PISE Internet and Email Use Policy

Image

Purpose

This policy defines and outlines acceptable use of Internet and Electronic mail (E-mail) at the Pacific Institute for Sport Education (PISE). This policy is in place to protect both the user and PISE.

 

This policy applies to all:

  • ·offices and users, including employees, contractors, consultants, temporaries, volunteers and other workers within the Pacific Institute for Sport Education and,
  • Resources and information technology equipment owned or leased by the Pacific Institute for Sport Education regardless of the time of day, location or method of access.

 

Responsibility for Compliance

Each office/work area within PISE is responsible for assuring that employees and users under their authority have been made aware of the provisions of this policy, that compliance by the employee is expected, and that intentional, inappropriate use of Internet and E-mail resources may result in disciplinary action up to and including dismissal. To demonstrate awareness and knowledge of this policy, signed acknowledgement forms are required.  It is also each manager’s responsibility to enforce and manage this policy.

 

Internet and Electronic Mail – Acceptable Use Policy

As provisioned, Internet and E-mail resources, services and accounts are the property of the Pacific Institute for Sport Education (PISE).   These resources are to be used for PISE business purposes in serving the interests of PISE, its clients, members, partners, and staff in the course of normal business operations.  The acceptable use of Internet and E-mail represents the proper management of a Pacific Institute for Sport Education business resource.

 

Documents and files produced by employees, contractors and others working for PISE are the property of PISE and must be properly stored and backed up. Network drives are provided for the storage of documents and files related to an employee’s work at PISE. It is expected that staff will use the appropriate network location for saving files related to their employment.  Work related files are not to be saved to the user’s local computer.  Work related files of a personal nature, such as expense reports and performance reviews, may be saved on a network drive provided for this use however work related files must not be saved to these drives.  Any personal files saved to a user’s local computer drive are the sole responsibility of the user and the PISE IT Department shall not be responsible for their backup or recovery.

The following sets out the rules and guidelines that must be adhered to when using the network facilities provided by PISE, including Internet and E-mail.  In compliance with the laws of the Province of British Columbia and this policy, employees of PISE are encouraged to use the Internet and E-mail to their fullest potential to:

•     Further the PISE mission

•     To provide service of the highest quality to PISE clients

•     To discover new ways to use resources to enhance service, and

•     To promote staff development

 

  1. PISE employees should use the Internet and E-mail, when appropriate, to accomplish job responsibilities more effectively and to enrich their performance skills. The ability to connect with a specific Internet site does not in itself imply that an employee is permitted to visit that site.

     

  2. Monitoring tools are in place to monitor employees’ use of E-mail and the Internet. Employees shall have no expectation of privacy associated with E-mail transmissions and the information they publish, store or access on the Internet using PISE resources.

     

  3. Incidental personal uses of Internet and E-mail resources are permissible, but not encouraged.Excessive personal use shall lead to loss of the resource privileges and may result in disciplinary action up to and including dismissal. Employees are responsible for exercising good judgment regarding incidental personal use. Any incidental personal use of Internet or Email resources must:

•     Not cause any additional expense to the Pacific Institute for Sport Education

•     Be infrequent and brief

•     Not have any negative impact on the employee's overall productivity

•     Not interfere with the normal operation of the employee's business unit

•     Not compromise the employee's business unit or PISE in any way

•     Be ethical and responsible

 

Employee/User Responsibilities:

  • Read, acknowledge and sign an acceptable use policy statement before using these resources.
  • Use access to the Internet and E-mail in a responsible and informed way, conforming to network etiquette, customs, courtesies, and any or all applicable laws or regulation.
  • As with other forms of publication, copyright restrictions/regulations must be observed.
  • Employees shall be aware that their conduct or information they publish could reflect on the reputation of PISE. Therefore, professionalism in all communications is of the utmost importance.
  • Employees that choose to use E-mail to transmit sensitive or confidential information should encrypt such communications using approved products for secure electronic messaging services.
  • Employees shall represent themselves, their business unit or, PISE accurately and honestly through electronic information or service content.

 

Supervisor Responsibilities:

  • Supervisors are required to identify Internet and E-mail training needs and resources, to encourage use of the Internet and E-mail to improve job performance, to support staff attendance at training sessions, and to permit use of official time for maintaining skills, as appropriate.
  • Supervisors are expected to work with employees to determine the appropriateness of using the Internet and E-mail for professional activities and career development, while ensuring that employees do not violate the general provisions of this policy, which prohibit using the Internet and E-mail for personal gain.
  • Managers and supervisors who suspect that an employee is using E-mail inappropriately must advise senior management in writing before attempting to gain access to the employee's E-mail account.

