ACCEPTABLE USAGE POLICY DOCUMENT

DOCUMENT NUMBER: KHALIFA FOUNDATION -ISMS-DOC010- ACCEPTABLE USAGE

POLICY

(KHALIFA FOUNDATION)

Internal Document

January 2019
 Confidential

Item Details
Document Name ACCEPTABLE USAGE POLICY
Reference KHALIFA FOUNDATION -ISMS-DOC010- ACCEPTABLE USAGE POLICY
Confidentiality INTERNAL
Creation Date 9/1/2019
Update Date
Current Version 1.0
Document Owner KHALIFA FOUNDATION INFORMATION SECURITY TEAM
Document Audience KHALIFA FOUNDATION RISK MANAGEMENT COMMITTEE, ISMS TEAM
Document Review
ANNUAL
Period
Date of Adoption

Revision History
Revision Date Updated by Reviewed by Change Description
DRAFT 9/1/2019 IT Advisor – George El Hage
1.0 9/1/2019

Document Approval

Approved by
Department
Function
Name
Signature
Date

Page 2 of 6
 Confidential

Table of Contents
Acceptable Usage Policy ....................................................................................... 4
1. Objective ........................................................................................................ 4
2. Policy Scope .................................................................................................. 4
3. Policy Statements .......................................................................................... 4
4. Responsibilities .............................................................................................. 5
5. Policy Enforcement ........................................................................................ 6
6. Non-Compliance and Disciplinary Action: ...................................................... 6

Page 3 of 6
 Confidential

Acceptable Usage Policy

1. Objective
The primary objective of this policy is to establish the acceptable and unacceptable use of Khalifa
Foundation IT and non-IT assets including networks, systems and infrastructure and information. It
mandates the users’ responsibility to perform authorized and appropriate use of these assets.

2. Policy Scope
The scope of the policy applies to all servers, applications, network devices, database systems and
information being owned and managed by Khalifa Foundation and subsequently accessed, used by
KHALIFA FOUNDATION Employees, Contractors, Partners, Third party Vendors to perform / support
KHALIFA FOUNDATION business operations.

3. Policy Statements
 Employees shall not attempt to access any data, documents, email correspondence, and
programs contained on KHALIFA FOUNDATION systems for which they do not have
authorization.

 Employees shall be aware that any data they create on KHALIFA FOUNDATION systems
remains the property of KHALIFA FOUNDATION . The KHALIFA FOUNDATION management
reserves the right to access any information stored on any of its systems and network at any
point in time.

 Employees shall not disclose any business or organization information to unauthorized

personnel.

 Systems administrators and authorized users shall not disclose any details related to systems
and networks including remote connection and access to KHALIFA FOUNDATION IT resources
to unauthorized personnel.

 Employees shall not send, upload, remove information on portable media or otherwise transfer
information to a non KHALIFA FOUNDATION system that is classified as confidential, except
where explicitly authorization has been granted based on business requirements.

 Employees shall use their IT related systems with diligence and due care and will be responsible
to ensure the safety for those systems allocated for their use at KHALIFA FOUNDATION .

 Employees shall not make unauthorized copies of copyrighted or KHALIFA FOUNDATION

owned software and information.

Page 4 of 6
 Confidential

 Employees shall refrain from installation of non-standard software (such as shareware /

freeware) without the appropriate approvals form the KHALIFA FOUNDATION IT Management.

 Employees shall not involve in activities that may have a negative impact on the efficiency and
effectiveness of the KHALIFA FOUNDATION ’s IT resources. In addition, refrain from
performing activities that could lead to privilege escalation.

 Adequate and appropriate steps shall be taken by the employees to ensure / prevent
unauthorized access to the KHALIFA FOUNDATION information.

 Employees shall not download, install or execute security programs or utilities (such as
password crackers, packet sniffers or port scanners) that could expose or exploit weaknesses
in the security of a KHALIFA FOUNDATION computer resource unless and until it is approved
by the KHALIFA FOUNDATION Management.

 KHALIFA FOUNDATION information resources shall not be used for personal benefit, political
activity, unsolicited advertising, unauthorized fund raising or for the solicitation of performance
of any activity that is prohibited by law.

 Employees and external contractors are not allowed to connect their personal portable devices
within the KHALIFA FOUNDATION network. Exceptions may be granted based on business
needs and appropriate authorizations and approvals from the KHALIFA FOUNDATION IT
Management.

 The KHALIFA FOUNDATION Management reserves the right to audit people, networks,
systems and infrastructure on a regular basis to determine the compliance with the Acceptable
Usage Policy.

 All documents (hard copies) containing critical and sensitive information shall be protected
appropriately as per the classification requirements.

4. Responsibilities
No. Description Section
KHALIFA FOUNDATION Information
1 Review and update policy document
security officer

KHALIFA FOUNDATION Information

2 Policy awareness
Security Task Force

 All Administrators / Operational Staff

3 Policy implementation (Systems, Network and Infrastructure)
 Project Managers / Line Managers

Page 5 of 6
 Confidential

4 Policy compliance All KHALIFA FOUNDATION staff

5 Review and monitor policy compliance Risk Management Committee

5. Policy Enforcement
The policy is applicable to all KHALIFA FOUNDATION staff, partners, suppliers, third party vendors,
contractors that support and / or use the KHALIFA FOUNDATION ’s information. Adherence to the policy
is to be strictly followed. Breach of the policy is subject to disciplinary actions / legal ramifications.

6. Non-Compliance and Disciplinary Action

 In the event of the security violation / breach of the requirements stipulated by this policy by the
KHALIFA FOUNDATION staff, the KHALIFA FOUNDATION Information Security Team shall
inform the concerned Business Head / Head of Department and the Human Resource
department with the details of the incident, the potential risks and impact to KHALIFA
FOUNDATION .
 The Human Resource Department along with the Head of Department / Business Head shall
take the appropriate disciplinary actions in accordance with the Human Resource disciplinary
action policy or manual or as mandated by the Head of HR Department. The actions shall be
taken in consultation with the Head of Legal Department (where required).
 Depending on the nature of the violation / breach staffs may be subject to appropriate action as
stated in the HR manual or guidance from the HR Department Head and / or legal actions.

Page 6 of 6