Network Information Security Policy

Acceptable Use Policy

Developed by: Adeel Mushtaq (SM Network Security Compliance)

Reviewed by: Jawad Sarwar (GM NIS)

Mubasir Naseer Ch. (EVP G&QA)

Approved by: IT Network Security Steering Committee

Effective Date: November 27, 2019

Ref: NIS/POL/10/00
Status: Approved
Sec. Class: Internal & Confidential

© Copyright 2019 PTCL - All rights reserved. No part of this work, which is protected by copyright, may be reproduced in any form or by any means - graphic, electronic or
mechanical, including photocopying, recording, taping or storage in an information retrieval system – without the written permission of the copyright owner .
www.ptcl.com.pk
 PAKISTAN TELECOMMUNICATION COMPANY LIMITED Doc. No. NIS/POL/10/00

Rev. Date 27-11-2019

Acceptable Use Policy
Page No. 1 of 10

Document Issuance and Approval Certificate

This certificate authorizes the issuance and approval of

Network Information Security Policy

of

Acceptable Use Policy

for

PTCL

Approved By:
Developed By: Reviewed By:

Jawad Sarwar
(GM NIS)

Mubashir Naseer Ch.

(EVP Gov. & QA)
Adeel Mushtaq Mouqeem ul Haq
(SM Network Security Compliance) (Chairmain ITNSSC)

Dated: November 27, 2019

This document is internal / confidential.

The format and version of this document is controlled, in case of any need for amendment please coordinate with NIS & QMS and Governance Department
 PAKISTAN TELECOMMUNICATION COMPANY LIMITED Doc. No. NIS/POL/10/00

Rev. Date 27-11-2019

Acceptable Use Policy
Page No. 2 of 10

Section 1
Table of Contents

Section # Sub-section # Title Page No.

1 - Table of Contents 3

2 - Amendment Sheet 4

1 Purpose 5

2 Scope 5

3 Responsibilities 5

4 Policy Description 5

4.1 Workstations and Computer facilities 5

4.2 Email 6

4.3 Internet and Network Activities 7

3
4.4 Assets and Information 7

4.5 General Rules 8

4.6 Approved Software list 8

Employee Consent and Acknowledgement

4.7 9
Form

4.8 User Service Request Form 10

5 Supporting Documents 11

6 Related Records 11

This document is internal / confidential.

The format and version of this document is controlled, in case of any need for amendment please coordinate with NIS & QMS and Governance Department
 PAKISTAN TELECOMMUNICATION COMPANY LIMITED Doc. No. NIS/POL/10/00

Rev. Date 27-11-2019

Acceptable Use Policy
Page No. 3 of 10

Section 2
DOCUMENT AMENDMENT SHEET

Rev. # Date Page # Section Sub-Section Nature of Amendment Done By

This document is internal / confidential.

The format and version of this document is controlled, in case of any need for amendment please coordinate with NIS & QMS and Governance Department
 PAKISTAN TELECOMMUNICATION COMPANY LIMITED Doc. No. NIS/POL/10/00

Rev. Date 27-11-2019

Acceptable Use Policy
Page No. 4 of 10

1. Purpose

To determine an acceptable use policy for the use of information, communication and technology
materials and facilities provided by PTCL to its employees, consultants and contractors.

2. Scope

This ICT Acceptable Usage Policy applies to all ICT Users at PTCL.

3. Responsibilities

Actor Role / Responsibilities

End user  Comply with this policy

NIS  Configure Endpoint policies from Servers

Helpdesk  Install latest Endpoint protection software

 Manage the Approved Software list as new software(s) are approved for
usage

4. Policy Description

PTCL seeks to protect the availability, integrity and confidentiality (CIA) of its information keeping
in view the sensitivity of the information. PTCL takes steps to ensure that its employees and
consultants are in a position to carry out their tasks as efficiently as possible by making ICTs
available to them. E-mail and Internet are valuable and efficient tools necessary for achieving the
company's aims. As with other property belonging to PTCL, these forms of electronic management
must be used in a responsible and moral way (code of conduct) and only in the interests of the
company.

With the intention of using these technologies in the best possible way, maintaining a professional
working environment and protecting PTCL’s information as well as that of its clients and business
partners, all employees are advised to familiarize themselves with this Acceptable Usage Policy
regarding the use of Computer workstation within PTCL. This document sets out the rules of use
that all Users are obliged to respect. The Policy Is specifically designed to promote honest and
ethical conduct and deter wrongdoing.

Computer, internet and email (together the "Computer Facilities") made available to the users are
assets of the company and available for authorized business use only. Access to and use of e-mail
and the Internet is a privilege, not a right.

Accordingly, where evidence of a potential breach of this Policy exists, usage of the Computer
Facilities may be monitored and communications intercepted, recorded, copied, audited, inspected,
and disclosed to the appropriate Internal departments NIS,HR, Legal etc..

