f Cnduct fr Internet, , Dcument and Cmputer Use 3

4 CODE OF CONDUCT FOR INTERNET AND USE 1 SCOPE OF THE CODE OF CONDUCT This regulatin is applicable t all fully r partially autmated prcessing f persnal infrmatin f thse prviding services t r emplyed by ETC Fundatin. 2 ASSUMPTIONS The mnitring f persnal infrmatin and data related t and internet use amunts t the prcessing f persnal data in accrdance with the Persnal Infrmatin Prtectin Act. Any cntrl ver and internet use in ETC must be implemented in cnfrmity with this regulatin. Situatins nt cntemplated within the current regulatin shall be dealt with in cnsultatin with the selected staff representative and the management team. The aspiratin is t achieve a gd balance between the respnsible use f and internet, and the prtectin f emplyees privacy in the wrk place. The emplyer will strive t ensure the integrity f the system by prviding an internal system manager with external back-up services (referring t the clud cmputing arrangement) and the subsequent mnitring this entails. 3 OBJECTIVES This cde f cnduct cntains rules t ensure respnsible use f and internet as well as the manner in which cntrl ver persnal infrmatin will take place in relatin t and internet use. The mnitring f persnal data regarding and internet use will be put in place in rder t: a. Prvide individual supprt/review b. Avid negative publicity c. Cunter sexual intimidatin d. Guard the cmpany s intellectual prperty rights and secrets e. Ensure system and netwrk security/integrity f. Manage csts and capacity g. Cunter discriminatin 4 USE Emplyees will be prvided with an supprt system fr their wrk-related cmmunicatins. Its use is therefre limited t tasks directly related t each emplyee s functin. Limited use f the system fr persnal cmmunicatins is permitted prvided this des nt disrupt daily prceedings and is nt cvered by the prhibited activities listed under Article 5. ETC recgnises that its emplyees may chse t use their private addresses fr sending r receiving dcuments when experiencing service disruptins r while abrad n missins. ETC requests ETC Cde f Cnduct fr Internet, , Dcument and Cmputer Use 4

5 its emplyees t keep this practice t a minimum and t use nly strictly secured and knwn addresses fr such exceptinal circumstances. 5 PROHIBITED USE Emplyees are nt permitted t use the system t send r receive messages with prngraphic, racist, discriminatry, ffensive r inflammatry cntent, with intimidating (sexual) cntent r which (culd) encurage hate and/r vilence, has a threatening cntent r cncerns Spam. Emplyees are nt permitted t use the internet system t send r receive chain mail. Emplyees are advised t use nly the prgramme made available and installed by ETC. Emplyees are advised t use the virus scanner prvided t cntrl the integrity f attachments and annexes t an befre pening them. Emplyees are advised t cntrl the integrity f data-prts (USB sticks etc.) befre pening them. Emplyees are required t warn the internal system manager if their cmputer behaves strangely which may signal that a virus has infected the system. 6 INTERNET USE An internet system is prvided t the emplyee fr wrk-related use. Limited persnal use f the internet is permitted prvided this des nt disrupt daily prceedings and is nt cvered in the list f prhibited activities enumerated under Article 7. ETC recgnises that visual and multimedia supprt is becming an imprtant tl within the wrking sphere f its prjects and prgrammes. In such cases, ETC emplyees can dwnlad and save vides, recrdings and ther such multimedia tls n their cmputers, but nly after having fully verified that this cmplies with cpyright regulatins and that the files are virus free. ETC recgnises that internet-based cmmunicatin devices are increasingly imprtant and that its emplyees spend a significant part f their time abrad due t their wrk. ETC therefre accepts that its emplyees may utilise nline tls t maintain their private lives and persnal affairs within reasn (i.e. t cmmunicate with family members, listen t music, nline banking etc.) r t enjy their leisure time utside wrking hurs (watching TV and nline vides, r listening t music). These activities shuld be cnducted while respecting Article 7, and shuld nt be detrimental t the prfessinal perfrmance f the emplyee. Mrever, emplyees are expected t take all reasnable security measures t ensure these activities d nt harm r threaten the integrity f electrnic dcuments r cmputers in their pssessin. 7 USE OF SOCIAL MEDIA Distributin f messages and/r cnfidential infrmatin, regardless f the manner and medium (Facebk, LinkedIn r Twitter, etc.), that culd damage the interests f ETC is prhibited. The latter includes any public activity by an emplyee that culd negatively impact n the image f the emplyer. Making public any images, films r ther types f infrmatin regarding ETC, thse invlved with ETC (e.g. partners r clients), ETC staff etc. withut prir frmal permissin is nt permitted. ETC Cde f Cnduct fr Internet, , Dcument and Cmputer Use 5

