This document outlines ZYZ Corp's information systems policies, including:
- Corporate data ownership and definitions of corporate, personal, and confidential data.
- Privacy policies regarding monitoring employee computer and device use, and access to passwords.
- General use policies prohibiting offensive content and personal streaming/downloading.
- Limited personal use of systems if done on personal time.
- Password security and remote access policies.
- Data storage policies regarding social security numbers and corporate/personal data.
- Physical security of devices and reporting lost/stolen equipment.
- Prohibition of unauthorized software copying.
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
Information Technology Policy for Corporates is the need of the hour as organisations, are continuously at a stake for violation of information technology laws, commission of cyber crimes, sexual harassment, e-mail violations, and misuse of internet and intranet.
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
Information Technology Policy for Corporates is the need of the hour as organisations, are continuously at a stake for violation of information technology laws, commission of cyber crimes, sexual harassment, e-mail violations, and misuse of internet and intranet.
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
Today, balancing business opportunity and customer's data protection has become a difficult challenge. As technology, data sources and targeting abilities grow, so does the crucial need to respect user privacy and ensure a good data protection. But with laws, practices and definitions that are constantly evolving around the world, it can all seem a bit confusing.
Not sure where to start? Wondering how you can better align with privacy law? Then this webinar is for you.
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesParsons Behle & Latimer
Cyber security awareness empowers your employees to defend against data breaches. This presentation discusses topics including secure passwords, cloud computing and mobile device policies. Learn how to educate your employees to identify risks and protect company data.
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
Information Security Awareness, Petronas Marketing SudanAhmed Musaad
A two hours security awareness session that I presented for Petronas Marketing Sudan employees. The session includes -- but not limited to -- many topics like Passwords, Email Security, Social Networks Security, Physical Security, and Laptop Security.
You can use this as an introductory session for your security awareness training, but not as a sufficient one time session at all.
Your comments, feedback, and suggestions are much appreciated.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
Agenda:
What are mobile devices?
Mobile device threads
BYOD
BYOD Pros and Cons
4 Steps to design BYOD:
BYOD Strategy
Mobile Hacking techniques demo:
Android Phone
Mobile Application Security
Laptop
Pendrives
BYOD or BYOA
How to Secure the data storages and transportation
Cyber24x7 Cybersecurity awareness slides to make users aware of company policies , information security issues , phishing emails etc. Well explained crisp information security slides covering 27001 awareness.
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
Today, balancing business opportunity and customer's data protection has become a difficult challenge. As technology, data sources and targeting abilities grow, so does the crucial need to respect user privacy and ensure a good data protection. But with laws, practices and definitions that are constantly evolving around the world, it can all seem a bit confusing.
Not sure where to start? Wondering how you can better align with privacy law? Then this webinar is for you.
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesParsons Behle & Latimer
Cyber security awareness empowers your employees to defend against data breaches. This presentation discusses topics including secure passwords, cloud computing and mobile device policies. Learn how to educate your employees to identify risks and protect company data.
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
Information Security Awareness, Petronas Marketing SudanAhmed Musaad
A two hours security awareness session that I presented for Petronas Marketing Sudan employees. The session includes -- but not limited to -- many topics like Passwords, Email Security, Social Networks Security, Physical Security, and Laptop Security.
You can use this as an introductory session for your security awareness training, but not as a sufficient one time session at all.
Your comments, feedback, and suggestions are much appreciated.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
Agenda:
What are mobile devices?
Mobile device threads
BYOD
BYOD Pros and Cons
4 Steps to design BYOD:
BYOD Strategy
Mobile Hacking techniques demo:
Android Phone
Mobile Application Security
Laptop
Pendrives
BYOD or BYOA
How to Secure the data storages and transportation
Cyber24x7 Cybersecurity awareness slides to make users aware of company policies , information security issues , phishing emails etc. Well explained crisp information security slides covering 27001 awareness.
Cyberattacks are malicious actions taken by individuals, groups, or organizations against computer systems, networks, and digital devices with the intent to damage, steal or manipulate data, or disrupt normal operations. These attacks can target anyone, from individuals to governments and large corporations, and can cause severe damage to both personal and professional lives.
