The objective of this policy is to provide guidance on the use of assets belonging or entrusted to The Arc of Harrisonburg and Rockingham (The Arc) and to minimize the risk of damage by preventing security incidents and reducing their potential impact. This policy also relates to The Arc’s Code of Ethics, Rules of Behavior, and Harassment Policies.
All use of the Arc’s information systems and equipment are subject to monitoring.
All new users of The Arc’s information resources and equipment must read and sign the acknowledgement form that is part of the Rules of Behavior Policy before accessing The Arc’s data or other equipment, information systems, and/or networks. This acknowledgement must be completed annually thereafter, which may be done as part of The Arc’s annual Security Awareness briefing. By signing the form, users reaffirm their knowledge of, and agreement to adhere to, the Arc’s Rules of Behavior.
Employees, contractors, interns, or volunteers (hereinafter referred to as the end-user) will be provided access to Information Technology (IT) assets and other equipment and resources required to conduct the duties associated with their jobs. Access to and usage of The Arc-provided or on-loan assets, equipment and resources are provided for the express purpose of conducting The Arc’s business.
All Arc records, as defined by policy, that are generated, stored or handled by the Arc-provided IT assets, equipment and other resources is the property of The Arc, and not the property of the end-user. The end-user should have no reasonable expectation of privacy, as The Arc-provided IT assets, equipment and resources will be monitored and/or searched, where necessary, by The Arc.
The Arc can legally view all records, as well as any other records which may be generated, stored on or handled by The Arc-provided assets, if that action is deemed necessary for the maintenance or security of the Arc’s information, or if inappropriate use is suspected.
This policy applies to all end-users of The Arc’s assets.
Responsibility of Departments
It is the responsibility of individual departments to:
- ensure that all end-users are aware of all policies related to the use of any of The Arc’s equipment or resources; and
- monitor usage of equipment and resources, where necessary.
Responsibility of Employee/Contractor/Volunteer/Intern (end-users)
It is the responsibility of end-users to:
- use equipment and resources for work related purposes;
- not participate in any activities which are in violation of federal laws or The Arc’s policies
Access to the internet is a privilege, not a right, and is provided to end-users for the purpose of conducting The Arc’s business.
It is recognized that some personal use of the internet will occur. Incidental use is acceptable, only during approved breaks and lunch times.
End-users should be aware that the following activities are criminal in nature. Use of The Arc’s equipment and resources to engage in these activities (or similar activities not listed here) will result in discipline by the employer up to and including dismissal:
- possessing, downloading, or distributing child pornography;
- gaining unauthorized access to a computer system;
- trying to defeat the security features of the electronic networks;
- spreading viruses with intent to cause harm;
- destroying, altering or encrypting data without authorization and with the intent of making it inaccessible to others with a lawful need to access it;
- interfering with others’ lawful use of data and computers;
- sending electronic messages, without lawful authority, that cause people to fear for their safety or the safety of anyone known to them;
- disseminating messages that promote hatred or incite violence against identifiable groups;
- intercepting other people’s private communications or electronic mail (in transit);
- distributing, publishing or possessing for the purpose of distributing or publicly displaying any obscene material;
- violating another person’s copyright;
- spreading false allegations or rumors that would harm a person’s reputation; and
- unlawfully destroying, altering or falsifying electronic records.
End-users should also be aware that the following activities, while not criminal in nature, are considered unacceptable usage of the employer’s equipment and resources and will result in discipline up to and including dismissal:
downloading, viewing, accessing or distributing pornographic and/or obscene material;
- using the employer’s equipment and resources in any way that may be perceived as harassment (The Arc’s Harassment Policy applies)
- using The Arc’s equipment and resources for personal gain.
End-users should be aware that they have no reasonable expectation of privacy in email transmitted, received and stored and/or through The Arc’s computers or resources. Email, whether created or received, is the property of the employer and is not a private employee communication. The employer can monitor, search and/or legally view all email, including any private email, if that action is necessary for the maintenance of security of The Arc, or if inappropriate use is suspected.
NOTE: The following information is general guidance. The Arc’s policy for Use of Personal or Business Cellular Phones in the Workplace provides the specifics for the use of cellular phones.
Telephones issued to end-users by departments, including landlines and mobile phones, are to be used primarily to conduct The Arc’s business. It is recognized that some personal use of office telephones will occur. Incidental use is acceptable, but not beyond the point where it:
- interferes with end-user’s ability to complete work assignments and responsibilities; or
- becomes a burden on The Arc’s systems and/or resources.
Any long distance charges related to personal use of telephones must be reimbursed by the end-user.
Other Equipment and Resources
End-users should use other equipment and resources only for core purposes.