6 The abve des nt mean that ETC will nt make use f scial media as an rganisatin r thrugh its emplyees. This is allwed in line with crprate plicies and gd practice, and is susceptible t the judgement f the Management Team. Use f scial media fr persnal reasns nly during wrking hurs is nt encuraged and is nt allwed where it negatively impacts n the duties f the emplyee. 8 PROHIBITED INTERNET USE Emplyees are nt permitted t visit internet sites with prngraphic, racist, discriminatry, ffensive r inflammatry cntent. Neither is it permitted t dwnlad, reprduce r disseminate such materials. The emplyee is nt permitted t prcure fr him/herself thrugh unlawful access t nn-public internet surces. Emplyees are nt permitted t dwnlad and install illegal sftware (shareware) frm the internet. ETC recgnises that visual and multimedia supprt is becming an imprtant tl within the wrking sphere f its prjects and prgrammes; and its use and access is permitted in accrdance with Article 6.3. Hwever, emplyees are nt permitted t dwnlad music r vides frm the internet and stre these n their wrk cmputer utilising illegal sftware r in cnflict with cpyright regulatins. Emplyees are nt permitted t install privately btained sftware n ETC-prvided cmputers. Emplyees are nt permitted t prcure the services f a cmputer prgrammer withut first requesting cnsent frm the directr and the external ICT service prvider. Once there is agreement, all licence infrmatin will be made available t ETC. Emplyees are nt permitted t utilise electrnic cmmunicatin media fr unacceptable persnal uses. Unacceptable persnal use f the internet includes gaming and the dwnlading f games, gambling r games f chance, prngraphic sites, and thers cvered under Article CONDITIONS FOR MONITORING Mnitring f persnal infrmatin thrugh and internet use will nly take place in accrdance with the bjectives enumerated in Article 3.2. In principle, mnitring will takes place at the level f ttalised data that cannt be reduced t identifiable individuals. In the event that an emplyee r a grup f emplyees is suspected f cntravening the rules, supervisin and cntrl measures can be put in place fr a shrt perid. In principle, mnitring will take place n the level f traffic and internet use. Only in serius circumstances wuld mnitring invlve the cntent f these cmmunicatins and internet use. Sftware-based tls may be utilised t stp prhibited and internet use. Additinal cntrls may be randmly added. If a system manager identifies prhibited use, this will be discussed immediately with the cncerned emplyee. The emplyee will be infrmed abut the cnsequences f cntinuing the afrementined prhibited use. ETC Cde f Cnduct fr Internet, , Dcument and Cmputer Use 6

