Professional Documents
Culture Documents
for Computing Resources Security Guidelines and User Charter for Computing Resources
Respective officers of GNO, with whom such persons have signed a contract or are
in contact, must inform them of the existence and content of this document.
Part 1 - Computer Security Guidelines
II. APPROVED USE OF COMPUTING RESOURCES
I. INTRODUCTION Computing resources and communication networks (including the
Workstations, Mobile Computers, Servers, Peripherals, Communication and
Effective use of computing resources and communications networks is a major
facilitating factor for the development and success of Grindwell Norton Ltd., Networking Devices, along with all the software incorporated in them for various
(GNO). These tools provide faster and efficient access to information and better applications, as well as the information and data they contain, to which access is
communication within and outside GNO. possible by any means of any description) are working tools made available to you
by the company to enable you to carry out the mission entrusted to you.
Hence the security and reliability of these resources must remain a permanent
priority for GNO and the users of these tools. Likewise the protection of These tools are therefore for business use only. Use is subject to audit at
confidential data, compliance with the legislation in force, especially on any time by management.
intellectual and electronic data processing, and loyalty to the company are part of Personal use of GNO computing equipment may be approved by GNO
the duties and responsibilities of each user. management if such use is clearly insignificant, does not interfere or compete
with GNO business, and does not involve any incremental cost to GNO. Any
The purpose of this document is to highlight these imperatives and to draw users'
attention to the rules to be applied in these areas. Compliance with these rules questions concerning personal use of GNO computing resources should be
and the proper use of these technologies are conditions for safeguarding the discussed with your Sponsor.
industrial, commercial and financial interests of GNO and also for maintaining its III. RESPECTING LAWS CONCERNING INTELLECTUAL PROPERTIES
public image.
It is your responsibility to ensure that, any software installed by the service
The guidelines described by this document and the enclosed User Charter apply to providers or any other person on your computer, is licensed. If you are in doubt,
all those employees of GNO who, to carry out the mission entrusted to them, are please bring the matter to the immediate attention of your Sponsor or the IT
required whether directly or indirectly to organize, put in place, modify or use Department.
GNO's Computing Resources.
You must have a valid license for all licensed software that you personally obtain
They also apply to all those who, although not on the payroll of GNO, are required,
and install on your computer.
while working within or in the interests of GNO, whether directly or indirectly, to
organize, put in place, modify or use its Computing Resources, (Trainees, Service Never copy or duplicate licensed software, except as explicitly allowed in the
Providers, Customers, Subcontractors, Personnel from Group Companies, license terms and conditions.
Consultants et al.). IV. PROTECTION OF COMPUTING RESOURCES
1 References to GNO Computing Resources include but not limited to: Personal Computers, The company makes computing / communication resources (PCs, Workstations,
Workstation, Mobile Computers, Personal Digital Assistants (PDAs), Servers, Local and Servers, PDAs, Multi-function Telephones, Fax Machines, Mobile Phones etc.)
Wide Area Networks, Operating / Application Software, Tools / Utilities, Services like
available to you for business use. You must take every care to protect these
Internet Access, e-mail etc.,
resources against modification, misuse and theft.
2 Reference to Service Providers in this document is to be understood to mean all
Organizations / Individuals authorized by GNO management and deployed either On-Site
If you are provided with a Mobile Computer, you should take extra precautions to
or Off-Site to provide IT related Services like Facility Management, Help Desk, Network
Services, Application Support etc., to GNO. preserve the security of your computer and the data that it contains.
storage media (diskettes, CD-Rom) may, despite all of the precautions taken, · You should either protect / encrypt the GNO Confidential information
cause transmission and installation on the user's Workstation, without the on your computer or you should remove unprotected GNO
his/her knowledge, programs or files that alter or steal the data and software that Confidential material from the computer during business travel.
the Workstation contains. Individual Files containing Confidential Information must be
password protected.
If any anomaly occurs on your Workstation you must stop using your device,
disconnect it from the network and immediately inform IT Department. The loss or theft of a portable computer containing unprotected /
unencrypted GNO Confidential information results in the loss of both a
Every employee is responsible to help reduce the possibility of theft of GNO physical asset and proprietary assets.
computer workstations and information they contain.