4.1 Workstations and Computer facilities

Since information contained on portable computers is vulnerable; Due Care needs to be taken by
all the employees and following must be adhered:

1) All PCs, laptops and workstations should be secured with a password-protected screensaver
with the automatic activation feature or by logging-off / locking, when the host is unattended.
Refer to Endpoint protection policy for the time after which the Endpoints should be locked /
logged-off.

This document is internal / confidential.

The format and version of this document is controlled, in case of any need for amendment please coordinate with NIS & QMS and Governance Department
 PAKISTAN TELECOMMUNICATION COMPANY LIMITED Doc. No. NIS/POL/10/00

Rev. Date 27-11-2019

Acceptable Use Policy
Page No. 5 of 10

2) Complying with all applicable policies and procedures and approved software’s installations /
updates.

Keep passwords secure and do not share accounts. Authorized users are responsible for the
security of their passwords and accounts
3) Users shall not utilize the “user id” and password of another User to gain access to data or
systems.

4) Use workstations for authorized business purposes only.

5) End users are responsible for the security of laptops by locking them in drawers or cabinets
when left in office

6) Company provided intranet facilities (wired/wireless) must be availed and given preference over
entitled/approved broadband services wherever applicable.

7) Third party can be granted access to PTCL network only on need basis. Refer to Access Control
and Remote Access Policy.

8) Following activities are undesired and strictly prohibited (exception can be granted):

a. Logging into the computers machines with Admin rights.

b. User shall not disjoin the machine from the Active Directory and uninstall the anti-
malware solution.

c. Users shall not use the PTCL network to gain unauthorized access to any computer
system belonging to an third party.

d. Users shall not disseminate confidential and internal information relating to PTCL
unless required to do so in the course of performing their work duties.(code of conduct)

Note: Admins rights may be granted on proper approval from concerned GM with justification and
SM IT Helpdesk. End user shall fill in the form given in Section 4.9.

4.2 Email

1) Employees are responsible to open the email from only trustworthy sources and use extreme
caution while opening e-mail unknown senders which may contain viruses, worms etc.

2) Following activities are, in general, prohibited while using official account:

a. Sending unsolicited email messages, including the sending of "junk mail" or other
advertising material to individuals who did not specifically request such material (email
spam etc.).

b. Use of official email ID for the postings by employees on public forums news-groups,
blogs, forums etc.

c. Send e-mails, which could damage the reputation of the company, its users, clients or
third parties.

d. Intentionally send a virus or malicious program to any users (Internal or external).

e. Unauthorized use, or forging, of email header information.

f. Givining access of email address to someone else to respond his/her emails.

This document is internal / confidential.

The format and version of this document is controlled, in case of any need for amendment please coordinate with NIS & QMS and Governance Department
 PAKISTAN TELECOMMUNICATION COMPANY LIMITED Doc. No. NIS/POL/10/00

Rev. Date 27-11-2019

Acceptable Use Policy
Page No. 6 of 10

4.3 Internet and Network Activities

1) Users shall be particularly careful not to install any unapproved software including but not
limited to sniffers, viruses, password cracking and hacking tools unless usage of such
software’s is required as part of the employee's normal job/duty. For approved software
installations, request to Helpdesk department.

2) All hosts connected to the PTCL Intranet, whether owned by the employee or PTCL, may be
monitored at system and network level due to any security requirements by relevant
departments (IT/NIS).

3) PTCL reserves the right to block access at any time to web sites that it deems to contain illegal,
offensive or inappropriate material.

4) Use of third party cloud storage such as google drive, drop box etc are not allowed for sharing
of business or official data. To share large amount of data, company provided online storage
should be used.

5) All the users, employees and contractors are advised to make proper use of the Internet
facilities and not to open websites that belongs to following areas:

a. Adult Image, Match Making, Nudity, Pornography, Profanity

b. Weapons, Criminal Skills, , Peer to Peer, Pay to Surf

c. Hacking, SPAM, Phishing, Spyware and Fraud, Gambling

d. Illegal Drugs, Violence, Intolerance and Hate

e. Anti-state websites

f. Proxy websites

6) The following activities are strictly prohibited (exceptions may be granted):

a. Port scanning or security scanning is expressly prohibited, unless this activity is a part
of the employee's normal job/duty.

b. Executing any form of network monitoring which will intercept data not intended for the
employee's host, unless this activity is a part of the employee's normal job/duty.

c. Circumventing user authentication or security of any host, network or account.

d. Introduction of malicious programs into the network or server (e.g., viruses, worms).

e. Making fraudulent offers of products, items, or services originating from any PTCL
network/account.

f. Attempt on servers to compromise passwords or misuse of customer or business

accounts

This document is internal / confidential.

The format and version of this document is controlled, in case of any need for amendment please coordinate with NIS & QMS and Governance Department
 PAKISTAN TELECOMMUNICATION COMPANY LIMITED Doc. No. NIS/POL/10/00

Rev. Date 27-11-2019

Acceptable Use Policy
Page No. 7 of 10

4.4 Assets and Information

1) Measures shall be taken to protect an asset from unauthorized modification, destruction, or

disclosure, whether accidental or intentional.

