All users are responsible for protecting the confidentiality, integrity, and availability of data created, received, stored, transmitted, or otherwise used by the business, irrespective of the medium on which the data resides and regardless of format (e.g. electronic, paper, fax, CD, or other physical form).
Businesses are responsible for implementing operational, physical, and technical controls for access, use, transmission, and disposal of data in compliance with all privacy and security policies, procedures, and guidelines.
We expects all users to use all information technology resources and data in a manner that is legal, ethical, and consistent with the the purpose of business only.
Reason for Policy
Information technology resources and data constitute valuable business assets. The use of these assets is constantly changing and evolving, and it is important that business articulate a clear statement regarding the appropriate use of information technologies and data.
This policy provides both broad and detailed guidelines for the responsible use of information technologies resources and data.
Who Should Read this Policy
All users of Business.
Acceptable use of IT resources and data includes:
- Respecting system security mechanisms, and not taking measures designed to circumvent, ignore, or break these mechanisms.
- Showing consideration for the consumption and utilization of IT resources.
- Understanding and complying with policies, procedures, and guidelines concerning the security of the business information technology and data.
- Assisting in the performance of remediation steps in the event of a detected vulnerability or compromise.
Unacceptable use of IT resources and data includes, but is not limited to:
- Unauthorized access to or unauthorized use of IT resources
- Use of resources in violation of any applicable law or regulation.
- Any activity designed to hinder another person's or business's use of its own information technology and data.
- Installation, distribution or intentional use of malicious software (spyware, viruses, etc.).
- Security breaches, intentional or otherwise, including negligent management of a server or workstation resulting in its unauthorized use or compromise.
- Sharing of a password.
In order to facilitate compliance with this and other security policies, each business must appoint an Information Technologies and Services (ITS) Liaison. ITS Liaisons will be responsible for:
- Understanding security policies and assisting in disseminating and evangelizing policies, procedures, and guidelines to the business.
- Meeting with appropriate ITS staff members on a predetermined, regular basis to discuss security and other information technology and data related issues.
- Providing documented authorization and de-authorization for data and information technology resource access requests to ITS whenever appropriate.
- Assisting in performing remediation steps in the event of data loss, theft, compromise, detected vulnerability, etc.
- Assisting in coordinating all activities related to E-Discovery.
- Business may choose to appoint multiple liaisons when appropriate. Liaison appointments must be approved by the Business Owner or his or her designee.