Acceptable Use of IT Resources Policy

Acceptable Use of IT Resources Policy

AIM

This policy outlines the permitted and expected use of Abt Associates IT resources. Compliance with this policy serves to protect Abt Associates, employees, and clients.

RESPONSIBILITY

· ICT Manager: The ICT Manager is responsible for overall implementation and enforcement of this policy. The ICT Manager must ensure compliance with this policy.

· ICT Staff: All ICT staff must promote compliance with this policy and report all possible breaches to the ICT Manager or Chief Operating Officer.

APPLICATION / SCOPE

This policy applies to all Abt Associates personnel who access or use Abt Associates IT resources. “Abt Associates personnel” include employees, contractors, consultants, temporary workers, and personnel affiliated with third parties. Some personnel (i.e. IT) may be exempt from certain restrictions set forth below as part of performing their legitimate job responsibilities to monitor and ensure compliance with this policy.

POLICY

Under no circumstances are personnel permitted to engage in any activity that is illegal under local, state, federal, or international law while using the Abt Associates IT resources.

Privacy and Personal Use of IT Resources

The personal use of Abt Associates IT resources is permitted provided that the use does not:

· interfere with the normal and timely performance of an individual’s assigned work requirements;

· impact the function and purpose of Abt Associates IT resources;

· degrade the performance of Abt Associates IT resources; or

· result in financial loss to Abt Associates, clients, partners or employees.

Personnel are expected to use good judgment when using Abt Associates IT resources for personal activities.

Expectation of Privacy

While Abt Associates desires to provide a reasonable level of privacy, personnel should not have an expectation of privacy while using Abt Associates IT resources. All network traffic, computer files stored locally or remotely, and emails are subject to monitoring, retention, and are the property of Abt Associates.

Data

· Data may not be shared with individuals who do not possess the appropriate access rights to the data. Sharing of data includes the transmission, in any form, through the use of file transfer protocols, instant messaging, email, social websites, or any other form of communication.

· All data may not be disseminated outside Abt Associates without the prior written approval of appropriate staff.

Access Credentials

Passwords complexity requirements will be enforced and passwords must not be shared. Sharing includes the providing of access or allowing another to use an account that has already been granted access. All actions using an individual’s username and password are linked to that individual and are the responsibility of that individual. Keyfobs, tokens, access cards and digital certificates are also considered a form of access credential and must not be shared. Individuals may not attempt to gain access to data they are not authorised to access.

Abt Associates Computers and Electronic Devices

Abt Associates computers and electronic devices are permitted to be used outside the company. Extra precaution should be taken to ensure that the device’s screen is not read by unauthorised individuals (“shoulder surfing”). Abt Associates computers and electronic devices must stay within the owner’s line of sight unless the system has been disabled via password-protected screensaver or is shutdown or in sleep mode. Theft prevention devices should be used when possible.

Installation of software not approved by the ICT Manager is not permitted. Personnel must contact the IT Helpdesk before installing any software that has not been pre-approved by the ICT Manager. Licensing details must be supplied to the ICT Manager prior to installation of any software not procured through the Abt Associates IT department.

Personnel may only store data on Abt Associates IT resources that is in accordance with the policies regarding personal use. Storage is permitted only if it complies with copyright law. Transmission of copyrighted materials is not permitted unless that transmission is permitted by law.

The viewing, transmission, storage, of pornography or any material that is offensive or lewd is not permitted on any Abt Associates IT resources. Abt Associates IT resources may not be used to view, transmit, or store any material that is in violation of sexual harassment or hostile workplace laws.

Personnel are not permitted to access, bypass, or disable existing security controls unless it is part of their normal job duties. Examples of this can include but are not limited to:

· Port scans

· Packet sniffers

· Security scans

· Denial of service attacks

· Packet spoofing

· Ping floods

· Altering or intercepting transmissions using Abt Associates IT resources

· Disabling firewalls, antivirus or monitoring software

· Bypassing internet filters

· Disabling automatic screen locking on workstations

· Using a local computer account instead of an Abt Associates network account

Internet

· Abt Associates internet connections may be filtered to block undesirable content.

· Personnel are not permitted to view or download any material that would be a violation of sexual harassment or hostile workplace laws.

· Infrequent streaming music or videos is permitted unless this causes an adverse impact on Abt Associates IT resources.

· Excessive streaming or downloading from the internet is not permitted. Abt Associates operates in many environments where internet connectivity is limited and extremely expensive. Personnel should be aware that these activities can cause network congestion and have significant financial costs.

· The use of peer-to-peer software is not permitted.

· Personnel are expected to exercise prudence when opening email they did not request.

· Personnel should never open attachments in unsolicited emails.

· Personnel may not forward chain mail to or from company email accounts.

· Personnel are not permitted to use email to harass others.

· Personnel may not attribute personal statements, opinions or beliefs to Abt Associates. If an employee is expressing his or her personal beliefs and/or opinions, the employee may not, expressly or implicitly, represent themselves as an employee representing Abt Associates views.

POLICY OWNER

The Chief Operating Officer is the custodian of this policy. Any requests to review and/or amend the contents of this policy should be directed through this position.

POLICY APPROVAL

Name: / Dan Drewe
Position: / Chief Operating Officer
Approval Date: / 15 November 2013