Information Technology Resources- Security and Communication Policy
ORGANIZATIONAL AND STANDARD OPERATING POLICIES Information Technology Resources- Security and Communication Policy Approved by: INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY
- The purpose of INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONYs Information Technology (IT) Resources Security & Communications Policy is to put forth the acceptable use of INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources, and to protect INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT infrastructure and the information stored within it. This Policy will also inform INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY staff members of the essential requirements for protecting INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources through the establishment of access control rules and parameters. Purpose INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources include, but are not limited to, all Internet/Intranet/Extranet-related systems, telephone and voice-mail systems, facsimile machines, desktop computers, laptops, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, FTP, cell phones, Blackberries, USB drives, memory sticks, CDs, DVDs, and floppy disks, whether owned or leased by the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY (“INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources”). The INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Network pertains to the physical network within the boundaries of the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY firewall. This physical network extends to all U.S. Program offices and any overseas office that is connected to the headquarters’ network by way of a VPN tunnel or any other internal connection point (“INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Network”). Inappropriate use of INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources could compromise INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Network systems and the services it provides to its clients as well as expose INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY to legal liability. Accordingly, it is the responsibility of every INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY employee, contractor, consultant, volunteer, intern and affiliate who uses INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources (“INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY User”) to understand this policy and to conduct their activities accordingly.
- Policy A. Ownership and No Expectation of Privacy .
- All INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources are the property of INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY and are to be used for appropriate and lawful business purposes only.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users are responsible for using INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources in an effective, ethical, and lawful manner. 3. INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall adhere to all IT standards and guidelines located on the “Information Technology” site on RescueNet.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users should be aware that the data they create on INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources remains the property of INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY. As such, INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY shall monitor, inspect, and scan any INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resource including, without limitation, e-mail, Internet usage, computer files and any personal storage area on any of its systems. Although INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users may have password encoded access to any of these systems, INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources belong to INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY and the contents of data created on these systems are accessible at all times by INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY for any business purpose. INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users should have no expectation of privacy when using INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources. 5. The Internet represents a useful tool for INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY in conducting its business, but like any other tool, it must be used properly and in connection with legitimate business purposes only. INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users should have no expectation of privacy regarding Internet usage.
- Security and Protection of INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources
- Every INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY User is responsible for the security and protection of INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources over which he or she has control, including taking all necessary steps to prevent unauthorized access to confidential information contained on INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources. Confidential information includes, but is not limited to, any information that specifically relates to the manner in which INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY conducts its business and provides humanitarian assistance, and any personal information relating to INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY’s staff, clients or donors.
- To the extent possible, all INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources must be password-protected.
- Network passwords are subject to the following requirements. Network passwords must:
(i) Be changed every 60 days;
(ii) Be at least six characters long;
(iii) Contain characters from three of the following four categories: § English uppercase characters (A through Z)
English lowercase characters (a through z) § Base 10 digits (0 through 9) § Non-alphabetic characters (e.g., !, $, #, %); and (iv) Not contain the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY User’s username or full name, or be any of the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY User’s last five passwords.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users should not share their account password with others or permit use of their account by others.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users are responsible for ensuring the secrecy of their account password, which includes not leaving their account password in a visible place.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users should log off or lock their equipment when they leave it unattended.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users should use appropriate controls to protect physical access to INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources commensurate with the level of risk of unauthorized access, including using specialized care for any portable device (e.g., laptop, BlackBerry, etc.).
- All hosts used by an INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY User that are connected to the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Internet, Intranet, or Extranet, whether owned by an INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY User or the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY, shall be continually executing approved virus-scanning software with a current virus database.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users must use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses, e-mail bombs, or a Trojan horse code.
- Unauthorized access to the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Network is strictly prohibited. Thus, INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users that access the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Network by any means shall adhere to the following:
- Only INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY-issued devices may be used to connect to the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Network.
- All devices must run the latest operating system software as directed by the IT Department.
