Acceptable Use Policy 29 September 2009

1.0 Overview
The systems of this organization are for business purposes only. Effective security of
these systems is critical in order to prevent damage or harm to the systems or personnel.

2.0 Purpose
The purpose of this policy is to outline the acceptable use of the equipment belonging to
to this organization.

3.0 Scope
\The policy applies to all employees, contractors or visitors with system or network access and all
equipment belonging to the organization.

4.0 Policy
4.1 General Use
4.1.1. Users should be aware that any and all data created on any of the systems
belonging to this organization will remain the property of the organization. The
confidentiality of any information on the network cannot be guaranteed.
4.1.2. All users should use their best judgement regarding the proper use of any
computer system. If an action is deemed questionable it should be brought to the
attention of a supervisor.
4.1.3. For the safety and security of the organization any monitoring will be done only
by users authorized by the organization.

4.2 Proprietary Information

4.2.1. All systems belonging to the organization should be clearly marked as
unclassified or classified as defined by the confidentiality guidelines available in the
Human Resources policies.
4.2.2. All passwords and any other means of authentication are to be kept secure and
should be changed according the latest password policy.
4.2.3. All systems should be updated with the latest security software (anti-virus ,
firewall, etc.) to aid in stopping systems from being compromised by worms, trojans or
viruses.

4.3 Personally Identifiable Information

4.3.1. All PII on any organizational computer will be properly secured.
1. Users will log out of any applications, programs or systems not attended.
2. Any material that is printed will be properly controlled by the user.
3. Loss of PII from the organization by a any employee will result in immediate
termination.

4.4 Unacceptable Use

At no point will any person in the organization engage in any activity that is deemed illegal
under state or federal laws while using organizational equipment.

4.4.1. Network Activities

The following activities are examples of prohibited activities:
1. Installation, use or copying of illegal or pirated software.
 Acceptable Use Policy 29 September 2009

2. Copying of copyrighted material such as magazines, photos, books, music or

movies.
3. Introducing malicious programs to the network.
4. Revealing passwords or any other means of authentication.
5. Any activities relating to network or system monitoring( port scanning or packet
sniffing).

4.4.2. E-Mail
1. Sending any unsolicited email that can be considered SPAM.
2. Forging email header information.
3. Sending forwarding emails for chain letters or anything similar in nature.

5.0 Enforcement
Any violators if this policy may be subject to disciplinary action up to and including
termination.