This document defines the standards, awareness and techniques required of all Infinit-O Manila,Inc. (referred to as “INFINIT-O”) and associated company staff (permanent, casual and contractors) using the Infinit-O Manila, Inc. Internet connections.
INFINIT-O relies on digital information for its existence. Protection of that asset is crucial to INFINIT-O and benefits all its employees. All copyright in data or information created by INFINIT-O staff during the course of their work remains the property of INFINIT-O. This includes all electronic mail, faxes, software, memos, etc. All of this material requires special consideration if sent or received via the Internet.
While the majority of the security effort has involved setting up a firewall between the INFINIT-O Local area networks and the Internet, users can compromise security by using poor procedures or allowing unusual occurrences to go unnoticed.
Of paramount importance to INFINIT-O is that its reputation and integrity be preserved from association with illegal and inappropriate activities and that INFINIT-O assets, such as its mastheads, databases, hardware and software, be protected from unauthorized access and abuse. Inappropriate activity is that apart from the intended use of the equipment and facilities provided by INFINIT-O.
Inappropriate or unnecessary use of the Internet may result in a complete failure of Internet service. This would result in our business being unable to conduct its vital and necessary activities like customer service and bring our business to a complete standstill.
1. The Firewall and/or Proxy Servers
INFINIT-O is protected from the Internet at large by a system of firewalls and proxy servers. It limits the type of connections that can be established between machines on the Internet and those on the INFINITO local area network (LAN). The security of the firewall is paramount to the security of the LAN. If the firewall is breached then all computers and servers in the LAN are automatically at risk.
Use of a firewall places limits that, at times, may be frustrating or inconvenient. Every attempt has been made to balance the security requirements against ease of use and functionality needs.
Bypassing the firewall or the proxy server to gain access to unauthorized websites or services is prohibited.
2. Security
(a) Unauthorized access to INFINIT-O resources.
Unauthorized access to the INFINIT-O internal network is the major security concern. There are few barriers once the firewall is penetrated. All the measures expected of INFINIT-O staff are primarily directed at preventing this situation.
(b) Prevent unwanted disclosure of INFINIT-O information.
Accidental or malicious disclosure of INFINIT-O information can cause harm to the company and its employees. Unwanted publicity, financial loss, lawsuits and loss of competitive position could all be consequences of such a breach.
(c) Disruption of the INFINIT-O LAN and attached systems.
INFINIT-O relies heavily on its internal LAN for day to day operation. It is a core part of our ability to do business. Malicious attacks on the LAN are highly damaging but an accidental disruption to service is also possible (and more likely) if there is an intruder attempting to penetrate further after breaching the initial firewall.
(d) Disruption of Internet access.
Access to the Internet is expected to play a significant role in the way we do business. It is important to maintain stable access to the Internet as the perceived quality of our products and services is likely to be influenced by our Internet presence.
(e) All services will be denied unless explicitly permitted.
In order to minimize the likelihood of any problems through connection to the Internet, only those facilities that are considered secure and whose risks are well understood will be made available from the LAN.
3. Conduct
(a) Unauthorized & illegal use of the Internet and computer facilities is grounds for instant dismissal.
The potential for severe damage to INFINIT-O through actions, intentional or otherwise, performed via the Internet is high. Because of this potential, INFINIT-O may respond by any action including, but not limited to, instant dismissal.
Employees shall not engage in communication that may bring INFINIT-O’s reputation or that of other employees into disrepute, nor may they use company provided equipment to engage in any illegal or inappropriate activity.
Further, information transmitted electronically is subject to various laws, particularly in the areas of copyright, theft, obscenity, privacy and defamation, and INFINIT-O accepts no liability for illegal acts and action arising from unauthorized actions. The sending of obscene, harassing or threatening materials is expressly forbidden.
(b) Normal business standards are expected at all times.
Although the Internet is uncontrolled, INFINIT-O staffs accessing it are expected to maintain all the professional standards agreed to by being an employee of INFINIT-O.
All copyright in data or information created by INFINIT-O staff during the course of their work, remains the property of INFINIT-O. This includes all electronic mail, facsimiles, memorandums etc. All material being confidential must be treated as such which includes that it be encrypted and must never be posted to Internet News Groups.
(c) Racism, sexism, pornography etc. will not be tolerated.
Anything that would not be 100% reasonable if seen or heard within the office environment is not to be accessed via the Internet or stored in any form on a machine attached to the INFINIT-O LAN.
Even "accidental" access with a good explanation will be dimly viewed and repeat transgressions will lead to action being taken to eliminate the access. Under current law, such items found on, or originating from our site could result in a serious lawsuit against the company or unwanted publicity regarding the employees involved. Such access, whether or not a lawsuit is launched, may result in instant dismissal.
