IT Acceptable Use Policy
1.1 COMPUTERS AND INFORMATION TECHNOLOGY
- 1.1.1 This Acceptable Use Policy (AUP) for IT Systems is designed to protect Prodist, our employees, customers and other partners from harm caused by the misuse of our IT systems and our data. Misuse includes both deliberate and inadvertent actions.
- 1.1.2 The repercussions of misuse of our systems can be severe. Potential damage includes, but is not limited to, malware infection (e.g. computer viruses), legal and financial penalties for data leakage, and lost productivity resulting from network downtime.
- 1.1.3 Everyone who works at Prodist is responsible for the security of our IT systems and the data on them. As such, all employees must ensure they adhere to the guidelines in this policy at all times.
- 1.1.4 Should any employee be unclear on the policy or how it influences their role they should speak to their manager or IT Department.
- 1.1.5 IT Resources are valuable Company assets. The process of compiling an inventory of information, software and physical assets is important. Therefore, it is management’s intent to ensure that the Company is able to identify its assets and the relative value and importance of these assets.
This policy is applicable to all the Prodist Group employees as well as contractors.
- 1.1.6 Technical Scope
- “Users” are everyone who has access to any of Prodist’s IT systems. This includes permanent employees and temporary employees, contractors, agencies, consultants, suppliers, customers and business partners.
- “Systems” or “Resources” means all IT equipment that connects to the corporate network or access corporate applications. This includes, but is not limited to, desktop computers, laptops, smartphones, tablets, printers, data and voice networks, networked devices, software, electronically-stored data, portable data storage devices, third party networking services, telephone handsets, video conferencing systems, and all other similar items commonly understood to be covered by this term.
- 1.1.7 Standard
- IT resources are being provided to employees/contactors with the sole purpose of achieving the operational requirements and goals of the Prodist Group. It unconditionally remains the property of the Prodist Group and the employee/contractor will ensure that all IT Resources are being kept and protected in a good working condition. Prodist employees are responsible for the security of its IT systems and the data on them. As such, all employees must ensure they adhere to the guidelines in this policy at all times.
1.1.8 Receiving of IT Resources
- When receiving IT Resources employees/contractors will check all IT Resources to ensure the condition there-of, and sign the appropriate documentation.
- 1.1.9 Use of IT Resources
- Employees/contractors undertake and agree not to use the IT Resources employed by the Company, other than for the course and scope of their duties for the Company. Employees/contractors are not allowed to:
- Use IT Resources to their own benefit. Or for any unauthorised private work;
- Load software on PC’s outside the scope of their duties and operational requirements, or agreed programs without written authority from Leadership;
- Use IT Resources for any unlawful or indecent purposes;
- To investigate or retrieve any information concerning the affairs of the Company and/or its employees and/or any clients or customers of the Company;
- Share any sensitive information outside the company, such as research and development information and customer lists, as well as defamation of the company;
- Save work done for the Company on the hard drive of their computer, it has to be saved on the server;
- All data stored on Prodist’s systems is the property of Prodist. Employees should be aware that the company cannot guarantee the confidentiality of information stored on any Prodist system except where required to do so by local laws.
- 1.1.10 Data Security
- All data on Prodist’s systems are classified as confidential. Employees must take all necessary steps to prevent unauthorized access to confidential information.
- Employees are expected to exercise reasonable personal judgement when deciding which information can be shared.
- Employees must not send, upload, remove on portable media or otherwise transfer any information to a non-Prodist system, except where explicitly authorized to do so in the performance of their regular duties.
- Employees must keep passwords secure and not allow others to access their accounts. Users must ensure all passwords comply with Prodist’s safe password policy.
- All workstations (desktops and laptops) should be secured with a lock-on-idle policy active after at most 10 minutes of inactivity. In addition, the screen and keyboard should be manually locked by the responsible employee whenever leaving the machine unattended.
- 1.1.11 Repairs
- Any working deficiencies should be reported by employees/contractors to the responsible person for repairs. Employee/contractors should not attempt to repair hardware themselves. If defects were caused by the negligence of the employee/contractor, the costs of the repairs can be for the account of the employee/contractor after investigation by Management.
- 1.1.12 Accessibility to IT Resources
- Management can at any time require an employee/contactor to make available IT Resources in their possession for inspection or audit purposes. The employee/contractor agrees that the Prodist Group can inspect all hardware, software, data files, or any other IT resource at any time for whatever purpose required.
- Prodist reserves the right to regularly audit networks and systems to ensure compliance with this policy.
- 1.1.13 Returning of IT Resources
- On termination of service (or contract) the employee/contractor will return IT Resources to the Prodist Group. Should there be any defect or missing items, such repairs shall be for the employee’s account.
- 1.1.14 Implications for Non-conformance
- Non-conformance to this policy may result in the loss of IT Resources, which will increase cost and may impose a security risk in terms of information stored on IT Resources. Non-conformance is considered serious misconduct and can be ground for disciplinary action.
- 1.1.15 Enforcement
- Prodist will not tolerate any misuse of its systems and will discipline anyone found to have contravened the policy, including not exercising reasonable judgment regarding acceptable use. Each situation will be judged on a case-by-case basis.
- Use of any of Prodist’s resources for any illegal activity will usually be grounds for summary dismissal, and Prodist will not hesitate to cooperate with any criminal investigation and prosecution that may result from such activity.