Basil Alred IT End-User Policy
Please read through the policy below and then fill in the acknowledgement form at the bottom of the page. Thank you.
Information Technology (IT) End-User Policy
Statement from Management Team
Basil & Alred has a proud tradition of conducting business in accordance with the highest ethical standards and in full compliance with all applicable laws. This Information Technology (IT) End User Policy “Policy” was developed at the direction of management, following the five-year strategy session, to provide clear technology guidance to all Basil & Alred employees, vendors, and consultants as well as to ensure a consistent approach to business practices.
Basil & Alred management is fully committed to conducting business with the highest level of integrity and we expect strict adherence to this policy and applicable laws.
Thank you for your commitment to comply with the highest standards of integrity and business ethics.
Godfrey B. Mramba
|Version||Prepared by||Reviewed by||Approved by||Approved Date|
|1.0||Joseph Rubambe||Lillian Chiume||Godfrey Mramba||April 01, 2020|
Increased protection of information and Information Technology (IT) Resources to assure the usability and availability of those resources to all users of Basil & Alred. Basil & Alred is the primary owner of this Policy. The Policy also addresses privacy and usage guidelines for those who access Basil & Alred’s Information Technology Resources.
Basil & Alred recognizes the vital role information technology plays in effecting firm business as well as the importance of protecting information in all forms. As more information is being used and shared in digital format by Basil & Alred’s IT resources and authorized users, the need for an increased effort to protect the information and the technology resources that support it, is understood by Basil & Alred and hence this Policy.
Since a limited amount of personal use of these facilities is permitted by Basil & Alred to users, including computers, printers, email and Internet access, it is essential that these facilities are used responsibly by users, as any abuse has the potential to disrupt the firm’s business and interfere with the work and/or rights of other users. It is therefore expected of all users to exercise responsible and ethical behavior while using Basil & Alred’s Information Technology facilities.
In this Policy, a reference to the following word(s) shall have the following meanings assigned to it.
- Information Technology Resources: Information Technology Resources for purposes of this Policy include, but are not limited to, Basil & Alred’s owned or those used under license (such as Software as a Service – SaaS) or those devices not owned by Basil & Alred but intentionally connected to Basil & Alred-owned Information Technology Resources such as computer hardware, mobile phones, smartphones, printers, fax machines, voicemail, software, email and Internet and intranet access.
- User:AnyonewhohasaccesstoBasil&Alred’sInformationTechnology Resources, including but not limited to, all employees, temporary employees, consultants, probationers, contractors, vendors and suppliers.
Policy: This Policy includes within its purview the following referred Policies:
- General Information Technology Usage
- Software Licensing
- Internet and Intranet Usage
- Email Usage
- Helpdesk Process
- Business Continuity Planning and Disaster Recovery
The use of the Basil & Alred’s Information Technology Resources in connection with Basil & Alred’s business and limited personal use is a privilege but not a right, extended to various users. The privilege carries with it the responsibility of using Basil & Alred’s Information Technology Resources efficiently and responsibly. By accessing Basil & Alred’s Information Technology Resources, the user agrees to comply with this Policy. Users also agree to comply with the applicable laws and all governing contracts and licenses and to refrain from engaging in any activity that would subject Basil & Alred to any liability. Basil & Alred reserves the right to amend these policies and practices at any time without prior notice. Any action that may expose Basil & Alred to risks of unauthorized access to data, disclosure of information, legal liability, or other potential system failure is prohibited and may result in disciplinary action up to and including termination of employment and/or criminal prosecution.
This Policy applies to everyone who, has access to Basil & Alred’s Information Technology Resources and it shall be the responsibility of all Managers in the Lines of Service (LoS) and IT personnel to ensure that this Policy is clearly communicated, understood and followed by all users. This Policy also applies to all contracted employees, consultants and vendors/suppliers providing services to Basil & Alred, that bring them into contact with Basil & Alred’s Information Technology Resources.
The Human Resources (HR) and Administration (Admin) departments and their respective managers who use these services shall be responsible to provide the contractor/consultant/vendor/supplier with a copy of this Policy and ensure that they accept the Policy before any access is given to them. This Policy covers the usage of all of the firm’s Information Technology and communication resources, whether owned or leased by the firm or are under the firm’s possession, custody, or control, including but not limited to:
- All computer-related equipment, including desktop personal computers (PCs), portable PCs, laptops, smartphones, terminals, workstations, Personal Digital Assistants (PDAs), wireless computing devices, telecomm equipment, networks, databases, printers, servers and shared computers, and all networks and hardware to which this equipment is connected.