(d) Security must always be considered and appropriate measures taken.
It is expected that the Company's connection to the Internet will be used to transport information of varying degrees of sensitivity to INFINIT-O, our customers and suppliers. There is also the possibility that files or messages may be fake or have been tampered with in transit. Depending on the action to be performed, measures appropriate to secure the task may include, virus checking, encryption, checking facts by phone or performing the task by some other means. Facilities for all of these measures are available.
(e) Customer sensitive information to be encrypted or cleared by customer.
Sensitive information must be encrypted. If there is no form of encryption available, a written clearance must be obtained from the customer or a method other than the Internet must be used.
(f) INFINIT-O sensitive information must be encrypted.
If there is no form of encryption available, a method other than the Internet must be used. Steps must be taken to encrypt and password protect commercially sensitive information.
(g) Copyrighted or licensed material must not be duplicated or purchased without approval.
Use or possession of other data such as unlicensed software retrieved from the Internet or other sources also carry hefty penalties. Please read the license agreements and abide by them. If in doubt, do not copy the material. Employees must not make any subscription agreement to any service using company owned or operated equipment without the consent of INFINIT-O.
(I) Attempting to break into any service or site is not permitted.
It is not the job of any INFINIT-O employee to expose weaknesses in the Internet facilities of any internal or external service or site. Any issue with possible weak security that is relevant to INFINIT-O must be reported to the IT Director.
(j) Only approved software is to be used.
There are holes in numerous facilities that rely on particular software at the remote site to exploit vulnerability. For this reason, only approved client software is to be used. There may be a better, free utility available but it must not be used until approved by the IT Manager.
4. Privacy
It is the policy of INFINIT-O not to regularly monitor the content of electronic communications. However, the content of electronic communications may be monitored and the usage of electronic communications systems will be monitored to support, among others, operational, maintenance, auditing, security and investigative activities. As a matter of law, the Company may from time to time be called upon to turn over electronic communications to law enforcement and private litigants who may be suing INFINIT-O or who may be engaged in third party litigation.
Employees must be aware that no computer-based communications can be guaranteed to be free of unauthorized monitoring or interception by other parties.
It is therefore the responsibility of employees to ensure that no strictly confidential company or private information is transmitted or made accessible by such means.
Except as otherwise specifically provided or expressly authorized by INFINIT-O, employees may not intercept or disclose, or assist in intercepting or disclosing, electronic communications. The Company is committed to respecting employees’ reasonable expectations of privacy. However, the Company also is responsible for servicing and protecting its electronic communications networks and maintaining this policy. As a result, it is occasionally necessary for the Company to intercept or assist in intercepting or disclosing electronic communications.
It may be necessary for technical personnel to review the content of an individual employee's communications during the course of problem resolution. Technical support personnel may not review the content of an individual employee's communication out of personal curiosity or at the behest of individuals who have not gone through proper approval channels. Employees must respect the privacy of fellow employees and must not browse, access, copy or change private files or directories without consent.
5. Restricted Access and Passwords
Access to the Internet is a privilege. The integrity of INFINIT-O assets and the security of the firewall are at stake. The level of access and facilities provided are at the sole discretion of INFINIT-O. Employees will only be given restricted access and use of the Internet depending on the specific business with which those employees will be required to deal. Each authorized INFINIT-O Internet User will be given a Password that will allow him/her to access particular areas of the Internet. An employee's password is confidential and must not be disclosed or used by another person. Use of another person's password may lead to instant dismissal. Passwords must be changed regularly, be at least 6 characters in length, must be easy to remember and never written down. Any telephone numbers given to access the system must be treated with the same secrecy as passwords.
(a) Your manager's approval is their assurance that access is justified.
Managers are expected to be responsible for appropriate endorsement of employees' need to access the Internet. It is the manager's responsibility to ensure that employees are given only the access they require and to ensure that the need is genuine and not being abused.
(b) All facilities are a risk to be secured and justified before use.
Only those facilities that have a business purpose are secure and whose use is sufficiently monitored will be provided. A business justification and security assessment must be completed prior to implementation of any new facility.
(c) Access is granted for business purposes only.
Access will be granted only for business purposes. Any access that harms or threatens the viability of INFINIT-O will be grounds for having the access revoked. Variations to this can be set, at local level, by the IT Manager. It should be noted that Business grade Internet for the company comes at great cost and is core to the day-to-day workings of the business. Personal usage of the Internet may inadvertently cause the speed of this service to not perform as required. At no time should any person use the internet access at any INFINIT-O site for personal or other business not related to INFINIT-O.
(d) Access for personal reasons must be applied for, but may be refused.
