ACCEPTABLE IT AND COMPUTER USE POLICY GUIDE FOR STAFF



Similar documents
How To Protect Decd Information From Harm

Students are expected to have regard to this policy at all times to protect the ipads from unauthorised access and damage.

Acceptable Use of ICT Policy. Staff Policy

Information Security

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

Internet Use Policy and Code of Conduct

ACCEPTABLE USE POLICY

ICT Student Usage Policy

Information Security and Electronic Communications Acceptable Use Policy (AUP)

ELECTRONIC COMMUNICATIONS: / INTERNET POLICY

Acceptable Use Policy

INTERNET, AND COMPUTER USE POLICY.

Acceptable Use of Information Technology Policy

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

ICT POLICY AND PROCEDURE

Angard Acceptable Use Policy

Dene Community School of Technology Staff Acceptable Use Policy

WORTHING COLLEGE STUDENT IT SECURITY POLICY. October 2014

LINCOLN UNIVERSITY. Approved by President and Active. 1. Purpose of Policy

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent

Acceptable use policy

Information Technology and Communications Policy

Scottish Rowing Data Protection Policy

UTC Cambridge ICT Policy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

Online Communication Services - TAFE NSW Code of Expected User Behaviour

Computer Network & Internet Acceptable Usage Policy. Version 2.0

The Bishop s Stortford High School Internet Use and Data Security Policy

EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

Acceptable Use of ICT Policy For Staff

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

Network and Workstation Acceptable Use Policy

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1

Acceptable Use Policy

Information & Communications Technology Usage Policy Olive AP Academy - Thurrock

Human Resources Policy documents. Data Protection Policy

Service Schedule for Business Lite powered by Microsoft Office 365

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

City of Venice Information Technology Usage Policy

, Internet & Telephone. Policy and Procedure

Conditions of Use. Communications and IT Facilities

INTERNET, USE AND

Information Security Code of Conduct

13. Acceptable Use Policy

ITU Computer Network, Internet Access & policy ( Network Access Policy )

Terms and conditions of use

GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES

How To Monitor The Internet In Idaho

Forrestville Valley School District #221

Acceptable Use Policy - NBN Services

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

University of Liverpool

1. Computer and Technology Use, Cell Phones Information Technology Policy

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

POLICY ON USE OF INTERNET AND

Acceptable Use Policy

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

Access Control Policy

General Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information

UNIVERSITY OF ST ANDREWS. POLICY November 2005

B. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.

ABERDARE COMMUNITY SCHOOL

Responsible Access and Use of Information Technology Resources and Services Policy

How To Use The Blog Safely And Responsibly

E-Safety and Computer Security Rules

Information Technology Policy and Procedures

Assistant Director of Facilities

Acceptable Use of Information Systems Standard. Guidance for all staff

Delaware State University Policy

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

Service Schedule for BT Business Lite Web Hosting and Business Lite powered by Microsoft Office 365

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

Transcription:

ACCEPTABLE IT AND COMPUTER USE POLICY GUIDE FOR STAFF The African Academy of Sciences (AAS) Postal Address: P.O. Box 24916 00502, Nairobi, KENYA Physical Address: 8 Miotoni Lane, Karen, Nairobi Tel: + 254 (20) 806 0674 Fax: +254 (20) 806 0675 Website: www.aasciences.org

Acceptable IT and Computer Use Policy Guide for Staff i

Table of Contents Contents Page ii 1. Purpose of the Policy Guide 1 2. Asset and Data Security 1 3. Software 2 4. Acceptable Email and Internet Usage 3 5. Confidentiality and Intellectual Property 4 6. Data Protection 5 7. Disciplinary Procedures 6 References 6 ii

