Acceptable Use of Information Systems Standard. Guidance for all staff

Similar documents
Students are expected to have regard to this policy at all times to protect the ipads from unauthorised access and damage.

INTERNET, AND COMPUTER USE POLICY.

Acceptable Use of ICT Policy For Staff

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1

Social Media Policy. Policies and Procedures. Social Media Policy

Acceptable Use of ICT Policy. Staff Policy

HUMAN RESOURCES POLICIES & PROCEDURES

Information Security

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

Services Policy

SOCIAL MEDIA POLICY. Introduction

REVIEWED BY Q&S COMMITTEE ON THE 4 TH JUNE Social Media Policy

With the increasing popularity of social media you need a Social Media Policy to protect your company.

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

1. Computer and Technology Use, Cell Phones Information Technology Policy

SOCIAL MEDIA POLICY FOR VOLUNTEERS TEMPLATE

Internet Use Policy and Code of Conduct

The Internet and 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

Human Resources Policy and Procedure Manual

ICT POLICY AND PROCEDURE

SECURITY ORGANISATION Security Awareness and the Five Aspects of Security

Internet, Social Media and Policy

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT.

ICT Student Usage Policy

Angard Acceptable Use Policy

Network and Workstation Acceptable Use Policy

Internet, Social Networking and Telephone Policy

ENISA s ten security awareness good practices July 09

PHI- Protected Health Information

How To Behave At A School

Online Communication Services - TAFE NSW Code of Expected User Behaviour

Social Media. Scope. Computer Use Employee Code of Conduct Privacy Emergency Management Plan Communications Strategy Community Engagement Strategy

Conditions of Use. Communications and IT Facilities

UNIVERSITY OF ST ANDREWS. POLICY November 2005

Version: 2.0. Effective From: 28/11/2014

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

E Safety Policy. 6 th March Annually. 26 th February 2014

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

TECHNOLOGY RESPONSIBLE USE Policy Code: 3225/4312/7320

The Bishop s Stortford High School Internet Use and Data Security Policy

Sibford School Student Computer Acceptable Use Policy

COMPUTER USE POLICY. 1.0 Purpose and Summary

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY

WORTHING COLLEGE STUDENT IT SECURITY POLICY. October 2014

INTERNET AND POLICY

Social Media Guidance for Staff

POLICY NO September 8, 2015 TITLE: INTERNET AND USE POLICY

TAUNTON PUBLIC SCHOOLS Internet Acceptable Use and Social Networking Policies and Administrative Procedures

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

RESPONSIBLE USE OF TECHNOLOGY AND THE INTERNET

Responsible Computer Use Policy for Students

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users

Terms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer

13. Acceptable Use Policy

ICT Acceptable Use Policy. August 2015

Box Hill Senior Secondary College/MYSC

Use of IT, Communications, Internet & Social Media Policy

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

ABERDARE COMMUNITY SCHOOL

Information & Communications Technology Usage Policy Olive AP Academy - Thurrock

Rules of the Road for Users of Smithsonian Computers and Networks

Sample Policies for Internet Use, and Computer Screensavers

USE OF INFORMATION TECHNOLOGY FACILITIES

2.2 Access to ICT resources at the Belfast Metropolitan College is a privilege, not a right, and all users must act honestly and responsibly.

OFFICE OF THE POLICE & CRIME COMMISSIONER IT, Communications, Internet and Social Media Policy

Dulwich College ICT Acceptable Use Policy

A Guide to Information Technology Security in Trinity College Dublin

Human Resources Policies and Procedures

ELECTRONIC COMMUNICATIONS: / INTERNET POLICY

ACCEPTABLE USE POLICY

section 15 Computers, , Internet, and Communications

INFORMATION SERVICES SOCIAL MEDIA GUIDE FOR STAFF

ICT Safe and Acceptable Use Policy for Students

Summary Electronic Information Security Policy

Burton Hospitals NHS Foundation Trust. On: 16 January Review Date: December Corporate / Directorate. Department Responsible for Review:

School Information Security Policy

BLACKPOOL COUNCIL Topic Social Media Policy

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Acceptable Use of Information. and Communication Systems Policy

[Example] Social Media Acceptable Use Policy

BRIGHAM AND WOMEN S HOSPITAL

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

How To Deal With Social Media At Larks Hill J & I School

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

INFORMATION SYSTEM GENERAL USAGE POLICY

a) Access any information composed, created, received, downloaded, retrieved, stored, or sent using department computers.