Adrian Ifrim - prezentare - Cyber Security Trends 2020Business Days
Adrian Ifrim with more than twelve years of experience in the financial, telecom and IT security sectors, currently serving as Senior Manager within the Cyber Risk Advisory team of Deloitte Romania. In addition, he is an expert in information security with focus on penetration testing services and currently holds the Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP) and System Security Certified Practitioner (SSCP) certifications.
Key Points To Be Discussed :
Introduction
Inscope items
Statistics on BYOD issues worldwide
Why we need to think about protection
Used Cases before going to create a Playbook
[Open to all for discussion continued on Key Takeaways]
Key Takeaways: Inscope items, Important concerns, & Solutions sharing
Speaker - J. Gokulavan
Designation: Senior Manager Compliance
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
There’s a lot more to mobile security than enabling the password on your iPhone or iPad.
Unfortunately, very few small law firms have the proper measures in place to protect their confidential client data. If needed, could you convince a Board of Ethics that you had done your due diligence to protect your client’s data?
Strong iOS security starts with becoming familiar with the most common threats to compromising firm data on your iPhone or iPad. While many assume they are not at risk since they are not a ‘big’ law firm, the opposite is true.
Hem Infotech was founded in 2002 with Main Focus Area Of computer sales and maintenance.
Currently We operate under Five verticals namely Computer Maintenance - AMC, Thin Client - World's Smallest & Lowest Energy Computing, Telephony - Crm/Erp Integration, It Consultancy - AUDIT & SOLUTION SUPPORT & Public Wifi.
We r Business Associates & Oem Service Partner For Brands Like Hp, Ncomputing, Qnap, Sophos, Enjay, Purple Etc.
Currently Maintaining 20000+ Hardwares With 1000+ Customers.
18+ Well Experience, Certified Technical Team Focusing Govt., Banking, Education, Finance, Hospitality Etc..
We r Gujarat's One Of Very Few Companies Using Crm Based Systematic Mechanism For Quick & Accurate Support.
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxmydrynan
CSIA 413: Cybersecurity Policy, Plans, and Programs
June 2, 2019
Executive Summary
The Red Clay Renovations Employee Handbook is to give general rules about its strategies. The Employee Handbook will fill in as a guide for workers to get comfortable with Red Clay Renovations strategies for "Acceptable Use Policy for Information Technology", "Bring Your Own Device Policy " and "Digital Media Sanitization, Reuse, and Destruction Policy". Red Clay Renovations maintains whatever authority is needed to adjust the Employee Handbook to best suit the organization whenever with no earlier warning to its representatives.
Red Clay Renovations "Acceptable Use Policy for Information Technology" will characterize in subtleties what Acceptable Use is and what it's most certainly not. Every Employee will get his/her duty of the framework accounts, processing resources, organize utilization and will sign and consent to the approach before access is conceded to the system.
Red Clay Renovations "Bring Your Own Device Policy or BYOD" will name every one of the gadgets that are satisfactory as BYOD and the administration of the use of such gadgets. Every worker's gadgets must satisfy the arrangement guideline before actualizing the gadgets into Red Clay Renovation Company.
Red Clay Renovations "Digital Media Sanitization, Reuse, and Destruction Policy" will ensure that any worker of Red Clay Renovation who marked for the BYOD approach has/should sign this arrangement also. Workers need to comprehend the techniques the organization will use to clean off the BYOD.
Acceptable Use Policy
Introduction
This Acceptable Use Policy is for all Red Clay Renovation workers and supplants every single past version. All workers are liable to the terms and states of the Policy. The approach will build up satisfactory and inadmissible utilization of defending the security of information, secure and ensure PC and PCs, the use of system condition and servers, the utilization of electronic correspondences. Additionally Red Clay Renovation gathers, keeps up, and stores individual data to incorporate Mastercard’s, credit checks, building plans and illustrations, customers restorative and wellbeing information.
Red Clay Renovation must be in consistence with the accompanying: HIPPA Privacy and Security Rule, Freedom of Information Act (FOIA), PCI DSS, Privacy Act of 1977, Building Codes and Regulations. It is to the greatest advantage of the organization for all workers to comprehend the Acceptable Use Policy to settle on trustworthy choices before participating in inadmissible utilization of the approach. Any offense with the Acceptable Use Policy could conceivably cause Red Clay Renovation considerable loss of its business and its notorieties. On the off chance that any worker needs more data with this arrangement, they can reach out to the IT department directly.