· If you work in an office that can be locked, lock the office. Ø Be at least 6 characters in length
· Do not leave them exposed in cars or hotel rooms. Do not Ø Contain an alphabetic or other non-numeric character in the
first and last position.
leave them with hotel personnel, and do not leave them in
checked-in baggage while you travel by air. Ø Contain no more than three identical consecutive characters in
any position from the previous password
If you are making a long journey by car and if you don't intend to work
Ø Contain no more than two identical consecutive characters
during the journey, lock the computer in the car trunk when you begin your
travel. Upon reaching your destination, if you must leave the computer in Ø Not contain your user id as part of the password.
the car, leave it locked in the car trunk. Ø Be changed at least once every month.
· When changing your password, you must select a new password,
i.e., do not change the password to one that you used in the past.
3 Note: Computer workstations available for shared use in GNO like Intranet Kiosks,
Canteen and similar environments are not required to have power-on and · If you access computer systems outside the GNO Network,
keyboard/screen-saver passwords applied. GNO employees must not place GNO please make sure that you do not use the same password as you
Confidential information on such workstations. use for GNO internal systems.
· When you store GNO Confidential information on your Computer or on · Be alert to the potential dangers of accepting programs from public
sources such as internet. Do not execute a program if you are
the Local Area Network Servers, you must use software security
uncertain of expected results or do not know the source of the
controls to manage and limit access to the information. Security
program.
controls must never be set to allow unrestricted access (e.g.,
· Always ensure that the current versions of the Anti-virus programs
“Everyone”, “The World” etc.,) to GNO confidential information.
that GNO has licensed (McAfee - Norton AntiVirus) is running and
Please take the help of IT Department if you have difficulty in setting
enabled on your computer. If programs on your machine are
security options. infected by virus, report the virus infection immediately to the IT
· When you store GNO Confidential information on computer diskettes, Department.
CDs and tapes, you must label them properly and protect them Refer to GNO's Anti-Virus intranet web page http://village.saint-gobain.com to
against theft and unauthorized access. Always keep them in a locked obtain tools for removing Viruses that are not cleaned by the software installed on
area when they are not in use. your system.
· When you print GNO Confidential information you must protect the · Harmful code false alarms and hoaxes are also a problem in
information against unauthorized access. GNO Confidential networked environments. GNO employees are not to send or forward
information may only be printed on a personal printer. In case if you e-mail notices concerning virus or harmful code warnings to other
employees.
are forced to use a printer located an open area in GNO internal office
space, make sure that you pick up such Confidential printout material · If you receive an e-mail notice about a supposed virus or harmful code
within 5 minutes. threat, you should check the Anti-Virus Internet web pages (like
http://www.mcafee.com) to see information on real and hoax
When you use Telephones and Fax:
alerts.
· Do not use of cordless phones / parallel phones to discuss GNO VIII. GNO INTERNAL NETWORKS
Confidential information.
· When connected to and using GNO internal networks, including Local
· Never leave GNO Confidential messages on voice mails. Area Networks:
· Avoid sending GNO Confidential documents via FAX devices. If Ø Do not misrepresent yourself as someone else on the network.
confidential material must be sent via FAX., exercise caution to verify Ø Do not add any communication device such as a Modem to your
the destination FAX machine's phone number and that the workstation without first obtaining permission from the IT
information has reached the intended recipient. Department
· Do not automatically forward GNO internal mail to an Internet This document describes the basic Internet usage and security measures all GNO
site employees are obligated to follow. This includes employees of all GNO Plants,
· Do not use auto reply functions to respond to your Internet Service Providers, Vendors, and others authorized by GNO management to use
mail when you are away; be sure to select the option that GNO internal computer systems.
excludes sending the notices to Internet users.
Internet access includes, but is not limited to; viewing web sites, sending and
· Do not send or reply to chain letters receiving electronic mail, transmitting or receiving files, and running Internet
· Do not use Internet to send internal business e-mail to applications.
another GNO employee. Always use the employee's GNO
Noncompliance with the principles described in this document will result
internal e-mail address.
in disciplinary action.
Finally, it should be restated that the electronic messages sent from one Saint-
Gobain Group entity to another are, generally, considered to be secure. In most Security:
other cases, electronic messages transit over the Internet and can therefore be As we use the Internet to connect with our customers, suppliers and other
intercepted, displayed, stored, modified and used for other ends by third parties, organizations, it is important to remember the following points:
at any time.
