- Home
- Employment Opportunities
- Policies
Sample and Partner's IT Policy
This policy applies to everyone working at Sample and Partners ("the organisation"). The organisation's computer systems and network infrastructure ("the system") is provided only for the conduct of the organisation's business.
The organisation 's Computer System & Network Usage Policy is written and designed to protect the Users of the system and the interests of the organisation.
This policy covers all internal and external electronic communications and all use of the system.
For the purpose of this policy, reference to "Staff Member", "staff" or "User" are not intended as words of limitation but include the class of people covered by this policy, namely authorised users. In the event that clients or other agents are given authorised access to the system for specific purposes, they too are deemed to be users subject to this policy.
The organisation 's internet and email systems are important business systems. In addition to security, privacy and liability considerations, there are also issues such as the potential for distractions to staff and for misuse or abuse, with significant ramifications. Even a single "all staff" broadcast may involve something like 100 people having to read and delete the message and all the time taken when added together is a significant amount. Users should also note that the system is designed to block at the "gateway" various types of incoming email ("spam" or other inappropriate material) not sent for the business purposes of the organisation. This may result in emails expected by Users not being received by them. The organisation is entitled to and will stop such email without notice to Users.
Users are deemed to have understood and agreed to abide by the requirements in this policy when they make use of the system. Staff will be provided with a copy of this policy and an acknowledgment of same will be signed by him or her and stored on his or her personnel file. Violation of this policy or other improper use of the system or anything related to the organisation computer systems and network infrastructure may be subject to discipline, termination and personal responsibility for any civil liabilities or criminal penalties.
PROCEDURE
Security & Privacy
Security of the Organisation data, computer systems and network are paramount. Breach of security may cause loss and damage or heavy penalties to both the organisation as well as to individuals.
These outcomes can result from legal action as a consequence of:
• Damage to the system causing loss of service, data and business to the organisation or our Clients;
• Breaches of law or of duties owed to other parties such as by private data or information being provided to or accessed by unauthorised persons;
• Damage caused to other parties using the system as a tool.
A heavy responsibility rests with all Users of the system and they are expected to assist in the protection of our data and all aspects of the computer network.
User Accounts and Passwords
On being given access to the system, Users are given a username and password which constitute a "computer account". Each User is responsible for the integrity of his or her computer account and must not authorise anyone else to use same for any reason. The unauthorised use of computer accounts and the provision of false or misleading information for the purpose of obtaining access to computing facilities is expressly prohibited.
Users are responsible for any and all activity initiated from their computer accounts.
Passwords must not be given to others.
Passwords should never be written down, such as on labels attached to computer terminals, or on other materials on the desk, such as calendars. If the password must be written down it must be stored in a private, physically secured location away from the desk on which the terminal is placed. If unauthorised use of any computer account is detected the User must contact the IT Department immediately in order that the password of that computer account can be changed.
Users must report to the IT Department any violation of this policy by another individual. Attempts to use a computer account and guess passwords are monitored by the system and notified to the IT Department by the system.
Personal File Storage
Each User is provided with a "personal" area for saving files that only the User may access. This area is intended to be a storage facility for any personal files the User may create. It is not intended nor may it be used to store precedents or work related files. These must be saved in the relevant area of Worldox. If there is doubt as to where to save material please call Helpdesk. User personal directories will be intermittently monitored by the IT Department to ensure compliance with this policy
Diskettes & CD Roms
Under no circumstances are diskettes/3½ floppy disks or CD Roms to be put into a computer unless specifically authorised by the IT Department. This is to avoid the unintentional introduction of viruses to the system.
Computer Software
Users are provided with approved software. Under no circumstances is software to be downloaded or installed on the system without express authorisation from the IT Manager. These are not permitted to be downloaded and used on the system as they may compromise network security. This includes:
• Instant Messaging programs such as Yahoo, MSN or AOL.
• Music files (eg, mp3's).
• GIFF files.
• Picture files.
Users are prohibited from developing or using programs that attempt to:
• Bypass system security mechanisms;
• Capture network traffic;
• Capture or decode passwords;
• Break encryption protocols;
• Replicate themselves or attach themselves to other programs;
• Evade software licensing or copying restrictions.
Legislative Control
State and Commonwealth Laws have been passed to govern the privacy, security and protection of computer systems, users and data.
The system (comprising our computer system, network and infrastructure) is owned by the organisation. The system must not be used by any person in breach of any law, including the following Acts:
• The Privacy Act 2001 - NPP4 - Data Security;
• Cybercrime Act 2001;
• Criminal Code 1995 (Qld) (Section 408D);
• Crimes Act 1914 (Cth).