Policy Content
Utilization of IT Systems
Red Clay Renovation possesses the property rights to all informati.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
1. ZYZ CORP
INFORMATION SYSTEMS POLICIES
I. Information Ownership
II. Definitions
III. Privacy
IV. General Use
V. Personal Use
VI. Passwords
VII. Internet Access
VIII. Remote Access
IX. Data
X. Physical Security
XI. Unauthorized Copying of Copyrighted Software
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 1 of 7
2. ZYZ CORP
INFORMATION SYSTEMS POLICIES
I. Information Ownership
All corporate data as defined in section II of this policy is owned by ZYZ Corp
II. Definitions
• Corporate data includes files (paper and electronic), email messages, voice messages and faxes.
• Personal Data – Files that an employee would expect to take with them should they leave the firm.
• Confidential Information includes but is not limited to:
Tax returns whether draft, final or any other version
Tax planning documents
Financial statements
Various schedules including but not limited to amortization, fixed assets, leases and other debt
schedules
List of IT Approved Mobile Devices:
• iPhone, Android, Windows Phone
• iPad
• iPod Touch
• Kindle Fire
• Windows Surface
• Other tablets
III. Privacy
1. Employees have no right to privacy of any material created, received, or sent via email, fax, use of the
Internet, or by any other computer or mobile device use.
2. ZYZ Corp reserves the right to monitor, log, and review, all email, Internet access and other computer
and mobile device use.
3. Please be aware that deleting a file or email message will most likely not destroy it completely.
4. ZYZ Corp has the ability, and reserves the right to access all computers and email accounts without
regard for any passwords.
IV. General Use
• Computer, Internet and email use is subject to all other ZYZ Corp policies, including but not limited to
those concerning harassment.
• The display or transmission of sexually explicit images, and cartoons is not allowed. Other such misuse
includes, but is not limited to, ethnic slurs, racial comments, off-color jokes, or anything that may be
construed as harassment or showing disrespect for others. Employees are expressly forbidden to
access Internet sites where potentially offensive material is located. Downloading or viewing
pornography or other questionable material is not allowed and may be subject to review and
subsequent disciplinary action.
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 2 of 7
3. ZYZ CORP
INFORMATION SYSTEMS POLICIES
V. Personal Use
1. Email, Internet access, and computers should be used primarily for business purposes.
2. Employees are permitted to use computers, non-corporate email accounts and the Internet for
personal use, provided such use is limited in quantity, and is done on the employee’s personal time.
3. Personal use of the Internet while connected to client networks is expressly prohibited.
4. Personal use of computers is subject to the following:
a) Employees’ email accounts, Internet access, and computer use may be monitored and reported
on by the company.
b) Employees should not view or distribute any obscene, disparaging, derogatory or other type of
material that violates ZYZ Corp professional ethical standards. Everything should be “G” rated.
c) Employees should not use their company email address or computer to subscribe to any email
distribution lists for non-business purposes.
d) Streaming or downloading music or movies is prohibited.
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 3 of 7
4. ZYZ CORP
INFORMATION SYSTEMS POLICIES
VI. Passwords
• Passwords must never be written down.
• Passwords should never be typed into a public, friend’s or relatives’ computer or mobile device.
• Mobile Device access (screen lock) passcode must be maintained at all times on tablets and smart
phones.
Password Sharing
• Passwords must never be revealed to anyone for any reason other than ZYZ Corp IT support staff.
To do so exposes the authorized user to responsibility for actions (such as deleting files) that the
other party takes with the disclosed password.
• All passwords must be immediately changed if they are suspected of being disclosed to anyone
other than the authorized user.
VII. Internet Access
1. Access to sites deemed inappropriate by management is strictly prohibited. These sites include, but
are not limited to sites in the following categories:
a.Obscene or offensive
b. Illegal
c.Gaming
d. Streaming audio and video including radio stations
2. Employees are permitted to use the Internet for personal use provided such use is limited in quantity,
and is done on the employee’s personal time.
3. Game playing, streaming audio and video, and audio and video downloading are strictly prohibited at
all times.
• Audio and video use for business purposes is permissible only in ZYZ Corp’s office.
• ZYZ Corp issued Mobile Hotspots are never to be used for audio or video streaming or
downloading.
