Document Details

Name of the Document Acceptable Usage Policy

Maintained by ISMS Team
Release date 07-September -2022

Revision History

Description of Date of
Sr. No. Ver Author Reviewed By Approved By
Change Revision
1 1.0 Version 1.0 Pradeep C. S. Vamsi Krishna Satyashil Rane 01-Apr-2014
Mark Smith Kishor Vaswani
2 1.1 Review 15-Jul-2015
Mark Smith Kishor Vaswani
3 1.2 Review 14-May-2016
Mark Smith Kishor Vaswani
4 1.4 Review 12-Apr-2016
Chaitany Kamble Kishor Vaswani
5 1.5 Review 20-Sep-2017
Chaitany Kamble Mark Smith
6 1.6 Review 29-May-2018
Chaitany Kamble Mark Smith
7 1.7 Review 26-Jul -2019
Annual
8 1.8 Review, No ISMS Team Satinder Kaur Satya Rane 20-Oct-2020
Change
Annual
Risk 13-October-
9 1.9 Review, No Shreyas Tambe Shamala Boyd
Management 2021
Change
Annual
Review,
additional Risk 07-September -
10 2.0 Jhon Gavilan Shamala Boyd
responsibility Management 2022
statements
added

Acceptable Usage Policy Internal Page 1 of 6

Table of Contents
1 Purpose ...................................................................................... 3
2 Scope .......................................................................................... 3
3 Reference ................................................................................... 3
4 Policy Statement......................................................................... 4
4.1 Acceptable Usage .............................................................................. 4
4.1.1Internet Usage .................................................................................................. 4
4.1.2Email Usage .................................................................................................... 4
4.1.3Mobile Computing and Teleworking................................................................ 4
4.2 Un-Acceptable Usage ......................................................................... 5
4.2.1System and Network Activities ........................................................................ 5
4.2.2Email Communication ..................................................................................... 6
4.2.3Disciplinary Action .......................................................................................... 6

Acceptable Usage Policy Internal Page 2 of 6

1 Purpose

The purpose of this policy is to define the acceptable and unacceptable usage of ControlCase
information, IT assets and associated information processing facilities.

2 Scope

The Acceptable Use Policy applies to all the end-users, business partners, third parties, who shall
access ControlCase IT Assets / related Information Processing systems, and / or the information
stored within.

3 Reference

Description of Document
Human Resources Security Policy
Internet Access Policy
Email Policy
Mobile Computing and Teleworking Policy
Incident Management Policy

Acceptable Usage Policy Internal Page 3 of 6

4 Policy Statement

4.1 Acceptable Usage

While ControlCase desires to provide a reasonable level of privacy, users should be aware that the data they
create on ControlCase systems remains the property of ControlCase.
To protect ControlCase information and associated assets, all employees whether permanent or temporary,
contractors, third party users, must abide by the terms and conditions of Acceptable Usage policy document,
to access and utilize networking, computing and information processing facilities deployed by ControlCase.
ControlCase management or a delegate has right to monitor the usage of IT Assets, associated information
and information processing facilities at any point in time, as deemed necessary by PC and CEO. Users found
violating the policy shall be strictly dealt in accordance with the disciplinary process as given in ControlCase
Human Resources Security Policy.
ControlCase management reserves the right to audit information systems, networks on a periodic basis to
ensure compliance with this policy. Internal ISMS Team shall perform regular audits to identify any non-
compliance.

4.1.1 Internet Usage

Users are required to abide by the terms and conditions laid down in Internet Access Policy. Users must sign
off the Internet Access Request Form prior to its use.

4.1.2 Email Usage

Users are required to abide by the terms and conditions laid down in Email Policy.
Prior to the usage of ControlCase Email facility, each user must understand Email security guidelines laid down
and Email etiquettes.

4.1.3 Mobile Computing and Teleworking

Users of ControlCase mobile computing equipment are required to abide by the terms and conditions laid
down in Mobile Computing and Teleworking policy along with the terms and conditions prior to the usage.