Guidance on the Use of Social Networking

STAFF & GOVERNOR USE OF SOCIAL MEDIA AND INTERNET SITES POLICY

FRESNO COUNTY EMPLOYEES' RETIREMENT ASSOCIATION INTERNET AND USAGE POLICY

University of Maryland Baltimore Information Technology Acceptable Use Policy

Rules for the use of the IT facilities. Effective August 2015 Present

Authorised Acceptable Use Policy Groby Community College Achieving Excellence Together

Policy. Social Media Acceptable Use Policy. Executive Lead. Review Date. Low

YU General Guidelines for Use of Social Media

Acceptable Use of Information and Communication Systems Policy

Communications 01: Social Media

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

Acceptable Use of Information Systems Policy

INTERNET, AND PHONE SYSTEMS

I N F O R M A T I O N C O M M U N I C A T I O N A N D T E C H N O L O G Y P O L I C Y

Transcription:

Acceptable Use of Information Systems Standard Guidance for all staff

2

Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not allow it to be used by anyone, other than in accordance with the guidance provided in this booklet. Passwords must be kept confidential and must not be made available to anyone else unless authorised by your local IT contact or your line manager. Passwords should be changed regularly. If you need to gain access to a colleague s mailbox or documents for a legitimate business reason, please contact your local IT contact, who will then follow the required approvals routine. Normally permission from the owner of the mailbox or document will be required in order for access to be granted. If you have been issued with a laptop, PDA (personal digital assistant) or any other mobile computing device, you must ensure that it is kept secure at all times by use of a password, especially when travelling. Loss of these devices should be reported to the relevant local law enforcement authority and to your local IT contact to allow appropriate security measures to be taken against potential misuse. Your computer terminal or workstation will automatically lock if it has remained inactive for 15 minutes or more and it is good practice to lock it manually by holding down the Ctrl, Alt and Delete keys when you leave it unattended for any reason. You should shut down your personal workstations when you leave the office each day. If your employment is terminated, you must provide details of your passwords to your local IT contact and return any equipment, key fobs or cards. Please also refer to the section Leaving Petrofac on page 14. 3

Removable storage devices If you need to store/read business related information on/from a removable storage device, such as a USB (universal serial bus) stick, SD (secure digital) card, CD (compact disc) or DVD (digital versatile disc), you must take care to ensure that the media is kept secure and files picked up outside of Petrofac systems are cleaned of viruses. To safeguard Petrofac systems and maintain confidentiality of data, Petrofac has implemented data leak prevention solutions, controlling and monitoring access to USB ports. 4

Systems and data security You should not alter the state of the computing systems by adding or removing programmes or hardware. All requests relating to such changes should be forwarded to your local IT contact or service desk. You should not download or install software from external sources without authorisation from the relevant IT department. No device or equipment should be attached to Petrofac s systems without the prior approval of the IT department. All emails which pass through Petrofac systems are scanned for viruses. Your IT department should be informed immediately if a suspected virus is received, and in such circumstances, you should not open the email unless requested to do so by a member of the IT department. Petrofac reserve the right to block access to email attachments and block the transmission of any email messages, in order to maintain the effectiveness of systems, in accordance with the guidance provided in this booklet. You should not attempt to gain access to restricted areas of the network, access information which is not addressed to, or intended for you, or to attempt to gain access to passwords, unless specifically authorised. 5

