APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES

Transcription

1 APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS (INCLUDING INTERNET & ) EMC CORPORATE POLICY COPYRIGHT 2007 EMC CORPORATION. ALL RIGHTS RESERVED. NO PORTION OF THIS MATERIAL MAY BE REPRODUCED, STORED IN A RETRIEVAL SYSTEM OR TRANSMITTED IN ANY FORM BY ANY MEANS WITHOUT THE PRIOR WRITTEN APPROVAL OF EMC.

2 TABLE OF CONTENTS 1. POLICY HISTORY & APPROVAL PURPOSE SCOPE POLICY POLICY VIOLATION RESPONSIBILITIES RELATED POLICIES...3 EMC Confidential -i- EMC Corporate Policy

3 1. POLICY HISTORY & APPROVAL This policy has been approved according to the chart shown below. Any deviation from this policy will require the written approval of management and EMC s CIO. POLICY HISTORY Published Date Rev # Changes Made Author(s) Approver(s) July Review & update December Review & update Office of General Counsel June Review & update Mark Link December Original version of policy Mark Link IT Leadership Team 2. PURPOSE 3. SCOPE The purpose of this policy is to promote and protect the integrity of EMC s Information Technology Systems Infrastructure Resources ( IT Resources ). IT Resources must be used responsibly and in compliance with this policy. This policy is applicable to EMC Corporation and all of its affiliates, and it applies to all employees, consultants, contractors, and any other persons who are provided access to EMC s computer and network resources (collectively referred to, for purposes of this policy, as EMC users ). 4. POLICY 4.1 APPLICABLE SYSTEMS IT Resources consist of all EMC computer and telecommunication systems, including but not limited to hardware and software, server, storage and network resources, applications, security devices, workstations, desktops and laptops, drives (hard drives, network drives, external drives), and wireless handheld devices. This policy applies to all activities using IT Resources in any way, including the use of personal accounts, chat rooms, instant messaging, blogging and other Internet activity accessed through IT Resources. 4.2 LIMITED USE All IT Resources are the property of EMC and are provided to assist EMC users with conducting EMC business. Users may not perform any personal or non-emc work on IT Resources, except for incidental personal activities that are kept to a minimum and comply with all EMC policies. The Company may, at its sole discretion, limit or restrict any EMC user s usage of or access to IT Resources. EMC also reserves the right to remove non-authorized content without advance notice. To help assess the appropriateness of your use of IT Resources, consider whether EMC management would share your judgment that your use is related to EMC business. Employees authorization to access the IT Resources ends with last day of active employment or termination of employment, whichever occurs sooner. 4.3 EMC RIGHT TO AUDIT You should have no expectation of personal privacy in connection with your access or use of any IT Resources. EMC management has the right to access, monitor, review, copy, delete, and disclose EMC Confidential -1- EMC Corporate Policy

4 any employee messages or other content accessed, composed, sent, viewed, visited, downloaded, archived, received or stored using IT Resources, with or without prior notice, to the extent permitted by law. The personal privacy of any material you access, compose, send, view, visit, download, archive, receive or store using IT Resources should not be assumed. 4.4 CONFIDENTIALITY Files, messages, documents or electronic content of any sort that are company confidential should not be transmitted to others (whether internal or external to EMC) unless the recipient(s) of the message or material has a need to know from a related EMC business perspective, and the recipient(s) is what EMC would characterize as authorized persons. The release or dissemination of any confidential or restricted materials to unauthorized persons is strictly prohibited. The Office of Information Security and Risk Management (OISRM) within EMC s Information Technology organization maintains licenses for approved encryption utilities and lists of acceptable encryption processes that should be used when transmitting confidential EMC data to or from outside EMC s firewalls and/or over any non-emc owned or controlled communication networks. EMC users are not permitted to employ encryption, digital signatures, or digital certificates to any EMC business activity or business information without the written authorization of the OISRM. 4.5 ADDITIONAL RESPONSIBILITIES OF USERS EMC users are responsible for any use of IT Resources conducted under their user IDs, and EMC users are expected to take all precautions to prevent use of these resources by unauthorized persons, including password security and file protection measures. No EMC user may use another s IT Resources without that user s express permission. For example, no EMC user may send on behalf of another EMC user without that user s express permission. Note that any EMC user using IT Resources on behalf of another user, even with express permission, is subject to all the provisions of this policy document Connections into EMC s network may only be arranged for and administered by EMC s Information Technology organization at EMC. This includes individual remote access by phone or cable, as well as connections by external third parties, for purposes such as exchanging Internet content, electronic commerce or other system access The network resources that are employed to provide access out to the Internet are limited and should be used conservatively and wisely. In order to preserve bandwidth of the network facilities within EMC and access to the Internet, such activities as the downloading of large files, or reception of broadcast content, should be done judiciously and only in furtherance of EMC s business needs Remember that when using IT Resources externally, such as for access to Internet sites, you can be associated with EMC, and you should therefore conduct yourself in a professional manner and follow well-established protocols Users must be very careful when sending to distribution lists. In advance, you must make sure you intend to send a particular to everyone on the list you are using. If you are the recipient of an that was sent to a distribution list (or other group of people), and you believe you should not have received it or did not want to receive it, do not Reply to All. Instead, delete the and contact the IT Help Desk if you deem it appropriate. EMC Confidential -2- EMC Corporate Policy

5 4.6 UNAUTHORIZED USE You must not access, compose, send, view, visit, download, archive, receive or store, in any IT Resource, material that would reasonably be considered offensive. This includes messages or other material that can be disparaging of, or offensive to, others based on their gender, race, religion, sexual orientation, age, disability, national origin, or other protected classification. Accessing or downloading pornographic or other inappropriate content is strictly prohibited. (See EMC s Anti-Harassment Policy.) EMC users should not use IT Resources for unlawful purposes including, for example, the installation or transmission of fraudulently or illegally obtained copyrighted material. EMC users are not permitted to download and install unauthorized software on IT Resources. This includes software from the Internet or from media that they own. All software requests must follow the standard request and approval process to ensure that the software has a valid business use, that all copyright restrictions are adhered to, and that the software will not negatively affect the network (See Corporate Network Resource Usage Policy and Software Compliance Policy) Other prohibitions include malicious access to Internet sites (e.g., cracking, hacking),creating or forwarding junk mail such as cartoons and chain letters, soliciting outside business ventures and advertising for personal enterprises. 5. POLICY VIOLATION Violation of this policy by any EMC user may result in disciplinary action up to and including termination of employment, service contract or project assignment. Violation of this policy may also constitute unlawful behavior and subject you to civil and/or criminal liability. 6. RESPONSIBILITIES The Chief Information Officer is responsible for the issuance and maintenance of this policy. All EMC users are responsible for adhering to the policy. 7. RELATED POLICIES All EMC users must comply with this policy in conjunction with all other applicable EMC Policies, including, but not limited to the following: IT Security Policy Retention Policy Designating Confidential Information Policy Business Conduct Guidelines Network Resource Usage Policy Anti-Harassment Policy Software Compliance Policy EMC Confidential -3- EMC Corporate Policy