IT Acceptable Use Policy

ITAcceptable Use PolicyThe Aims of This Policy…• To promote the professional, ethical, lawful and productive use of Africa Centreinformation technology resources.• To define and prohibit unacceptable use of Africa Centre information systems• To educate users about their Information Security responsibilities• To describe where, when and why monitoring may take place• To outline disciplinary proceduresYou are expected to read, understand and sign this policy as a condition of your employment.Breach of this policy is a disciplinary matter.If you are in doubt and require clarification on any matter, please speak to your line manageror the Head of IT.

2. Your ComputerThings to know “Your” computer is the property of Africa Centre and has been prepared by the ITdepartment for use on the Africa Centre network. Data saved to local drive (C:\ drive) will not be backed up, and will be lost if yourcomputer breaks, gets stolen or is replaced. Data saved to the temporary folder (S:\temp) are deleted every Friday night. Africa Centre may at any time and without prior notice:-o Audit your computer to ensure compliance with policyo Require the return of your computer and any associated equipmentThings to do Lock your workstation (CTRL+ALT+DEL) when you are away from it. Save project-related files to the shared drive (S: drive). Save departmental data to the organisational drive (O:\ drive). Save personal documents to your home drive (H:\ drive) where it will be automaticallybacked-up for you. Ensure that files received from anywhere outside the company are virus checkedbefore you open them. This includes files on CD, floppy, or USB drive. If in doubt, askthe IT helpdesk to scan it for you. If you suspect that you may have a virus, leave your computer on, unplug the networkcable and call the IT helpdesk.Things not to do Do not allow anyone else to use your computer while you are logged in. Do not install software on your computer. This should only be done by the IThelpdesk. Things that you should never attempt to install include but are not limitedto:-o Screen saverso Gameso Utilities that claim to remove spyware or viruses Do not disable or uninstall any of the software that is installed on your computerv1.1 3

3. Portable ComputersThings to know You should read and understand this section even if you do not normally use aportable computer. You may need to do so at some point in the future. You are responsible for the care and safe storage of any computer equipment thathas been issued to you. The term ‘portable computer’ covers any company-owned mobile computing deviceincluding:-o Laptopo Tablet PCso PDAs (Personal digital Assistants also known as Pocket PCs, Palms oriPaqs)o Blackberry e-mail devicesThings to do Back up your work to the server at regular intervals. Always consider the physical security of your portable computer:-In an unlocked officeIn the carAt homeIn a hotelTravellingSecured with a cable or kept in a locked drawerConcealed from view. Ideally in a locked trunk or glovecompartmentIdeally within a locked work area. Otherwise within a lockeddrawerConcealed from view. Ideally locked in a suitcaseKeep the computer on your person and out of sight at alltimes If you work at home, prepare your work area as follows :-o Where possible, set aside a lockable room for company use. Otherwise:-• Minimise and control interruptions from family and visitors• Ensure that there is lockable storage for your computer and paperswhen not in useo Ensure that your computer screen cannot be overlookedo Ensure that any papers can be covered in the event of an interruptionThings not to do Do not view sensitive information on the train, plane or in any public area. Thisprovides an opportunity for onlookers. Do not allow family, friends or anybody else to use the computer. Do not leave portable computers in the car unless absolutely necessary. Never connect your computer to an unapproved network (such as your homebroadband service or a hotel access point).v1.1 4

4. Your PasswordThings to know You can change your password at any time (from the CRTL + ALT + DEL menu) notjust when the system prompts you. If you need to grant shared access to files, a diary or e-mail account, this can bearranged by the IT helpdesk. You do not need to share passwords. The access rights associated with your user account may be changed or revokedshould your employment change or become terminated. Passwords expiration? Passwords lockdown count?Things to do Set a password or phrase. Make it as secure as you can by using some or all of thefollowing techniques:-o Use two unrelated words or a short phraseo Include at least one numbero Include at least one upper case charactero Include at least one symbol Change your password if you suspect that someone else may know it.Things not to do Do not write your password down. Do not use one of the ‘top 5 predictable passwords’:-o The name of a family membero The name of a peto Your football teamo A rude wordo An item or brand name that you can see from your desk Do not disclose your password to anyone. Even IT staff do not need to know it. Do not use anyone else’s password.v1.1 5

