Professional Documents
Culture Documents
Contents
1. Introduction ................................................................................................................ 3
1.1. Purpose...................................................................................................................................... 3
1.2. Scope ......................................................................................................................................... 3
1.3. Glossary (Definitions and abbreviations) .................................................................................. 3
1.4. Ownership and Maintenance .................................................................................................... 5
2. Policy .......................................................................................................................... 6
2.1. General use .................................................................................................................. 6
2.2. Acceptable use of the Internet and software.................................................................... 7
2.3. Acceptable use of e-mail and communication system ....................................................... 7
2.4. Video meetings and web-based communications ............................................................. 7
2.5. The use of Passwords .................................................................................................... 7
2.6. Policy compliance ......................................................................................................... 8
3. Policy Review .............................................................................................................. 8
4. References .................................................................................................................. 8
4.1. Regulatory references ................................................................................................... 8
4.2. International standard references .................................................................................. 8
5. Document Control........................................................................................................ 9
Introduction
1.1.Purpose
This Policy set SPIMACO’s approach to govern and manage the acceptable use of Information
resources and/or assets at SPIMACO. These rules are in place to protect the user (employee,
contractor, etc.) and SPIMACO. Inappropriate use might expose SPIMACO to risks including
virus attacks, compromise of network systems and services, and legal liabilities.
1.2.Scope
This policy is applicable to:
- All information, technology, and assets owned or used by SPIMACO wither it is cloud or
non-cloud.
- All users (employees, contractors, trainees, outsources and vendors) who have access
to SPIMACO’s information and technology assets.
Word/Abbreviation Explanation
Executive
SPIMACO’s C level management
Management
Word/Abbreviation Explanation
Prepare/
Maintain
Responsibility Update/ Review Approve Publish
Policy
Amend Policy
Cybersecurity
CRO
Policy Control
CEO
1. Policy
1.1. General use
1.1.1. User shall not infringe the rights of any person or company that is protected by
copyright, patent, or other intellectual property, or similar laws or regulations;
Including, but not limited to, installing unauthorized or illegal software.
1.1.2. User shall not leave prints unattended on the company’s shared printers.
1.1.3. User shall keep External storage media in secure and proper conditions.
1.1.4. User shall not use SPIMACO’s business-related information and technology assets for
personal use, including repositories for personal data.
1.1.5. Information Shall be dealt with according to the specified classification, and in
accordance with the data classification and information protection policy for
SPIMACO in a manner that ensures the protection of information confidentiality,
integrity and availability.
1.1.6. User shall not share his/her account details (Username and password) with any other
employee or use other employee’s credentials.
1.1.7. User shall remove all data in hardcopy or electronic form from their workspace and
secure it in a locked drawer when the desk is unoccupied at the end of the workday.
1.1.8. User shall lock his/her device when he leaves his/her desk.
1.1.9. User shall shred all business-related documents upon disposal.
1.1.10. User Shall not disclose any information related to SPIMACO, including information
related to systems and networks, to any social media outlets or unauthorized party,
whether internally or externally.
1.1.11. User shall not connect personal devices to SPIMACO’s Networks or systems without a
prior approval from Cybersecurity department.
1.1.12. User shall not carry out any activities to bypass SPIMACO’s protection Systems
including anti-virus software, firewall, and malware without prior approval from
Cybersecurity department.
1.1.13. Cybersecurity department shall monitor systems, networks and personal accounts
related to work, and review them periodically to monitor compliance with cyber
security policies and standards.
1.1.14. User and visitors shall not enter sensitive places without Prior approval from
Cybersecurity department.
1.1.15. User shall wear SPIMACO’s identification card in all SPIMACO’s Facilities.
1.1.16. User shall report any lost, theft or leakage of SPIMACO’s Information.
1.1.17. Workstation Protection
1.1.18. User shall not use external storage media without prior Approval from Cybersecurity
Department
1.1.19. User shall not carry out any activity that would affect the efficiency and safety of
SPIMACO’s systems and assets without prior approval from Cybersecurity
department.
1.1.20. User shall not leave any classified information in accessible places, or to view it by
unauthorized persons.
1.1.21. User shall not install external tools or software on SPIMACO’s computers and assets
without prior permission from the information technology department.
1.1.22. User shall notify Cybersecurity department of any suspicious activity that may cause
damage to SPIMACO’s computers or assets.
1.5.2. User shall change the password, when a new password is provided to him/her by the
system administrator.
2. Policy compliance
2.1. Head of Cyber Security Department shall ensure that SPIMACO adheres to this policy on a
regular basis.
2.2. Compliance with SPIMACO’s cybersecurity policies and associated controls is mandatory
on SPIMACO staff members, contractors, partners, and services providers who have
access to SPIMACO information and information processing facilities.
2.3. Any violation of this policy may subject the offender to disciplinary actions; in accordance
with the procedures followed in SPIMACO
3. Policy Review
Cybersecurity Department shall conduct annual review and update of this document, and shall
assure constant alignment with changes to requirements, best practices, regulations, and
obligations.
4. References
4.1. Regulatory references
4.1.1. NCA Essential Cybersecurity Controls (ECC)
5. Document Control
Document Information
Custodian: Cybersecurity
Found Where?
SharePoint
(retention place)
Document History
Version Date Description