ACCEPTABLE USAGE POLICY

Acceptable Usage Policy

Page 1 of 10 Internal
ACCEPTABLE USAGE POLICY

Table of Contents

Table of Contents........................................................................................................................................ 2
Document Control ...................................................................................................................................... 3
Background ................................................................................................................................................ 4
Purpose....................................................................................................................................................... 4
Scope .......................................................................................................................................................... 4
Policy .......................................................................................................................................................... 4
Enforcement................................................................................................................................................ 9

Page 2 of 10 Internal
ACCEPTABLE USAGE POLICY

Document Control

Document Name Acceptable Usage Policy

AUTHORISATION

Reviewed By Authorised By
Name : Rajan Bagade Name : MISF
Signature : Signature :

DISTRIBUTION LIST: All Employees and contractors of DP World SCO region

VERSION HISTORY

Version Date Reviewed By Changes & Reasons for Change

1.0 Sep 2002 Rangarajan Initial Formulation
1.1 Oct 2003 Sanjay Joglekar Yearly Review and Change
1.2 Sep 2004 Manish Jaiswal Changed the name of the reviewer. Yearly
Review
1.3 Oct 2005 Manish Jaiswal Yearly Review
1.4 Mar 2006 Manish Jaiswal Change the name of the approver

1.5 Jan 2007 Manish Jaiswal Migration to ISO 27001

1.6 Oct 2009 Manish Jaiswal Yearly Review
1.7 Feb 2011 Manish Jaiswal Yearly Review
1.8 Apr 2012 Manish Jaiswal Yearly Review
1.9 Mar 2013 Manish Jaiswal Yearly Review
1.10 Mar 2014 Manish Jaiswal Yearly Review
1.11 Oct 2015 Manish Jaiswal Yearly Review and ISO 27001:2013 Transition
1.12 Oct 2016 Bright Ryan Changed logo and the name of the reviewer.
Yearly Review
1.13 Oct 2017 Manish Jaiswal Changed name of Reviewer. Yearly Review

1.14 Oct 2018 Rajan Bagade Yearly Review. Classification changed from
‘Company Confidential’ to ‘Internal’.

1.15 Nov 2019 Rajan Bagade Yearly Review

Page 3 of 10 Internal
ACCEPTABLE USAGE POLICY

1.16 Nov 2020 Rajan Bagade Yearly Review

1.17 July 2021 Rajan Bagade Yearly Review

Background

1. DP World SCO computing facilities are a property of the organization and the management of
DP World SCO is responsible to ensure that they are used in an ethical and lawful manner.
There is a need to identify the organization’s policy for the acceptable use of the organization
facilities to prevent unlawful and unethical use of the facilities.
2. The acceptable use policy is designed to protect the users of computing facilities in the
organization from violation of business, legal and social imperatives and will be followed in
letter and spirit by all.

Purpose

This policy lays down acceptable usage instructions for the organization’s information, computing
facilities and network.

Scope

This policy applies to all DP World SCO’s employees, contracted personnel and any third parties
representatives who have been provided access to the assets of the organization as per the ‘Third
Party Access Policy’.

Policy

Acceptable IT Asset Usage

1. Organization’s systems user accounts (log in ID’s and passwords) will be USED ONLY FOR
THE BUSINESS PURPOSE for which they have requested and authorised.
2. The business purpose for each user account created in the organizational systems will be
objectively stated while the creation and any changes to the same will be requested and
authorised by a proper change procedure.
3. Any personal/non-official use of these user accounts will be limited to preparation of
individual user documents, minimal personal correspondence etc.
4. Under no circumstances the user account will be used to participate in a personal financial
activity, investments, promotional contests etc.
5. Users are responsible for protecting any information used and/or stored /accessible through
their individual user accounts.
6. Users shall not divulge organizational information to anyone outside the organization without
proper authorisation. All information made available to the user in his/her business capacity
will be considered as ‘internal’ unless expressly stated otherwise.

Page 4 of 10 Internal
ACCEPTABLE USAGE POLICY

7. Users will not attempt to access any data or programs contained on any system for which they
do not have authorization or explicit written consent of the owner of the system.
8. Users will report any weaknesses they discover in computer security and any incidents of
possible misuse or violation of this policy, to the proper authorities by contacting the concerned
help desk or their superior manager. NO USER, HOWEVER, WILL ENGAGE IN ACTIVITY
TO ASSESS THE WEAKNESSES OF A SYSTEM.
Acceptable Software Usage
9. Users will not make unauthorised copies of copyrighted software, except as permitted by law
or by the owner of the copyright. Any copying of the software within the purview of law and
organization’s policy will be done with proper authorisation and support from the IT
department.
10. Users shall only use software which is approved by DP World SCO Information Security
department
11. Download and installation of freeware, spyware and pirated software on DP World IT assets
is prohibited
12. Freeware software, if necessary can only be used if there is a genuine business justification and
approval from DP World Information Security department
13. Record of all approved freeware software installed on DP World SCO IT assets shall be
maintained by IT Support team
14. Users shall not download and install games, movies, utilities, screen savers, wallpapers or
other personal software on DP World IT assets unless it is related to business and the approval
has been obtained
15. Users shall not make copies of system configuration files for their own, unauthorised use or to
provide to other people/users for unauthorised use.

