Acceptable Use of IT Policy

Overview

This policy sets out the acceptable use of the information technology resources owned or operated by ReGen Strategic and its associated entities (the Company).

Scope of this policy

This policy applies to all workers of the Company.

Workers engaged by the Company must comply with this policy at all times in the course of their engagement by the Company. However, this policy does not form part of any person’s contract with the Company or create any enforceable rights or entitlements for them.

Failure to comply with this policy is likely to lead to the Company taking disciplinary action against a person, which may include termination of the person’s engagement by the Company.

Definitions

Who is a ‘worker’?

In this policy, a ‘worker’ of the Company means any person who carries out work in any capacity for the Company, including work as:

  • an employee
  • a manager
  • an employee of a labour hire company who has been assigned to work in the Company (i.e. a ‘temp’)
  • a student gaining work experience, or
  • a volunteer.

Please refer to and read this policy in conjunction with the Company’s Social Media Policy, Prevention of Workplace Bullying Policy, and Respect in the Workplace Policy.

Workers engaged by the Company must comply with this policy at all times in the course of their engagement by the Company. However, this policy does not form part of any person’s contract with the Company or create any enforceable rights or entitlements for them.

Definitions

In this policy:

IT Resources includes the Company’s:

  • computers (including desktop and laptop computers)
  • tablets and other electronic devices
  • fixed line and mobile phones
  • internet access
  • intranet
  • email system
  • document management and storage system
  • instant messenger systems, and
  • external storage devices provided by the Company.

User means any person who uses the Company’s IT Resources.

Reference to ‘you’ or ‘your’ is a reference to a user.

Monitoring

The Company has full access to its IT Resources, and utilises a number of practices to monitor these and the conduct of its workers’ use of the IT Resources.

The Company may without notice to any person store, access, track, monitor and read information transmitted through or received by the Company’s monitoring systems, including and in respect of the Company’s IT Resources.

This means the Company may from time to time monitor, review and/or read information you transmit using the Company’s IT Resources (e.g. the content of email or instant messenger communications, or internet browser history), with the result these may be used by the Company for disciplinary purposes if necessary.

You should not assume that any communication through or other use of the Company’s IT Resources is private, confidential, or could not be accessed and used by the Company.

All emails created in or received by the Company’s email system remain the property of the Company at all times.

By accepting your position with the Company and accessing its IT Resources, you agree to the above-mentioned monitoring and access.

Unacceptable Use of the Company's IT Resources

Unless you have a legitimate business purpose for doing so, you must not use the Company’s IT Resources to send, store, create, stream, access or download any material (including data in any form) which is, or which a reasonable person would consider to be:

  • illegal
  • sexual or pornographic
  • graphic images or descriptions of violence or injury
  • racist or which promotes or encourages racism, violence, or intolerance
  • supportive of or promoting terrorism
  • hate speech, or
  • content that is or appears harassing, degrading, discriminatory, intimidating, defamatory or threatening.

If when using the Company’s IT Resources you receive (e.g. by email) any material within the above categories, you must immediately report the incident to the Company’s IT Manager.

In addition, you must not use the Company’s IT Resources to:

  • engage in any illegal activity
  • gamble
  • create or send viruses or malware
  • send ‘spam’ (irrelevant or unsolicited messages sent over the Internet, typically to large numbers of users, for the purposes of advertising, phishing, spreading malware, etc)
  • breach confidentiality
  • abuse, intimidate, threaten, discriminate against or harass any person or organisation
  • write or create software or any code
  • download material or install software unrelated to the Company’s business
  • infringe copyright (including what is often known as ‘piracy’, and including but not limited to by means of streaming content or using peer to peer or torrent file sharing services), or
  • operate any business.

Further, you must not use any telephone provided by the Company to engage in any of the above activities.

Approval from the Company is required to install or use any system not included as part of the Company’s standard operating environment.

Acceptable Personal Use

The Company acknowledges that users of its IT Resources may from time to time need to use the IT Resources for personal purposes, and permits reasonable personal use in accordance with the following requirements.

Reasonable personal use of the internet

Users should normally use the internet for non-business purposes only during approved break periods, e.g. lunch break, or before and after normal working hours. During this time, users should ensure use does not exceed the bounds of acceptable use or excessive use (i.e. negatively impact services). Very occasional, limited, non-business use during business hours is allowed provided it is not detrimental to the Company’s business, or the performance of job responsibilities or those of colleagues.

Use of personal email systems

Users must not, without a legitimate business purpose, use personal email systems to store, process or transmit Company or client information. Personal email systems include web-based (e.g. Gmail or Hotmail) and servers (e.g. accessed via POP3 or IMAP). These services bypass the Company’s controls for the protection of information, do not comply with record keeping requirements and put Company and client information at unnecessary risk. Many web-based email systems left open in your browser continuously check for new mail and cause unnecessary network congestion. Be sure to ‘sign out’ or ‘log off’ after using such services to reduce the impact on the Company’s network and to maintain the security of your personal account.