 

Prohibited and Unacceptable Uses and Consequences:

Use of Internet and E-mail resources is a privilege that may be revoked at any time for unacceptable use or inappropriate conduct. Any abuse of acceptable use policies may result in notification of PISE management, revocation of access and, disciplinary action up to and including dismissal.

 

The following activities are, in general, strictly prohibited.  With appropriate approvals, employees may be exempt from these prohibitions during the course of job responsibilities and legitimate PISE business.

 

  • Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, including but not limited to, the downloading, installation or distribution of pirated software, digital music and video files.
  • Engaging in illegal activities or using the Internet or E-mail for any illegal purposes, including initiating or receiving communications that violate any provincial, federal or local laws and regulations. This includes malicious use, spreading of viruses, and hacking.Hacking means gaining or attempting to gain the unauthorized access to any computers, computer networks, databases, data or electronically stored information.
  • Using the Internet and E-mail for personal business activities in a commercial manner such as buying or selling of commodities or services with a profit motive.
  • Using resources to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws, whether through language, frequency or size of messages. This includes statements, language, images, E-mail signatures or other materials that are reasonably likely to be perceived as offensive or disparaging of others based on race, national origin, sex, sexual orientation, age, disability, religious or political beliefs.
  • Using abusive or objectionable language in either public or private messages.
  • Knowingly accessing pornographic sites on the Internet and disseminating, soliciting or storing sexually oriented messages or images.
  • Misrepresenting, obscuring, suppressing, or replacing a user’s identity on the Internet or Email.This includes the use of false or misleading subject headers and presentation of information in the distribution of E-mail.
  • Employees are not permitted to use the E-mail account of another employee without receiving written authorization or delegated permission to do so.
  • Employees are not permitted to forge E-mail headers to make it appear as though an Email came from someone else.
  • Sending or forwarding chain letters or other pyramid schemes of any type.
  • Sending or forwarding unsolicited commercial E-mail (spam) including jokes.
  • Soliciting money for religious or political causes, advocating religious or political opinions and endorsing political candidates.
  • Making fraudulent offers of products, items, or services originating from any PISE account.
  • Using official resources to distribute personal information that constitutes an unwarranted invasion of personal privacy or where such distribution is contrary to the Pacific Institute for Sport Education Privacy Policy.
  • Online investing, stock trading and auction services such as eBay unless the activity is for PISE business.
  • Developing or maintaining a personal web page on or from a Pacific Institute for Sport Education device.
  • Use of peer-to-peer (referred to as P2P) networks such as Bit Torrent, Napster, Kazaa, Gnutella, Grokster, Limewire and similar services.
  • Streaming music and video from internet sites, except where it is required to access a specific resource related to a staff member’s duties.Streaming music, video, etc for entertainment purposes is not permitted.
  • Installing software that has not been approved by the IT Department and which does not relate to the user’s role at PISE.
  • Connecting, or permitting the connection of, a non-PISE computer or computing device to the PISE business network. This includes equipment belonging to our partners and clients.
  • Any other non-business related activities that will cause congestion, disruption of networks or systems including, but not limited to: Internet games, online gaming, unnecessary Listserve subscriptions and E-mail attachments. Chat rooms and messaging services such as Internet Relay Chat (IRC), I SeeK You (ICQ), AOL Instant Messenger, MSN Messenger and similar Internet-based collaborative services. Skype may be employed provided that it is used for business only and that all steps have been taken by users to protect the host computers from viruses, trojans and similar such malicious software.

Emails as Corporate Records

  • Email messages, including any electronic attachments, created, collected, received or transmitted in the normal course of business which reflect the functions, business activities, and decisions of the business are corporate records.  A record held elsewhere on behalf of PISE is also under its control (ie. employee’s home or on business travel).  Since most email messages are records, these must be kept.  As such, emails must not be automatically forwarded to other mailboxes (ie. personal mailboxes).

    Purpose

    Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of the Pacific Institute for Sport Education’s network. As such, all PISE employees (including contractors, partners and vendors with access to PISE systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.

    The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change.  This policy applies to all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at the PISE facility, has access to the PISE network, or stores any non-public PISE information.