· The Internet is used by millions of people worldwide, not all Internet
XI. THE INTERNET
users have GNO's best interests in mind.
Introduction:
· You should presume that any unprotected information sent across the
The Internet is a rapidly growing and important resource for GNO. Effective use of
Internet will be read by a number of unknown people.
the Internet can provide a competitive advantage to us in the form of new
business opportunities, information gathering, improved external · GNO's information, computing assets, and corporate image on the
communications, and increased customer responsiveness. The GNO Internet Internet are critical to our success, and as a result, must be protected
presence is a reflection of our corporate image, and this must be considered in all from loss, modification or destruction.
our Internet activities.
Privacy:
Internet access from within the GNO Network is a tool made available to you for
business purposes. You must therefore make appropriate use of it. This access is All electronic documents created or stored or communicated using GNO's
provided so that you can visit websites around the world in the company's name, computers are the property of GNO. GNO may access documents or
for it must be remembered that when a user from the company network browses communications stored on its property or in its systems whenever
the web, he/she is identified under the "Saint-Gobain" name to outside computer warranted by business need or legal requirements; and reserve
sites. the right to monitor its systems for accounting purposes, to ensure proper
· Do not place any material on the Internet that would be considered Inappropriate Internet Web Sites:
inappropriate, offensive or disrespectful to others, and do not access · Numerous Internet web sites contain or distribute material that is
such material objectionable in the workplace. While it is impossible to list every
possible web site or form of objectionable material, some clear
Intellectual Property Rights
examples include:
You must obtain the necessary prior authorization, if you wish to reproduce or Ø Web sites that contain sexually explicit images and related
distribute over the network, including the Intranet, any published press article, material
book excerpt, photograph, trademark (name or logotype), drawing or model
Ø Web sites that advocate illegal activity
(shape of an object) etc…
Ø Web sites that advocate intolerance for others
Any information sent, received or stored on a station or a server belonging to the
· GNO employees are not to access such web sites, or distribute or
company remains the company's property.
obtain similar material through the Internet. Compliance with this
When uploading materials to the Internet: policy is a condition of employment.
· Questions concerning other inappropriate web sites or objectionable
· Ensure that any GNO copyright documents transferred via the
material should be discussed by employees with their Sponsors.
Intranet clearly indicate our company as holder of the copyright. GNO
employees must comply with all applicable licensing agreements and · GNO does not routinely scan Internet web sites for inappropriate
copyrights when uploading any GNO or OEM software products to the material, nor does it attempt to maintain a complete list of
Internet. inappropriate web sites. GNO employees should not presume that
GNO approves access to all web sites not blocked by its technical
When downloading materials from the Internet: control measures.
Most information and software that is accessible on the Internet is subject to Receiving Unsolicited E-MAIL
copyright or other intellectual property right protection. Therefore, nothing GNO employees holding an Internet e-mail address may be recipients of
should be copied or downloaded from the Internet for use within GNO unless unsolicited non-business e-mail (sometimes referred to as spam or junk-mail).
express permission to do so is stated by the material owner. This situation is very similar to receiving unsolicited telephone calls or unsolicited
postal mail.
4 Reference to GNO Computing Resources include but not limited to: Personal Computers,
Workstation, Mobile Computers, Personal Digital Assistants (PDAs), Servers, Local and
Wide Area Networks, Operating / Application Software, Tools / Utilities, Services like
Internet Access, e-mail etc.,
5 Reference to Service Providers in this document is to be understood to mean all
Organizations / Individuals authorized by GNO management and deployed either On-Site
or Off-Site to provide IT related Services like Facility Management, Help Desk, Network
Services, Application Support etc.,toGNO.
Ø are libelous or generally illicit, knowledge of any information not destined for them, or copying, modifying
or destroying such information.
Ø affect the company's resources and more particularly the integrity
and preservation of the company's data, · Requesting access rights that are more extensive than those required to
Ø affect the image of the Saint-Gobain Group, whether internally or fulfill their own task.
externally. · Releasing the passwords for "administrator" accounts to people who do not
Accessing web servers that cover these subjects is forbidden due to the risk of require this knowledge to fulfill their task.
seeing the user's e-mail address reused in mass mailings comprising illicit
Users are reminded that some of the above mentioned activities may represent
attachments. If the user does receive such transmissions, against their will, they
violations of a penal nature.
are bound to destroy them immediately.