- All electronic communications equipment, including telephones, pagers, radio communicators, voice-mail, email, fax machines, PDAs, wired or wireless communications devices and services, Internet and intranet and other on-line services.
- All software including purchased or licensed business software applications (such as SaaS), Basil & Alred-written applications, employee or vendor/supplier-written applications, computer operating systems, firmware, and any other software residing on Basil & Alred -owned equipment.
- All intellectual property and other data stored on Basil & Alred’s Information Technology equipment.
- This Policy also apply to all users, whether on firm property or otherwise, connected from remote connections via any networked connection, or using firm equipment.
6. General Standards for acceptable use of Basil & Alred’s Information Technology Resources require:
- Responsible behavior with respect to the electronic information environment at all times.
- Users to ensure safekeeping of all firm-issued devices and equipment. This includes ensuring that working tools, such as firm issued laptop(s) and mobile phones are always locked and kept in a safe environment. By removing the said tools from their primary location (office location), the user accepts responsibility for any damage and/or loss of equipment. In the case of loss or damage to device(s), the user is required to notify the IT Manager and local authorities immediately
- Compliance with all applicable laws, regulations and Basil & Alred’s policies
- Respect for the rights and property of others including intellectual property rights
- Behavior consistent with the privacy and integrity of electronic networks, electronic data and information and electronic infrastructure and systems.
7. General Information Technology Usage Policy
- Individual password security is the responsibility of each user.
- Passwords are an essential component of Basil & Alred‘s computer and network security systems.
- To ensure that these systems perform effectively, the users must choose passwords that are difficult to guess. This means that passwords must contain special characters and should not be a single word found in the dictionary or some other part of speech.
- To make guessing more difficult, all passwords to systems (including mobile devices) should be at least eight (8) characters long, with a combination of capital letters, numbers and special characters.
- To ensure that a compromised password is not misused on a long- term basis, users are encouraged to change passwords every 60 days. Password history would be maintained for previous three passwords. This applies to the Systems Logon (windows password) and webmail/email passwords.
- Passwords must not be stored in readable form in batch files, automatic log-in scripts, software macros, terminal function keys, in computers without access control systems, or in other locations where unauthorized persons may have access.
- Passwords must not be written down and left in a place where unauthorized persons might discover them.
- Immediately upon assignment of the initial password and in all cases of password “reset” situations, the password must be immediately changed by the user to ensure confidentiality of all information.
- Under no circumstances should users use another user’s account or password.
- Under no circumstances should the user share his/her password(s) with other user(s).
- In cases where no prior approval had been obtained for sharing of password(s) with other user(s), such user shall be completely responsible for all consequences that follow in respect to breach of this Policy. Also, Basil & Alred shall initiate appropriate disciplinary proceedings against the said user.
- § All Basil & Alred computers and/or mobile devices that are either permanently or temporarily connected to the internal computer networks and/or systems must have a password-based access control system. Regardless of the network connections, all computers and/mobile devices handling confidential information must also meet IT security requirements (including anti-virus software etc.), employ appropriate password-based access control systems.
- All in-bound connections to Basil & Alred computers from external networks must be protected with an approved password or ID access control system.
- All access control systems must utilize user-IDs, passwords and privilege restrictions unique to each user. Users are prohibited from logging into any Basil & Alred system anonymously. To prevent unauthorized access all vendor-supplied default passwords must be changed frequently.
- Access to the server room is restricted with Biometric or RFID lock and only recognized IT staff.
- Users shall not make copies of system configuration files (e.g. Passwords, etc.) for their own, unauthorized personal use or to provide to other users for unauthorized uses.
c. Managing System Privileges
- Requests for new user-IDs and changes in privileges must be made to the appropriate line manager, followed by the approval from the IT Manager on email. Clear communication must be maintained between the user, supervisor and IT manager. Users must clearly state why the changes in privileges are necessary, followed by an approval from their line manager.
- In response to feedback from the Admin/HR department, the IT manager will revoke any privileges no longer needed by users. After receiving information from HR/Admin department all system access privileges will be terminated within 1 hour after the user leaves Basil & Alred.
