Acceptable Use Policy

Abstract

Mountain-Top is a consulting firm that provides research and business consulting services to small and mid-sized organizations. It helps organizations to solve challenges and offers them best business practices and tools. To be able to achieve this, Mountain-Top provides ICT resources that assist its employees to give the best services.

Purpose of Policy

The ICT resources provided by Mountain-Top are subject to misuse and this policy document, Mountain-Top seeks to define the Acceptable Usage boundaries of the information and communication system resources. The company provides valuable ICT resources which are deemed as strategic assets to assist in the effective running of the business. Employees are expected to use these ICT resources to help them efficiently deliver work related services.

This policy intends to protect the firm's ICT assets while allowing all users to effectively utilize the resources within the appropriate and expected use. The policy has also been documented to adopt the following Information security principles.

* Confidentiality - Assurance that company information is not disclosed to unauthorized persons;

* Integrity - Company information is not corrupted, amended or deleted in an unauthorized manner or by unauthorized persons;

* Availability - Information is made available to authorized users and withheld from unauthorized users.

Objectives

This policy seeks to meet the following objectives:

* To guide users on what the acceptable use of ICT resources is;

* To create awareness of the responsibility that this policy places on users while using the company's ICT resources;

* To sensitize users to legal obligations that could affect them or the company when using ICT resources.

* To make aware the disciplinary consequences that result from non compliance of the policy requirements. These disciplinary actions differ depending on the offence and could include summary dismissal or cancellation of contracts.

Roles and responsibilities

The adherence of this policy is the responsibility of each employee of Mountain-Top. However there will be checks and controls that are expected to assist in ensuring its compliance.

1. Department heads will be required to submit a compliance and policy effectiveness in their various departments every quarter.

2. Management being assisted by the training department should ensure that all employees are trained on the acceptable use policy. Management should also ensure that all document issues arising are addressed.

3. The responsibility of implementing the policy requirements belongs to all employees.

4. Users will be responsible for non-compliance documentation and whistle blowing procedure.

5. All users are expected to read and confirm by signing quarterly against the policy acknowledgement schedule.

Scope of the policy

This policy concerns all persons, generally known as users, using Mountain-Top ICT resources for any purpose. They include although not limited to the following:

* Permanent employees of Mountain-Top consulting firm

* Persons working for or on behalf of Mountain-Top consulting firm on contract, casual or through an agency

* Any persons working for or on behalf of Mountain-Top consulting company on a third party capacity such as contractors and suppliers

* Any guests that may have access to the company's ICT systems

The policy is also tailored to cover any ICT resource that assists users in the performance of their duties. The following ICT resources are covered; however the list is not conclusive.

* Computers comprising of desktop computers, laptops and terminals

* Peripherals such as printers, scanning equipment and photocopiers

* Networks and networking equipment included in wired, internet, dial up and wireless connections.

* Internet browsing

* Emails, messaging, social networking and other collaboration services such as blogs, chat, skype and webinars

* System software application, accessible data and databases

* Removable media e.g. memory disks, CDs and DVDs

Requirements

General requirements

Users of ICT resources within the control of Mountain-Top consulting company are expected to abide by the following guidelines.

1. Users should not share any personal information that could give unauthorized persons access to the company's ICT resources. These include passwords, access codes, access cards and account identification details.

2. ICT resources should be used on an authorized permission basis. A user should seek necessary approvals when further access is required and must not attempt access of any data whose authorization they don't have.

3. A user should not impersonate their self in order to gain access to unauthorized resources for example by using another user's login credentials access cards.

4. Any information that is deemed to be illegal according to the law, offensive, obscene, defamatory or damaging to the company's reputation or to other users should be immediately reported. A user should not request, transmit, display or store any of this information through any ICT resource.

5. ICT resources should be used in a reasonable manner that does not cause any damage or adversely affect other users from using the resources.

6. A user should not compromise the confidentiality, availability or integrity of any ICT resource in any manner.

7. A user should not request, transmit, display or store any unauthorized customer personal data using any ICT resource. Customer personal data is confidential and should be used for the intended purpose. Users should also adhere to the Data protection Act (1998) when handling customer data. Personal Data can be defined as any information that is related to an identifiable living person e.g.

...