Acceptable Use Policy
1 Objective & Scope
This policy defines limits of control and vigilance that apply to by all employees (including contractors, parttime and any others) directly or indirectly work for, supply to or provide services to Tapal Tea when utilizing Tapal Tea Information Systems services & resources.
2 Policy
2.1 Personal Use
2.1.1 Secure Use
Authorized employees as users of Information Services must ensure their electronic and other information is composed, communicated and stored with the same control, vigilance and attention to detail in order not to expose Tapal Tea or related Internal, Organizational, Personal, Non-public or other people’s personal information to unauthorized persons or targets. Targets and consumers include journalists, research organizations, non-Tapal Tea employees, contractors, personal friends, family members as well as Tapal Tea Employees who may not have adequate rights, privileges or authorization to be in receipt and use of that information to name a few among others.
Proprietary and Confidential – Document Version 1.0 Page 3 of 7
Internal use only
Information Security Acceptable Use Policy
Tapal Tea (Private) Limited
2.1.2 Lawful Use
All users must obtain, use, record or communicate data & information systems lawfully and must ensure not to violate in anyway Privacy and Data Security laws, company values & information security policy & guidelines.
2.1.3 Personal Gain and Values at Tapal Tea
It is prohibited to use Information Services resource(s) for personal gain. If a personal gain and organizational gain alignment possibility exists, it must be discussed with line manager to be identified as a possible foreseeable conflict of interest and is subject to exemptions per Conflict of Interest resolution policy, processes and standards at Tapal Tea.
2.1.4 Personal Information Requests
Individuals may be entitled by law to a copy of the information which is held pertaining to them by Tapal Tea. This potentially includes emails, entries in databases, manuals etc. Any User including owner of the personal information must not make any statement(s) (whether casual or otherwise) about 3rd party organization or partners, clients, colleagues (in employee of Tapal Tea or otherwise) which they would not want disclosed or unless explicitly authorized to do so by respective HOD and HOD that owns the Data or Information. Based on classification of information the HOD can identify whether a higher authorization is required to approve than them e.g. Confidential information reclassification or disclosure would both require approval from Divisional Head as well as any other owning or impacted stakeholders.
2.1.5 Data Backup
• Users has a responsibility to take backup of official documents by IS department recommended solution. (Like; google drive etc.).
• Service Desk team will provide guidance to user (if required).
2.2 Sharing of User ID’s / Password’s
User ID’s and password’s required to access ANY Information Systems should be kept Secret; Must be confidential and Must not be shared with anyone.
Sharing of system IDs and passwords is a serious breach of information security and should be kept confidential. In case of violation, strict disciplinary action will be taken by the management as per following HR guidelines.
• Counselling of employee and advisory letter will be filed in employee’s personnel file.
• Warning letter will be issued (in case of repeated violation).
• Termination
However, the action will consist of any or more of the above mentioned guidelines depending on nature of the case.
2.3 Information and Data Security Policy
All devices should be locked (e.g. locked windows session, locked mobile device) if left unattended, stored or in a setting of exposure to prevent malicious use.
2.4 Electronic Communication & Monitoring
All messages, documents or notes used or produced using Tapal Tea Electronic Communications are the property of Tapal Tea irrespective of storage location, including but not limited to, Tapal Tea Database(s), records and employee‘s personal system. Please note communicating or storing information through devices
Proprietary and Confidential – Document Version 1.0 Page 4 of 7
Internal use only
Information Security Acceptable Use Policy
Tapal Tea (Private) Limited
other than specifically authorized by Tapal Tea must be pre-approved by Line Manager. Failure to do so may result in disciplinary action.
