Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
74 lines (47 sloc) 6.53 KB

Acceptable Use Policy

This Acceptable Use Policy (AUP) details how all users of any Made Tech IT device or service must behave, and is based on Made Tech’s guiding principles of treating people fairly and like adults. We trust our team members to do the right thing, and this policy is here to help guide individuals when they seek advice in how they should conduct themselves in any situation.

The AUP policy outlines the acceptable use of equipment and services at Made Tech and puts in place rules to protect everyone who uses them. Inappropriate use of equipment and services exposes both Made Tech and our clients to risks. These risks include virus attacks, compromise of network systems and services, and legal action.

As with any policy, there are consequences to non-compliance, including potential disciplinary action being taken which may lead to dismissal and/or criminal proceedings.

Made Tech endeavours to continually improve all policies and if you have feedback, please contact the Operations Team.

Below are the minimum expectations for accessing those services appropriate to your role and responsibilities.

I will act with integrity at all times

I will use the Made Tech service for the purpose it is intended for at all times, and not do anything knowingly that could harm the integrity or reputation of Made Tech.

I will use any Made Tech issued devices properly

I understand Made Tech issued devices are issued for work purposes and I agree to return them for inspection as and when required. I will return it on leaving the employment of Made Tech or when it is no longer required unless otherwise agreed with Made Tech prior to leaving.

Personal Use

I will exercise good judgement at all times regarding the reasonableness of any personal use

I will enable 2-factor authentication where this is available

2-factor authentication (2FA) requires two forms of authentication, often a password and a code, sometimes sent via SMS or an application. It helps protect user accounts in the case that your password is somehow exposed.

I will ensure I report the arrival of guests and visitors promptly

We keep a record of all visitors to the Made Tech office. All visitors should be logged using the appropriate system and you should alert the member of the team they are here to visit. If someone tries to enter the office and you feel uncomfortable, you are within your rights to challenge their reasons for entry (gently).

If my device is stolen or missing, I immediately report it

Lots of information can be extracted from stolen or misplaced laptops, even in some cases when the disk has been encrypted. Report a missing machine quickly, better safe than sorry. We use remote device management to remotely wipe data from your device in the event that it is stolen. You should report all stolen items to the IMS Manager or CSO, who will record the incident.

I will backup my work in the right place

Information saved on a device is at risk of loss or theft and will not be backed up. To protect against theft, laptops are encrypted. Made Tech backs up data stored on G-Suite, GitHub, and Slack. Each team at Made Tech has their own Team Drive and it is the responsibility of those teams to maintain what is kept in those drives. All data must be copied to these locations to ensure there is no data loss in the event of your laptop becoming unusable.

I follow the guidance around passwords

Keep passwords secure and do not share accounts with anyone else. You are responsible for the security of your passwords and account.

I will not share my laptop with anyone else, including under a separate user account

The laptop you use for working should not be used by anyone else; for example a partner having a separate user account or sharing a generic login.

I will not open unfamiliar email attachments, and I will always check the actual address for links in emails, even from trusted colleagues

Phishing and in particular spear phishing (which targets specific individuals within a specific organisation) is a genuine threat with recorded attacks everyday.

I report anything that could be a security incident

If you experience or see anything suspicious, or anything that you know breaks one of our security policies, report it to either the IMS manager or CSO. As a general rule, if you are not sure whether to report something, report it anyway. We'd always rather know.

I will manage software responsibly

Made Tech needs to account for, and report against all its software assets to comply with best industry practice, so you should install any software in accordance with the licensing requirements. You should also not remove any software installed by the Made Tech Internal IT team without first agreeing a case for doing so.

I ensure any software I use is up to date

You are responsible for keeping your device software up to date with updates and security patches. The Made Tech Internal IT Services team, will from time to time audit and validate the status of your device.

I use any admin privileges I receive responsibly

I will ensure the Admin Account on Made Tech IT issued equipment remains accessible to the Made Tech Internal IT Team at all times.

I am careful when using bluetooth connections

Bluetooth is enabled on your device and can be used safely within an office or your home. Its use outside of those environments is not recommended as they may be easily compromised.

I use my email account responsibly

Use of your company email addresses should be for work-related content only. Do not use your email address to login to non-work related websites or social media

I am conscious of my web footprint

Be aware that your online profiles and activity may link back to Made Tech so be aware of this when you publish anything online

I am responsible when using personal devices on Made Tech networks

The Made Tech Staff Wifi may be accessed using personal devices subject to these Rules and the Made Tech BYOD policy. If you're using your own device on the Made Tech network, do not use it for anything which is not acceptable at work.

I abide by the Made Tech network security and monitoring policies

The intentional bypassing of Made Tech network security and monitoring, such as via Tor or VPN, is forbidden.

I follow the Made Tech Secure Device OS Administration policies

No user account is to be provided with administrative privileges on secure devices unless a case has been agreed by the IMS management team and/or leadership. The administrator account is to be used for all higher level access. Administrator passwords are to be stored securely.

You can’t perform that action at this time.