There may be circumstances under which a staff member may have a good reason for personal access to Internet facilities such as the World Wide Web, e.g., to assist in the completion of an educational course. Given a good enough reason, such access may be granted but may also be revoked without warning or justification, access is entirely at the discretion of INFINIT-O.
(e) Access is not transferable.
Access is granted solely to the individual who applies for it. Access may not be transferred to colleagues, family or friends.
(f) Access is not permitted from dial-up lines.
Access to Internet facilities (excluding e-mail) is to be performed only from the machines attached to the LAN at INFINIT-O premises.
(g) Unauthorized transfer of files is strictly prohibited
Downloading and Uploading of non business related files is prohibited unless authorized by the Team Leaders and the Site Director. Any information downloaded from the Internet is limited to internal use only. If a customer requires something you have acquired from the Internet, inform them of where to find it and how to retrieve it, rather than to send it to them. Do not send such material unless there is no other option. If there is no other option available, permission must be granted by the IT Manager before the transmission can be performed.
(i) Access to the following website category from any workstation is prohibited unless authorized by the Team Leaders and the Site Director.
5.1. Pornographic Websites
5.2. Social Networking
5.3. Browser Based Internet Messenger Sites
5.4. Websites with file transfer services
5.5. Job Search Sites
5.6. Non Infinit-O email websites
6. E-mail
(a) E-mail may be monitored at any time.
INFINIT-O owns all correspondence to and from this site and retains the right to examine any mail at its discretion. The mail may be monitored at any time due to a number of circumstances. If it is encrypted INFINIT-O has the right of access to the key to decrypt it on demand.
(b) E-mail Attachments.
E-mail attachments are to be kept to a maximum of 2Mb - this can be varied at the discretion of the Software Manager or the IT Manager files larger than 2MB must be broken down into separate emails. Where reports from spreadsheets or databases are required for distribution, the print report should be saved as a file, and the file attached to the e-mail message.
(c) Bulk Emails.
Bulk email via Infinit-O email accounts to more than 50 recipients is not allowed unless approved each time required by the IT Manager or is an official announcement from any Admin, Management and Execom Team member .
(d) Using personal Email.
No person is allowed to use his/her personal email account for business-related correspondences. In the same manner, the business email account must not be used for personal emails. All email communications are property of Infinit – O.
(f) Automatic forwarding of Emails
Using any automated means to forward Infinit-O emails to any personal accounts or other non Infinit-O domains is prohibited unless authorized.
(g) Sending of Spam Email
Email spam though the use of Infinit-O email is prohibited.
(h) Disclaimer and Official Signature
Outgoing emails must contain the latest email signature and disclaimer.
i) Downloading of email messages from the server
Emails must not be kept on the server after download, and must be downloaded only via official company email clients (Thunderbird/Outlook).
Company email applications (Thunderbird/Outlook) must be configured not to leave messages on the server without proper authorization from the Management. Requests shall be facilitated though the ticketing system for documentation purposes. When granted, an Access Control List shall be created for this purpose and will be maintained and reviewed on a timely basis.
Emails can only be configured to temporarily leave messages in the server during migration of email or user profiles from one email client or PC to another by the IT team for contingency purposes, such configuration will be removed after three days from migration.
(j) Auto responder
Auto responder must be properly configured or set when the following team member(s) is on leave (SIL and Official Holidays)
a) Team Leaders
b) Managers
c) Admin Team
d) Other client facing team members
In case of emergency, IT will create an auto-responder on team member’s behalf though request via the ticketing system.
(k) Webmail
Web-mail must be accessed via HTTPS to ensure security.
7. Newsgroups/Chat Lines/Social Media Channels
(a) All contributed articles must disclaim speaking for INFINIT-O.
Any non-copyright articles posted must contain a disclaimer that states you are not speaking for INFINITO. It is suggested that this be included as part of your 'signature file'. Copyright material must never be posted to the Internet.
(b) No employee is to speak for INFINIT-O in UseNet newsgroups.
Statements on behalf of INFINIT-O in a newsgroup are likely to be viewed as a public statement by the company, despite the fact that newsgroup articles can be faked, convincingly or otherwise. For this reason INFINIT-O will not use these forums to make any public statement unless it is to point out a more reliable source of information. Only selected staff will be authorized to post articles that point to these sources.
(c) Newsgroups are not to be created by INFINIT-O employees.
INFINIT-O resources and name are not to be associated with the proposal, call for discussion or creation of a UseNet newsgroup.
8. User Acknowledgment
If you have any additional questions about the above policies, address them to your Site Director. INFINIT-O employees agree to abide by this Internet policy as a condition of continued employment by INFINIT-O. Violation of any of the above policies may result in termination of employment or other disciplinary action. Should the Internet not be working contact your Manager first then if the problem continues contact the IT Manager.