Book a demo
Book a demo

SmartBots

Acceptable Usage Policy

1. PURPOSE

This policy is designed to define best practices for the acceptable use of information and IT assets in accordance with the Information Security Policy of SmartBots.

2. SCOPE

The scope of this policy applies to all users of Information and IT resources in SmartBots. This procedure is applicable to all users having access to information and IT assets in SmartBots.

3. DEFINITION

SmartBots: ###organizationLegalName###

ISMS: Information Security Management System

CEO: Chief Executive Officer

Unacceptable Use: Activities considered in Acceptable Use Policy and/ or any other activity that is illegal under local, national or international laws while using SmartBots’s resources; are deemed to be Unacceptable use.

4. RESPONSIBILITIES

  • The primary ownership of implementing this Policy is with ISG & Department Head.
  • The ISG team shall implement this Procedure under the guidance of the Leadership Team and in coordination with Department Heads.

5. POLICY

  • Under no circumstances is an employee of SmartBots authorized to engage in any activity that is illegal under local, state, national, and/or international law while utilizing SmartBots -owned resources.
  • The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., systems administration staff may have a need to disable the network access of a host if that host is disrupting production services).
  • The lists below are by no means exhaustive but attempt to provide a framework for activities, which fall into the category of unacceptable use.

5.1 System and Network Activities

The following activities are strictly prohibited, with no exceptions:

  • Employees indulgence in any activity that violates local, state, national, and international applicable laws and Information Security Policy of SmartBots during their tenure with SmartBots.
  • Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by SmartBots.
  • Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books, or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which SmartBots or the end-user does not have an active license is strictly prohibited.
  • Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e- mail bombs, etc.).
  • Revealing your account password to others or allowing the use of your account by others. This includes family and other household members when work is being done at home.
  • Using a SmartBots computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user’s local jurisdiction.
  • Making fraudulent offers of products, items, or services originating from any SmartBots account.
  • Making statements about warranty, expressly or implied, unless it is a part of normal job duties.
  • Providing information about, or lists of, SmartBots employees to parties outside SmartBots.
  • Covert information gathering on or of the company asset’s business activities.
  • Exporting software, technical information, encryption software, or technology, in violation of international or regional, or local laws.
  • Leaving equipment unattended without appropriate protection or security. Removable media, documents on a desk unattended.
  • Leaving the desktop or any information processing facility without locking for unauthorized access.
  • Effecting security breaches or disruptions of network communication including, but not limited to,(For the purposes of this section, “disruption” includes, but is not limited to, network sniffing, ping floods, packet spoofing, denial of service, and forged routing information for malicious purposes.)
  • Accessing data of which the user is not an intended recipient or logging into a server.
  • An account that the user is not expressly authorized to access unless these duties are within the scope of regular duties.
  • Interfering with or denying service to any user other than the employee’s host (for example, denial of service attack).
  • Using any program/script/command or sending messages of any kind, with the intent to interfere with, or disable, a user’s terminal session, via any means, locally or via the Internet / Intranet / Extranet.
  • Attempt to test a suspected weakness in the environment without authority.

5.2 Email and Communications Activities

  • Sending unsolicited email messages, including the sending of “junk mail” or other advertising material to individuals who did not specifically request such material (email spam).
  • Any form of harassment via email, telephone, or paging, whether through language, frequency, or size of messages.
  • Unauthorized use, or forging, of email header information.
  • Creating or forwarding “chain letters” or E-mail Hoax of any type.
  • Sending SmartBots’s internal, confidential and restricted information to a third party via any means or media, or access.
  • Sending other company’s confidential information received for internal consumption/evaluation to third parties via official mail ID or personal mail ID.
  • Posting the non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).
  • Sending mails to clients without authorization from Business Head, unless pre-authorized to communicate to the specific client they are normally working for.

5.3 Enforcement

Any employee found to have violated this policy might be subject to disciplinary actions as per Disciplinary Action Policy

6. PROCEDURE

6.1 General

  • Users will be accountable and will be responsible for judicious and ethical use of the organization’s information and IT resources.
  • Users will ensure that their actions do not compromise the security of the company’s information assets and resources and comply with the Information Security Policy and associate policies of SmartBots.
  • Users will use the information and IT resources for SmartBots’ business purposes only.
  • Users will access only those resources, for which they are authorized.
  • Users will treat data as SmartBots’ valuable asset and will protect it.
  • Users will comply and co-operate with spot checks and audits.
  • Users are responsible for the behavior of the visitors, contractors, and clients that they invite and/or receive in SmartBots premises.
  • In case users come across any unauthorized person, they will challenge the person or immediately inform Incident Management Team & their immediate senior.
  • Users will not circulate, store and create obscene, vulgar, or inappropriate materials, jokes, pictures, chain letters, etc. in any media.
  • In case any user receives such material, the user will immediately remove the material, inform Incident Management Team, and communicate to the sender that such mail is undesirable.
  • Users will not use or aid in using any means to thwart the access rights like stealing IP, hacking, etc.
  • Users will comply with non-disclosure and confidentiality agreements that SmartBots has entered into with others.
  • Users will not access areas that are designated as restricted unless they are authorized to do so.
  • Users will always use the change control form, to request for any change.
  • In case of non-adherence to the Acceptable usage policy, the user will be liable for disciplinary action.

6.2 Desktop Level

  • Users will not intentionally write, generate, compile, copy, collect, propagate, execute, or attempt to introduce any computer code designed to self-replicate, damage, or otherwise hinder the performance of or access to any SmartBots’ IT assets.
  • Users will secure the data on their desktops using passwords like power-on passwords, screen saver passwords, etc., and ensure compliance with the Password Policy.
  • Users will ensure that all Antivirus updates are installed on their desktops.
  • Users will check all the removable media for viruses using the anti-virus software.
  • Users will not leave any confidential information lying around their desks un- attended. Users will not use magnets on or near computer equipment.
  • Users will not be allowed to keep any liquid near computer equipment.
  • Users are not permitted to remove or transport computers from SmartBots’ premises without written permission from Management.
  • Users will not engage in the transport of removable Media back and forth between home and office.
  • The desktop ownership shall lie with the IT team and data ownership with the user.

6.3 Software License Guidelines

  • Users will ensure that their desktop has licensed software.
  • Users will not download shareware or freeware from the Internet unless authorized to do so.
  • Users will not use SmartBots’s software for personal use.
  • Users are not permitted to install their personal software on the company’s computer.
  • Users will not copy, collect, propagate any of SmartBots’ software to the outside network.

6.4 Information Disclosure Guidelines

  • Users will not discuss and/or transfer any SmartBots’ name-related information with anyone who is not authorized to know.
  • If users accidentally come across unsecured sensitive information, they will inform their superior immediately.
  • Users will follow the SmartBots’ Data and Document Classification policy for labeling and handling ‘confidential’ and above information.
  • Users will not copy, collect, propagate any of SmartBots’ data, documents to outside of the organization.

7. REFERENCES

  • Data and Document Classification Policy
  • Change Management Policy
  • Change Request Form