Acceptable Usage Policy Internal Page 4 of 6

4.2 Un-Acceptable Usage
Following activities are, in general, prohibited. Employees may be exempted from these restrictions during
their legitimate job responsibilities only with appropriate authorization (e.g., Consultant/Executive/Managers
- Technical may have a need to disable unnecessary ports and services of a host if that host is disrupting
ControlCase production servers): -

4.2.1 System and Network Activities

• Under no circumstances should an employee of ControlCase is authorised to engage in any activity

that is illegal under local, state, federal or international law while utilising company owned resources.
• Violations of the rights of any person or company protected by copyright, trade secret, patent or other
intellectual property, or similar laws or regulations, including, but not limited to, the installation or
distribution of "pirated" or other software products that are not appropriately licensed for use by
ControlCase or expressly authorized by ControlCase management.
• Unauthorised copying of copyrighted material including, but not limited to, digitisation and
distribution of photographs from magazines, books or other copyrighted sources, copyrighted
information, and the installation of any copyrighted software for which ControlCase or the end user
does not have an active license is strictly prohibited.
• Exporting software, technical information, encryption software or technology, in violation of
international or regional export control laws, is illegal. ControlCase management should be consulted
prior to export of any material that is in question.
• Introduction of malicious programs (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.) into the
ControlCase network.
• Revealing one’s account password to others or allowing use of your account by others. This includes
family and other household members when work is being done from home.
• Using a ControlCase computing asset to actively engage in procuring or transmitting material that is in
violation of sexual harassment or hostile workplace laws in the user's local jurisdiction.
• Using commercial tools procured by ControlCase to initiate, launch, attack, sniff, or disrupt the services
of another organisation who has not on explicit basis given the consent to do so for the purpose of
identification of vulnerabilities or security risks affecting them; neither shall the same be used against
ControlCase.
• The display of any kind of sexually explicit image or document on any ControlCase system is a violation
of our Information Security policy and as applicable law
• Making fraudulent offers of products, items, or services originating from any ControlCase account.
• Effecting security breaches or disruptions of network communication. Security breaches include, but
are not limited to, accessing data of which the employee is not an intended recipient or logging into a
server or account that the employee is not expressly authorised to access, unless these duties are
within the scope of regular charter. For purposes of this section, "disruption" includes, but is not
limited to, network sniffing, ping floods, packet spoofing, denial of service, launching exploits and
forged routing information for malicious purposes etc.
• Port scanning or security scanning is expressly prohibited unless authorised by VP- Security Testing to
audit ControlCase / client’s network (with explicit permission from client) for identification of security
risks.
• Executing any form of network monitoring which will intercept data not intended for the employee's
host, unless this activity is a part of the employee's normal job/duty or expressly authorised by VP-
Security Testing.
Acceptable Usage Policy Internal Page 5 of 6
 • Providing information about, or lists of, ControlCase employees to parties outside ControlCase.

4.2.2 Email Communication

• Consider carefully what you write in E-mail, it’s a permanent record and can be easily forwarded to
others.
• Keep email short and to the point.
• One should be very careful while putting company confidential information on E-mail. Check the list
of recipients before sending the mail.
• Never share your user ID or password over the email.
• Never assume that your E-mail can be read by no one except yourself and the recipient, other(s) may
be able to read the mail sent by you.
• Never send company’s confidential information over the Internet to an external mail ID.
• Use “reply to all” with great caution. Re-check the recipient list before sending.
• Never forward or send a chain letter, if you receive one, delete it from the inbox.
• Do not send or forward JUNK mails (mails which do not help in enhancing enterprise or individual
productivity).
• Never send unsolicited mails to any other users or to distribution list.
• Delete unwanted messages immediately since they take up disk storage.

4.2.3 Disciplinary Action

• Employees, end users, partners, 3rd parties, and others, making use of ControlCase resources or
information, should be responsible for their use of any information processing resources and of any
such use carried out under their responsibility.
• Any employee found to have violated this policy might be subjected to disciplinary action, up to and
including termination of employment. Employees are also expected to report any security violations
as per ControlCase Information Security Incident Management policy.

Acceptable Usage Policy Internal Page 6 of 6