Professional Documents
Culture Documents
Acceptable Usage Policy - Cleaned
Acceptable Usage Policy - Cleaned
Acceptable Usage Policy - Cleaned
Page 1 of 10 Internal
ACCEPTABLE USAGE POLICY
Table of Contents
Table of Contents........................................................................................................................................ 2
Document Control ...................................................................................................................................... 3
Background ................................................................................................................................................ 4
Purpose....................................................................................................................................................... 4
Scope .......................................................................................................................................................... 4
Policy .......................................................................................................................................................... 4
Enforcement................................................................................................................................................ 9
Page 2 of 10 Internal
ACCEPTABLE USAGE POLICY
Document Control
AUTHORISATION
Reviewed By Authorised By
Name : Rajan Bagade Name : MISF
Signature : Signature :
VERSION HISTORY
1.14 Oct 2018 Rajan Bagade Yearly Review. Classification changed from
‘Company Confidential’ to ‘Internal’.
Page 3 of 10 Internal
ACCEPTABLE USAGE POLICY
Background
1. DP World SCO computing facilities are a property of the organization and the management of
DP World SCO is responsible to ensure that they are used in an ethical and lawful manner.
There is a need to identify the organization’s policy for the acceptable use of the organization
facilities to prevent unlawful and unethical use of the facilities.
2. The acceptable use policy is designed to protect the users of computing facilities in the
organization from violation of business, legal and social imperatives and will be followed in
letter and spirit by all.
Purpose
This policy lays down acceptable usage instructions for the organization’s information, computing
facilities and network.
Scope
This policy applies to all DP World SCO’s employees, contracted personnel and any third parties
representatives who have been provided access to the assets of the organization as per the ‘Third
Party Access Policy’.
Policy
Page 4 of 10 Internal
ACCEPTABLE USAGE POLICY
7. Users will not attempt to access any data or programs contained on any system for which they
do not have authorization or explicit written consent of the owner of the system.
8. Users will report any weaknesses they discover in computer security and any incidents of
possible misuse or violation of this policy, to the proper authorities by contacting the concerned
help desk or their superior manager. NO USER, HOWEVER, WILL ENGAGE IN ACTIVITY
TO ASSESS THE WEAKNESSES OF A SYSTEM.
Acceptable Software Usage
9. Users will not make unauthorised copies of copyrighted software, except as permitted by law
or by the owner of the copyright. Any copying of the software within the purview of law and
organization’s policy will be done with proper authorisation and support from the IT
department.
10. Users shall only use software which is approved by DP World SCO Information Security
department
11. Download and installation of freeware, spyware and pirated software on DP World IT assets
is prohibited
12. Freeware software, if necessary can only be used if there is a genuine business justification and
approval from DP World Information Security department
13. Record of all approved freeware software installed on DP World SCO IT assets shall be
maintained by IT Support team
14. Users shall not download and install games, movies, utilities, screen savers, wallpapers or
other personal software on DP World IT assets unless it is related to business and the approval
has been obtained
15. Users shall not make copies of system configuration files for their own, unauthorised use or to
provide to other people/users for unauthorised use.
Page 5 of 10 Internal
ACCEPTABLE USAGE POLICY
20. Users of corporate email application are advised to eliminate the use of email delegation
feature in their email application. Whenever an outlook email user requires to delegate his/her
email to a coworker, he/she shall fill a change request, consult IT support team, and collect
written approval from his/her department head
21. Corporate email delegation feature shall be enabled for limited use-cases and scenarios, listed
here:
o Employee going for annual / long leave delegating his/her email access to a co-worker
o DP World executives delegating their email access to their executive assistances
o HR department requests email delegation of resigned/fired employee to the employee’s
department head, employee’s replacement, or to audit team in the case of security breach
investigation.
22. Although DP World SCO encourages use of IT resources for carrying out business transactions
with due respect to privacy of employees, at any time and without prior notice DP World SCO
reserves the right to examine information stored or transmitted on DP World SCO computers
or networks, including but not limited to, personal files, directories, emails, instant messaging,
etc. for the following purposes:
o Preventing unauthorized access and system misuse
o Retrieving business related information during contingencies
o Security incident investigation
o Compliance with legal and regulatory requirements Users shall only use authorized instant
messaging software and shall not use public instant messaging services for confidential
business communication
23. Users shall provide all information related to email and internet usage whenever required or
asked by authorized personnel
24. Users shall consider information classification defined in “Information Classification,
Handling and Asset Management Policy” prior to sharing of DP World SCO information.