All electronic business communications can be subject to monitoring, access, communication and recording by Tapal Tea without limitation, for the following purposes:
• Records retention
• Compliance with laws, legal investigation and regulations
• Corporate confidentiality and customer privacy
• Prevention and detection of possible criminal activity or breaches of internal or external regulatory requirements, policy and/or procedures
• Virus scans or other threats to Tapal Tea, or Information Services and Resources at Tapal Tea
• Business continuity (e.g. accessing communications when an employee is absent e.g. due to sickness)
• Detection of inappropriate use of Tapal Tea Electronic Communications
• Investigation or a breach or potential breach of any Tapal Tea policy or of your terms and conditions of employment
• Investigation in connection with grievance(s) or potential disciplinary matters.
• Employees working away from the office
2.6 Working away from the Office
Users are responsible for information and asset security in their custody.
They must keep work taken home secure; return all work related material upon the conclusion (success, partial completion, termination) of assignment and contract. Line Manager, as well as Tapal Tea IS Service Desk should be immediately informed if information is no longer in possession, at risk or uncertainty in its exposure or risk in case of loss or inaccessibility.
If working on something at home, in transit or at work keep all sets of information secure. Devices including but not limited to computers, storage devices and mobile devices should not have records containing internal or restricted information any longer than absolutely necessary.
2.6 (a) Work from Home
• Every employee is advised to avoid clicking on links in unsolicited emails and beware of email attachments and phishing comes in many forms like email, SMS, phone calls and even through social media platform like WhatsApp, Facebook, Twitter, etc.
• Working from public places is prohibited, such as Restaurants, Airports etc. or on public transportation, where third parties can view screens and printed documents.
• Use of public WiFi is prohibited, and it is required to use secure, password-protected home WiFi or hotspots.
• Sensitive information, such as certain types of personal information (e.g., personnel records, medical records, financial records), that is stored on or sent to or from remote devices should be encrypted in transit and at rest on the device and on removable media used by the device.
• The users have to ensure that company information should never be downloaded or saved to employees’ personal devices or cloud services, including employee computers, USB drives, or cloud services such as their personal Google Drive or Dropbox accounts.
• The user should be responsible for all applications and operating systems have the most updated patch level on your devices.
• The users have to ensure not to allow the sharing of work computers and other devices. When employees bring work devices home, those devices should not be shared with or used by anyone else in the home. This reduces the risk of unauthorized or inadvertent access to protected company information.
• Ensure your antivirus/security software is up to date for all devices (Laptop / Desktop / Mobile)
• Users should attend security awareness sessions on a regular basis.
Proprietary and Confidential – Document Version 1.0 Page 5 of 7
Internal use only
Information Security Acceptable Use Policy
Tapal Tea (Private) Limited
2.7 Purchase of Hardware and Software
If at the time of leaving the Tapal Tea, staff request to purchase Tapal Tea (Private) Limited equipment in use, request should be processed as per General Laptop policy. However it is essential that release of that equipment, which contain Tapal Tea data or other information, should be removed and released with the prior approval of IS Department, who will ensure that no compromise on data integrity be allowed.
2.8 Installing, Upgrading, or Removal of Hardware, Software & other authorized devices
Users must request all such services from Tapal Tea IS Service Desk & maintain record of request and response (permission, denial) for any software, hardware or any other equipment (printers, mobile devices) owned, operated, authorized for use by Tapal Tea.
Hardware including Laptops, Desktops, Printers and others when handed off by IS to a user, is the responsibility of the user to care for its upkeep, maintenance and security. This includes ensuring the computer equipment is transported, used and stored securely, and also keeping it intact and clean. Please note this excludes all repair and upgrades. For upgrades and technical maintenance IS Service Desk should be engaged by the user to request service with approval from User’s HOD.
2.9 Internet Use
Internet is provided at locations approved by Tapal Tea Management.
Users must ensure that their personal Internet use does not interfere with the performance of their duties or job function.
Access to the Internet can be logged by Tapal Tea. This includes, but is not limited to:
• The name of the site visited
• The search terms used in any search engine
• Internet activity and usage patterns of users
• Suspected prohibited use, the activities of specific individuals will be reviewed and analyzed in more detail and may be used as evidence for corporate or legal proceedings and compliance.
