Acceptable Use Policy

Open ECX Acceptable Use Policy

1.0 Overview

Open ECX intentions for publishing an Acceptable Use Policy is to provide guidelines to support and protect the company’s established culture of openness, trust & integrity. Open ECX is committed to protecting employees, associates and the company from illegal or damaging actions by individuals, either knowingly or unknowingly. 

IT systems including but not limited to computer equipment, hardware, smart phones, software, operating systems, wireless networks & fixed network connectivity solutions, storage media, network accounts (providing access to email, www etc.) are the property of Open ECX. These systems are to be used for business purposes in serving the interests of the company, and of our clients/customers in the course of normal operations.

Effective security requires the participation and support of every Open ECX employee and associate who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly.

2.0 Purpose

The purpose of this policy is to outline the acceptable use of computer equipment at Open ECX, and to protect the employees, associates and Open ECX in relation to such use. Inappropriate use can expose Open ECX to risks including virus attacks, hacking, compromise of network systems and services, and legal issues.

This Acceptable Use Policy is intended to provide a framework for the use of Open ECX IT resources. It applies to all computing, telecommunication, and networking facilities provided by any department or section of the company.

Open ECX IT resources are provided primarily to facilitate a person’s essential work as an employee or associate of Open ECX. Use for other purposes, such as personal electronic mail or recreational use of the World Wide Web is a privilege not a right, which can be withdrawn at any time. Any such use must not interfere with the user’s responsibilities associated with their specific job role or any other person’s use of computer systems and must not, in any way, bring Open ECX into disrepute.

Open ECX e-mail addresses and associated e-mail and support desk systems must be used for all official company business, to facilitate audit ability. All staff must regularly read their Open ECX e-mail. 

The use of computing resources is subject to UK law and any illegal use will be dealt with appropriately.

3.0 Scope

This policy applies to employees, contractors, consultants and temporary employees of Open ECX, including all personnel associated with third parties. The policy applies to all equipment that is owned, leased or on loan from a third party, for use by Open ECX.

Use of the Open ECX IT service portfolio implies, and is conditional upon, acceptance of this Acceptable Use Policy, for which a signature of acceptance may be required on joining the company. The lack of a signature does not exempt an individual from any obligation under this policy. 

The provision of a username & password grants access to the core IT facilities of Open ECX.  All allocated usernames, passwords and e-mail addresses are for the exclusive use of the individual to whom they are allocated. Users are personally responsible and accountable for all activities carried out under their username. The password associated with a personal username must not be divulged to any other person, other than to designated members of IT staff for the purposes of system support. Attempts to access or use any username or email address which is not authorised to the user are prohibited. No one may use, or attempt to use, IT resources allocated to another person, except when explicitly authorised by the provider of those resources.

4. Policy Guidelines

Users shall not:
4.1 Internet
i). Visit Internet sites that contain obscene, hateful or other objectionable materials.
ii). Make or post indecent remarks, proposals, or materials on the Internet.
iii). Download, distribute or store pirated software or illegal material.
iv). Download, stream, distribute or store music, video, film, or other such material.
v). Download, distribute, store or deliberately view and/or print pornographic images.
vi). Distribute to the internet using forged addresses or data which is deliberately designed to adversely affect remote machines, worms and viruses, trojans and ping storms.
vi). Make use of social networking sites for personal use. The use of such sites for work purposes will be permitted within reason, although all users should exercise restraint in using such tools. Usage will be monitored accordingly.
vii) Download any software without approval from the IT Department.

4.2 E-mail
i). Solicit e-mails that are unrelated to business activities or for personal gain.
ii). Send or receive any material that is obscene or defamatory or menacing which is intended to annoy, harass or intimidate another person.
iii). Represent personal opinions as those of the company.
iv). Participate in the passing on of electronic chain mail.
v). Open an attachment received via unsolicited e-mail (especially if clearly unrelated to work), which leads to widespread virus infection.
Note:
• What is normally regarded as unacceptable in a letter is equally unacceptable in an e-mail communication.
• Be polite and appreciate that other users might have different views from your own. E-mail should not be used as an outlet for comments that employee would be unwilling to vocalise. Always remember e-mail messages can be forwarded and viewed by unexpected readers.
• Please try to limit the sending of global e-mails, use ‘To’ for people with an action and ‘Cc’ for information only.
• If you receive an e-mail containing material of a violent, dangerous, racist, or inappropriate content, always report such messages to the COO.

4.3 Confidentiality

i). Upload, download, or otherwise transmit commercial software or any copyrighted materials belonging to parties outside of the company, or the company itself other than as part of normal duties associated with their role.
ii). Reveal or publicise confidential or proprietary information (IPR) which includes, but is not limited to: financial information, new business and product ideas, marketing strategies and plans, databases and the information contained therein, customer lists, technical product information, computer software source codes, computer/network access codes, and business relationships.
iii). Reveal information about Open ECX employees to parties outside Open ECX.

4.4 Security
i). Download any software or electronic files without implementing virus protection measures that have been approved by the company.
ii). Intentionally interfere with the normal operation of the network, including the propagation of computer viruses, malware and sustained high volume network traffic that substantially hinders others in their use of the network.
iii). Examine, change, or use another person’s files, output, or user name for which they do not have explicit authorisation.
iv). Reveal account passwords to others or allow the use of their account by others. This includes family and other household members when working from home.
v). All passwords should be kept secure and not shared. Authorised users are responsible for the security of their passwords and accounts and should take all reasonable steps to ensure that such information remains confidential.

4.5 General
i). Perform any other inappropriate uses identified by the network administrator.
ii). Waste time on non-company business.
iii). Use Open ECX credentials to gain unauthorised access to the facilities of any other organisation. 
Users should be aware that active monitoring will be carried out to determine web sites that are being visited by users, and what search terms are being entered into search engines. Any activity that it is suspected to be in contravention of this Acceptable Use Policy or that may bring Open ECX into disrepute will be investigated and may result in disciplinary action.

4.6 Procurement
i). All IT equipment will be procured through company approved resellers, via the IT Department. Users are not permitted to purchase their own hardware, software & peripherals.

4.7 Privacy

It should be noted that IT staff with the appropriate privileges, have the ability when required to access all files, including electronic mail files, stored on any computer. It is also occasionally necessary to intercept network traffic. In such circumstances, staff will take all reasonable steps to ensure the privacy of users.

Access to staff files, including electronic mail files, will not normally be given to another member of staff unless authorised by the Chief Operating Officer. Such access will normally only be granted in the following circumstances:

• where a breach of the law or a serious breach of this or another Open ECX policy is suspected,
• when a documented and lawful request from a law enforcement agency such as the police or security services has been received,
• on request from the relevant Departmental Manager, where the managers or coworkers of the individual require access to e-mail messages or files which are records of an Open ECX activity and the individual is unable, e.g. through absence, to provide them.

If a member of staff leaves the company, files which are left behind on any computer system owned by the company, including servers, and including electronic mail files, will be considered to be the property of the company.

While Open ECX’s network administration requires the provision of privacy & security, users should be aware that the data created on the corporate systems remains the property of Open ECX at all times.