2.16 – IT Systems Acceptable Use Policy

IT Systems Policy is designed to protect Open Door, our employees, stakeholders, and other partners from harm caused by the misuse of our IT systems and our data.  Misuse includes both deliberate and inadvertent actions.  Everyone employed by Open Door is responsible for the security of our IT systems and the data on them.

Use of IT Systems

All data stored on Open Door’s systems is the property of Open Door. Users should be aware that the company cannot guarantee the confidentiality of information stored on any Open Door’s system except where required to do so by local laws.  Any information that is particularly sensitive or vulnerable must be encrypted and/or securely stored so that unauthorized access is prevented. Open Door can monitor the use of its IT system and the data on it at any time.  This may include (except where precluded by local privacy laws) examination of the content stored within the email and data files of any user, and examination of the access history of any users.  Open Door reserves the right to regularly audit networks and systems to ensure compliance with this policy.

Data Security

1. Users must take all necessary steps to prevent unauthorized access to confidential information
2. Users are expected to exercise reasonable personal judgement when deciding which information is confidential
3. Users must not send, upload, remove on portable medial or otherwise transfer to a non-Open Door system any individuals protected information without consent or company information that is designated as confidential, or that they should reasonably regard as being confidential to Open Door except where explicitly authorized to do so in the performance of their regular duties.
4. Users must keep passwords secure and not allow others to access their accounts.  Users must ensure all passwords comply with Open Door safe password policy.
5. Users who are supplied with computer equipment by Open Door are responsible for the safety and care of that equipment, and the security of software and data stored on it and on other Open Door systems that they can access remotely using it.
6. Because information on portable devices, such as laptops, tablets and smartphones, is especially vulnerable, special care should be exercised with these devices; sensitive information should be stored in encrypted folders only.  Users will be held responsible for the consequences of theft of or disclosure of information on portable systems entrusted to their care if they have not taken reasonable precautions to secure it.
7. All workstations (desktops and laptops) should be secured with-a lock-on-idle policy active after at most 10 minutes of inactivity.  In addition, the screen and keyboard should be manually locked by the reasonable use whenever leaving the machine unattended.
8. Users who have been charged with the management of those systems are reasonable for ensuring that they are at all times properly protected against known threats and vulnerabilities as far as is reasonably practicable and compatible with the designated purpose of those systems.
9. Users must always guard against the risk of malware being imported into Open Door’s systems by whatever means and must report any actual or suspected malware infection immediately.

Unacceptable Use

The activities below are provided as examples of unacceptable use; however, it is not exhaustive.  Should an employee need an exemption from these guidelines in order to perform their role, they should consult with an obtain approval from their manager before proceeding.

• All illegal activities.  These include theft, computer hacking, malware distribution, contravening copyrights and patents, and using illegal or unlicensed software or systems.  These also include activities that contravene data protections regulations.
• All activities, including “Social Media” that may be detrimental to the success of Open Door.  These include sharing sensitive information outside the company, such as research and development information and customer lists, as well as defamation of the company.
• All activities for personal benefit only that have a negative impact on the day-to-day functioning of the business.  These include activities that slow down the computer network (e.g. streaming video, playing networked video games).
• All activities that are inappropriate for Open Door to be associated with and/or are detrimental to the company’s reputation.  This includes pornography, gambling, inciting hate, bullying and harassment through “social media”.
• Circumventing the IT security systems and protocols which Open Door has put in place.

Enforcement

Open Door will not tolerate any misuse of its systems.  While each situation will be judged on a case-by-case basis, employees should be aware that consequences may include the termination of their employment.  Use of any Open Door’s resources for any illegal activity will usually be grounds for immediate dismissal and Open Door will not hesitate to cooperate with any criminal investigation and prosecution that may result from such activity.

Last Revised: 3/14/22