Guiding Principle: IT Systems Acceptable Use policy

1. Purpose, scope, and users

This document aims to let Resolver employees know what the guiding principle of using Company IT systems is and make employees aware of their responsibilities based on this principle.

We trust you to help us care for our (Resolver, employees, customer, and partner) hardware, networks, systems, and IT services. Compromising our systems in any way is no laughing matter.

2. Reference documents

  • ISO/IEC 27001:2013 standard, control A.8.1.3
  • ISO/IEC 27701:2019 standard clause 6.5.1.3

3. Considerations

If you have any questions about the acceptable use of our information systems, contact our IT team. They can help clarify the content of this document for you.

3.1  General use, data ownership, and property

As with most companies, the IT equipment and information systems you use to do your job are the property of Resolver. This includes all files, email, instant, and text messages created in our IT systems.

Our systems should be used for business purposes and operations, although we understand that a reasonable amount of personal use may be included as long as it doesn’t interfere with your day-to-day.

Uncertain about what’s reasonable? Chat with your manager.

  • Privacy: We take steps to protect the privacy and confidentiality of data collected for business purposes; however, we can’t guarantee to protect personal items like photos you’re going to upload to Instagram.
  • Monitoring: As part of our internal auditing and compliance process, we regularly monitor our IT systems to ensure everything is above board. If not, we’ll have to respond.
  • Security and proprietary information: We have a pretty extensive “Confidentiality and Proprietary Rights” agreement with lots of information concerning how to use and protect company information. If you need a refresher, ask your manager where to find this agreement.
  • Passwords: At a minimum, all your devices (computers, laptops, portable devices, and mobiles) must be password protected according to Resolver’s Password policy. Keep those passwords secure by not sharing them. When you step away from your machine, it should be locked and password protected.
  • Malware: All equipment connected to our systems (owned by us or you) must run approved anti-virus and anti-malware software. This should be frequently updated to ensure the safety of your device and our information systems.
  • Back-ups: You are responsible for backing up/synchronizing the information you work with and control, to approved by Resolver IT department network and/or cloud file storage service/device (i.e., Box, OneDrive). When in doubt, ask a member of the IT department for guidance. A current copy of all corporate information must always be maintained on the Resolver network.
  !!! Data stored on your local device storage (SSD) – is not backed up !!!
  • Traveling: Take extra care when on the road. Avoid using unsecured public Wi-Fi networks to transfer work-related data.

3.2  Software

Resolver assists you by ensuring that the company purchases, issues, and tracks all software. Software installed on your computing devices should be relevant to your job function. If non-standard software is required, connect with our IT team.

  • Internet downloads: Be extremely cautious when deciding whether or not to accept and/or execute Internet downloads and/or plug-ins.
  • No-nos: Never install peer-to-peer, newsgroup, torrent, or streaming services or any other content distribution applications or services to view or distribute copyrighted or geo-restricted material on our systems. This includes if you’re at home and connected to our network.
  • Our IP: You should never copy, share, borrow, or destroy any software that Resolver owns, licenses, or authors. We are a software company, and our business depends on the software’s legally licensed use.

3.3 IT Equipment

We’ll help you out by taking care of IT purchases. On your end, our equipment should stay in the family and not be shared with people who don’t work with us. Also, don’t disassemble our equipment. If anything is lost, stolen, or damaged, reach out to our IT team immediately.

4. Exits and departures

  • Leaving employment with us means that you need to return all Resolver owned hardware, software, and access devices, including all systems/devices and or equipment, keys, key fobs, data, backups, program code, CDs, diskettes, printouts, and tapes obtained from Resolver.
  • Employees who port a personal number over to the corporate account may retain their number when they leave.

5. Reasonable usage

  • If your Resolver-provided IT equipment is ever damaged or destroyed due to activities based outside of normal wear and tear, you may be held financially responsible for the damage or loss.