1. Purpose of the Policy Guide As an employee of AAS, you are required to comply with AAS Data Protection Policy and IT Security Policy. These policies ensure best-practice in the management, storage and use of company IT systems, assets and electronic data. The Acceptable IT and Computer Use Policy Guide provides employees with strict instruction on the use of various IT services to ensure their employer AAS can continue to adhere to these policies. All employees and workers with AAS must agree to abide by the rules and procedures outlined in this document before they will be allowed access to AAS IT systems, databases, or issued an institutional email address. Compliance with its principles is also mandatory for any authorised third-party users accessing any computer system owned or operated by the company. Any actual or suspected breaches of the rules and procedures contained in this document within, or affecting, the company's systems will be thoroughly investigated in accordance with AAS disciplinary procedures, and may lead to disciplinary action being taken. Serious breaches may amount to gross misconduct resulting in summary dismissal. Any action taken internally does not preclude prosecution through a court of law. We reserve the right to amend this Policy Guide when deemed appropriate by the organisation 2. Asset and Data Security The rules and guidelines described here apply to all computer users accessing/operating any IT services owned and/or operated by AAS. Their application extends to the use of all such equipment, or access to any AAS database/it system in the secretariat, at home and/or overseas. These guidelines have been written to help employees guard against the risk of theft of hardware and software, the unauthorised access of data, the maintenance of system security and protection of the academy s Intellectual Property. Asset Security Employees should not disclose information relating to the company's IT facilities to anyone outside the company, without the company's express permission. Any telephone or email approaches canvassing for information should be passed directly to the IT officer of AAS under AAS IT Security Policy. Laptops computers or other portable data-storage devices should not be left unattended in any location, and never left in plain sight in cars, public transport or hotels. Laptops should 1

not be kept on desks overnight, and must be stored in locked cupboards, drawers or taken home. If left unattended in a car, these must be locked in the boot or glove compartment at all times. Only nominated IT personnel or contracted third-party personnel, at the direction of the Executive Director, are permitted to move any IT equipment; with the exception of portable equipment such as laptop computers. It is prohibited to deliberately attempt to access a system to which you have no authority. AAS regularly monitors all systems through its third party contractors, and all unauthorised attempts to access systems are investigated. Data Security All computer and IT system users are given a Username and Password; these are unique and must not be shared with any other employee. No user is permitted to log onto any other users account without good cause. Failure to comply with this will lead to disciplinary action being taken. Passwords to AAS IT systems or email accounts should not be written down, or kept where others might find them. All passwords should be hard to guess and it is recommended they contain at least eight characters, including upper and lower case letters, numbers and special characters such as! # $ ( ) ^. Passwords should also ideally be changed at regular intervals. Computers logged onto AAS internal network or an AAS email account, should never be left unattended and unlocked, especially when in-use outside the office. The user logged in at a computer will be considered to be the legal author and progenitor of any messages sent from that computer, and will be liable for any network activity logged through their user account. Data should always be saved on a shared network drive managed by AAS. The copying of AAS data on to personal computers, external hard drives or any other portable device is strictly prohibited. Any and all data held on AAS computers and servers is the property of the AAS and its clients, and must be returned or deleted on request. 3. Software Installation or copying of any software onto AAS computers is strictly prohibited without prior consent of the AAS IT officer as this may: (a) cause unforeseen software conflicts leading to data and/or system integrity loss; (b) reduce the efficiency, or otherwise compromise the operation of AAS IT systems/computers; or (c) unknowingly constitute a breach of copyright law. 2

Legitimate copies of software will be purchased and provided, if and when required. The following additional guidelines are designed to protect AAS and its employees from a reduction in, or critical loss of IT system services. At all times, employees:- must protect their computer against the threat of invasive viruses and other malicious intrusions by ensuring their anti-virus protection software is active and upto-date, and that all email content controls are active and not purposefully circumvented; must not, under any circumstances, download software from the Internet other than with the express permission and guidance of AAS IT officer. This also applies to the downloading of copyrighted music files and non-work related video footage, thirdparty applications, games and screen-savers; and must not bring software from home and load it on to any AAS computer, or copy any AAS licenced software and load it onto home computers or any other personal device. All software, information and programmes developed for and/or on behalf of the AAS by employees or contracted third-parties during the course of their employment remain the property of AAS. Duplication, use or sale of such software without the prior consent of AAS will be an infringement of the organisation s copyright and will be dealt with as a disciplinary matter. This may become a prosecution under law if employment has already terminated when the copyright is infringed upon. 4. Acceptable Email and Internet Usage AAS provides its employees with access to the internet and its email system to assist them in the performance of their duties. Their use should primarily be for official company business; however, minimal personal use of the internet and company email is permitted, provided the user complies with the provisions contained in this Policy, as follows:- Personal use of the email system or surfing of the internet should never impact the normal flow of business related email and network traffic. AAS reserves the right to ask its mailbox hosts to purge identifiable personal email to preserve the integrity of the email systems, and to restrict the access of specific individuals to the internet should their use be judged excessive. The viewing, creation or transmission by any employee, consultant or contractor of any offensive, obscene or indecent images, data or other restricted material by email or on the internet is prohibited. Examples of prohibited material include, but are not limited to: o Sexually explicit messages, images, cartoons, or jokes; o Unwelcome propositions, requests for dates, or love letters; 3

