Helio Sector Acceptable Usage Policy
June 2020
This Acceptable Usage Policy covers the security and use of all (Helio Sector’s) Information Systems. It also includes the use of email, web applications, websites, internet, voice, mobile systems, and other related type systems. This policy applies to all (Helio Sector’s) employees, contractors, and agents (hereafter referred to as ‘individuals’).
This policy applies to all information, in whatever form, relating to (Helio Sector’s) business activities worldwide, and to all information handled by (Helio Sector) relating to other organizations with whom it deals. It also covers all IT and information communications facilities operated by (Helio Sector) or on its behalf.
Computer Access Control – Individual’s Responsibility
Access to the (Helio Sector) Information Systems is controlled using user IDs, passwords, and/or tokens. All User IDs and passwords are to be uniquely assigned to named individuals and consequently, individuals are accountable for all actions on the (Helio Sector’s) Information Systems.
Individuals must not:
- Allow anyone else to use their user ID/token and password on any (Helio Sector) Information System.
- Leave their user accounts logged in at an unattended and unlocked computer.
- Use someone else’s user ID and password to access (Helio Sector’s) Information Systems.
- Leave their password unprotected (for example writing it down).
- Perform any unauthorized changes to (Helio Sector’s) Information Systems or data.
- Attempt to access data that they are not authorized to use or access.
- Exceed the limits of their authorization or specific business need to interrogate the system or data.
- Connect any non-(Helio Sector) authorized device to the (Helio Sector) network or Information Systems.
- Store (Helio Sector) data on any non-authorized (Helio Sector) equipment.
- Give or transfer (Helio Sector) data or software to any person or organization.
outside (Helio Sector) without the authority of (Helio Sector).
Team leaders must ensure that individuals are given clear direction on the extent and limits of their authority concerning Information Systems and data.
Internet and email Conditions of Use
Use of (Helio Sector) internet and email is intended for business use. Personal use is permitted where such use does not affect the individual’s business performance, is not detrimental to (Helio Sector) in any way, not in breach of any term and condition of employment or agreements, and does not place the individual or (Helio Sector) in breach of statutory or other legal obligations.
All individuals are accountable for their actions on the internet and email systems.
Individuals must not:
- Use the internet or email for harassment or abuse.
- Use profanity, obscenities, or derogatory remarks in communications.
- Access, download, send or receive any data (including images), which (Helio Sector) considers offensive in any way, including sexually explicit, discriminatory, defamatory, or libelous material.
- Use the internet or email to make personal gains or conduct personal business.
- Use the internet or email to gamble.
- Use the email systems in a way that could affect its reliability or effectiveness, for example distributing chain letters or spam.
- Place any information on the Internet that relates to (Helio Sector), alter any information about it, or express any opinion about (Helio Sector) unless they are specifically authorized to do this.
- Send unprotected sensitive or confidential information externally.
- Forward (Helio Sector) mail to personal (non-Helio Sector) email accounts (for example a personal Gmail account).
- Make official commitments through the internet or email on behalf of (Helio Sector) unless authorized to do so.
- Download copyrighted material such as music media (MP3) files, film, and video files (not an exhaustive list) without appropriate approval.
- In any way infringe any copyright, database rights, trademarks, or other intellectual property.
- Download any software from the internet without prior approval of Helio Sector management.
- Connect (Helio Sector) devices to the internet using non-standard connections.
Clear Desk and Clear Screen Policy
To reduce the risk of unauthorized access or loss of information, (Helio Sector) enforces a clear desk and screen policy as follows:
- Personal or confidential business information must be protected using security features provided for example secure print on printers.
- Computers must be logged off/locked or protected with a screen locking mechanism controlled by a password when unattended.
- Care must be taken to not leave confidential material on printers or photocopiers.
- All business-related printed matter must be disposed of using confidential waste bins or shredders.
Working Off-site
It is accepted that laptops and mobile devices will be taken off-site. The following controls must be applied:
- Working away from the office must be in line with (Helio Sector) remote working policy.
- Equipment and media taken off-site must not be left unattended in public places and not left in sight in a car.
- Laptops must be carried as hand luggage when traveling.
- Information should be protected against loss or compromise when working remotely (for example at home or in public places). Laptop encryption must be used.
- Particular care should be taken with the use of mobile devices such as laptops, mobile phones, smartphones, and tablets. They must be protected at least by a password or a PIN and, where available, encryption.
Mobile Storage Devices
Mobile devices such as memory sticks, CDs, DVDs, and removable hard drives must be used only in situations when network connectivity is unavailable or there is no other secure method of transferring data. Only (Helio Sector) authorized mobile storage devices with encryption enabled must be used, when transferring sensitive or confidential data.
Software
Employees must use only software that is authorized by (Helio Sector) on (Helio Sector’s) computers. Authorized software must be used following the software supplier’s licensing agreements. All software on (Helio Sector) computers must be approved and installed by authorized (Helio Sector) personnel.
Individuals must not:
- Store personal files such as music, video, photographs, or games on (Helio Sector) Information Systems.
Viruses
Helio Sector has implemented centralized, automated virus detection and virus software updates within the (Helio Sector). All PCs have antivirus software installed to detect and remove any virus automatically.
Individuals must not:
- Remove or disable anti-virus software.
- Attempt to remove virus-infected files or clean up an infection, other than by the use of approved (Helio Sector) anti-virus software and procedures.
Telephony (Voice) Equipment Conditions of Use
Use of (Helio Sector) voice equipment is intended for business use. Individuals must not use (Helio Sector’s) voice facilities for sending or receiving private communications on personal matters, except in exceptional circumstances. All non-urgent personal communications should be made at an individual’s own expense using alternative means of communications
Individuals must not:
- Use (Helio Sector’s) voice for conducting private business.
- Make hoax or threatening calls to internal or external destinations.
- Accept reverse charge calls from domestic or International operators, unless it is for business use.
Actions upon Termination of Contract
All (Helio Sector) equipment and data, for example, laptops and mobile devices including telephones, smartphones, USB memory devices, and CDs/DVDs, must be returned to (Helio Sector) at the termination of the contract.
All (Helio Sector) data or intellectual property developed or gained during the period of employment remains the property of (Helio Sector) and must not be retained beyond the termination or reused for any other purpose.
Monitoring and Filtering
All data that is created and stored on (Helio Sector) computers is the property of (Helio Sector) and there is no official provision for individual data privacy, however wherever possible (Helio Sector) will avoid opening personal emails.
Information System logging will take place where appropriate, and investigations will be commenced where reasonable suspicion exists of a breach of this or any other policy. (Helio Sector) has the right to monitor activity on its systems, including internet and email use, to ensure systems security and effective operation, and to protect against misuse.
Any monitoring will be carried out following audited, controlled internal processes, utilizing the appropriate legal process inserted here.
It is your responsibility to report suspected breaches of security policy without delay to your team leader, or Helio Sector management.
All breaches of information security policies will be investigated. Where investigations reveal misconduct, disciplinary action may follow in line with (Helio Sector) disciplinary procedures.