Page 6 of 10 Internal
ACCEPTABLE USAGE POLICY
Page 7 of 10 Internal
ACCEPTABLE USAGE POLICY
viruses, malware, and/or other software or hardware failures, or programming errors that
render the device unusable.
46. Users must be cautious about the merging of personal and work email accounts on their
devices. They must take care to ensure that company data is only sent through the organization
email system. If a user suspects that company data has been sent from a personal email account,
either in body text or as an attachment, they must notify the IT team immediately.
47. Making audio recordings of meetings is forbidden in all cases, unless an audible approval from
each participant is recorded at the beginning. Employees found using mobile devices in
violation of this rule will have their mobile device privileges revoked.
End-User Computing Security
48. All employees, vendors, contractors, consultants, temporary staff, and other workers
possessing confidential and business information of DP World shall be responsible for
safeguarding that information
49. End users shall take all reasonable steps to prevent damage or loss of DP World information
and assets
50. End users shall appropriately classify and protect the information owned by them as per DP
World “Information classification and handling” policy
51. End users shall not send any DP World secret, confidential, internal use information to public
email IDs
52. End users shall ensure that anti-virus and anti-spyware software are installed on their
computing devices and are up-to-date
53. End users shall use secure methods for transferring files to and from computing devices
54. End users shall not download sensitive information from DPW cloud to his/her personal
devices.
55. End users are not allowed download any software without the assistance of IT department.
56. End user shall ensure Windows patches are updated in his/her respective system from time
to time.
Personal Inappropriate Use
57. Users shall not purposely engage in activity with the intent to: harass other users; degrade the
performance of systems; deprive an authorised user access to a organization resource; obtain
extra resources, beyond those allocated; circumvent security measures or gain access to a
organization system for which proper authorization has not been given.
58. Unauthorised use of computing systems and facilities in violation of the organization policy
will constitute grounds for either civil or criminal prosecution.
59. Electronic communication facilities (such as Email, Internet Browsing) are for authorised
organization use only. Fraudulent, harassing or obscene messages and/or materials shall not
be sent from, to or stored on Company systems. THE POLICY PROHIBITS BROWSING
OBSCENE WEB SITES / MESSAGES ON THE COMPANY FACILITIES. Any violation of this
will result in strict disciplinary action including termination of employment with the company.
60. Users will not use organization’s computing Facilities to commit a breach of any law.
Page 8 of 10 Internal
ACCEPTABLE USAGE POLICY
61. Users shall not download, install or run security programs or utilities, which reveal
weaknesses in the security of a system.
62. Users shall not download any freeware/shareware/evaluation versions of software from the
Internet without proper authorization and approval from the IT management through the
concerned user management.
Use of Electronic Office Equipment
63. Following security safeguards will be observed by users when using Telephones and Fax:
63.1. Identify the caller or the recipient destination
63.2. Establish a clear need for the information asked
63.3. Send information only after prior approval of your HOD
64. When using the photocopiers employees will ensure that they do not make any copies of
controlled documents. Any such copies will be made after prior approval and authorisations
by the department head.
Compliance Responsibilities
65. Each User is responsible for adherence to this policy in its letter and spirit.
66. Respective superior officers / managers will be responsible for ensuring compliance to this
policy by their subordinate officers / managers. The respective managers will conduct spot
checks to ensure that their subordinates are adhering to this policy and report any violations
through appropriate channels.
Enforcement
Page 9 of 10 Internal
ACCEPTABLE USAGE POLICY
Exceptions
Any exceptions in adhering to this policy and its clauses must be approved by DP World SCO
Chief Information Security Officer, with a valid business justification. This must also go through
DP World SCO exception process, for review and approval by the concerned stakeholders, which
in turn require DP World SCO Change Management process to be adhered to.
“IT asset” is any data, device, network or other components that supports DP World SCO business
and operations.
“Mobile device” includes use of mobile computing devices such as, but not limited to mobile
phones, tablets, handheld computing devices etc. for business purposes.
“Social media” refers to blog sites, wikis, social networks, content sharing sites and any kind of
online communication between two or more entities.
“Removable / portable media” is data storage devices are used to store data and may be used for
backup, storage, or transportation of information, which can be removed from computer
without powering off the system.
Page 10 of 10 Internal