Professional Documents
Culture Documents
Usage
Policy
1
REVISION HISTORY
Version Author Date of Sections Affected
Number Revision
1 XXXX All
AUTHORIZATION
Prepared by Date
Reviewed By
Approved By
2
Table of Contents:
1. SCOPE..........................................................................................................................3
2. POLICY STATEMENT..............................................................................................3
3
Scope
This policy applies to all users of information assets including COMPANY employees,
employees of temporary employment agencies, vendors, business partners, and
contractor personnel and functional units regardless of geographic location.
Policy Statement
The purpose of the Acceptable Usage Policy is to ensure that Company’s information
assets are used in a security conscious manner and not used to perform any
unscrupulous or illegitimate activities.
4
Open-source, Freeware and Shareware Applications should be evaluated and
tested by the Competence Head and System Engineers before installation on
COMPANY Information Resources. They must verify the legal implications of
using the same in the COMPANY information systems.
2 Reporting Incidents
Incident is defined as the occurrence of any exceptional situation that could
compromise the Confidentiality, Integrity or Availability of Information and
information systems of COMPANY. It is related to exceptional situations or a
situation that warrants intervention of senior management, which has the potential to
cause injury or significant property damage. Software malfunctions, virus, theft, etc.
5
and any violations of Company’s security policies shall also be considered an
incident.
If any user comes across any exceptional situation as mentioned above
he/she should immediately inform the Head – IT.
The users should not try and test the weaknesses, since it might be
interpreted as misuse of the system.
All the incidents should be escalated as per the defined Incident
Management Policy.
3 Password Use
Passwords provide a means of validating a user’s identity and thus to establish access
rights to information systems. All users should:
Keep their passwords confidential.
Should change the initial passwords immediately.
Avoid keeping a paper record of passwords, unless this can be stored securely.
Change passwords whenever there is any indication of possible system or
password compromise.
Select quality passwords which are:
-Easy to remember.
-Not based on anything somebody else could easily guess or obtain using person
related information (such as names, telephone numbers, and dates of birth).
-Free of consecutive identical characters or all-numeric or all-alphabetical groups.
-Password should contain at least one numeric and one special character if the
system supports.
Change passwords at regular intervals (passwords for privileged accounts should
be changed more frequently than normal passwords), and avoid re-using or cycling
old passwords.
Not include passwords in any automated log-on process, e.g. stored in a macro or
function key.
Not share individual user passwords.
The user should contact the System Engineers/Administrators for getting the
account unlocked.
4 Virus Protection
Users should not open any files attached to an email from an unknown, suspicious
or untrustworthy source.
Users should not open any files attached to an email whose subject line is
questionable or unexpected.
Users should delete chain/junk emails and not forward or reply to any of the
chain/junk mails. These types of email are considered Spam, which is unsolicited
and intrusive that clogs up the network.
Users should exercise caution when downloading files from the Internet, and
should download them only from a legitimate and reputable source. Verify that an
anti-virus program checks the files on the download site. If you're uncertain, don't
download the file and contact IT Personnel.
Users should back up the files on a regular basis.
6
When in doubt, always err on the side of caution and do not open, download, or
execute any files or email attachments.
5 Physical Security
Users should not allow any unauthorized person to enter the COMPANY premises.
Users should not enter into COMPANY premises without ID badges and they
should always display their ID badges within COMPANY premises.
Users should disclose voluntarily all their belongings, to security personnel, while
entering and going out of COMPANY premises.
Users should not take in or out any equipment from COMPANY premises, without
authorization.