TOPIC:Systems and Resource Policy & Procedures
System Utilization Policy
Revised March, 2002
TOPIC:Systems and Resource Policy & Procedures
PURPOSE:To establish application and operation for equipment, systems and software used by Manpower employees in all locations.
APPLICATION:All Manpower employees using company equipment.
POLICY:
I. Physical Assets
Manpower physical assets, such as equipment, systems, facilities, corporate charge cards and supplies, are to be used only for conducting corporate business or for purposes authorized by management.
II. Corporate Information and Communication Systems
Information and communication systems, including company connections to the Internet, are vital to company business; you should only use them for appropriate purposes. You can use them for conducting corporate business or for other incidental purposes authorized by your management or by applicable guidelines, such as guidelines (explained further in this document) on the use of Internet. It is inappropriate to use corporate systems to visit Internet sites that feature sexual content or that advocates intolerance of others. It is also inappropriate to use them in a manner that interferes with your productivity or the productivity of others. You are responsible to ensure that your use of corporate systems is appropriate; inappropriate use of corporate systems is a misuse of corporate assets.
III. System Use Guidelines
A. Introduction
Manpower’s information and computing assets are critical to the company’s success, and as a result, must be protected from loss, modification or destruction.
This document describes the basic computer security measures that all corporate employees are required to follow. This includes employees of corporate subsidiaries, contractors, vendors, and others authorized by corporate management to use Manpower’s internal computer systems.
Noncompliance with the principles described in this document may result in disciplinary action, including dismissal.
B. Management Approved Use of Computer Services
Computer systems must only be used for conducting company business or for purposes authorized by management. All electronic documents created, stored, or communicated using Manpower’s computers are the property of the company. Manpower may access documents or communications stored on its property or in its systems whenever warranted by business need or legal requirements. Manpower reserves the right to monitor its systems for accounting purposes, to ensure proper use, and to detect security violations. Employees should not expect that their communications using the company’s systems are private. Use is subject to audit at any time by corporate management.
1. Personal Use of Computing Equipment
Personal use of corporate computer equipment may only be approved by management if use is clearly insignificant compared to your business usage. For example, personal use cannot be approved if it:
- Interferes or competes with corporate business
- Interferes with your job or the job of other company employees
- Involves any incremental cost to company
- Involves commercial or other inappropriate solicitation
- Provides information about, or lists of, corporate employees to others
Access to the Internet from the manpowernc.com business address designation is to be for corporate business related activity. However, access to Internet services for personal use during or outside your normal work hours is not allowed without management approval providing the above personal usage criteria are followed.
Any questions concerning personal use of corporate computer resources and Internet services should be discussed with your manager.
2. Chain Letters, Hoaxes and Virus Warnings
Chain letters and hoaxes come in many versions, for example offering a free trip or a large amount of money, warning about a computer virus, or relating to a sympathetic cause. These letters often request that you send them on to other people.
Using corporate computer systems to send or reply to chain letters, hoaxes, or virus warnings is prohibited. If you receive an e-mail chain letter or virus warning, please do not forward it! Send it to Manpower’s IS HelpDesk Department at the Support Center, e-mail address: , who will take the appropriate action.
3. Offensive and Inappropriate Material
Manpower employees are not to access or distribute any material, which could be considered inappropriate, offensive or disrespectful to others. While it is impossible to list every form of such material, some clear examples include, but are not limited to:
- Materials that contain sexually explicit images or descriptions
- Materials that advocate illegal activity
- Materials that advocate intolerance for others
Employees should discuss questions concerning inappropriate or offensive material with their managers.
C. Legal Considerations
1. Software Licenses
Manpower is responsible for obtaining valid licenses for software installed on all computers.
Never copy or duplicate licensed software. All software will be installed by the Information Systems Department.
2. Copyright and Intellectual Property
Most information and software (including programs, audio, video, data files, etc.) that is available on the Internet (including Manpower’s Intranet) is subject to copyright or other intellectual property right protection.
When obtaining material for use inside corporate:
- Do not obtain software from such sources for use within the company, unless expressed permission is granted by the material owner.
