An acceptable use policy, also known as an access policy, is a set of guidelines that the owner, management, or user of a computer system applies and which limits the ways in which the system or network site may be used.
It is customary to require new employees to sign an Non Disclosure Agreement (NDA) before granting them access to an organization’s information systems. Acceptable Use regulations are a fundamental component of the framework of information security regulations. Because of this, an organization’s Acceptable Use Policy (AUP) needs to be brief, easy to understand, and include the essential details of what users can and cannot do when using its IT systems. When appropriate, it should direct consumers to the longer security policy. Notably, it should specify the penalties that will be imposed in the event that a user violates the AUP. As always, routine audits should be used to gauge compliance with this policy.
All T3 Softwares Users of IT Systems and Infrastructure (Computers, Network, and IT Devices).
The organization’s acceptable and appropriate usage of its information technology infrastructure is outlined in this policy. These guidelines are in place to safeguard both the company and the employee. When something is used inappropriately, it puts the company at risk for things like virus attacks, network system and service compromise, and legal problems.
It is mandatory for all users of the organization to follow the Acceptable Use Policy.
4.1 General Use and Ownership
- Our confidential data, whether it is on equipment we own or rent, is owned by Us, an employee, or a third party, is and will always be the exclusive property of the company.
- He or she is responsible for making sure that proprietary information is safeguarded in compliance with the Data Protection Standard, whether by technological or legal means.
- It is the duty of the employee or user to notify any loss, theft, or unauthorized disclosure of Our proprietary information as soon as it occurs.
- Employee may only access, utilize, or disclose Our proprietary information as needed to carry out their designated work activities and only to the degree permitted by law.
- To verify adherence to this policy, we maintain the right to periodically examine systems and networks.
- Users are in charge of how they utilize their networks and systems at all times.
If the person uses a laptop to access Our network, they are accountable for the content on it, particularly if they make it visible to other users. (This clause also applies to any shared device or computer that he or she is in charge of; these are all included in the definition of “my device”). If the individual does not possess a laptop but is given a workstation or other IT resource, they will be accountable for the files kept in the assigned workspace (examples: file storage area, web pages, stored/
archived emails, on Computer Centre or Department machines).
4.2 Security and Proprietary Information
Archived emails, on Computer Centre or Department machines).
The Minimum Access Policy applies to all computing and mobile devices connected to the internal network.Passwords at the system and user levels need to adhere to the password policy. Giving access to someone else is forbidden, whether done knowingly or by neglecting to secure the access.
Every computer device needs to have a password-protected screensaver with automatic feature activation enabled. If the employee leaves the device unattended, they must lock the screen or log off.
- Employee/user will be held responsible for all the network traffic
generated by “his/her device” dedicated or shared. He/she understand
that network capacity is a limited and shared resource. He/she agree
that physically tampering with network connections/equipment,
sending disruptive signals, or making EXCESSIVE USE of network
6 ACCEPTABLE USE POLICY
resources is strictly prohibited. Repeated offenses of this type could
result in permanent disconnection of network services. He/she shall not
share the network connection beyond his/her own use and will not act
as a forwarder/ masquerader for anyone else. - Employees/Users must use our IT infrastructure solely for official purposes. They are prohibited from using it for personal activities, hosting services for others, or sharing harmful or objectionable content. Deceptive identity use, threats, intimidation, or harassment are strictly forbidden. Privacy invasion, including collecting or publishing personal information without consent, is not allowed. Unauthorized access to computers, accounts, or information is prohibited without explicit owner consent.
- Employees/Users acknowledge that IT resources may be monitored for cause, including aggregate bandwidth usage and content monitoring in response to legal requests. They authorize network vulnerability and port scans for overall network integrity. Employees/Users must keep their computers updated with the latest system updates, virus detection software, and operating system updates to prevent viruses and similar programs. Use of IT infrastructure for illegal file sharing, such as copyrighted or obscene material, is strictly prohibited.
4.3 Unacceptable Use
Employees/Users are generally prohibited from engaging in certain activities. Exceptions may apply for legitimate job responsibilities (e.g., systems administration staff may disable network access to address disruptions). Under no circumstances are employees/users authorized to engage in illegal activities while using company resources. The lists provided are not exhaustive but serve as a framework for unacceptable use.
- Unauthorized use of copyrighted, patented, or trade-secret-protected materials, including installing unauthorized software or distributing unlicensed software, is strictly prohibited.
- Downloading or printing confidential or restricted data, or systematically downloading multiple documents, is not allowed.
- Use of games, spiders, or intelligent agents to access, search, or systematically download from e-resources is prohibited.
- Exporting software or technical information in violation of international or regional export control laws is illegal. Consult management before exporting questionable materials.
-
Unauthorized copying of copyrighted material, such as photos, music, or software without a valid license, is strictly prohibited.
-
Accessing data, servers, or accounts for purposes other than conducting company business, even with authorized access, is prohibited.
- Prohibited: Introducing malicious programs (e.g., viruses, worms) into the network or server.
- Prohibited: Sharing account passwords or allowing others, including family members, to use the account.
- Prohibited: Using company assets for procuring or transmitting material violating sexual harassment laws.
- Prohibited: Making fraudulent offers or statements about products/services from company accounts.
- Restricted: Electronic resources from the office library are for official use only.
- Prohibited: Making warranty statements unless part of normal job duties.
- Prohibited: Security breaches, disruptions, or unauthorized access to data or servers.
- Prohibited: Port or security scanning without prior notification to the IT department.
- Prohibited: Intercepting data not intended for the employee’s host unless part of their normal duties.
- Prohibited: Circumventing user authentication or security measures.
- Prohibited: Introducing honeypots or similar technology on the company network.
- Prohibited: Interfering with or denying service to users other than the employee’s host.
- Prohibited: Sending messages with intent to interfere with or disable a user’s terminal session.
- Prohibited: Engaging in illegal activities such as threatening, gambling, stalking, or defaming.
- Prohibited: Providing information about or lists of employees to external parties.
- Consequence: Any violation will result in appropriate penal action according to organizational rules.
- Prohibited: Attempting to bypass firewalls or access rules, including setting up visible servers (web, mail, proxy) outside the organization.
- Authority: In critical situations, authorities may disconnect devices or disable accounts involved in compromising information security.
- Consequence: Violation of IT infrastructure use may lead to administrative or disciplinary procedures.
- Right: The organization reserves the right to audit networks and systems periodically to ensure policy compliance.
4.4 Email and Communication Activities
Caution: Employees should be cautious when opening email attachments from unknown senders to avoid potential malware.
Prohibited: Sending unsolicited emails or “junk mail” is not allowed.
Prohibited: Harassment via email, telephone, or paging, including language, frequency, or message size, is not permitted.
Prohibited: Unauthorized use or forging of email header information is not allowed.
Prohibited: Soliciting email replies for addresses other than the poster’s account, with the intent to harass, is not permitted.
Prohibited: Creating or forwarding chain letters, Ponzi, or pyramid schemes is not allowed.
Prohibited: Using unsolicited email from within the network to advertise services hosted by the organization is not allowed.
5.1 Compliance Measurement
Our IT team will ensure compliance with this policy using various methods, including business tool reports, internal and external audits, and providing feedback to the policy owner.
5.2 Exceptions
All exceptions to the policy must receive advance approval from management.
5.3 Non-Compliance
All exceptions to the policy must receive advance approval from management.
- An employee/user found to have violated this policy may be subject to
disciplinary action, up to and including termination of employment.