:Approved by

<date of approval > Abdullatif Galadari

Information Technology Director
Document review and approval
Revision history
Version Author Date Revision
1.0 Somaya AlWejdani 18th May 2014 Document Created
1.1 Huda Ali Al Hammadi 15th July 2014 Document revised
Abhinav
1.2 23rd Nov 2014 Reviewed & Updated
Srinivasaraghavan
1.3 Manal Saleh 14 th Jun 2016 Final
1.4 Huda Ali Al Hammadi 7th Aug 2016 Added the users responsibility

This document has been approved by

Version Name Signature Date reviewed
1.2 Abdullatif Galadari (IT Director) 4/8/2014
1.3 Abdullatif Galadari (IT Director) 15th- June-2016
1.4 Abdullatif Galadari (IT Director) 11th-August-2016

FEWA Internal
Page 2 of 9 Version 1.4
Table of Contents
1 PURPOSE.................................................................................................................................... 4
2 SCOPE........................................................................................................................................ 4
3 DEFINITIONS & ABBREVIATIONS................................................................................................. 4
4 ROLES AND RESPONSIBILITIES..................................................................................................... 5
5 POLICY....................................................................................................................................... 5
5.1 GENERAL..........................................................................................................................................5
5.2 USE OF INTRANET AND INTERNET..........................................................................................................5
5.3 USE OF EMAIL...................................................................................................................................6
5.4 MOBILE DEVICE USAGE......................................................................................................................7
5.5 CLEAN DESK.....................................................................................................................................8
5.6 CLEAR SCREEN..................................................................................................................................8
6 COMPLIANCE............................................................................................................................. 9
7 RELATED DOCUMENTS................................................................................................................ 9

1 Purpose

The purpose of this policy is to provide guidance to all FEWA employees on the acceptable use
of information and assets in FEWA. This policy also ensures that all information and
information processing facilities provided for FEWA employees are solely for business use.

2 Scope
This policy applies to all FEWA employees, contractors, consultants and temporary staf
hereafter referred to as users.

FEWA Internal
Page 3 of 9 Version 1.4
3 Definitions & Abbreviations

Term Definition
Anything that has value to the organization
There are many types of assets, including:
a) information
b) software, such as a computer program
Asset
c) physical, such as computer
d) services
e) people, and their qualifications, skills, and
experience
f) intangibles, such as reputation and image
A string of characters (letters, numbers, and special
characters) used to authenticate the identity of a
Password computer system user or to authorize access to system
resources.
Portable electronic storage media such as magnetic,
optical, and solid-state devices, which can be inserted
into and removed from a computing device, used to
store text, video, audio, and image information. Such
Removable Media devices have no independent processing capabilities.
Examples: hard disks, floppy disks, zip drives, compact
disks (CDs), thumb drives, pen drives, and similar USB
storage devices.
Unique symbol or character string used by an
User ID information system to identify a specific user.
Intranet Represents the internal network managed by FEWA
Represents the external global interconnection
Internet
network managed by a global community
A clear screen means that unused computer
screens/monitors will be locked with a password
Clear Screen protected screen saver; this shall be applied to all users
to prevent unauthorized access to equipment when
unattended.
Corporate Mobile Device Any device given to FEWA employees by FEWA that
may include but not limited to: mobile phones,
laptops, tablets.etc

4 Roles and Responsibilities

Role Responsibilities
Ensure the complete implementation and enforcement
CISO
of this policy on the users
User/FEWA Employee All users are responsible to read, understand and

FEWA Internal
Page 4 of 9 Version 1.4
 Role Responsibilities

adhere to this policy in their day to day activities.