- Basil & Alred management reserves the right to revoke the system privileges of any user at any time. Conduct that interferes with the normal and proper operation of Basil & Alred information systems, which adversely affects the ability of others to use these information systems, or which is harmful or offensive to others will not be permitted.
d. Changes to Systems
- Other than firm-issued equipment, no employee member shall physically connect or disconnect any equipment, including Basil & Alred owned computers and printers, to or from any Basil & Alred network. For temporary employees and/or vendors/consultants, the IT manager will authorize the use of non-firm equipment to connect to the firm’s systems
- With the exception of emergency situations, all changes to Basil & Alred information technology systems and networks must be documented and approved in advance by the IT Manager.
- Only IT personnel who have been authorized by the IT Manager can make emergency changes to any Basil & Alred computer system or network. These changes will be pre-approved and documented for audit trail purposes. In the event of an unknown breach, the IT manager may block access to all users (including guest accounts) to prevent any other unauthorized access. Users may also be forced to reset their passwords.
- The administration of all Basil & Alred system will be done by a local IT Manager and/or remote Manager (in cases of emergencies)
e. Security (Access Control)
- Users are forbidden from circumventing security measures.
- Users who have been given mobile devices/laptops/smartphones or any other device and duly authorized for such remote access, which connects to Basil & Alred’s mail system on a real-time basis, can do so through the Internet, and/or a Virtual Private Network (VPN) where necessary.
- Unless prior approval of the IT Manager has been obtained, users shall not establish Internet or other external network connections that could allow non-authorized users to gain access to Basil & Alred systems and information. These connections include the establishment of multi-computer file systems, Internet web pages & FTP servers.
- Users must not test, or attempt to compromise computer or communication system security measures unless specifically approved in advance and in writing by the Management for a specific purpose (e.g. Vulnerability testing etc). Incidents involving unapproved system cracking (hacking), password cracking (guessing), file decryption, software copying, computer configuration changing or similar unauthorized attempts to compromise security measures will be considered serious violations of Basil & Alred’s policy. Likewise, short-cuts bypassing system security measures is absolutely prohibited.
- Employees accessing firm information outside the office should take extra precaution to ensure that external parties cannot read information off computer screens and/or tablets. Employees should therefore exercise the necessary care when working in public or non- firm areas. In the event of a tablet, smartphone, workstation or laptop being stolen, the user should report the incident immediately to the IT Manager (as well as line manager) to ensure that all security access is suspended.
- Any employee who suspects that their workstation has been compromised, whether infected by a virus or unauthorized access shall immediately power off the workstation and notify the IT Manager to take corrective action
8. Software Licensing Policy
- For all software including purchased or licensed business software applications (such as SaaS), Basil & Alred-written applications, employee or vendor/supplier-written applications, computer operating systems, firmware, and any other software residing on Basil & Alred-owned equipment, all users must comply with the software licensing policy and must not use/install/download any software for their individual use or even for business purpose without prior approval of the IT Manager. In case any such software is found on any Basil & Alred system which is not allocated to the individual user, it shall be the responsibility of the user to inform the same to the IT Manager. In cases where the said software in installed by the said user Basil & Alred shall initiate appropriate disciplinary proceedings against the said user.
- All necessary software is pre-installed on all Basil & Alred systems for day-to-day office needs. Request for any additional needs to be addressed to the IT Manager for approval.
- Use of Basil & Alred network resources to illegally distribute or duplicate unauthorized copyrighted or licensed material is prohibited. Users shall not make unauthorized copies of copyrighted software, except as permitted by law or by the owner of the copyright.
9. Internet and Intranet Usage Policy
- Internet software may only be installed/used by or with the approval of the IT Manager. Software patches or updates may only be downloaded, subject to approval and ensuring strict adherence to the vendor’s security and usage guidelines.
- Access to the internet and its resources is provided for the purposes of conducting business on behalf of Basil & Alred. Reasonable personal use of the Internet is permitted, according to constraints and conditions set out by the firm’s Firewall.
- The IT department reserves the right to block access to any Internet resource without any prior notice. In cases where a user requires access to a restricted site, the same may be dealt as special case provided the same is identified as use strictly for official purpose and conducting Basil & Alred business. The approval for the same needs to be obtained from the IT Manager on email.
