This Acceptable Use Policy (AUP) for IT Systems is designed to protect SMD Webtech (M) Sdn.Bhd, our employees, customers and other partners from harm caused by the misuse of our IT systems and our data. Misuse includes both deliberate and inadvertent actions.
The repercussions of misuse of our systems can be severe. Potential damage includes, but is not limited to, malware infection (e.g. computer viruses), legal and financial penalties for data leakage, and lost productivity resulting from network downtime.
Everyone who works at SMD Webtech (M) Sdn.Bhd is responsible for the security of our IT systems and the data on them. As such, all employees must ensure they adhere to the guidelines in this policy at all times.
“Users” are everyone who has access to any of SMD Webtech (M) Sdn.Bhd’s IT systems. This includes permanent employees and also temporary employees, contractors, agencies, consultants, suppliers, customers and business partners.
“Systems” means all IT equipment that connects to the corporate network or access corporate applications. This includes, but is not limited to, desktop computers, laptops, smartphones, tablets, printers, data and voice networks, networked devices, software, electronically-stored data, portable data storage devices, third party networking services, telephone handsets, video conferencing systems, and all other similar items commonly understood to be covered by this term.
This is a universal policy that applies to all Users and all Systems. For some Users and/or some Systems a more specific policy exists: in such cases the more specific policy has precedence in areas where they conflict, but otherwise both policies apply on all other points.
This policy covers only internal use of SMD Webtech (M) Sdn.Bhd’s systems, and does not cover use of our products or services by customers or other third parties.
Some aspects of this policy affect areas governed by local legislation in certain countries (e.g., employee privacy laws): in such cases the need for local legal compliance has clear precedence over this policy within the bounds of that jurisdiction. In such cases local teams should develop and issue users with a clarification of how the policy applies locally.
4. Use of IT Systems
All data stored on SMD Webtech (M) Sdn.Bhd’s systems is the property of SMD Webtech (M) Sdn.Bhd. Users should be aware that the company cannot guarantee the confidentiality of information stored on any SMD Webtech (M) Sdn.Bhd system except where required to do so by local laws.
SMD Webtech (M) Sdn.Bhd’s systems exist to support and enable the business. A small amount of personal use is, in most cases, allowed. However it must not be in any way detrimental to users own or their colleagues productivity and nor should it result in any direct costs being borne by SMD Webtech (M) Sdn.Bhd other than for trivial amounts.
SMD Webtech (M) Sdn.Bhd trusts employees to be fair and sensible when judging what constitutes an acceptable level of personal use of the company’s IT systems. If employees are uncertain they should consult their manager.
Any information that is particularly sensitive or vulnerable must be encrypted and/or securely stored so that unauthorised access is prevented (or at least made extremely difficult). However this must be done in a way that does not prevent–or risk preventing–legitimate access by all properly-authorized parties.
SMD Webtech (M) Sdn.Bhd can monitor the use of its IT systems and the data on it at any time. This may include (except where precluded by local privacy laws) examination of the content stored within the email and data files of any user, and examination of the access history of any users.
SMD Webtech (M) Sdn.Bhd reserves the right to regularly audit networks and systems to ensure compliance with this policy.
5. Data Security
If data on SMD Webtech (M) Sdn.Bhd’s systems is classified as confidential this should be clearly indicated within the data and/or the user interface of the system used to access it. Users must take all necessary steps to prevent unauthorized access to confidential information.
Users are expected to exercise reasonable personal judgement when deciding which information is confidential.
Users must not send, upload, remove on portable media or otherwise transfer to a non-SMD Webtech (M) Sdn.Bhd system any information that is designated as confidential, or that they should reasonably regard as being confidential to SMD Webtech (M) Sdn.Bhd, except where explicitly authorized to do so in the performance of their regular duties.
Users must keep passwords secure and not allow others to access their accounts. Users must ensure all passwords comply with SMD Webtech (M) Sdn.Bhd’s safe password policy.
Users who are supplied with computer equipment by SMD Webtech (M) Sdn.Bhd are responsible for the safety and care of that equipment, and the security of software and data stored it and on other SMD Webtech (M) Sdn.Bhd systems that they can access remotely using it.
Because information on portable devices, such as laptops, tablets and smartphones, is especially vulnerable, special care should be exercised with these devices: sensitive information should be stored in encrypted folders only. Users will be held responsible for the consequences of theft of or disclosure of information on portable systems entrusted to their care if they have not taken reasonable precautions to secure it.
All workstations (desktops and laptops) should be secured with a lock-on-idle policy active after at most 10 minutes of inactivity. In addition, the screen and keyboard should be manually locked by the responsible user whenever leaving the machine unattended.
Users who have been charged with the management of those systems are responsible for ensuring that they are at all times properly protected against known threats and vulnerabilities as far as is reasonably practicable and compatible with the designated purpose of those systems.
Users must at all times guard against the risk of malware (e.g., viruses, spyware, Trojan horses, rootkits, worms, backdoors) being imported into SMD Webtech (M) Sdn.Bhd’s systems by whatever means and must report any actual or suspected malware infection immediately.