In case Users access prohibited sites accidentally or inadvertently they must close the site immediately and report any inconsistent behavior to IS Help Desk.
2.10 Use of Tapal Tea Organizational and Privacy Information, Databases
Allowed
• Strictly for approved business purposes only
Prohibited:
• Personal Use of Tapal Tea information when contributing to personal or unauthorized work related blog(s), message board(s), chat-line(s), pod cast(s), web cast(s) or social networking at any time.
• Any acquisition, access, retention, use or disclosure of non-public Tapal Tea, privacy or classified Information without proper Authorization.
• Misuse or compromise Tapal Tea or any of its brands.
Proprietary and Confidential – Document Version 1.0 Page 6 of 7
Internal use only
Information Security Acceptable Use Policy
Tapal Tea (Private) Limited
2.11 Use of Software Tools, Network Resources, Websites, and Email
Allowed:
• For approved business purpose(s), informed to IS Department before execution.
• All devices should be locked (e.g. locked windows session, locked mobile device) if left unattended, in temporary or permanent storage or other exposed scenarios in order to prevent malicious use & unintended direct exposure without password.
• Limited personal use that does not interfere with an individual‘s duties or performance
• Digital network owned, authorized by (through VPN) or subcontracted by Tapal Tea for official purpose(s).
• Employees working remotely can connect through Virtual Private Network (VPN) upon getting approval from GM IS (Information Services) or user’s Head of Department.
• With an etiquette commensurate with Values at Tapal Tea and considerate of other Tapal Tea employees and resource(s).
Prohibited:
• Excessive personal use.
• Use of Tapal Tea resources to contribute to personal or unauthorized work including personal ventures, blogs, message boards, chat-lines, pod casting, web casting at any time
• Acquisition, access, retention, use or disclosure of non-public Tapal Tea internal, private or classified Information without proper Authorization.
• Breaching any applicable law, compliance or regulation
• Send any message which could constitute misuse and prohibition by international and local law including but not limited to bullying, extortion, unauthorized information exchange or harassment.
• Operate a personal business or solicit money for personal gain, originate or distribute chain letter or other junk (spam) communications, transmit malicious code e.g. computer virus, downloading, transmitting or storing copyright, Intellectual Property, Privacy, Restricted (passwords, security keys), confidential or Personal Information and Protected (legally or otherwise) material without the author‘s explicit permission
• Deliberately storing, editing, accessing or transmitting prohibited or inappropriate material including: − Abusive, defamatory, obscene, offensive or sexually explicit material;
− Illegal material or activity;
− Material that is discriminatory on the basis of sex/gender, religion, age, race or disability
• On any Network, platform, network node, VPN, Media Hardware/Software, Mobile Device and or Terminal that is in use, owned or subcontracted by Tapal Tea Private Limited the acts including Wardriving, network discovery, ethical hacking, recreational penetration testing and potential exposure to threats (Privacy breach, malicious software etc.) even for the purpose of securing the computer network, without proper authorization are banned.
• Employees must not misuse Tapal Tea computer systems or networks. For example, curious browsing, stoking, attempting to bypassing network security including searching for files, programs, data in the directories that are not formally authorized (access, utilize, update, distribute) is prohibited.
2.12 General Guidelines
Employees shall follow the following general guidelines concerning the use of this company resource:
FAILURE TO FOLLOW ANY PART OF THIS POLICY WILL RESULT IN DISCIPLINARY ACTION, UP TO AND INCLUDING TERMINATION.
Proprietary and Confidential – Document Version 1.0 Page 7 of 7
Internal use only
Information Security Acceptable Use Policy
Tapal Tea (Private) Limited
2.13 Employee Acknowledgement
I have reviewed Acceptable Usage policy. By signing this form, I attest to my understanding and acceptance of this policy. I understand that if I am found in violation of this policy, I may be subject to disciplinary action, up to and including termination, as well as civil and/or criminal prosecution.