- You must read and understand any software copyright restrictions. If you think that corporate will not be able to comply with any part of the terms, do not download or use the material.
- Ensure that you comply with any expressed requirements or limitations attached to the use of such software (for example: the restrictions not to be used for commercial purposes; can not charge others for use or distribution; subject to a copyright or attribution notice being affixed to each copy; must distribute source code; etc.).
- If you are unsure about the meaning of the restrictive language or have questions about it, you should contact the HelpDesk (919) 755-5878 or (888) 557-5319, to review it before downloading or using the material.
- You must obtain assistance and approval from Manpower before incorporating any public domain material into a product or material corporate intends to distribute externally.
3. Releasing Corporate Information into the Public Domain
Seek advice from your manager before uploading software to the Internet, and comply with all applicable licensing agreements and copyrights when uploading any corporate or OEM software products.
You must ensure that any corporate copyright documents clearly indicate Manpower as holder of the copyright.
4. Export/Import Regulations
The United States (as well as other countries) imposes strict requirements on exporting, importing or transferring products and technology/technical data, including cryptographic products. Transfer of technology in any form (verbal exchange, via fax, e-mail, etc.) outside the US and Canada or transfer to a person who is not a US or Canadian citizen or resident alien can all be subject to US export regulations and may require prior approval.
5. Privacy (Data Protection) Legislation
In some countries the collection, storage, use, disclosure of, and the transfer of personal information to other countries may be subject to privacy legislation and restrictions. This includes both personal information about Manpower employees as well as information collected on other individuals as part of normal business responsibilities. If you have questions regarding the protection of personal information or regarding the transfer of personal information outside your country, you should seek advice from your manager.
D. Protecting Computer Workstations and Other Devices
Every employee is responsible for helping reduce the possibility and consequences of theft of all personal corporate computing resources and devices (e.g., desktops, laptops, WorkPads and similar hand-held devices), related materials such as diskettes and printed output, and the information they contain. No matter where these assets are located - in your corporate office, in your home office, at a client's location, at a hotel, in a plane or car, etc. - you must take appropriate steps to protect them. This section describes the actions that you must take to protect these physical assets. Based on the particular circumstances, you may need to take additional actions to provide adequate protection. In addition, you must follow the requirements specified in the Protecting Corporate Information section of this document to protect the information contained on your workstation and related storage media.
1. Workstation Locks
Always use the physical or dock locking mechanisms if provided with your workstation.
2. When Leaving Your Office or Work Area
If you work in a single person office that can be locked, and where local health and safety or real estate regulations allow, lock the office.
If you do not work in a single person office that can be locked (on-site):
- Lock up all materials that contain confidential corporate information.
- At the end of the workday, if your workstation is portable, secure it in an appropriate manner, for example, in your desk or filing cabinet.
3. When Working away from Your Office or Work Area:
Keep computing resources and/or other corporate devices in your possession if at all possible.
Moreover, these items should not be left for an extended period of time in an unoccupied vehicle.
Note: If your computing resources and/or any other corporate device containing corporate confidential information, is stolen or lost, you must report the loss to your manager.
E. Passwords
A computer access password is the primary key to computer security. The password uniquely identifies you and allows you access to corporate information and computer services. For your own protection, and for the protection of company resources, you must keep your password secret and not share it with anyone else.
The following guidelines are designed to help you select secure passwords, resistant to compromise by computer "hackers".
Computer access passwords must:
- Be at least 6 positions in length
- Contain at least one alphabetic and one non-alphabetic character
- Not contain your Userid as part of the password
When changing your password, you must select a new password, i.e., do not change the password to one that you used in the past.
Note: If you access computer systems that are not under company control, do not select the same password on external systems that you selected for use on corporate internal systems.
F. The Internet
Company information, computing assets, and company images on the Internet are critical to our success, and as a result, must be protected from loss, modification or destruction.
As we use the Internet to communicate with our customers, suppliers and other organizations, it is important to remember the following points:
- The Internet is used by millions of people worldwide. Not all Internet users have the company's best interests in mind.