5. E-mailThings to know Africa Centre e-mail systems are provided for business use. Reasonable personaluse is permitted, and is defined later in this policy. All mailboxes have quota limits placed on them. You will receive email notificationwhen approaching your quota limit. The final email that is received which takes anindividual over their limit will always be delivered. Once over quota no further emailcan be delivered to an individual's inbox until they have reduced their storage belowtheir limit. Africa Centre monitors all e-mail to ensure compliance with policy. E-mail is not a secure method of communication. Once a message is sent you haveno further control over who reads it. E-mail is admissible in court and carries the same weight as a letter on companyheaded paper. There are limits on the size of an email that can be received and transmitted. Noemail greater that 10 Mbytes can be accepted for delivery to an Africa Centreaccount. No email greater than 10 Mbytes can be accepted for transmission by theemail servers.Things to do Use the same care when drafting an e-mail message as you would when writing aletter or memo on company headed paper. Make sure that your message is concise, relevant and sent only to the people thatneed to read it. Use the telephone or face to face conversation instead of e-mail where this ispossible and appropriate. Turn on the automatic reply feature if you intend to be out of the office and are unableto respond to business e-mail. The message should inform the sender of whom theycan contact if urgent attention is required. Clear out old and unwanted messages from your mailbox.Things not to do Never open an attachment that you were not expecting. Even if you know the sender. Never supply banking or payment details in response to an e-mail message. This is awell-known method of fraud. Your bank will never request security details by e-mail. Do not use e-mail to send sensitive or confidential information. Do not send or forward anything that:-o Others may find offensiveo May be defamatory (about an individual or organisation)o Is covered by a copyright Do not circulate non work-related material. This includes but is not limited to:-o Jokeso Chain lettersv1.1 6

o Virus warningso Softwareo Music, pictures or video Do not disclose any information about a person that you would object to beingdisclosed about yourself Never use e-mail to rebuke, criticise or complain about somebody. You may saysomething that you regret, and the record will be permanent.v1.1 7

6. Web AccessThings to know Web access is provided for business use. Reasonable personal use is permitted, andis defined later in this policy. Africa Centre monitors and records all web access to ensure compliance with policy. Access to certain web sites may be blocked in order to protect you and theorganisation. This does not imply the suitability of sites that are not blocked. Youmust always use your discretion along with the guidance below when visiting websites.Things to do Inform the IT helpdesk if access to a legitimate and business-related web site isblocked. Inform the IT helpdesk if you believe you have a virus or spyware infection on yourcomputer. This is a routine occurrence; it does not indicate irresponsible browsing,and you will not be disciplined. Do not attempt to remedy the infection yourself.Things not to do Do not view or download anything that others may find offensive. Do not download anything that is likely to be covered by copyright. This includes, butis not limited to:-o Musico Pictureso Software Do not use the web for listening to radio or watching video. Do not use web-based e-mail (such as Hotmail or Gmail) for business relatedcorrespondance. Do not visit the “high-risk” site categories shown below. Although their contentappears to be free, it is often funded by installing spyware on your computer.o Free screensavers and smileyso Free music downloads or ringtoneso Free software and serial numbers (also known as warez and cracks)o Adult materialv1.1 8

7. PrintingThings to know Colour printers cost much more per page than black and white ones. Even if there isno colour on the page. Printers are provided for business use only.Things to do Be selective about what you print. Print only when necessary and only the necessarypages of a document. Print double sided to save paper where possible Use a photocopier when producing a large number of copies Keep the area around printers tidyThings not to do Do not print to a colour printer unless colour conveys important information in yourdocument that would be lost in black and white. Do not resend your print job if nothing happens. Instead, check the following:-o Is the print job still listed in the queue?o Did you send it to the right printer?o Is the printer switched on?o Is the printer in an error state because:-• There is paper jam• It is out of paper• It is out of toner or inkv1.1 9

8. Use of Electrical ResourcesThings to know Implementing the small changes described on this page can make a big difference tothe organisation’s costs, and also to the environment. Phone chargers and AC adapters consume a small amount of power even whennothing is connected to them.Things to do Turn off your monitor before you leave rather than leaving it in standby. The energysaved over a year is enough to boil 1.5 tons of water. If you have a workgroup printer or copier in your area, establish a routine with yourcolleagues so that it gets turned off at night and back on in the morning. The energysaved over a year is enough to boil 66 tons of water. Unplug or switch off phone, PDA or BlackBerry chargers when they are not in use.Things not to do Do not turn off computer equipment on behalf of someone else. There may be a goodreason why it has been left on. Do not turn off fax machines.v1.1 10