The user must also refrain from: The company reserves the ability to perform regular checks and inspections in order to
ensure the security of information systems and networks.
· Using the company's resources for the purposes of harassing,
threatening or insulting and, more generally, to violate applicable 1. Security measures
rights.
In order for GNO to implement a first level of protection, users must comply with the
· Making copies of software or introducing or installing software or
following set of basic rules:
hardware themselves, of whatever kind, that are protected by
intellectual property laws, without requesting and receiving prior · Rule 1: Always set a password when they are asked to.
authorization from the IT Department.
· Rule 2: Regularly change passwords even if no automatic request for
· Knowingly loading or transmitting files that contain viruses or altered change is made. Avoid the use of trivial passwords such as common words,
data. first names, dates of birth, simple set of numbers (123456). Regarding this
· Falsifying the source of any elements contained in a file. aspect, users may refer to the guidelines described earlier in this
· Sending mass messages (with more than 20 addressees, other than document.
when using the company's distribution lists for business reasons) or Rule 3: Never lend their own identifier/password.This practice is
chain messages (messages received individually as part of a collective
· Rule 5: Run an anti-virus application check on any document from IV. APPLYING THE USER CHARTER
outside of the company.
Every user of the resources made available to them by GNO commits to applying
· Rule 6: Never disable the anti-virus protection on stations (whether this Charter and any specific charter that they may be provided with depending on
fixed or mobile) and on servers and perform the automatic (networked the equipment entrusted to them (such as a workstation or a mobile computer).
systems) or voluntary (mobile systems) updates regularly and in the Inspection audits may be performed within the limits and under the conditions set
event of any alert.
out in this document.
· Rule 7: Never leave a station (or a server) where a current session is
GNO commits to implementing all necessary means compatible with technical
accessible (screen save with password protection after 10 minutes of idle
state-of-the-art practice, to ensure the best possible security of the installations
time).
made available to users.
· Rule 8: Never answer e-mail mass mailing or chain letters.
V. SANCTIONS
· Rule 9: Shut down the systems using the appropriate menu and not
Users are personally liable if they do not comply with the security measures called
through the power switch in order to close sessions clean (except in cases
for in this Charter from the moment that it is proven that the failures are
of technical lockup).
personally attributable to them. The sanctions laid out in the GNO internal
· Rule 10: Switch-off / Log-off every night when leaving the office. regulations will be applied in an appropriate way and proportionally to the
· Rule 11: Never leave computer media containing confidential data freely failings, to parties who break these rules.
available in an open office (diskettes, cassettes, CD-Rom, etc.). VI. PUBLICIZING THIS CHARTER AND ITS APPLICATION
· Rule 12: Never forget to retrieve any sensitive documents sent, printed All applicable GNO staff in the rolls of the company as of 1 st September
or copied from the fax, printer or photocopier.
2003, have been made aware of this Charter through individual
· Rule 13: Never install any hardware, software or application program on communication from HR Department.
the information systems and networks without first informing, receiving
· This document is also published on the GNO Intranet at :
the approval and the assistance of IT department.
http://village.saint-gobain.com
· Rule 14: Taking all necessary physical measures necessary to protect the
hardware from theft, especially by locking the storage cabinets or · All new staff joining beyond 1 st September 2003, will be provided with
drawers used and the offices even during short absences. this document by HR Department, and are required to sign their
acceptance as a part of the joining formalities
· Rule 15: If any hardware is stolen, inform the Sponsor / IT / Insurance
Departments immediately. · All non-GNO personnel, to whom this Charter applies, have been
made aware of this Charter through individual communication from
· Rule 16: Complying with the application introduction sequence (whether
developed in-house or purchased off the shelf) by development respective officers of GNO, with whom such persons have signed a
environment, test/acceptance and production, and only in this order. contract or are in contact.
User Acceptance
· I hereby confirm that I have read and understood the
contents of this document.
· I accept to abide by the Rules set out in this document
concerning the usage and protection of GNO's Computing
Resources.
· I understand that I am personally liable if I do not
comply with the security measures called for in the User
Charter from the moment that it is proven that the
failures are personally attributable to me.
Name : ...............................................................
Name : ...............................................................
Organization : ...............................................................