Breaches may arise as follows:
• Use of computers with the intent of committing a serious offence;
• Hacking, spreading viruses, website vandalism;
• Launching Denial of Service Attacks;
• Tampering, or giving information to a party which may enable tampering with the corporate firewall protection;
• Passing any computer relating information to any person or entity which may allow the security of the network to be compromised, ie passwords, IP addresses, Domain information;
• Attempting to access the computer network, or any related subscription or services under subscription or in use by the organisation when not employed by the organisation ;
• Intentional disclosure of client or employee information to a non-authorised third party;
• Interfering with or altering the integrity of the systems;
• Impersonation of other individuals in communications, damaging the system, and the destruction or unauthorised alteration of data.
User Acknowledgements
Users acknowledge that Internet and E-mail usage via the system is only for the conduct of the organisation 's business. Client or third party (non staff) access will only be provided to persons who are provided with this policy before using the system and use of the system will signify the user's acknowledgement of this policy and its application to the user.
Users acknowledge that they are specifically precluded from use of the system, including the organisation 's Internet and E-mail for the following:
• Excessive or unreasonable personal use, including:
• advertising or marketing of personal matters, products or services,
• viewing or transferring of obscene, pornographic, slanderous, defamatory, harassing, vulgar, threatening or offensive material;
• viewing or transferring of frivolous material not appropriate for business purposes;
• Unauthorised viewing or transferring of material that is confidential or proprietary to the organisation ;
• Communicating, disseminating or printing of any copyrighted material in violation of copyright laws;
• Hosting a Web site, or for the compiling, issuing, communicating or dealing with spam and mailing lists; and
• Any other activity deemed by the organisation 's to be in conflict with the intent of this policy or contrary to the organisation 's interest.
The above lists are not intended to be all inclusive. For further guidance, Users must not create and send, or forward:
• electronic chain letters;
• unsolicited information that contains obscene, indecent, lewd or lascivious material or other material which explicitly or implicitly refers to sexual conduct;
• unsolicited information which contains profane language or panders to bigotry, sexism, or other forms of discrimination.
Users further acknowledge and agree that:
• Staff act as a representative of the organisation when accessing the Internet or E-mail or the system.
• Users will not engage in any activity or transmit any communication that would reflect unfavourably on the organisation or which is deemed inappropriate by the organisation.
• All Internet and E-mail materials on and from the system are the sole property of the organisation.
• All E-mail communications which relate to matters being handled on behalf of the organisation 's clients, must be sent using the standard form which includes the organisation 's privilege statement. Care must be taken at all times to ensure that the content of such communications is treated with the same formality as would be given to a letter under the same circumstances.
• No User may send or attempt to send E-mail that seeks to hide the identity of the sending party.
• All Users must respect the security systems in place (eg passwords on certain data and documents) and not attempt to access that information without prior written authorisation of the Managing Director or IT Manager.
• By using the system for Internet and E-mail access, the User knowingly and voluntarily consents to such usage being monitored and acknowledges the organisation right to such monitoring.
• The User has no expectation of privacy whatsoever related to the use of the Internet or E-mail systems and accepts that, even when Internet and E-mail materials are erased, it may be possible to recreate the information.
Staff Members who violate this policy or otherwise improperly use the organisation 's Internet or E-mail systems may be subject to discipline, termination and personal responsibility for any civil liabilities or criminal penalties.
Lists and Spam
Users should ensure that they comply with relevant laws dealing with unsolicited material (or "spam") when using the system so that the organisation is not prejudiced by Users' activities.
Users must not subscribe to mail-outs which are not work related or provide their work email address to websites which are not work related. If Users wish to subscribe for non-work communications to be provided to them via the internet, they should use a personal email account address.
A broadcast of advertising style information from the system, eg. to clients, involves a risk that it could be considered as spam. Such broadcasts should be limited to matters approved by the Managing Director.
Electronic mailing lists are considered private to the host. Users who are not members of the list will be regarded as having sent unsolicited material to the list if they do not obtain the explicit permission of the host (the maintainer of the list) prior to posting a message to the list.
Users must determine the purpose of a mailing list or news group before sending messages to or receiving messages from the mailing list or news group and must not attract unwanted communications to the organisation .
Users subscribing to an electronic mailing list will be regarded as having solicited any material delivered by the list as long as that material is consistent with the purpose of the list. Users sending any material to an electronic mailing list that is not consistent with the purpose of the list will be viewed as having sent unsolicited material to the list.