- All INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Network equipment must be approved and managed by the IT Department. Non-sanctioned installations of wireless equipment or use of unauthorized network equipment on INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY premises is strictly forbidden. The IT Department reserves the right to disconnect, without notice, any wireless access point, network device, workstation, or mobile device from the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Network.
- All wireless clients and devices must install all current operating system security updates as well as the most recent version of INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY-provided anti-virus software. INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall update these applications as required by the IT Department and shall not reconfigure them in any way.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users should immediately inform the IT Department if they become aware of any unauthorized access point installation or unauthorized access to the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Network.
- Unacceptable Use – INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not engage in any activity that is illegal under local, state, federal or international law while utilizing INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not use INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY’s business equipment for inappropriate use. Inappropriate use includes, but is not limited to, excessive personal use, use that would not reflect favorably on the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY and any use in violation of this policy or law.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not violate any copyright, patent, trademark or other intellectual property right including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY. Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY or the end user does not have an active license is strictly prohibited.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not introduce malicious programs into the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not attempt to breach security or disrupt network communications on INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources. Security breaches include, but are not limited to, accessing data of which the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY User is not an intended recipient or logging into a server or account that the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY User is not expressly authorized to access, unless these duties are within the scope of their regular duties.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not download or install any unauthorized hardware or software onto INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources.
- Email and Internet Usage Access INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY provides e-mail and Internet access for business purposes only. INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users have the responsibility to maintain and enhance INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY’s public image and to use INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY e-mail and Internet access in a manner that reflects well on the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY. When sending external or internal emails that are confidential in nature, INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users should include the Confidentiality Notice provided in Appendix A or a substantially similar confidentiality notice.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users should immediately inform the IT Department if they become aware of any unauthorized access point installation or unauthorized access to the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Network.
- Unacceptable Use – INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources 1
. INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not engage in any activity that is illegal under local, state, federal or international law while utilizing INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not use INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY’s business equipment for inappropriate use. Inappropriate use includes, but is not limited to, excessive personal use, use that would not reflect favorably on the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY and any use in violation of this policy or law.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not violate any copyright, patent, trademark or other intellectual property right including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY. Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY or the end user does not have an active license is strictly prohibited.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not introduce malicious programs into the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not attempt to breach security or disrupt network communications on INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources. Security breaches include, but are not limited to, accessing data of which the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY User is not an intended recipient or logging into a server or account that the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY User is not expressly authorized to access, unless these duties are within the scope of their regular duties.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not download or install any unauthorized hardware or software onto INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY IT Resources. D. Email and Internet Usage Access INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY provides e-mail and Internet access for business purposes only. INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users have the responsibility to maintain and enhance INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY’s public image and to use INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY e-mail and Internet access in a manner that reflects well on the INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY. When sending external or internal emails that are confidential in nature, INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users should include the Confidentiality Notice provided in Appendix A or a substantially similar confidentiality notice.
- Unacceptable Use – Email and Internet Usage Access
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not send unsolicited email messages, including the sending of “junk mail” or other advertising material to individuals who did not specifically request such material (email spam), the posting of non-business related messages to a large number of individuals on Usenet newsgroups (newsgroup spam), or the creation or forwarding of “chain letters,” jokes, “ponzi,” or other “pyramid” schemes of any type.
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not send, retrieve, or store any communications of a discriminatory or harassing nature or any materials that are obscene or “X-rated.”
- INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY Users shall not use the Internet for any inappropriate uses. Specifically, the following rules apply to Internet usage: there shall be no browsing of a web site which contains pornographic or sexually explicit material; no disabling of browser warnings regarding the danger of downloads without authorization from the IT Department; no use that could create an intimidating, hostile or offensive work environment; and no transferring of INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY’s confidential information.
- Any INTERNATIONAL PEACE COMMITTEE FOR INTERFAITH HARMONY User found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Enforcement
- This policy shall be reviewed by the CHAIRMAN/MD and Risk Management Committee for the CHAIRMAN/MD final approval.