9. Personal UseAfrica Centre recognises that personal access to e-mail and the web at work helps employeesto maintain a positive work life balance.Limited and ‘reasonable’ personal use of e-mail and the web is permitted. Reasonable use isdefined below. Personal use of all other systems is prohibited.E-mail and web access for personal use have been provided at considerable risk and cost tothe company. Africa Centre asks that employees make sensible and conscientious use ofthese facilities in return.All e-mail and web access is monitored to ensure compliance with policy. Employees thatchoose to make personal use of company systems do so in acceptance of the monitoringmeasures outlined in this policy.Personal use of these systems is a privilege. Africa Centre reserves the right to withdraw iteither individually or globally at any time without notice or explanation.Reasonable UseReasonable personal use of company systems is that which:- Is lawful and ethical. Is in accordance with this policy. Takes place during authorised breaks or outside of your working hours. Does not adversely affect your productivity. Does not make unreasonable use of limited company resources.Unreasonable UseUnreasonable personal use of company systems includes but is not limited to:- Contravention this policy in any way, but including the sending, viewing ordownloading of:-o Material that others may find offensiveo Unauthorised softwareo Material covered by copyright, such as music, videos or games Personal use that can reasonably be described as excessive within the context of aprofessional working environment. Activities for personal financial gain. Use for business other than that of Africa Centre and its associated businesses.v1.1 11

10. Legal ResponsibilitiesThings to know You are personally responsible for ensuring that your use of information systems islawful. Failure to do so may result in any or all of the following:-o You being personally liable to criminal prosecution.o You being personally sued for damages.o Africa Centre directors being personally liable to criminal prosecution.o Africa Centre being sued for damages.Things to do Comply with software licenses, copyrights and all other laws governing intellectualproperty. If you process personal data (data that identifies a living individual) in the course ofyour work, you must do this in accordance with Data Protection laws. Your linemanager can provide you with job-specific guidance on Data Protection.Things not to do Do not borrow or copy company software for use at home or elsewhere. Do not write or say anything defamatory or potentially libellous about anotherindividual or company.v1.1 12

11. MonitoringAfrica Centre owns the company’s information systems and any information that resides onthem. It reserves the right to monitor any company system at any time.You should have no expectation of privacy when using Africa Centre information systems,whether for business or personal use.Monitoring of systems is carried out in order to:-• Detect and prevent unlawful use of systems• Detect and prevent misuse of company systems• Maintain the effective operation of systems• Protect the reputation of Africa Centre• Protect Africa Centre from legal liabilityRaw monitoring data will be viewed and analysed only by the Head of IT and his or hernominated representatives.On instruction of the Africa Centre director, the data may be passed as necessary to any ofthe following:-• The Head of Human Resources• The appropriate line manager• The Policev1.1 13

12. EnforcementBreach of this policy will invoke the company disciplinary process.Serious or persistent breaches may constitute gross misconduct and result in dismissal.Availability of this documentThis document is published on the Intranet home page in the IT policiesRelated PoliciesPlease refer to the intranet for the following IT policies and proceduresEmail policyWeb policyMobile computer policyPassword PolicyUser Management Policyv1.1 14

13. Glossary & DefinitionsChain lettersCTRL + ALT + DELThese are e-mail messages or slideshows that encourage you to‘pass this on to all your friends’ or ‘pass this on to six people today’Pronounced as Control Alt Delete, this abbreviation representspressing all three of the CTRL ALT and DELETE keyssimultaneously.Using CTRL + ALT + DEL when you are logged in will display amenu on the screen. Options include:-• Lock Computer (to prevent unauthorised access)• Change PasswordHome driveIT steering committeeSoftwareAn area on the company’s server that is set aside exclusively foryour work. It appears on your computer as a drive letter (usually H:)This committee meets monthly to oversee the activities of the ITcommittee. Director, Deputy director, database scientist, data centremanager, one project leader.Any program that can be installed on your computer. Examplesinclude:-• Microsoft Word• An Antivirus program• A game• A screensaverUserAny user granted access to Africa Centre information systems.Including:-• Employees• Temporary staff• Voluntary staff• Employees of partner organizations• Contractors and subcontractors• Agents• Work experience placementsYouYou are defined as a user of Africa Centre information systemsv1.1 15

14. Document ControlDocument InformationDocument TitleInformation Systems Acceptable Use PolicyVersion 1.1StatusFirst IssuedMaintained byDraft for reviewnot yet issuedHead of ITRevision HistoryVersion Date Details1.0 2006-Nov-141.1 2008-Mar-06 Rewrite the policy in a more user-friendly format.Use of document field.v1.1 16

15. Acceptance formYou are now asked to sign this policy in order to provide a record that you have read,understood and agreed to it.If you do not understand or are unhappy with any part of this policy, please raise this withyour manager or the Head of IT.Otherwise, please tick the boxes next to each statement and sign below. I confirm that I have read and understand this Information Systems Acceptable UsePolicy I agree to abide by the conditions set out in this policy.SignedPrint NameDepartmentDatePlease return your signed policy to the Head of IT.Thank You.v1.1 17