2) User shall only access files or data if it belongs to the user or publicly available, or the owner
of the data has given permission to access it

3) Software(s) and computer data, which are purchased and/or developed by PTCL from a third
party, must not be copied and/or disclosed.

4) Employees, contractors, and third party users using or having access to the organization’s
assets must follow acceptable use of information and assets associated with information
processing facilities e.g. rules of e-mail and internet usage etc.

5) Personal assets including laptops, cameras, and mobile phones with camera, flash drives
(USB), and wireless data exchange devices such as blue-tooth, infrared enabled devices shall
not be used in restricted area unless authorized.

4.5 General Rules

Following are strictly prohibited:

1) Violations of the rights of any person or PTCL protected by copyright, trade secret, patent or
other intellectual property, or similar laws or regulations, including, but not limited to, the
installation or distribution of "pirated" or other software products that are not appropriately
licensed for use by PTCL.

2) Unauthorized copying of copyrighted material including, but not limited to, digitization and
distribution of photographs from magazines, books or other copyrighted sources, and the
installation of any copyrighted software for which PTCL or the end user does not have an active
license.

3) System-level and user-level passwords are not set in accordance with the Password Policy.

4) Using a PTCL computing asset to actively engage in transmitting material that is in violation of
PTCL Code of Conduct.

5) Causing security breaches or disruptions of network communication. Security breaches

include, but are not limited to, accessing data of which the employee is not an intended recipient
or logging into a server or account that the employee is not expressly authorized to access,
unless these are within the scope of regular duties. For purposes of this section, "disruption"
includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service,
and forged routing information for malicious purposes.

6) Introducing honeypots, honey nets, or similar technology on the PTCL network.

4.6 Approved Software list

All the software that are allowed to be used with in PTCL are part of Approved Software list. Below
attached is a comprehensive list of software’s. Any software that is not part of the list, can be added
after approval from Respective GM and GM NIS.

This document is internal / confidential.

The format and version of this document is controlled, in case of any need for amendment please coordinate with NIS & QMS and Governance Department
 PAKISTAN TELECOMMUNICATION COMPANY LIMITED Doc. No. NIS/POL/10/00

Rev. Date 27-11-2019

Acceptable Use Policy
Page No. 8 of 10

4.7 Employee Consent and Acknowledgement Form

I.......................................................... [Employee number..................................../an employee of

PTCL/contractor], acknowledge that I have been provided with access to the copy of Acceptable
Use Policy version 2.
I agree to comply with the provisions of the Policy and consent to PTCL undertaking investigations
in accordance with the Policy, including the monitoring of my use of PTCL information, technology
and communications.
I understand that the Policy may be amended, modified or replaced at the discretion of PTCL and I
have an obligation to read and comply with any such amended, modified or replaced policy.

Signature: ______________________

Date: _______________________

This document is internal / confidential.

The format and version of this document is controlled, in case of any need for amendment please coordinate with NIS & QMS and Governance Department
 PAKISTAN TELECOMMUNICATION COMPANY LIMITED Doc. No. NIS/POL/10/00

Rev. Date 27-11-2019

Acceptable Use Policy
Page No. 9 of 10

4.8 User Service Request Form

User Service Request Form

Name: ______________________________________________________________________

Emp No._____________________________________________________________________

Designation: _________________________________________________________________

Department:__________________________________________________________________

Address:_____________________________________________________________________

Contact Info (Cell n Office): ______________________________________________________

Computer Name: ______________________________________________________________

Email ID:_____________________________________________________________________

Services Required:
▪
▪
▪
▪

Disclaimer:
After granted admin rights to the end user as his/her genuine requirements, if IT support team may
found any unauthorized & unlicensed software on user machine strict disciplinary action will be taken
against him/her. Before going to install any new software or release please contact to IT support team
to ensure its reliability/authenticity.

I am fully responsible and accept the all formalities which mentioned above.

User Signature Reporting GM Approval

_____________________________________________________________________________

IT Service Desk Officer: (Name/Desig.)

Comments/Action: _____________________________________________________________

This document is internal / confidential.

The format and version of this document is controlled, in case of any need for amendment please coordinate with NIS & QMS and Governance Department
 PAKISTAN TELECOMMUNICATION COMPANY LIMITED Doc. No. NIS/POL/10/00

Rev. Date 27-11-2019

Acceptable Use Policy
Page No. 10 of 10

Exception
Network information Security Department shall approve exception after proper business justification

5. Support Documents:

Document Title Ref. # Retention Medium Retention Period

Approved Software
-
List-

6. Related Records:

Document Title Ref. # Retention Medium Retention Period

This document is internal / confidential.

The format and version of this document is controlled, in case of any need for amendment please coordinate with NIS & QMS and Governance Department