IT Support Implementation of the policy

5 Policy

5.1 General

5.1.1. All users are responsible and accountable for the information assets and their use in
FEWA. Any action carried out by users is considered as their responsibility.
5.1.2. All information assets in FEWA:
a) Shall strictly be used for business purpose
b) Shall not conflict with the religious, political and moral values of UAE
c) Shall comply with all the local, federal and international rules and regulations.
5.1.3. All users in FEWA shall comply with this policy and any other related acceptable use
policies for any specific information asset.
5.1.4. All users in FEWA shall not use any information asset that they are not authorized to
process. Users shall not bypass any restriction on assets in FEWA.
5.1.5. Users are accountable for all actions carried out under their user accounts.
5.1.6. All assets usage may be monitored for security or operational purposes.
5.1.7. FEWAs security team and internal audit department reserves the right to audit the use
of assets on a periodic basis to ensure the compliance to this policy.
5.1.8. In case this policy does not apply on certain assets, users shall immediately refer back to
their Managers.

5.2 Use of Intranet and Internet

5.2.1. All FEWA users shall apply due care when using any of the specific provided facilities in
FEWA, such as Internet and Intranet.
5.2.2. Intranet and Internet services provided at FEWA shall only be used for business
purposes.
5.2.3. Users shall be aware of the classified information in FEWA as per the Asset
Management Policy and refrain from publishing such information in the Intranet and

FEWA Internal
Page 5 of 9 Version 1.4
 shall not share or publish any statement which can impact FEWAs interests or
reputation.
5.2.4. Users shall not download, install or use any unauthorized software on the computing
devices provided to them by FEWA. All new software requests shall go through IT
Support for authorization and installation.
5.2.5. If internet is used as a source for information in any ongoing activity or project in FEWA,
information source shall be verified before being used for business purposes.
5.2.6. Internet services provided at FEWA are continuously monitored, each user shall be
responsible for the activities carried out under their accounts.
5.2.7. IT Support shall be contacted if users need to access a blocked site for business
purposes.
5.2.8. Users shall access FEWA services only through the provided internet connection in the
offices of FEWA.
5.2.9. FEWA employees shall not publish any information about FEWA on the internet either
through FEWA provided desktops or personal devices.
5.2.10.FEWA management respects copyright when downloading files and documents. Users
shall refrain from sharing copyrighted material at all times.
5.2.11.Users shall not use non-business related information exchange facilities on the internet
while connected to FEWAs internet services. These facilities include but not restricted
to: blogging, social networking, gaming and chatting.

5.3 Use of Email

5.3.1. Users shall not use personal email accounts for business communications in FEWA.
Users shall not log into external personal mail services (e.g. Gmail, Yahoo Mail,
Hotmailetc.) while connected to FEWAs internet services.
5.3.2. Users shall not share any confidential information through email as per the Asset
Management Policy.
5.3.3. Users shall not send any email that conflicts with the religious, cultural, political or
moral values of the UAE.
5.3.4. Users shall not be allowed to send Mass email communication-unless explicitly
authorized. The use of distribution lists to broadcast emails shall be restricted.

FEWA Internal
Page 6 of 9 Version 1.4
5.3.5. Users shall use email forwarding with due care.
5.3.6. All emails shall contain approved FEWA signatures and disclaimers.
5.3.7. Users shall not use FEWAs email address to register on any website on the internet or
for any non-business purposes.
5.3.8. Users shall not use the automatic forwarding option to/from external email address.
5.3.9. Users shall be aware that emails containing the following are strictly prohibited:
a) Chain emails/jokes/videosetc.
b) Emails that contain harmful attachments or content, e.g. virus, wormetc.
c) Defamatory, ofensive, racist or obscene remarks
5.3.10.Users shall not exchange confidential or personal information in plain text while using
FEWAs email address. All confidential and personal information shall be encrypted or
password protected prior to being exchanged through FEWA email accounts.
5.3.11.All email attachments shall be content scanned for incoming/outgoing emails. Any
harmful attachment shall be stopped and deleted immediately by the IT staf through
defined rules and procedures.
5.3.12.Any misuse of the email service, information security alerts and warnings at FEWA shall
be immediately reported to the IT Support.
5.3.13.Any unauthorized use or forging of email header information is strictly prohibited.
5.3.14.All actions carried out under user IDs are monitored, all users are accountable for their
actions carried out on their email accounts. FEWA reserves the right to access all email
and email contents that are sent or received using FEWA information processing
facilities.
5.3.15.The record keeping and archival practices and procedures followed for written
documentations shall also apply to email messages.