Acceptable Email and Web Browsing Usage

16. Email systems, internet and instant messaging systems provided by DP World SCO shall only
be used for official / business purposes
17. These systems may be used for limited and reasonable personal use with due consideration to
the following:
o Protection of DP World SCO intellectual property and sensitive information
o Avoid conflict of interest
o User’s productivity
18. Users shall not indulge in unlawful activities leveraging DP World SCO email and internet
services which may cause harm to DP World’s reputation or business delivery capability
19. DP World SCO email users shall not have access to any email profiles except the ones assigned
to them, and this applies to all email file formats (e.g. pst, ost, etc.). Only in case of compliance
or regulatory requirements, DP World SCO authorized personnel shall be granted access to
the other employee’s emails in order to meet the said requirements, with an approval from HR
and employee’s Department Heads

Page 5 of 10 Internal
ACCEPTABLE USAGE POLICY

20. Users of corporate email application are advised to eliminate the use of email delegation
feature in their email application. Whenever an outlook email user requires to delegate his/her
email to a coworker, he/she shall fill a change request, consult IT support team, and collect
written approval from his/her department head
21. Corporate email delegation feature shall be enabled for limited use-cases and scenarios, listed
here:
o Employee going for annual / long leave delegating his/her email access to a co-worker
o DP World executives delegating their email access to their executive assistances
o HR department requests email delegation of resigned/fired employee to the employee’s
department head, employee’s replacement, or to audit team in the case of security breach
investigation.
22. Although DP World SCO encourages use of IT resources for carrying out business transactions
with due respect to privacy of employees, at any time and without prior notice DP World SCO
reserves the right to examine information stored or transmitted on DP World SCO computers
or networks, including but not limited to, personal files, directories, emails, instant messaging,
etc. for the following purposes:
o Preventing unauthorized access and system misuse
o Retrieving business related information during contingencies
o Security incident investigation
o Compliance with legal and regulatory requirements Users shall only use authorized instant
messaging software and shall not use public instant messaging services for confidential
business communication
23. Users shall provide all information related to email and internet usage whenever required or
asked by authorized personnel
24. Users shall consider information classification defined in “Information Classification,
Handling and Asset Management Policy” prior to sharing of DP World SCO information.

Acceptable Social Media Usage

25. Users shall not post, communicate, or express their views on behalf of DP World via social
media unless they are authorized to do so and they shall not disclose or post any information
which could harm the reputation of DP World SCO
26. Users shall always respect the dignity of colleagues and competitors while posting any
information on social media
27. Users shall be personally responsible for adhering to “Terms of Service” of the respective social
media site
28. Users shall ensure that all such social online activities do not interfere with their job
responsibilities and commitments
29. Users shall not create personal social media account using DP World email address

Page 6 of 10 Internal
ACCEPTABLE USAGE POLICY

Acceptable Removable Media Usage

30. Users shall not be allowed to use removable media unless there are legitimate business needs.
Users shall use removable media post scanning with anti-malware to ensure it is malware free
31. Users shall not copy DP World SCO sensitive information including but not limited to personal
contacts, intellectual property documentation, non-public personal information such as credit
card numbers, passport numbers, etc. into the removable media from DP World SCO assets.
32. Asset owners shall be held accountable for:
o Copying DP World SCO related sensitive information to any removable media which could
cause confidentiality breach
o Causing transmission of malicious code from removable media to DP World SCO network
o Execution of unauthorized software programs from removable media which could
potentially lead to security incidents with business impact
o Legal violations
33. All DP World SCO provided removable media shall be subject to quarantine upon return by
employee, before being reused and utilized.
34. Users shall permanently erase DP World specific and business confidential data from such
devices once they are no longer required.
35. Users must ensure that storage media (hard disks, USB drives, tapes) containing sensitive
information is physically secured at all times.
36. Users are required to encrypt sensitive data on storage media and dispose it as per media
handling best practices.

Acceptable Mobile Devices Usage

37. Users requiring DP World related information access on hand held devices shall obtain
necessary authorization
38. Users shall be responsible for the safety and security of DP World information stored on their
mobile phones and tablets
39. Mobile Device Management (MDM) solution needs to be installed in the mobile in order to
access organization related applications on mobile.
40. Only authorized users shall be allowed to take photographs and shoot video clips in sensitive
areas
41. The company reserves the right to disconnect devices or disable services without notification.
42. Lost or stolen devices will be reported to the company within 24 hours. Employees are
responsible for notifying their mobile carrier immediately upon loss of a device.
43. The employee is expected to use his or her devices in an ethical manner always and adhere to
the DP World SCO’s Acceptable Use Policy, as outlined above.
44. The employee will be personally liable for all costs associated with his or her device.
45. The employee assumes full liability for risks including, but not limited to, the partial or
complete loss of company and personal data due to an operating system crash, errors, bugs,

