3 minute read
HR 7.3 Computer and Network Security Policy
HR 7.3 Computer and Network Security Policy
VWU Office of IT Services provides computing resources, including email and Internet access, to assist employees in the everyday operation of the business.
Only VWU Office of IT Services employees and other registered individuals may use VWU Office of IT Services computer resources. In general, employees may not use VWU Office of IT Services’ computing resources for activities that are illegal, in breach of other VWU Office of IT Services policies, in breach of software or electronic library licenses, and /or for personal commercial activity.
Applicable Regulations and Standards
Employees must respect regulations and standards in relation to data security and privacy.
Acceptable Use of Computing Resources
VWU Office of IT Services seeks to preserve the confidentiality, integrity and availability of systems and data used within the organization. The University attempts to avoid incurring any civil liability by positively encouraging the responsible use of its computing resources.
Rules
1. Passwords that allow access to the organization’s computing resources must never be shared with unauthorized persons. 2. Access to particular resources will be granted on a minimum needs basis, and must be approved by the relevant head of function; access rights may be reviewed at regular intervals. 3. Wasteful use of computing resources will lead to withdrawal of services and/or disciplinary action. 4. Software copyrights and license conditions must be observed. Only licensed files or software may be downloaded from the Internet; it is unacceptable to view, download, transmit or store any illegal, offensive, indecent images or material. 5. VWU Office of IT Services reserves the right to retain logs of computer and network activity on all our services, and to analyze these logs where required.
System and Network Security
VWU Office of IT Services depends on its IT network for everyday operation. To protect the network, all employees must adhere to the following statements:
1. The Chief Information Officer (CIO) is responsible for administrating our network and software domains. He/she may delegate agents as required. 2. Access to the network and facilities is restricted to authorized employees. 3. Employees must not attempt to interfere with any service to other employees, hosts, or networks (e.g. denial-of-service attacks). 4. Employees who violate systems or network security may incur criminal or civil liability. VWU Office of IT Services will co-operate with investigations of violations of systems or network security at other sites. 5. In the event of an employee violating VWU Office of IT Services policy on network usage, the agents of HR, IT Services, and/or Security reserves the right to gain access to any devices connected to the network; further, he/she may instruct that work-related passwords are surrendered by the employee if required.
Password Guidelines
VWU Office of IT Services provides usernames and passwords for employees to access computing resources (including Internet-access and internal company networks). The policy items below apply to all username and password pairs, but employees must be aware that additional policies may be relevant for applications requiring a higher level of security and accountability.
Once a password is issued, full responsibility for that account and associated password resides with the employee.
Passwords must never be shared, regardless of the circumstances; doing so exposes the authorized user to responsibility for actions the other party may take.
Employees must choose passwords that cannot be easily guessed.
All default passwords supplied by vendors for their software products must be changed before any computing or network system is used.
Personal Data and Privacy
VWU Office of IT Services collects and stores employee information, in line with the following statements:
The term “Personal Data” refers to information such as employee name, date of birth, email address, mailing address, or telephone number that can be used to identify them. VWU Office of IT Services will never use this information outside of company operations.
Wherever personal data is processed, the University takes reasonable steps to ensure its accuracy and timeliness. Employees have the right to access all data related to them on VWU Office of IT Services systems, and a procedure exists should employees wish to object to the processing of this data. Contact the Privacy Officer directly for more information.