The Company will not be liable for any actions performed using personal email systems. Personal emails produced in web-based email systems while using the Company’s IT Resources may be stored by the Company and subject to monitoring.

Personal use of Company email and instant messaging (IM)

Limited, reasonable, non-business-related use of the email and (if relevant) IM system is permitted. However, messages should be kept short, and should not be detrimental to the Company’s business, or the performance of job responsibilities or those of colleagues. Personal emails and IM communications must still comply with all Company policies.

Appropriate Use of the IT Resources

Use of email services

The Company-provided email services are to be used primarily for Company business. Company provided email services must be used for all official email communications (e.g. when conducting Company business). The use of non-Company email services for Company business is prohibited unless prior authorisation is obtained from the Company.

Users must comply with the following requirements:

  • endeavour to respond to email requests promptly, even if this is only an email acknowledging receipt of the request and confirming that the matter is being attended to
  • always be courteous and professional when communicating via Company email
  • do not send email messages directed to large audiences (e.g. ‘Company wide’ emails) unless strictly necessary
  • write well-structured emails and use short, descriptive subjects
  • spell check messages before sending
  • do not breach privacy requirements when sending personal information via email to external recipients
  • do not write emails exclusively in capital letters (this is perceived as ‘shouting’)
  • do not ask for a delivery or read receipt unless you really need it
  • only mark emails as important if they really are important
  • do not send large email attachments (i.e. greater than 10MB) unless strictly necessary
  • only send or ‘Reply to All’ on emails to distribution lists (groups) where everyone belonging to the distribution list should receive the message
  • do not use slang or emoticons in email messages directed to large audiences or to external recipients, and
  • use only the Company’s authorised standard email signature.

Security of access

You must keep any passwords used for accessing the IT Resources secure and confidential. You must not give your passwords to other people without authorisation or proper cause.

You must not use or attempt to access another individual’s account without authorisation or proper cause, or attempt to capture or guess other users’ passwords.

‘Out of office’

Users unable to check their email for extended periods should use automated out-of-office messages to let other people know of their absence and alternative points of contacts for business continuity. Out-of-office messages sent externally present a security risk in publicly exposing your absence from work (and possibly home), so you should consider this and not include details of your whereabouts. If you are not sure what to write, you should ask the Managing Director.

Forwarding emails

Users must not forward security/privacy sensitive messages to external mailboxes. Users must not create email forwarding rules that forward email received to any third party other than the Managing Director or Executive Chairman (or delegates). Email forwarding rules can be useful and are permitted to be used only when creating conditional rules to forward specific emails onto others. The risk is that a rule will forward a message sent to you that should remain private or confidential. If you forward emails, state clearly what action you expect the recipient to take. Users must not automatically forward any Company email, conditional or otherwise, externally (e.g. to a web-based email account).

Maintaining your inbox

Users should file client/matter related emails promptly to the appropriate location, and afterwards delete these from their mailbox. Email is not an appropriate repository for long-term storage of emails and/or attachments.

Personal and confidential information

Users must not breach privacy requirements when sending personal information via email to external recipients. You should ensure that the transmission of ‘personal information’ outside of the Company does not infringe privacy. For example, if you have a document containing a person’s name, age or address, it is covered by the applicable privacy laws. For further information, refer to the Company’s Privacy Policy.

Users must not email confidential client or Company information externally without proper business reasons. Email sent externally should not be considered as secure and once sent, will transit many different networks, potentially in many different countries, and therefore may be read by non-intended recipients. If you are in doubt as to whether to send certain information via email, check this with the Managing Director or Executive Chairman first.

Unsolicited email

Show caution when opening unsolicited email (e.g. spam, phishing, scams) and clicking on links in email. Although the Company has strong security controls in place which filter most unsolicited email and phishing attempts, users still need to be cautious as some unsolicited email still makes it through to the Company inbox. Unsolicited email may ask you to download a file or click on a link leading to unauthorised access to information such as username, password and credit card details, or even your computer.

To detect possible risks and avoid becoming a victim:

  • don’t click on links, or open attachments if the email was unsolicited, i.e. you don’t know the sender or the subject of the message
  • treat all emails where the context is not known or that are out of context with suspicion, regardless of who the sender appears to be
  • delete chain emails and junk email and do not forward or reply to them, and
  • if you think you have received a spam email contact, contact the Helpdesk.

Use of internet services

The Company-provided internet services are to be used primarily for Company business and strictly in accordance with its policies.

Further, users must comply with the following requirements:

  • do not use ‘Anonymizer Websites’, TOR servers or non-corporate proxy servers which are used to access websites ordinarily blocked by the Company, mask browsing activities and to circumvent monitoring
  • do not access the ‘dark’ web
  • exercise caution when browsing encrypted web pages (eg pages that request username and passwords), and
  • do not use of automated browsing software without prior approval from the Company (i.e. any software including but not limited to programs, tools, utilities, scripts and commands used for the purpose of automating web browsing or downloading).