Acceptable Use of IT Policy

Overview

This policy sets out the acceptable use of the information technology resources owned or operated by ReGen Strategic and its associated entities (the Company).

Scope of this policy

This policy applies to all workers of the Company.

Workers engaged by the Company must comply with this policy at all times in the course of their engagement by the Company. However, this policy does not form part of any person’s contract with the Company or create any enforceable rights or entitlements for them.

Failure to comply with this policy is likely to lead to the Company taking disciplinary action against a person, which may include termination of the person’s engagement by the Company.

Definitions

Who is a ‘worker’?

In this policy, a ‘worker’ of the Company means any person who carries out work in any capacity for the Company, including work as:

an employee
a manager
an employee of a labour hire company who has been assigned to work in the Company (i.e. a ‘temp’)
a student gaining work experience, or
a volunteer.

Please refer to and read this policy in conjunction with the Company’s Social Media Policy, Prevention of Workplace Bullying Policy, and Respect in the Workplace Policy.

Definitions

In this policy:

IT Resources includes the Company’s:

computers (including desktop and laptop computers)
tablets and other electronic devices
fixed line and mobile phones
internet access
intranet
email system
document management and storage system
instant messenger systems, and
external storage devices provided by the Company.

User means any person who uses the Company’s IT Resources.

Reference to ‘you’ or ‘your’ is a reference to a user.

Monitoring

The Company has full access to its IT Resources, and utilises a number of practices to monitor these and the conduct of its workers’ use of the IT Resources.

The Company may without notice to any person store, access, track, monitor and read information transmitted through or received by the Company’s monitoring systems, including and in respect of the Company’s IT Resources.

This means the Company may from time to time monitor, review and/or read information you transmit using the Company’s IT Resources (e.g. the content of email or instant messenger communications, or internet browser history), with the result these may be used by the Company for disciplinary purposes if necessary.

You should not assume that any communication through or other use of the Company’s IT Resources is private, confidential, or could not be accessed and used by the Company.

All emails created in or received by the Company’s email system remain the property of the Company at all times.

By accepting your position with the Company and accessing its IT Resources, you agree to the above-mentioned monitoring and access.

Unacceptable Use of the Company's IT Resources

Unless you have a legitimate business purpose for doing so, you must not use the Company’s IT Resources to send, store, create, stream, access or download any material (including data in any form) which is, or which a reasonable person would consider to be:

illegal
sexual or pornographic
graphic images or descriptions of violence or injury
racist or which promotes or encourages racism, violence, or intolerance
supportive of or promoting terrorism
hate speech, or
content that is or appears harassing, degrading, discriminatory, intimidating, defamatory or threatening.

If when using the Company’s IT Resources you receive (e.g. by email) any material within the above categories, you must immediately report the incident to the Company’s IT Manager.

In addition, you must not use the Company’s IT Resources to:

engage in any illegal activity
gamble
create or send viruses or malware
send ‘spam’ (irrelevant or unsolicited messages sent over the Internet, typically to large numbers of users, for the purposes of advertising, phishing, spreading malware, etc)
breach confidentiality
abuse, intimidate, threaten, discriminate against or harass any person or organisation
write or create software or any code
download material or install software unrelated to the Company’s business
infringe copyright (including what is often known as ‘piracy’, and including but not limited to by means of streaming content or using peer to peer or torrent file sharing services), or
operate any business.

Further, you must not use any telephone provided by the Company to engage in any of the above activities.

Approval from the Company is required to install or use any system not included as part of the Company’s standard operating environment.

Acceptable Personal Use

The Company acknowledges that users of its IT Resources may from time to time need to use the IT Resources for personal purposes, and permits reasonable personal use in accordance with the following requirements.

Reasonable personal use of the internet

Users should normally use the internet for non-business purposes only during approved break periods, e.g. lunch break, or before and after normal working hours. During this time, users should ensure use does not exceed the bounds of acceptable use or excessive use (i.e. negatively impact services). Very occasional, limited, non-business use during business hours is allowed provided it is not detrimental to the Company’s business, or the performance of job responsibilities or those of colleagues.

Use of personal email systems

Users must not, without a legitimate business purpose, use personal email systems to store, process or transmit Company or client information. Personal email systems include web-based (e.g. Gmail or Hotmail) and servers (e.g. accessed via POP3 or IMAP). These services bypass the Company’s controls for the protection of information, do not comply with record keeping requirements and put Company and client information at unnecessary risk. Many web-based email systems left open in your browser continuously check for new mail and cause unnecessary network congestion. Be sure to ‘sign out’ or ‘log off’ after using such services to reduce the impact on the Company’s network and to maintain the security of your personal account.

The Company will not be liable for any actions performed using personal email systems. Personal emails produced in web-based email systems while using the Company’s IT Resources may be stored by the Company and subject to monitoring.