6. Personal devices and IT system access

Any computing devices (laptops, smartphones, etc.) not owned by Resolver which are used to connect to the company’s services and resources are subject to the following requirements:

  • Devices must implement reputable anti-malware/virus software (e.g., Malwarebytes, Norton, Symantec, Bit Defender, etc.) configured to perform continuous and/or scheduled scanning and frequently update the virus signatures.
  • Devices must implement a desktop firewall that is set up to restrict access.
  • Devices must have software security updates applied immediately upon release from the vendor.
  • Devices must use a unique account to connect to Resolver and establish a strong password syntax for the account (refer to Resolver’s Password policies for details.) This account should not be accessible to non-Resolver Employees.
  • When connecting remotely into the office, users must NOT save their password on the device that they are using for a VPN connection. You should have to enter your password every time you connect.
  • Devices must not share Resolver’s VPN connection with any other local accounts.
  • When using Remote Desktop from home, users must NOT set up their username and password to be remembered for that connection setting.

7. Unacceptable Use

The activities listed in this section are strictly forbidden. These lists are not exhaustive; employees should exercise common sense about the activities described below. Employees may be exempted from some restrictions during their regular job activities; however, they are not authorized to engage in any illegal activities.

7.1  System and Network Prohibited Activities

  • Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated”, “cracked” or other software products that are not appropriately licensed for use by Resolver.
  • Unauthorized copying or distribution of copyrighted material including, but not limited to, digitization of photographs from magazines, books, or other copyrighted sources, copyrighted music, fonts, and the installation of any copyrighted software for which Resolver or the end-user does not have a valid active license.
  • Exporting software, technical information, encryption software, or technology in violation of applicable export control laws.
  • Introducing malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, malware, etc.).
  • Revealing your account passwords to others or allowing the use of your account by others, including family and other household members, when IT Systems are used from home.
  • Using Resolver’s IT Systems to actively procure or transmit material that violates sexual harassment or hostile workplace laws in the local jurisdiction.
  • Making fraudulent offers of products, items, or services originating from any Resolver account.
  • Affecting security incidents and data breaches or disruptions of network communications.
  • Port scanning or security scanning.
  • Network monitoring that reads or intercepts data not intended for the Employee’s host.
  • Circumventing user authentication or security of any of Resolver’s IT Systems.
  • Interfering with or denying service to any of Resolver’s IT Systems (for example, denial of service attack).
  • Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user’s terminal session, via any means, locally or via the Internet/Intranet/Extranet.

7.2  Email, IM, and General Communications Prohibited Activities

  • Sending unsolicited email messages, including sending “junk mail” or other advertising material to individuals who did not specifically request such material (email spam).
  • Any form of harassment via email, IM, telephone, or paging, whether through language, frequency, or size of messages.
  • Unauthorized use or forging of email header information.
  • Heavy access to entertainment videos or other non-work-related videos/content.
  • Accessing inappropriate videos/content (i.e., pornography)
  • Solicitation of email for any other email address other than that of the poster’s account, with the intent to harass or to collect replies.
  • Creating or forwarding “chain letters”, “Ponzi” or other “pyramid” schemes of any type.
  • Use of unsolicited email originating from within Resolver’s networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by Resolver or connected via Resolver’s IT Systems.
  • Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).

8. Definitions

“Employeesmeans all Resolver employees, contractors, consultants, and temporary workers at Resolver, including all personnel working for Resolver on behalf of third parties.

“IT Systems” means all IT equipment and/or infrastructure that is owned, leased or provided for use by Resolver including, but not limited to, personal computer (PC) equipment, servers, mobile devices, printers, telephony equipment, fax machines, software, operating systems, storage media, network accounts, electronic mail, Resolver-hosted websites, Resolver-hosted FTP sites, routers, switches, network infrastructure, network traffic, and intranet access.

“Confidential information” means any information or material that is proprietary to Resolver, whether owned or developed by Resolver, which is not generally known other than by Resolver, and which may have been obtained through any direct or indirect contact with Resolver.

“Security breaches” include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a System or account that the employee is not expressly authorized to access.

“Disruptions” include, but are not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.

“Personal Use” is defined as personal matters and business, excluding soliciting for commercial ventures, political or religious causes, or other outside organizations that are not partners, clients, or contractually obligated to Resolver.

9. Validity and document management

This document is valid as of August 2023.

The owner of this document is an HR team who must check and, if necessary, update the document at least once a year.

EFFECTIVE ON: August 2023

REVIEW CYCLE: Annual at least and as needed