o Profanity, obscenity, slander, or libel; o Ethnic, religious, or racial slurs; o Political beliefs or commentary; o Terrorism, terrorist activities, inciting or condoning violence or vandalism; o Any other activity considered illegal in the country of origin/receipt. It is recognised that websites which display material of a pornographic or offensive nature, or which contain malware designed to infect and harm your computer, may be accidentally accessed from time to time. Should this happen and you become concerned for the integrity of your computer and/or network access, inform the IT officer immediately and discontinue use of your system, closing down all shared drives. Remedial action will be taken as necessary to protect your computer and AAS IT systems from further infection. The forwarding of chain-letters is strictly forbidden this includes those purporting to be for Charity or other good causes as well as those promising wealth or other personal gain. Likewise, no non-business related messages of any kind should be sent to multiple external destinations as this is considered spamming, an illegal activity in many countries. Email should not be used to send large attached files, and a strict limit of 25Mb has been applied by the mailbox host. In addition, many email systems will not accept large files which may be returned and result in the overloading of the AAS email system. The Academy has active email security protocols to screen for malicious content; even so, employees are recommended to exercise caution when opening all attachments, particularly if the file extension is not recognised. The African Academy of Sciences reserves the right to monitor employees email and internet usage, including intercepting emails before they are read, and accessing personal internet browser history for the purpose of investigating unauthorised use of the AAS telecommunication system, preventing or detecting crime, or ascertaining compliance with this Policy. This will include personal emails where appropriate. All monitoring will be authorised by the Executive Director of AAS. Any information obtained during the course of monitoring will be kept strictly confidential and will be used only for the purpose for which the monitoring has taken place. 5. Confidentiality and Intellectual Property AAS employees are strictly forbidden to make any copy, abstract, summary or précis of the whole or part of any document constituting the intellectual property of the company, subcontractor, partners, or its clients except where expressly authorised so to do or in the proper performance of their duties. 4

Employees are required to promptly disclose to the company, and keep confidential, all inventions, copyright work, designs or technical know-how conceived or made by them alone or with others in the course of their employment. They must hold all such intellectual property in trust for the Academy, sub-contractor, partners and clients as necessary, and will vest intellectual property fully in AAS and/or secure patent or other appropriate forms of protection of the same. Employees at all times both during their employment with AAS and after its termination must keep confidential, and shall not at any time turn to their own account, make personal use of, divulge, make known to anyone or enable anyone to become aware of (other than those who are employed by AAS and authorised to receive the same) any information relating in any way to:- suppliers, potential suppliers, customers and potential customers; techniques, engineering and procedural documentation of the company; the details of any business, financial or other arrangements transacted with persons, firms or statutory bodies by AAS on behalf of itself or any of its clients; policy documents or any other internal restricted document, including personal information relating to AAS employees or its partner/clients. 6. Data Protection AAS will protect all data in its care and can only do this with the assistance of staff and partners. All staff and partners are required to keep AAS informed of all material changes in your circumstances. This policy makes available to you full details of your entitlements and responsibilities to make this happen. As an employee you must acknowledge and consent to the following: That AAS maintain and hold electronic records relating to you and all our employees principally to enable us to effectively record and administer our HR function and processes such as pay and benefits; That it may be necessary from time to time, to pass personal data to other organisations, partners and clients for the following purposes: o Sharing knowledge, information, products and ideas; o Marketing initiatives and Business Development activities; o Administrative purposes; and o If required to do so, by a government body You may make a written request to the Executive Director if you wish to see records held by AAS about you. Where we are able to provide such details to you, it will be given. 5

7. Disciplinary Procedures Failure to comply with the provisions outlined in the above sections will lead to appropriate reprimand. Any action judged to constitute gross misconduct may lead to summary dismissal at the discretion of the Executive Director. References: 1. IMC Worldwide, 2012. Acceptable IT and Computer Use P0licy Guide. http://www.imcworldwide.com 2. SANS InfoSec Acceptable Use Policy. SANS Institute. http://www.sans.org/securityresources/policies/acceptable_use_policy.pdf 3. ICT Privacy and Acceptable Use policy. World Agroforestry Centre Policy Series MG/C/4/2009. ILRI Policy Series. http://ict.worldagroforestryilri.org/ict_privacy_and_acceptable_use_policy 4. University of Southampton ICT Acceptable Use Policy. http://www.southampton.ac.uk/inf/acceptable_use_policy.html 5. DFID IT Strategy 2011-2015 (2012 Revision). Version: 2.0 (Revised November 2012). https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/67471 /dfid-it-strategy.pdf 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information