    Password Policy

    General Guidelines

  • All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) must be changed on at least a quarterly basis.
  • All user-level passwords (e.g., email, web, desktop computer, etc.) must be changed at least every six months. The recommended change interval is every four months.
  • User accounts that have system-level privileges granted through group memberships or programs such as "sudo" must have a unique password from all other accounts held by that user.
  • Passwords must not be inserted into email messages or other forms of electronic communication.
  • Where SNMP is used, the community strings must be defined as something other than the standard defaults of "public," "private" and "system" and must be different from the passwords used to log in interactively. A keyed hash must be used where available (e.g., SNMPv2).
  • All user-level and system-level passwords must conform to the guidelines described below.
  • General Password Construction Guidelines

    Passwords are used for various purposes at PISE. Some of the more common uses include: user level accounts, web accounts, email accounts, screen saver protection, and local router logins. PISE systems do not have support for one-time tokens (i.e., dynamic passwords that are used only once).  Therefore, everyone should be aware of how to select strong passwords.

    Poor/ weak passwords have the following characteristics:

  • The password contains less than eight characters
  • The password is a word found in a dictionary (English or foreign)
  • The password is a common usage word such as:

  • Names of family, pets, friends, co-workers, fantasy characters, etc.
  • Computer terms and names, commands, sites, companies, hardware, software.
  • The words "PISE", "Pacificinstitute", or any derivation.
  • Birthdays and other personal information such as addresses and phone numbers.
  • Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
    • Any of the above spelled backwards or, any of the above preceded or followed by a digit (e.g., secret1, 1secret)

Strong passwords have the following characteristics:

  • Contain both upper and lower case characters (e.g., a-z, A-Z)
  • Have digits and punctuation characters as well as letters (e.g., 0-9,!@#$%^&*()_+|~- =\`{}[]:";'<>?,./)
  • Are at least eight alphanumeric characters long.
  • Are not a word in any language, slang, dialect, jargon, etc. or, based on personal information, names of family, etc.

Password Protection Standards

  • Do not use the same password for PISE accounts as for other non-PISE access (i.e., personal ISP account, option trading, benefits, etc.). Where possible, don't use the same password for various PISE access needs. (i.e., select one password for the email systems and a separate password for desktop computer systems)
  • Do not share PISE passwords with anyone, including other employees, members, clients, or volunteers. All passwords are to be treated as sensitive, confidential PISE information and at no time should you:
  • Reveal a password over the phone or, in an email message to ANYONE.
  • Reveal a password to the boss.
  • Talk about a password in front of others or share a password with family members.
  • Hint at the format of a password (e.g., "my family name").
  • Reveal a password on questionnaires or security forms.
  • Reveal a password to co-workers while on vacation
  • If someone demands a password, refer them to this document or have them call the appropriate Information Technology designate at the Pacific Institute for Sport Education.
  • Do not use the "Remember Password" feature of applications (e.g., Eudora, Outlook, Netscape Messenger).

     

    Again,

     

  • Change passwords at least once every six months (except system-level passwords which must be changed quarterly). The recommended change interval is every four months.
  • If an account or password is suspected to have been compromised, report the incident to Information Technology and change all passwords.
  • Do not use your assigned user name / password to log someone else into the PISE computer networks or web-based applications. Such action severely compromises the security of the networks and your personal account and may be considered grounds for dismissal.
  • do not write passwords down and store them anywhere in your office and do not store passwords in a file on ANY computer system (including blackberries or similar devices) without encryption.

Password cracking or guessing may be performed on a periodic or random basis by IT or its delegates. If a password is guessed or cracked during one of these scans, the user will be required to change it.

 

Use of Passwords and Passphrases for Remote Access Users

Access to the Pacific Institute for Sport Education networks via remote access is to be controlled using either a one-time password authentication or a public/private key system with a strong passphrase.

 

Passphrases are generally used for public/private key authentication. A public/private key system defines a mathematical relationship between the public key that is known by all, and the private key, that is known only to the user. Without the passphrase to "unlock" the private key, the user cannot gain access.  Passphrases are not the same as passwords. A passphrase is a longer version of a password and is, therefore, more secure. A passphrase is typically composed of multiple words. Because of this, a passphrase is more secure against "dictionary attacks."  A good passphrase is relatively long and contains a combination of upper and lowercase letters and numeric and punctuation characters (i.e., "The*?#>*@TrafficOnThe101Was*&#!#ThisMorning")

 

All of the rules above that apply to passwords apply to passphrases.

 

Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.


By clicking 'I Agree' below, you agree that you have read and agree with the terms of the waiver and that the information you provided is accurate. You furthermore agree that your submission of this form, via the 'I Agree' button, shall constitute the execution of this document in exactly the same manner as if you had signed, by hand, a paper version of this agreement.