4. Staff members are expected to limit their use of the Internet to access information which is acceptable
in the workplace. This policy applies at any hour of the day, whether there are others in the building or
not. Employees should remember that our systems maintain records of Internet traffic – sites that
have been accessed, who accessed them, and the time of day. Staff may access the Internet for
personal use during non–working hours; however staff should use their best professional judgment in
determining if such use is wise while guests or visitors are in the office.
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 4 of 7
5. ZYZ CORP
INFORMATION SYSTEMS POLICIES
VIII. Remote Access
General
ZYZ Corp (the Firm) encourages all employees to take advantage of our remote computing capabilities.
The ability to connect to the Firm’s resources from any location (client’s office, employee’s home, or
while traveling) provides an added dimension to client service as well as an employee benefit. The
system will handle access to e-mail and instant messaging services, tax return preparation, audit
workpaper preparation, client and administrative documents, time and billing, and the Firm’s Intranet.
Employees must exercise care in order to insure the security of data, and comply with all software
licensing agreements.
Specific Policies
1. Employees should not allow anyone else to access Firm resources.
2. Employees should never access Firm resources from any computer or mobile device not owned by
the employee or the firm.
3. Special care should be exercised when an employee owned computer or mobile device s shared in
a family or social setting.
4. A current copy of Anti-Virus software must be installed and active on any employee owned
computer which is used for remote access.
5. ZYZ Corp-issued Mobile Hotspot devices are never to be used for streaming audio or video, or large
downloads.
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 5 of 7
6. ZYZ CORP
INFORMATION SYSTEMS POLICIES
IX. Data
Social Security Numbers
Client social security numbers may not be stored on:
ZYZ Corp’s email system
Desktop computer C drives
USB Drives
Client social security numbers may only be stored on:
The SharePoint system
ShareFile
PFx Engagement
GoSystem RS
Corporate Data
• Corporate data may never reside on non-corporate computers or drives except for IT Department
approved, employee owned mobile devices.
• Corporate data stored on USB drives must be encrypted.
Personal Data
• Personal data may reside only on corporate computers’ C drives.
• Personal data may never reside on the ZYZ Corp network or email system.
Email
• Confidential attachments must be sent in Adobe Acrobat format using the “Password to Open” feature
and the standard ZYZ Corp password convention:
o The client’s entire social security or EIN with no hyphens, typed TWICE.
o The password can then be described in the body of the email message.
• Confidential documents and spreadsheets that need to be transmitted in native format (Microsoft
Word and Excel) must be placed on the client’s portal. If no portal exists, the IT department will create
one or use the secure temporary portal which is in place for just such a purpose.
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 6 of 7
7. ZYZ CORP
INFORMATION SYSTEMS POLICIES
X. Physical Security
• Computer and peripheral equipment other than laptops, projectors and authorized accessories may
not be removed from the ZYZ Corp offices.
• When driving with laptops and accessories, they must be kept in the trunk of the car at all times. If the
car has no trunk, care must be taken to keep them out of sight. Arriving at a destination, removing the
laptop from the interior, and putting it in the trunk is unacceptable. Laptops should be placed in the
trunk before traveling.
• Laptops should never be left in cars overnight.
• When traveling, laptops should never be left unattended, except in a locked hotel room.
• If a laptop is lost, misplaced or stolen, the ZYZ Corp IT department should be notified immediately.
• No one other than a ZYZ Corp employee is permitted to operate a company computer except with
permission of the ZYZ Corp IT department.
• If an employee owned mobile device with corporate email is lost, the ZYZ Corp IT department must be
notified immediately.
XI. Unauthorized Copying of Copyrighted Software
• The firm’s IT Department must approve all applications before such applications are installed.
• ZYZ Corp does not tolerate the unauthorized copying of licensed computer software. ZYZ Corp shall
adhere to its contractual responsibilities and shall comply with all copyright laws, and expects all
employees of ZYZ Corp to do the same. Employees of ZYZ Corp who violate this policy may be subject
to discipline according to standard ZYZ Corp procedures. An individual engaged in the unauthorized
copying or use of software may also face civil suit, criminal charges, and/or penalties and fines. Subject
to the facts and circumstances of each case, such individuals shall be solely responsible for their
defense and any resulting liability.
I have read the content of all of the above policies on pages 1-7.
I understand the policies and agree to comply.
____________________________ ____________________________ __________
Name Signature Date
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 7 of 7