IT & Electronic Communications Policy

Avatar
Justin
Follow

IT and Electronic Communications Policy 

BPN-RPC’s office provides various forms of electronic communication, including, but not limited to, e-mail, internet access and systems like laptops and mobile phones. These devices are provided for ease in communication with others in the organization and to meet the needs of our staff and members.

Everyone who works at BPN-RPC is responsible for the security of our IT systems and the data on them. As such, all employees must ensure they adhere to the guidelines in this policy at all times to reduce the possibility of malware infection, legal and financial penalties from data leakage, and lost productivity resulting from network or hardware downtime, to name just a few potential impacts. Should any employee be unclear on the policy or how it impacts their role they should speak to their supervisor or IT staff.

 

Use of IT Systems

BPN-RPC’s systems exist to support and enable the business. A small amount of personal use is, in most cases, allowed. However it must not be in any way detrimental to users own or their colleagues productivity. BPN-RPC trusts employees to be fair and sensible when judging what constitutes an acceptable level of personal use of the company’s IT systems. If employees are uncertain they should consult their supervisor.

All systems and all information on those systems can be accessed and reviewed by management without prior notice and with or without cause. This may include (except where precluded by local privacy laws) examination of the content stored within the email and data files of any user, and examination of the access history of any users.

To ensure compliance with licensing, prevent system issues, and give better visibility, all new software and services used in the course of company operations must first be approved by IT. This includes cloud-based software like Dropbox.

All electronic devices, including software and hardware, remain the sole property of BPN-RPC and are intended for BPN-RPC business, unless otherwise indicated. In the event of damage or loss of any company-owned equipment due to an employee’s gross negligence, dishonesty, or willful act, BPN-RPC will utilize all resources legally available to be recompensed for the value of the equipment.

 

Data and Data Security

All data stored on BPN-RPC’s systems is the property of BPN-RPC. Users should be aware that the company cannot guarantee the confidentiality of information stored on any BPN-RPC system except where required to do so by local laws.

Users must not send, upload, remove on portable media or otherwise transfer to a non-BPN-RPC system any information that is designated as confidential, or that they should reasonably regard as being confidential to BPN-RPC, except where explicitly authorized to do so in the performance of their regular duties. Users are prohibited from keeping company data on personal cloud-based services (i.e. Dropbox)

Users must keep passwords secure and not allow others to access their accounts. Users must ensure all passwords comply with BPN-RPC’s safe password policy.

Users who are supplied with computer equipment by BPN-RPC are responsible for the safety and care of that equipment, and the security of software and data stored it and on other BPN-RPC systems that they can access remotely using it.

All systems (including mobile devices like phones) should be secured with a lock-on-idle policy active after at most 10 minutes of inactivity. In addition, the screen and keyboard should be manually locked by the responsible user whenever leaving the machine unattended.

 

Communication

Electronic communications/media, including representing BPN-RPC on social media or blogs, are prohibited from being used in a manner that would be discriminating, harassing, obscene or for any other purpose which is illegal, against BPN-RPC policies, or not in the best interests of BPN-RPC.

 

Unacceptable Use

All employees should exercise good judgement regarding what is unacceptable use of BPN-RPC’s systems. The activities below are provided as examples of unacceptable use, however it is not exhaustive. Should an employee need to contravene these guidelines in order to perform their role, they should consult with and obtain approval from their supervisor before proceeding.

  • All illegal activities. These include theft, computer hacking, malware distribution, contravening copyrights and patents, and using illegal or unlicensed software or services. These also include activities that contravene data protection regulations. 
  • All activities detrimental to the success of BPN-RPC. These include sharing sensitive information outside the company, such as research and development information and customer lists, as well as defamation of the company.

  • All activities for personal benefit only that have a negative impact on the day-to-day functioning of the business. These include activities that slow down the computer network (e.g., streaming video, playing networked video games).

  • All activities that are inappropriate for BPN-RPC to be associated with and/or are detrimental to the company’s reputation. This includes pornography, gambling, inciting hate, bullying and harassment. 

  • Circumventing the IT security systems and protocols which BPN-RPC has put in place.

 

Enforcement

Violations of this policy will be treated like other allegations of wrongdoing at BPN-RPC. Violations of the above policy may be cause for disciplinary action up to and including the following:

  1. Temporary or permanent revocation of access to some or all computing and networking resources and facilities.
  2. Disciplinary action according to SPARC’s applicable policies, up to and including termination.
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.