Email etiquette All business related emails should be sent using the Petrofac network to ensure a complete record is retained and that the appropriate disclaimer is included. You should not use personal email accounts for business, unless unavoidable (for example network failure). In such circumstance, a copy of any emails sent or received in relation to Petrofac business should be forwarded to your Petrofac email account. You should not send abusive, obscene, discriminatory, racist, harassing, derogatory or defamatory emails. Anyone who feels that they have been harassed or bullied, or is offended by material received from a colleague via email should inform their line manager. You should assume that email messages may be read by individuals other than the intended recipient and therefore should not include anything which would offend or embarrass any reader, our organisation or themselves, if it found its way into the public domain. Email messages may be required to be disclosed in legal proceedings in the same way as paper documents and you should comply with any instructions or guidance issued by Group Head of Legal in relation to any pending proceedings or investigations. Deletion from an inbox or archives does not mean that an email cannot be recovered for the purposes of disclosure. All email messages should be treated as potentially retrievable, either from the main server or using specialist software. If you receive a wrongly delivered email, this should be returned or notified to the sender. Auto-forwarding of Petrofac emails to non Petrofac email accounts is prohibited. 6

Use of the internet When a website is visited, devices such as cookies, tags or web beacons may be employed to enable the site owner to identify and monitor visitors. You should not therefore access any web page or download any files (whether documents, images or other) from the internet which could, in any way, be regarded as illegal, immoral or likely to cause offence. You should not use our systems to participate on our behalf in any internet chat room, post messages on any social media portals, or set up and log text or information on a blog or wiki, unless specifically authorised. Please also refer to the section Use of social media on page 10. As a general rule, if any person (whether intended to view the page or not) might be offended by the contents of a page, or if the fact that our software has accessed the page or file might be a source of embarrassment if made public, then viewing it will be a breach of the guidance provided in this booklet. 7

Personal use of systems We permit the incidental personal use of our internet, email and telephone systems but it must be neither abused nor overused and should not: interfere with your work commitments or colleague s work commitments have any negative impact on Petrofac commit us to any marginal costs breach our policies including our Code of Conduct Petrofac reserves the right to remove any material considered to be offensive or damaging from our systems, without warning. Petrofac s local offices may have individual requirements which supplement these provisions on personal use of systems. These additional or supplementary requirements will be explained and provided by the local IT contacts where necessary. Use of these systems may be monitored and if evidence is found that policies have been breached disciplinary action may be taken. Petrofac reserves the right to restrict or prevent access to certain telephone numbers or internet sites if personal use is considered to be excessive or otherwise inappropriate. 8

Fair processing of personal information Petrofac will retain custody of your routine personal data during the course of your employment within its designated enterprise resource planning (ERP) systems. This information is used for visa processing, salary disbursement, end of service benefits etc. Your personal data will therefore cover details such as name, address, bank details, telephone number, date of birth, religious affinity and certain medical records. We are committed to ensuring that the information we collect and use is appropriate for this purpose and does not constitute an invasion of your privacy. We may pass your personal data on to our ERP systems located in Petrofac s data centre in Chennai, India. The data centre is obliged to keep all information secure and use it only to fulfil the designated purpose. We will dispose of your personal data in line with applicable legislation and Petrofac s procedures. If we pass your personal data onto a third party, we will only do so once we have obtained your consent, unless we are legally required to do so. Petrofac is not responsible for maintaining security or safety of any other information that is personal to you and which is placed on our systems by you, for example personal pictures, letters, videos. 9

Monitoring use of systems Use of social media For business reasons, and in order to carry out legal obligations in our role as an employer, use of our computer and communication systems are continuously monitored by the IT department. We may retrieve the content of messages sent or received, or check searches which have been made on the internet; to monitor whether the use of the email system or the internet is legitimate and in accordance with the guidance provided in this booklet to find lost messages or to retrieve messages lost due to computer failure to assist in the investigation of wrongful acts to comply with any legal/audit obligations Petrofac identity and social media Any social media account, blog, web page or related content with the Petrofac brand identity should only be created and updated by our Corporate Communications team. Only approved spokespeople may communicate on our behalf. Use of Petrofac s logo and/ or related intellectual property requires prior written consent from our Corporate Communications department and is not to be used on personal web pages or any type of social media sites. Unofficial pages, created without prior authorisation of the Corporate Communications team, may be shut down. If you do come across positive or negative remarks about Petrofac that you believe are important, you should refrain from responding directly and instead forward the comments to our Corporate Communications department (communications@petrofac.com). 10