- Similarly, to protect Basil & Alred’s IT systems from imported viruses, downloading or exchanging screensavers, games, entertainment software or other inappropriate files (e.g., pornographic video, obscene images or audio materials for personal use), playing games against opponents or gambling over the internet is not permitted.
- Non-firm issued USB drives are strictly prohibited from being used on firm devices. Any firm-issued USB flash drive, HDD connected to a laptop/computer must first be scanned for malicious software before being opened.
- Furthermore, users may not conduct any form of “hacking” or use malicious code to penetrate or attempt to penetrate other computers or to deliberately release viruses or other harmful programs within either the Basil & Alred network or the internet or bypass security features.
10. Email Usage Policy
- All authorized users of Basil & Alred are provided with an email account, that is protected with a password which is provided to the individual user. The use of email should be restricted only for business purpose; however personal mail can also be exchanged for personal use, to a limited extent provided that such exchange does not amount to breach of this IT Policy or otherwise materially affects Basil & Alred’s operations. In case any individual is found using email service, which is objectionable by any means, access will be terminated by IT department without any prior notice. However, the same may be re-instated with the approval from the Managing Partner and IT Manager.
- Email users should be aware that exchange of information with external sites may not be secure with high risks of spam, trojans, malicious codes etc. Hence exchange of information should be limited to reliable sites. Users are prohibited from using their names/emails/mail domain in public domain without prior authorization from IT Manager.
- Information must not be transmitted internally or externally beyond the bounds of generally accepted standards, values and ethics. This includes, material which could be considered offensive or discriminatory; pornographic or obscene, defamatory or any other material which is otherwise abusive or contains illegal content prohibited by law or regulation of the country or which brings the organization into disrepute. Information is understood to include text, images, videos and is understood to include printing information and sending information via email.
- All users receiving email on personal phones/smart-phones are required to adhere to the password policy mentioned above.
- All material contained on the email system belongs to the Basil & Alred and users should consider messages produced/received by them on Basil & Alred account to be secure. The confidentiality of email data should be maintained by the individual user.
- Security regarding access to the email system is of paramount importance. User identities and personal passwords must not be shared with others. Users should be cautious of providing their email addresses to external parties, especially mailing lists.
- The use of third party email providers (i.e. “Yahoo mail”, “Gmail” etc.) to send firm information or any files emanating from within the firm to external recipients is strictly prohibited. This includes any firm work or data forwarded to personal email addresses for working at home, unless explicitly approved by the firm.
- Users transferring or receiving files or attachments from external sources should note that the Basil & Alred system automatically checks downloaded material for viruses. However, in the event that a virus is suspected, the file or attachment must not be opened and the matter must be reported to the IT Manager immediately for inspection and action.
- Basil & Alred email users are required to use this communication tool in a responsible fashion and to observe the related guidelines. Basil & Alred provides the email system for the purposes of conducting official business and it may not be used for personal gain or business activities unrelated to Basil & Alred’s operations. Users must not use the system to promote an external cause without prior permission from the IT Manager.
- Reasonable personal use of the email system is permitted. Personal use of the email service must not interfere with Basil & Alred’s operations, involve cost implications for Basil & Alred or take precedence over the user’s job accountabilities.
- Where it is considered that there has been a breach in the use of the email system, the service of the user will be terminated without any prior notice.
11. Helpdesk Process
- All office locations where Basil & Alred operates whether by itself or through its country-office shall be allocated a local IT technician. In case any user finds any problem with the IT systems or need any help, they can send in their request to IT support desk via email to firstname.lastname@example.org
- In the event of emergencies or after hours, the IT Managers can be contacted via telephone at +255 719 560 600 (local) or +27 72 261 9370 (remote). All phone calls must be followed by an email to the IT support desk.
12. Business Continuity Planning and Disaster Recovery
- In order to prevent loss of information and to create system redundancy, a periodic backup procedure will be carried out by the IT Manager. This will include both on cloud and in-premise backups. The responsibility for backing up the information located in shared access servers is the IT Manager’s.
- All employees will exclusively store Basil & Alred’s related information on network storage servers (MS SharePoint, Office 365 etc.) to ensure appropriate security protection and backup. An Audit may be conducted at any time and without notice to ensure compliance with the agreement.
“I acknowledge that I have read, and do hereby accept the terms and conditions contained in these policies. In addition, I will not copy, share or distribute these documents without a written approval of management”