About this Document
The purpose of this document is to ensure appropriate protection of Liaison’s networks, computers, servers, and the information transmitted over both local and external networks by providing rules and instructions set forth in policies, standards, guidelines, and procedures. Liaison’s Ethics and Acceptable Use policy outlines the appropriate use of information systems at Liaison. These systems provide users with access to information system resources and communications networks, all within an environment of openness, trust, and integrity. Liaison is committed to protecting itself and its staff from unethical, illegal, or damaging actions performed by individuals using these systems.
This document and all supporting documents apply to all Liaison network users, including but not limited to: full-time employees, part-time employees, temporary employees, visitors, contractors, and consultants. This includes individuals affiliated with third parties who access Liaison’s computer networks. Any use of Liaison’s computer network resources is governed by this policy.
This policy is reviewed annually. It was created on January 28, 2016, by Belkacem Abdessemed, IT Director, and was last updated on November 16, 2017. For more information, contact the Information Security Team at firstname.lastname@example.org.
Ethics and Acceptable Use
To avoid unauthorized or malicious use which could otherwise expose users to risks including virus attacks, network systems, service failures, and loss of critical data, users are prohibited from the following:
- Using information system resources for which he or she does not have authorization.
- Using any information technology resource to engage in conduct that is inconsistent with the stated goals and mission of Liaison.
- Using any information technology resource while engaging in any activity determined to be illegal under local, state, or federal law, or in violation of a Liaison policy.
- Effecting security breaches or engaging in malicious use of network communication. This includes impeding or interfering with other user’s legitimate use of information technology systems.
- Using Liaison facilities or networks to violate the ethical and legal rights of any person or company protected by copyright, trade secret, patent, or other intellectual property, or similar laws or regulations.
- Using any information technology resource to actively engage in creating, accessing, displaying, procuring, or transmitting material that is determined to be illegal.
- Using any information technology resource to actively engage in creating, accessing, displaying, procuring, or transmitting material that is determined to be pornographic, obscene, discriminatory, threatening, harassing, or intimidating.
- Using any information technology resource to actively masquerade as someone else by using their email, internet address, or electronic signature.
- Using any information technology resource for non-Liaison related business purposes or for personal gain.
- Sharing logon IDs and passwords with others, or using someone else’s logon ID and password to gain access to any information technology resource.
- Engaging in any activity intended to circumvent or compromise any device, system, or other form of information technology security.
- Copying, installing, or using unauthorized software or data files, including but not limited to downloading and/or distribution of music, movies, or any other electronic media.
- Streaming video or movies using Liaison network resources during Liaison’s standard business hours.
All users are personally responsible for the security, safety, and care of their assigned laptop and/or any other assigned company equipment, regardless of whether if it is used in the office, at one’s place of residence, or at any other location such as a hotel, conference room, car, or airport. Users connecting to Liaison systems outside of the Liaison internal network must use VPN or other such technology provided and configured by the IT Department to verify user identity and provide a secure communication channel.
Liaison seeks to preserve individual privacy. However, any and all data that is created and/or stored using Liaison’s equipment and/or networks and any data that traverses Liaison’s equipment and/or networks is the property of Liaison. In certain circumstances, Liaison reserves the right to routinely monitor any and all components that constitute information technology resources.
Users are expected to access Liaison information only to conduct Liaison business. Violation of this policy or misuse or destruction of information technology resources can vary in severity; appropriate disciplinary actions will be taken, up to and including termination of employment.
Electronic Mail (email)
Email is an essential and valuable tool provided to enhance Liaison’s core functions. Email should only be used in the manner and to the extent authorized. When Emailing information deemed sensitive, data encryption must be applied.
- Any email that is created and/or stored using Liaison’s equipment and/or networks and any email that traverses Liaison’s equipment and/or networks is the property of Liaison There shall be no expectation of privacy regarding email usage.
- Mass emailing (i.e., broadcast emailing) to the entire Liaison staff must be business-related and approved in advance by an employee’s manager.
Computer viruses are software programs that are deliberately designed to interfere with computer operations by recording, corrupting, deleting data, and/or spreading themselves to other computers and throughout a network. Antivirus software is a computer program that detects, prevents, and takes action to disarm or remove malicious software programs such as viruses and worms.
- ·All Liaison owned computers must have Liaison-approved antivirus screening software installed, enabled, and updated with current virus pattern recognition files.
- Users who suspect their computer system has been infected with a computer virus, malware, adware, phishing attempt, etc. are responsible for immediately notifying the Information Technology Services helpdesk. The helpdesk personnel will work to eradicate the virus and ensure up-to-date virus protection software is properly installed and working.
- If a machine is determined to be vulnerable to an attack, the machine administrator shall reserve the right to remove the machine from the network until the problem is corrected.
Data Stewardship and Sensitive Information
Liaison processes and manages sensitive data, and all systems and personnel must comply with regulations and PCI security standards. Sensitive Information includes, but is not limited to:
- Social Security number
- Personal identification number
- Credit card number
- Bank account numbers
All users are responsible for data stewardship.