Great American Title Company is hereinafter referred to as "the company."
1.0 Overview
Though there are a number of reasons to provide a user network access, by far the most common is granting access to employees for performance of their job functions. This access carries certain responsibilities and obligations as to what constitutes acceptable use of the corporate network. This policy explains how corporate information technology resources are to be used and specifies what actions are prohibited. While this policy is as complete as possible, no policy can cover every situation, and thus the user is asked additionally to use common sense when using company resources. Questions on what constitutes acceptable use should be directed to the user's supervisor.
2.0 Purpose
Since inappropriate use of corporate systems exposes the company to risk, it is important to specify exactly what is permitted and what is prohibited. The purpose of this policy is to detail the acceptable use of corporate information technology resources for the protection of all parties involved.
3.0 Scope
The scope of this policy includes any and all use of corporate IT resources, including but not limited to, computer systems, email, the network, and the corporate Internet connection.
4.0 Policy
4.1
Personal usage of company email systems is permitted as long as:
A.such usage does not negatively impact the corporate computer network, and
B.such usage does not negatively impact the user's job performance.
Please note that detailed information about the use of email is covered in the company's Email Policy.
4.2 Confidentiality
Confidential data is determined in accordance with the Data Classification Policy.
Confidential data is handled in accordance with the Confidential Data Policy.
4.3 Network Access
The user should take reasonable efforts to avoid accessing network data, files, and information that are not directly related to his or her job function. Existence of access capabilities does not imply permission to use this access. Refer to the Network Security Policy.
4.4 Unacceptable Use
The following actions shall constitute unacceptable use of the corporate network. This list is not exhaustive, but is included to provide a frame of reference for types of activities that are deemed unacceptable. The user may not use the corporate network and/or systems to:
Engage in activity that is illegal under local, state, federal, or international law.
Engage in any activities that may cause embarrassment, loss of reputation, or other harm to the company.
Disseminate defamatory, discriminatory, vilifying, sexist, racist, abusive, rude, annoying, insulting, threatening, obscene or otherwise inappropriate messages or media.
Engage in activities that cause an invasion of privacy.
Engage in activities that cause disruption to the workplace environment or create a hostile workplace.
Make fraudulent offers for products or services.
Perform any of the following: port scanning, security scanning, network sniffing, keystroke logging, or other IT information gathering techniques when not part of employee's job function.
Install or distribute unlicensed or "pirated" software.
Reveal personal or network passwords to others, including family, friends, or other members of the household when working from home or remote locations.
4.5 Blogging and Social Networking
Blogging and social networking by the company's employees are subject to the terms of this policy, whether performed from the corporate network or from personal systems. Blogging and social media may be utilized as approved by Management and HR personnel. In no blog or website, including blogs or sites published from personal or public systems, shall the company be identified, company business matters discussed, or material detrimental to the company published. The user must not identify himself or herself as an employee of the company in a blog or on a social networking site. The user assumes all risks associated with blogging and/or social networking.
4.6 Instant Messaging
Instant Messaging is allowed for corporate communications only. The user should recognize that Instant Messaging may be an insecure medium and should take any necessary steps to follow guidelines on disclosure of confidential data.
4.7 Overuse
Actions detrimental to the computer network or other corporate resources, or that negatively affect job performance are not permitted.
4.8 Web Browsing
The Internet is a network of interconnected computers of which the company has very little control. The user should recognize this when using the Internet, and understand that it is a public domain and he or she can come into contact with information, even inadvertently, that he or she may find offensive, sexually explicit, or inappropriate. The user must use the Internet at his or her own risk. The company is specifically not responsible for any information that the user views, reads, or downloads from the Internet.
Personal Use. The company recognizes that the Internet can be a tool that is useful for both personal and professional purposes. Personal usage of company computer systems to access the Internet is permitted as long as such usage follows pertinent guidelines elsewhere in this document and does not have a detrimental effect on the company or on the user's job performance.
4.9 Copyright Infringement
The company's computer systems and networks must not be used to download, upload, or otherwise handle illegal and/or unauthorized copyrighted content. Any of the following activities constitute violations of acceptable use policy, if done without
permission of the copyright owner:
Copying and sharing images, music, movies, or other copyrighted material using P2P file sharing or unlicensed CD's and DVD's
Posting or plagiarizing copyrighted material
Downloading copyrighted files which employee has not already legally procured. This list is not meant to be exhaustive, copyright law applies to a wide variety of works and applies to much more than is listed above.
4.10 Streaming Media
Streaming media can use a great deal of network resources and thus must be used carefully. Streaming media is allowed for
4.11 Monitoring and Privacy
Users should expect no privacy when using the corporate network or company resources. Such use may include but is not limited to: transmission and storage of files, data, and messages. The company reserves the right to monitor any and all use of the computer network. To ensure compliance with company policies this may include the interception and review of any emails, or other messages sent or received, inspection of data stored on personal file directories, hard disks, and removable media.
4.12 Bandwidth Usage
Excessive use of company bandwidth or other computer resources is not permitted. Large file downloads or other
4.13 Remote Desktop Access
Use of remote desktop software and/or services is allowable as long as it is provided by or
approved by the company. Remote access to the network must conform to the company’s Remote Access Policy.
4.14 Circumvention of Security
Using
4.15 Use for Illegal Activities
No
Unauthorized Port Scanning
Unauthorized Network Hacking
Unauthorized Packet Sniffing
Unauthorized Packet Spoofing
Unauthorized Denial of Service
Unauthorized Wireless Hacking
Any act that may be considered an attempt to gain unauthorized access to or escalate privileges on a computer or other electronic system
Acts of Terrorism
Identity Theft
Spying
Downloading, storing, or distributing violent, perverse, obscene, lewd, or offensive material as deemed by applicable statues
Downloading, storing, or distributing copyrighted materials.
The company will take all necessary steps to report and prosecute any violations of this policy.
4.16
4.17 Personal Storage Media
Personal storage devices represent a serious threat to data security and are expressly prohibited on the company's network.
4.18 Software Installation
Installation of
4.19 Reporting of Security Incident
If a security incident or breach of any security policies is discovered or suspected, the user must immediately notify his or her supervisor and/or follow any applicable guidelines as detailed in the corporate Incident Response Policy.
4.22 Applicability of Other Policies
This document is part of the company's cohesive set of security policies. Other policies may apply to the topics covered in this document and as such the applicable policies should be reviewed as needed.
5.0 Enforcement
This policy will be enforced by the Manager and/or Executive Team. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of company property (physical or intellectual) are suspected, the company may report such activities to the applicable authorities.
6.0 Definitions
Blogging The process of writing or updating a "blog," which is an online,
Instant Messaging A
Remote Desktop Access Remote control software that allows users to connect to, interact with, and control a computer over the Internet just as if they were sitting in front of that computer.
Streaming Media Information, typically audio and/or video, that can be heard or viewed as it is being delivered, which allows the user to start playing a clip before the entire download has completed.
7.0 Revision History
Revision 1.0, 10/13/2012