Personal use of social media Petrofac encourages all employees to use social media responsibly. Social media is any tool or service that facilitates conversations over the internet, including applications such as Facebook, Twitter and other platforms such as, YouTube, Linkedin, blogs and wikis. Access to social media sites from the Group s systems is subject to local management approval. Petrofac has adopted five social media principles you should adhere to before engaging in any type of social media activity: Whilst using social media; take care when sharing personal details and avoid sharing personal information, especially about any travel plans make it clear in any social media postings that you are speaking on your own behalf (i.e. write in the first person and use personal email addresses when communicating via social media) and if you do own a personal web page or any type of social media site which in any way makes reference to your employment with us, display the following notice on that site: the views expressed on this website/blog are those of the author and do not necessarily reflect the views of their employer never reveal contact details or photographs of other employees, suppliers, or other stakeholders without their permission never report details of your work or business travel plans, discuss any details of current or past projects or performance, or speculate on future activity of Petrofac (as Petrofac is listed on the London Stock Exchange, disclosure of forward looking information is highly regulated and any disclosure of sensitive or forward looking information online will be treated extremely seriously by management) you should not do anything to jeopardise our valuable trade secrets and other confidential information and intellectual property You are personally responsible for what you communicate in social media so bear this in mind before posting content and be sure it complies with any restrictions under local state/country laws. 11

Reporting of information security weaknesses All suspected information security weaknesses, incidents or violations must be reported as quickly as possible to your local IT service desk. Security weaknesses or incidents might comprise of, but may not be limited to, unusual virus alerts, abnormal drive space changes, spam emails, official website defacement, suspected reconnaissance activities, suspected intrusions, physical security lapses, theft or loss of computing devices, lost or stolen ID cards, witnessing of illegal/inappropriate online activity by others, suspected user account break-in or credentials compromised. 12

Copyright Ownership Material obtained from third parties (including customers, law firms, information services or via the internet) is likely to be protected by copyright and unauthorised storage or reproduction is unlawful. It is our policy to comply with all applicable requirements and, where necessary, to have in place appropriate licences. All of the computer equipment used, and any documents or other information created using our computer systems, remain the property of Petrofac. This extends to any documents or email messages you may have created or communicated for personal reasons. Be aware when creating anything of a personal nature that all files and emails can be retained indefinitely. Similarly, Petrofac s own material is subject to copyright and should only be provided to third parties where there is a valid business reason. In appropriate circumstances, you may wish to place a notice Petrofac [year] on any material that is distributed to third parties to indicate this. 13

Leaving Petrofac It is the responsibility of the individual leaving to ensure that all moveable IT equipment is returned to the office or local IT contact prior to leaving employment with Petrofac and its affiliates. Such equipment includes, but is not limited to: laptop computers and any associated equipment modems/routers and any other networking equipment BlackBerry/PDA/mobile phone(s) and any associated equipment any software licensed to Petrofac all diskettes/cds/usb pens any Petrofac data/information stored on any other computer/data storage devices This includes any IT equipment provided to you for use outside the office. Desktop hardware, printers, license dongles, telephones and associated cabling should be left on your desk. If you wish to take an electronic copy of any personal emails or documents, you must first obtain the written authorisation of your supervisor/manager. Once this authorisation has been received by your local IT contact, they will provide an electronic copy. This is however dependent on the quantity of the data. Further restrictions may apply. Please provide at least one week s notice. At close of business on your final day with Petrofac your access to the systems will be disabled and calendar, contacts and emails will be archived. Documents will remain on the system and will be available according to their security settings. 14

15

If you have questions about our Acceptable Use of Information Systems Standard, email it.security@petrofac.com. 16 Published July 2013

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information