Acceptable Use Policy
To ensure YOTTA resources are used by the employees in a manner which doesn’t compromise the confidentiality, integrity and availability of YOTTA’s information processing assets.
“Employee” includes all employees of the Organization as well as contractors, temporary staff and third parties that are granted access to Organizational information assets.
3.0 Policy elements
- All YOTTA users are responsible for exercising good judgment regarding appropriate use of YOTTA resources in accordance with YOTTA policies, procedures, standards, and guidelines.
- YOTTA resources may not be used for any unlawful or prohibited purpose.
- While YOTTA desires to provide a reasonable level of privacy, users should be aware that the data they create on the corporate systems shall remain the property of YOTTA.
- For security, compliance, and maintenance purposes, YOTTA may monitor and audit all its equipment, systems, network, and Information assets at any time and without prior notice. This includes, but not limited to, recording of all internet addresses and electronic communications accessed by user.
- No unauthorized device shall be permitted to connect to YOTTA network under any circumstances.
- All unauthorized network monitoring and scanning of YOTTA network and Information assets are strictly prohibited under all circumstances.
- Passwords are confidential. They should never be shared or displayed. Users are responsible for the protection of their passwords.
- All users shall, at all times, be responsible for the proper use of accounts issued in their names. Users
- shall not share their accounts to anyone for any purpose unless it is a generic account created for support purposes.
Inappropriate use of company email – Our employees represent our company whenever they use their corporate email address. They must NOT:
- Sign up for illegal, unreliable, disreputable or suspect websites and services.
- Send unauthorized marketing content or solicitation emails.
- Register for a competitor’s services unless authorized.
- Send insulting or discriminatory messages and content.
- Intentionally spam other people’s emails, including their coworkers. YOTTA Infrastructure has the right to monitor and archive corporate emails.
5.0 Internet usage
The use of YOTTA information and information resources is a privilege and not a right. Employees must NOT use internet to:
- Download or upload obscene, offensive or illegal material.
- Send confidential information to unauthorized recipients.
- Invade another person’s privacy and sensitive information.
- Download or upload movies, music and other copyrighted material and software.
- Visit potentially dangerous websites that can compromise the safety of our network and computers.
- Perform unauthorized or illegal actions, like hacking, fraud, buying/ selling illegal goods and more.
Employees must NOT use YOTTA network to:
- Join discussion boards, chat rooms, and other Internet forums not sponsored by YOTTA using YOTTA credentials or email address, unless previously authorized in writing by the legal team, to do so.
- Attempt to gain illegal access or cause harm or damage to remote systems on the Internet.
- Host personal websites or produce web pages or sites for YOTTA or its affiliates without prior written permission from Corporate Communications.
- Post / publish YOTTA material (software, documents, internal memos, etc.) to publicly accessible Internet computers/ systems, which supports anonymous FTP or similar services. Such a prohibition includes all public cloud storage services unless sanctioned or provided by YOTTA.
- Connect to the Internet through sources other than those approved by YOTTA Information Security. The use of anonymous sites or anonymizing software such as Tor, to mask browsing locations is strictly prohibited.
- Enable active content settings (e.g. ActiveX, Java) on Internet browsers (beyond default settings on base Images or as permitted by the IS department) without a business need and the prior approval of the Information Security Office.
7.0 Personal Data
While YOTTA desires to provide a reasonable level of privacy, users should be aware that the data they create on the corporate systems shall remain the property of YOTTA.
Your privacy and trust are important to us, in particular personal data should NOT be:
- Given to someone from the same family (such as a spouse, sibling, child, or parent), unless the data subject has given their explicit prior written consent.
- Passed to any other unauthorized third party or associate
- Placed on any of YOTTA’s websites
- Posted on the Internet in any form
- Be aware that those seeking personal data sometimes use deception in order to gain access to it. Always verify the identity of the requestor and the legitimacy of the request, particularly before releasing personal data by telephone or email.
- If you receive a request for personal data about another associate, you should forward this to the HR Department who are responsible for dealing with such requests
- Ensure any personal data you access is kept securely, either in a locked filing cabinet or, if computerized, it is password protected so that it is protected from unintended destruction or change and is not seen by unauthorized individuals.
- Do not access another associate’s records without authorization.
IT Assets and Non-IT Assets
Employees must NOT:
- Leave unattended in a public environment, any portable equipment (e.g. notebook computers, pen- drives, etc.) that contains YOTTA information. If equipment containing “proprietary” or “confidential” information is lost, users must Immediately notify the YOTTA Information Security Team.
- Operate any YOTTA provided portable computer without disk encryption enabled.
- Connect personal equipment (e.g. home computers, notebooks) to YOTTA networks or computer systems without approvals.
9.0 Software Usage
The following activities are prohibited. Users must NOT:
- Add (other than upgrades) or remove any software on YOTTA’s electronic resources without prior approval from the Information Security Office and IS department. A virus scan must be performed on software received from externally sourced media prior to installation or use.
- Install or use any unlicensed software on YOTTA’s electronic resources or while in YOTTA infrastructure facilities.
- Use “freeware” or “shareware”, software not provided by YOTTA, unless approved by CISO and GRC.
10.0 Prohibited items
- YOTTA shall prohibit performing any security testing activity including hacking, spamming, phishing, accessing or using malicious sources and malicious outbound data or botnets.
- Unauthorized applications that consume huge amounts of computer resources and internet bandwidth, such as file-sharing programs for downloading music.
- Any activities that disables, or attempts to disable, either the YOTTA networks or network access.
The YOTTA Information Security team will verify compliance to this policy through various methods, including but not limited to, periodic configuration reviews, internal and external audits, and feedback to the policy owner.
Any exception to this policy must be documented in YOTTA Risk Acceptance Waiver and approved by business owner, CISO and GRC in advance.
13.0 Non-Compliance / Enforcement
Violators of this policy may be subject to disciplinary action up to and including denial of access, legal prosecution, and/ or termination of employment.