Acceptable Use Policy

Policy

This Acceptable Use Policy (AUP) for information systems is designed to protect Lullabot, our employees, customers and other partners from harm caused by the misuse of our information systems and our data. Misuse includes both deliberate and inadvertent actions.

The repercussions of misuse of our systems can be severe. Potential damage includes, but is not limited to, malware infection (e.g. computer viruses), legal and financial penalties for data leakage, and lost productivity resulting from network downtime.

Scope

This policy applies to all Lullabot employees and contractors.

Compliance

Everyone who works at Lullabot is responsible for the security of our information systems and the data on them. As such, all employees must ensure they adhere to the guidelines in this policy at all times. Should any employee be unclear on the policy or how it impacts their role they should speak to their manager or IT security officer.

Lullabot will not tolerate any misuse of its systems and will discipline anyone found to have contravened the policy, including not exercising reasonable judgment regarding acceptable use. While each situation will be judged on a case-by-case basis, employees should be aware that consequences may include the termination of their employment.

Use of any of Lullabot’s resources for any illegal activity will usually be grounds for summary dismissal, and Lullabot will not hesitate to cooperate with any criminal investigation and prosecution that may result from such activity.

Acceptable Use

Lullabot’s systems exist to support and enable the business. Personal use is allowed. However it must not be in any way detrimental to users own or their colleagues productivity and nor should it result in any direct costs being borne by Lullabot other than for trivial amounts.

Any information that is particularly sensitive or vulnerable must be encrypted and/or securely stored so that unauthorized access is prevented (or at least made extremely difficult). However this must be done in a way that does not prevent–or risk preventing–legitimate access by all properly-authorized parties.

Lullabot can monitor the use of its IT systems and the data on it at any time. This may include (except where precluded by local privacy laws) examination of the content stored within the email and data files of any user, and examination of the access history of any users.

Lullabot reserves the right to regularly audit networks and systems to ensure compliance with this policy.

Users must take all necessary steps to prevent unauthorized access to confidential information. Users are expected to exercise reasonable personal judgment when deciding which information is confidential.

Users must not send, upload, remove on portable media or otherwise transfer to a non-Lullabot system any information that is designated as confidential, or that they should reasonably regard as being confidential to Lullabot, except where explicitly authorized to do so in the performance of their regular duties.

Users must keep passwords secure and not allow others to access their accounts. Users must ensure all passwords comply with Lullabot’s safe password policy.

Users are responsible for the safety and care of electronic equipment, and the security of software and data stored it and on other Lullabot systems that they can access remotely using it.

Because information on portable devices, such as laptops, tablets and smartphones, is especially vulnerable, special care should be exercised with these devices, including encrypting computers, and using strong and secure passwords and pins. Users will be held responsible for the consequences of theft of or disclosure of information on portable systems entrusted to their care if they have not taken reasonable precautions to secure it.

All workstations (desktops and laptops) should be secured with a lock-on-idle policy active after at most 10 minutes of inactivity. In addition, the screen and keyboard should be manually locked by the responsible user whenever leaving the machine unattended.

Users who have been charged with the management of those systems are responsible for ensuring that they are at all times properly protected against known threats and vulnerabilities as far as is reasonably practicable and compatible with the designated purpose of those systems.

Users must at all times guard against the risk of malware (e.g., viruses, spyware, Trojan horses, rootkits, worms, backdoors) being imported into Lullabot’s systems using best practices for the operating system in use, and must report any actual or suspected malware infection immediately.

Unacceptable Use

All employees should use their own judgment regarding what is unacceptable use of Lullabot’s systems. The activities below are provided as examples of unacceptable use, however it is not exhaustive. Should an employee need to contravene these guidelines in order to perform their role, they should consult with and obtain approval from their manager before proceeding.

  • All illegal activities. These include theft, computer hacking, malware distribution, contravening copyrights and patents, and using illegal or unlicensed software or services. These also include activities that contravene data protection regulations.
  • All activities detrimental to the success of Lullabot. These include sharing sensitive information outside the company, such as research and development information and customer lists, as well as defamation of the company.
  • All activities that are inappropriate for Lullabot to be associated with and/or are detrimental to the company’s reputation. This includes pornography, gambling, inciting hate, bullying and harassment.
  • Circumventing the IT security systems and protocols which Lullabot has put in place.

results matching ""

    No results matching ""