Personal use of Company email and instant messaging (IM)

Limited, reasonable, non-business-related use of the email and (if relevant) IM system is permitted. However, messages should be kept short, and should not be detrimental to the Company’s business, or the performance of job responsibilities or those of colleagues. Personal emails and IM communications must still comply with all Company policies.

Appropriate Use of the IT Resources

Use of email services

The Company-provided email services are to be used primarily for Company business. Company provided email services must be used for all official email communications (e.g. when conducting Company business). The use of non-Company email services for Company business is prohibited unless prior authorisation is obtained from the Company.

Users must comply with the following requirements:

endeavour to respond to email requests promptly, even if this is only an email acknowledging receipt of the request and confirming that the matter is being attended to
always be courteous and professional when communicating via Company email
do not send email messages directed to large audiences (e.g. ‘Company wide’ emails) unless strictly necessary
write well-structured emails and use short, descriptive subjects
spell check messages before sending
do not breach privacy requirements when sending personal information via email to external recipients
do not write emails exclusively in capital letters (this is perceived as ‘shouting’)
do not ask for a delivery or read receipt unless you really need it
only mark emails as important if they really are important
do not send large email attachments (i.e. greater than 10MB) unless strictly necessary
only send or ‘Reply to All’ on emails to distribution lists (groups) where everyone belonging to the distribution list should receive the message
do not use slang or emoticons in email messages directed to large audiences or to external recipients, and
use only the Company’s authorised standard email signature.

Security of access

You must keep any passwords used for accessing the IT Resources secure and confidential. You must not give your passwords to other people without authorisation or proper cause.

You must not use or attempt to access another individual’s account without authorisation or proper cause, or attempt to capture or guess other users’ passwords.

‘Out of office’

Users unable to check their email for extended periods should use automated out-of-office messages to let other people know of their absence and alternative points of contacts for business continuity. Out-of-office messages sent externally present a security risk in publicly exposing your absence from work (and possibly home), so you should consider this and not include details of your whereabouts. If you are not sure what to write, you should ask the Managing Director.

Forwarding emails

Users must not forward security/privacy sensitive messages to external mailboxes. Users must not create email forwarding rules that forward email received to any third party other than the Managing Director or Executive Chairman (or delegates). Email forwarding rules can be useful and are permitted to be used only when creating conditional rules to forward specific emails onto others. The risk is that a rule will forward a message sent to you that should remain private or confidential. If you forward emails, state clearly what action you expect the recipient to take. Users must not automatically forward any Company email, conditional or otherwise, externally (e.g. to a web-based email account).

Maintaining your inbox

Users should file client/matter related emails promptly to the appropriate location, and afterwards delete these from their mailbox. Email is not an appropriate repository for long-term storage of emails and/or attachments.

Personal and confidential information

Users must not breach privacy requirements when sending personal information via email to external recipients. You should ensure that the transmission of ‘personal information’ outside of the Company does not infringe privacy. For example, if you have a document containing a person’s name, age or address, it is covered by the applicable privacy laws. For further information, refer to the Company’s Privacy Policy.

Users must not email confidential client or Company information externally without proper business reasons. Email sent externally should not be considered as secure and once sent, will transit many different networks, potentially in many different countries, and therefore may be read by non-intended recipients. If you are in doubt as to whether to send certain information via email, check this with the Managing Director or Executive Chairman first.

Unsolicited email

Show caution when opening unsolicited email (e.g. spam, phishing, scams) and clicking on links in email. Although the Company has strong security controls in place which filter most unsolicited email and phishing attempts, users still need to be cautious as some unsolicited email still makes it through to the Company inbox. Unsolicited email may ask you to download a file or click on a link leading to unauthorised access to information such as username, password and credit card details, or even your computer.

To detect possible risks and avoid becoming a victim:

don’t click on links, or open attachments if the email was unsolicited, i.e. you don’t know the sender or the subject of the message
treat all emails where the context is not known or that are out of context with suspicion, regardless of who the sender appears to be
delete chain emails and junk email and do not forward or reply to them, and
if you think you have received a spam email contact, contact the Helpdesk.

Use of internet services

The Company-provided internet services are to be used primarily for Company business and strictly in accordance with its policies.

Further, users must comply with the following requirements:

do not use ‘Anonymizer Websites’, TOR servers or non-corporate proxy servers which are used to access websites ordinarily blocked by the Company, mask browsing activities and to circumvent monitoring
do not access the ‘dark’ web
exercise caution when browsing encrypted web pages (eg pages that request username and passwords), and
do not use of automated browsing software without prior approval from the Company (i.e. any software including but not limited to programs, tools, utilities, scripts and commands used for the purpose of automating web browsing or downloading).