5.4 Mobile Device Usage

5.4.1. Employees may use their corporate smartphones to access FEWA services as per Bring
Your Own Device Policy in FEWA.
5.4.2. All corporate mobile devices provided by FEWA shall be password protected.
5.4.3. All corporate mobile devices provided by FEWA shall be only used for business purposes
only.

FEWA Internal
Page 7 of 9 Version 1.4
5.4.4. Users shall always keep corporate mobile devices safe and protect them from theft.
5.4.5. Users shall prevent any attempt of shoulder surfing by unauthorized users while using
corporate mobile devices in public places.
5.4.6. Users shall follow Malware protection guidelines provided in the Antivirus Policy while
using any corporate mobile device.
5.4.7. Users shall follow the guidelines provided in the Teleworking Security Policy for secure
remote access while working from outside FEWA networks.
5.4.8. All corporate mobile users are responsible to back up the data on their devices.
5.4.9. Users shall follow the manufacturers instructions when using the corporate mobile
devices, e.g. protection against heat and exposure to electromagnetic fields.
5.4.10.Users shall follow the password guidelines provided in the User Password Policy when
assigning a passcode on their corporate mobile devices.
5.4.11. All devices provided by FEWA shall never be shared with others.
5.4.12.All devices provided by FEWA shall never be jail broken or rooted.
5.4.13. FEWA reserves the right to stop or disconnect any FEWA services running on the
corporate mobile device without notifying the user.
5.4.14.Any lost or stolen corporate mobile device shall be immediately reported to IT Support
on [+971 6 711 1177] or [+971 6 711 1171].

5.5 Clean Desk

5.5.1. All FEWA employees shall keep their desks clear while away, and store all sensitive data
and confidential information in locked cabinets at the end of each working day.
5.5.2. Users with access to sensitive data and confidential information shall request for storage
facilities in case needed to comply with this policy. Storage facilities may include:
lockable cabinets, fireproof safe.etc.
5.5.3. All documents and media containing sensitive data and confidential information shall be
labeled as Confidential and shall be locked away when not needed. Need to know
basis shall be followed prior to sharing such documents with necessary approvals from
the data owner.

FEWA Internal
Page 8 of 9 Version 1.4
5.5.4. Users shall collect printed documents immidetaly from the printers, fax machines and
photocopiers and refrain from leaving the sensitive data and confidential information in
the printing facilities.
5.5.5. Photocopiers, printers and other printing machines available in the printing facilities
ofFEWA shall only be used for business purposes.

5.6 Clear Screen

5.6.1 All users shall manually activate the screen lock facility on their devices when leaving
the workstation/desks.
5.6.2 All computers and devices provided by FEWA shall be automatically programmed to lock
the screen with a password protected screen saver after 5 minutes of inactivity.
5.6.3 Users shall properly log out from systems and applications when session is finished.
5.6.4 Users shall save all the information on their sharedrive .

6 Compliance

All users are requested to comply with this policy. In case of breach/violation, the user would
be subjected to disciplinary action. Violations shall be notified to IT Support and HR. Strict
confidentiality shall be maintained on all notified violations.

7 Related Documents

FEWA_ISMS_Asset Management Policy

FEWA_ISMS_Bring Your Own Device Policy
FEWA_ISMS_Antivirus Policy
FEWA_ISMS_Teleworking Security Policy
FEWA_ISMS_User Password Security Policy

FEWA Internal
Page 9 of 9 Version 1.4