Page 7 of 10 Internal
ACCEPTABLE USAGE POLICY

viruses, malware, and/or other software or hardware failures, or programming errors that
render the device unusable.
46. Users must be cautious about the merging of personal and work email accounts on their
devices. They must take care to ensure that company data is only sent through the organization
email system. If a user suspects that company data has been sent from a personal email account,
either in body text or as an attachment, they must notify the IT team immediately.
47. Making audio recordings of meetings is forbidden in all cases, unless an audible approval from
each participant is recorded at the beginning. Employees found using mobile devices in
violation of this rule will have their mobile device privileges revoked.
End-User Computing Security
48. All employees, vendors, contractors, consultants, temporary staff, and other workers
possessing confidential and business information of DP World shall be responsible for
safeguarding that information
49. End users shall take all reasonable steps to prevent damage or loss of DP World information
and assets
50. End users shall appropriately classify and protect the information owned by them as per DP
World “Information classification and handling” policy
51. End users shall not send any DP World secret, confidential, internal use information to public
email IDs
52. End users shall ensure that anti-virus and anti-spyware software are installed on their
computing devices and are up-to-date
53. End users shall use secure methods for transferring files to and from computing devices
54. End users shall not download sensitive information from DPW cloud to his/her personal
devices.
55. End users are not allowed download any software without the assistance of IT department.
56. End user shall ensure Windows patches are updated in his/her respective system from time
to time.
Personal Inappropriate Use
57. Users shall not purposely engage in activity with the intent to: harass other users; degrade the
performance of systems; deprive an authorised user access to a organization resource; obtain
extra resources, beyond those allocated; circumvent security measures or gain access to a
organization system for which proper authorization has not been given.
58. Unauthorised use of computing systems and facilities in violation of the organization policy
will constitute grounds for either civil or criminal prosecution.
59. Electronic communication facilities (such as Email, Internet Browsing) are for authorised
organization use only. Fraudulent, harassing or obscene messages and/or materials shall not
be sent from, to or stored on Company systems. THE POLICY PROHIBITS BROWSING
OBSCENE WEB SITES / MESSAGES ON THE COMPANY FACILITIES. Any violation of this
will result in strict disciplinary action including termination of employment with the company.
60. Users will not use organization’s computing Facilities to commit a breach of any law.

Page 8 of 10 Internal
ACCEPTABLE USAGE POLICY

61. Users shall not download, install or run security programs or utilities, which reveal
weaknesses in the security of a system.
62. Users shall not download any freeware/shareware/evaluation versions of software from the
Internet without proper authorization and approval from the IT management through the
concerned user management.
Use of Electronic Office Equipment
63. Following security safeguards will be observed by users when using Telephones and Fax:
63.1. Identify the caller or the recipient destination
63.2. Establish a clear need for the information asked
63.3. Send information only after prior approval of your HOD
64. When using the photocopiers employees will ensure that they do not make any copies of
controlled documents. Any such copies will be made after prior approval and authorisations
by the department head.
Compliance Responsibilities
65. Each User is responsible for adherence to this policy in its letter and spirit.
66. Respective superior officers / managers will be responsible for ensuring compliance to this
policy by their subordinate officers / managers. The respective managers will conduct spot
checks to ensure that their subordinates are adhering to this policy and report any violations
through appropriate channels.

Enforcement

Company’s Right to Monitor

67. The information and computing resources allocated to users are property of the Company and
the Company reserves the right to monitor the activities of the users on these facilities.
Acceptable Use Compliance Checks
68. The IT Management will devise and deploy technical controls such as systems audit settings,
and monitoring software to create appropriate audit trails for acceptable usage.
69. Checks will be included in the half yearly internal assessment on a random sample of company
facilities to ascertain compliance to the acceptable use policy.
Penalties for Breaches of Acceptable Usage Policy
70. Any non-compliance with the requirements of this policy will constitute a security violation
and will be reported to management, and may result in short-term or permanent loss of access
to computing systems. Serious violations may result in dismissal and/or civil or criminal
prosecution.
71. Penalties for breaches of Acceptable Usage Policy will be based on the severity of the breach
but can include:
71.1. Professional Counseling /warning and/or
71.2. Dismissal, and/or

Page 9 of 10 Internal
ACCEPTABLE USAGE POLICY

71.3. Civil Action.

Disciplinary Process
72. All information security breaches would be investigated, and disciplinary action would be
taken on the employees who have committed the violation as per prevailing company policies
depending on the gravity and nature of the breaches.

Exceptions

Any exceptions in adhering to this policy and its clauses must be approved by DP World SCO
Chief Information Security Officer, with a valid business justification. This must also go through
DP World SCO exception process, for review and approval by the concerned stakeholders, which
in turn require DP World SCO Change Management process to be adhered to.

Definitions and Terms

“IT asset” is any data, device, network or other components that supports DP World SCO business
and operations.
“Mobile device” includes use of mobile computing devices such as, but not limited to mobile
phones, tablets, handheld computing devices etc. for business purposes.
“Social media” refers to blog sites, wikis, social networks, content sharing sites and any kind of
online communication between two or more entities.
“Removable / portable media” is data storage devices are used to store data and may be used for
backup, storage, or transportation of information, which can be removed from computer
without powering off the system.

Page 10 of 10 Internal