- You should presume that any unprotected information sent across the Internet will be read by a number of unknown people.
1. Conduct
When accessing the Internet from manpowernc.com or other corporate designated addresses:
- Never masquerade as someone else.
- Use only services you have authorization to access. Do not try to access Internet systems or server ports without prior authorization.
- Do not run security-testing tools/programs against any Internet system or server.
- Do not place any material on the Internet that could be considered inappropriate, offensive or disrespectful to others, and do not access such material.
When using electronic mail to communicate with people on the Internet:
- Do not automatically forward corporate internal mail to an Internet site.
2. Inappropriate Internet Web Sites
Numerous Internet web sites contain or distribute material that is objectionable and inappropriate in the workplace. While it is impossible to list every such web site or form of objectionable material, some clear examples include, but are not limited to:
- Web sites that contain sexually explicit images and related material
- Web sites that advocate illegal activity
- Web sites that advocate intolerance for others
Employees are not to access such web sites, distribute or obtain similar material through the Internet. Employees should discuss questions concerning inappropriate web sites or objectionable material with their managers. Manpower reserves the right to use technical control measures to prevent access to inappropriate/objectionable web sites. Moreover, employees should not presume that Manpower approves access to all web sites not blocked by technical control measures.
3. Receiving Unsolicited e-mail
Employees may be recipients of unsolicited non-business e-mail (sometimes referred to as “spam” or “junkmail”). The easiest, and generally most effective response to unsolicited e-mail is simply to ignore the mailing. In specific cases where individuals or organizations on the Internet demonstrate themselves to be a continuous source of unwanted and/or unsolicited e-mail, Manpower may choose to apply technical control measures to prevent the receipt of further mailings from those individuals or organizations.
4. Privacy - Individual Practices
On the Web, one of the real dangers is a possible loss of your privacy or leakage of information about your activities. You should be aware of the following issues relating to your privacy when surfing the web:
- When you visit a Web site, the site you are visiting can identify where your Internet connection originates. For example, if you use the Web from work, your activities can be identified as coming from Manpower.
- Web sites can log all of your activity including any personal data you provide. The Web site owner can associate you with this data on future visits. They may use this information to give you a better web experience or may be collecting competitive information, or both. Some web sites do not respect data privacy laws and may make the information collected from you available to other organizations. Be aware of this practice and act responsibly when conducting business via the Internet.
You should also be aware that files known as "cookies" may be placed on your system by web sites. Cookies are small data files written to your hard drive by some Web sites when you view them in your browser. These data files contain information the site can use to track such things as passwords, lists of pages you have visited, and the date when you last looked at a certain page. In some instances, other Web sites can browse your cookie file and find personal information. Cookies may be helpful but be aware that they continue until you manually erase them. You should erase unwanted cookies regularly. Cookie settings may be changed in your browser preferences. You should contact the IS Department with any questions or concerns you may have about these files.
G. Security Incident Reporting
If you suspect a security incident is in progress or has occurred, it is important for you to act promptly by contacting the IS Department. Employees are not to attempt to investigate or take action. The IS Department is qualified and trained to properly contain exposures, mitigate potential impact to Manpower, and conduct investigations, up to and including gathering evidence for possible legal action.
If you have any security questions not covered by this policy, please discuss them with your manager or the IS Department at the Support Center.
Commitment Form
Policies for the Use of Information Technology Resources
Attached are policies for the use of Manpower’s Information s Systems Resources, which includes PC’s workstations, printers, email, mainframes, AS/400’s, Internet access, network, etc…
Please review this document and complete the checklist below.
Read the document carefully.
Make sure you understand all of the terms (if you have questions ask your supervisor or call the Information Technologies Resource Center 888-557-5319.)
Write your signature, date, name and department in the box below.
The completed form will be filed in your personnel file.
I have read and understand the Greenwood Group Inc. Policies for the use of Information Technology Resources; I agree to abide by them and recognize that my use of these resources may be monitored and accessed by the company.
______
SignatureDate
______
Name (please print)
______
Department