7 10 MONITORING Mnitring in the framewrk f supervisin and/r individual assessment will take place at randm and will be limited t wrk-related mail messages. Mnitring t avid negative publicity and sexual intimidatin, as well as cntrls in the framewrk f system and netwrk security, takes place n the basis f cntent filtering. Suspicius messages will be autmatically returned t the sender. Mnitring fr leaks f cmpany cnfidential material will take place randmly n the basis f cntent filtering. Suspicius messages will be set apart fr further inquiry. Mnitring regarding csts and capacity management is limited t the internet traffic data. 11 RIGHTS OF THE EMPLOYEE ETC will infrm its emplyees in advance f the mnitring f persnal data regarding and internet use, the end gals, the nature f the data, the circumstances under which the data will be btained and the cntent f this cde. Emplyees can apprach ETC t request a full verview f their edited persnal data. Such requests will be answered within fur weeks. Emplyees can apprach ETC with the request t imprve, supplement, delete r shield persnal data if the material is incrrect, incmplete r nt relevant t the case, r cntradicts a statutry regulatin. Such requests will be answered within fur weeks. 12 COMPUTER USE ETC will prvide each emplyee with a persnal cmputer, either a desktp mdel fr use at the ffice r a laptp fr use at the ffice, hme r during duty-travel. ETC will further prvide such accessries that are cnsidered necessary fr the fulfilment f the tasks f the emplyee. All emplyees receiving any hardware frm ETC will sign a cntract that describes the cnditins fr using and preserving the hardware while being emplyed. This cntract is nt part f the labur regulatins, which refer t a cde f cnduct nly. Where there is a prblem with the cmputer, r the presumptin f a prblem, the emplyee must cntact the internal system manager immediately, wh may refer the matter t the external service prvider, i.e. the technical firm managing the clud cmputing system. If there is a presumptin f a virus and/r f serius prblems, the emplyee is requested t STOP wrk and cntact the internal system manager immediately. When suffering cmputer prblems, the emplyee is requested t nte the fllwing infrmatin t help in identifying and then fixing the prblem: User name. Date and time when the prblem tk place. Prgram in use when the prblem tk place. Type f errr message received (text f the errr message if pssible / applicable). What yu were ding with the prgramme when the prblem presented itself. Which ther prgrammes were als in use at the time f the errr. ETC Cde f Cnduct fr Internet, , Dcument and Cmputer Use 7

8 Whether the cmputer was cnnected t the internet when the prblem ccurred. Emplyees are requested t manage passwrds in the same way as they wuld their PIN-cde. The cmputer passwrd is persnal and is nt t be shared r sent t thers. When lgging in, emplyees are requested t check if the previus lgin was made by an unknwn persn. Emplyees are requested t chse a lg-in name and passwrd that they can easily remember and ensure that this cannt be fund in a ntebk r that it can be easily traced t the emplyee (therefre, nt the name f the emplyee, a family pet r the children). Emplyees shall NOT use the netwrk passwrd fr internet services. Emplyees must NOT write the passwrd n a piece f paper that is psted clse t r kept within the cmputer. Emplyees must NEVER tell their passwrd t thers, even t enable use f the cmputer during absence. If an emplyee suspects that smene knws his/her passwrd, the emplyee is expected t change it immediately. Emplyees are expected t cntact the internal system manager if they d nt knw hw t change the passwrd. Emplyees shuld NOT save passwrds in their cmputer. If Windws asks t save a passwrd, the emplyee is expected t chse N. Emplyees shuld ensure that their passwrd cntains at least a number (0 t 9), a capital letter and/r a sign ($, %, &, #, etc.). Emplyees are expected t change their passwrd at least every three mnths. When leaving the rm fr a lengthy perid (e.g. fr lunch), the emplyee is expected t shut the cmputer dwn, leave it with a passwrd-activated screensaver, r lg ut. 13 DOCUMENT USE All dcuments prduced by emplyees are and remain the prperty f ETC. All dcuments must be handed ver t ETC when emplyment ceases. Dcuments that are the prperty f ETC shuld be wrked upn n ETC-wned cmputers, unless calamity r the unavailability f such tls makes this impssible (e.g. wrking frm hme withut the availability f an ETC laptp; temprary lack f nrmal cmputer due t technical prblems). The emplyee shuld ensure that all relevant dcuments that are the prperty f ETC are stred n the ETC server and easily accessible t all ETC staff. Emplyees shuld prduce and mdify all dcuments accrding t the ETC huse style. Emplyees in pssessin f an ETC laptp are requested t make regular backup cpies f all dcuments that are the prperty f ETC by cpying the data t the P-file and/r t external devices, such as an external hard disk r USB stick made available by ETC. 14 FINAL DETERMINATION ETC can mdify r withdraw this cde f cnduct prvided it has the cnsent f the staff representatin. ETC Cde f Cnduct fr Internet, , Dcument and Cmputer Use 8