Last Updated on August 26th, 2016

System Usage 


Reasonable Personal Use Of Computer And Communications Systems - Company X allows computer users to make reasonable personal use of its electronic mail and other computer and communications systems. All such personal use must be consistent with conventional standards of ethical and polite conduct. For example, electronic mail must not be used to distribute or display messages or graphics which may be considered by some to be disruptive or offensive (such as sexual jokes or pornography).


Use at your own Risk - Workers access the Internet with Company X facilities at their own risk. Company X is not responsible for material viewed, downloaded, or received by users through the Internet. Electronic mail systems may deliver unsolicited messages that contain offensive content.


User IDs and Passwords


Personal User IDs Responsibility - Users must be responsible for all activity performed with their personal user IDs. They must not permit others to perform any activity with their user IDs, and they must not perform any activity with IDs belonging to other users.


Strong Passwords – Users must choose passwords that are difficult to guess. For example, users must not choose a dictionary word, derivatives of user IDs, common character sequences, details of their personal history, a common name, or a word that reflects work activities.


Electronic Messaging


Identity Misrepresentation - Workers must not misrepresent, obscure, suppress, or replace their own or another person's identity on any Company X electronic communications.


Handling Attachments - All electronic mail attachment files from third parties must be scanned with an authorized virus detection software package before opening or execution.


Internet and Web Usage


Posting Sensitive Information - Workers must not post un-encrypted Company X material on any publicly-accessible Internet computer that supports anonymous FTP or similar publicly-accessible services, unless the posting of these materials has been approved by the director of Public Relations.


Offensive Web Sites - - Company X is not responsible for the content that workers may encounter when they use the Internet. When and if users make a connection with web sites containing objectionable content, they must promptly move to another site or terminate their session. Workers using Company X computers who discover they have connected with a web site that contains sexually explicit, racist, sexist, violent, or other potentially offensive material must immediately disconnect from that site.


Data Storage


Establishing Third-Party Networks - Workers must not establish any third-party information storage network that will handle Company X information (electronic bulletin boards, blogs, could storage) without the specific approval of the Information Security department.


Internal Systems


Eradicating Computer Viruses - Any user who suspects infection by a virus or malicious software must immediately call the corporate help desk, and make no attempt to eradicate the virus themselves without help from Information Technology Department.


Prohibition Against All Forms Of Adult Content - All forms of adult content (pornography or what some would consider to be pornography) are prohibited on Company X computers and networks. This includes content obtained via web sites, email attachments, CD-ROMs, and file sharing networks.


Personal Equipment


Current Virus Software- Every Company X worker who examines, processes, or stores Company X information using a computer that he or she owns must install and regularly run the most current version of a virus detection software package approved by the Information Security Department.


User Installation Of Software - Users must not install software on their personal computers, network servers, or other machines without receiving advance authorization to do so from the Information Security Manager.


Physical Security


Positioning Display Screens - The display screens for all personal computers used to handle sensitive or valuable data must be positioned such that the information cannot be readily viewed through a window, by persons walking in a hallway, or by persons waiting in reception and related areas. Care must also be taken to position keyboards so that unauthorized persons cannot readily see workers enter passwords, encryption keys, and other security-related parameters.


Telephones and Voice Mail


Sensitive Information On Voicemail - Workers must not record messages containing sensitive client information on answering machines or voice mail systems.


Use of VOIP on Personal Computers - Company X workers must not make telephone calls that communicate confidential or secret information using soft phones that support voice over IP on their personal computers.


Security Incident Reporting


Reporting Security Events – Any suspected events that may compromise information security or are known to violate an existing security policy must be immediately reported to the Information Security Manager.

VIOLATIONS


Any violation of this policy may result in disciplinary action, up to and including termination of employment. Company X reserves the right to notify the appropriate law enforcement authorities of any unlawful activity and to cooperate in any investigation of such activity.


Company X does not consider conduct in violation of this policy to be within an employee’s or partner’s course and scope of employment, or the direct consequence of the discharge of the employee’s or partner’s duties. Accordingly, to the extent permitted by law, Company X reserves the right not to defend or pay any damages awarded against employees or partners that result from violation of this policy.


DEFINITIONS


Partner – Any non-employee of Company X who is contractually bound to provide some form of service to Company X.


Password – An arbitrary string of characters chosen by a user that is used to authenticate the user when he attempts to log on, in order to prevent unauthorized access to his account.


System Administrator – An employee or partner who is responsible for managing a Company X multi-user computing environment. The responsibilities of the system administrator typically include installing and configuring system hardware and software, establishing and managing user accounts, upgrading software and backup and recovery tasks.


User - Any Company X employee or partner who has been authorized to access any Company X electronic information resource.


REFERENCES

CPL: 4.5 Acceptable Use of Assets

ISO/IEC 27002: 8.1.3 Acceptable Use of Assets HIPAA: Workstation Use 164.310(b) (R)

PCI-DSS: 12.3 Acceptable Usage NIST: PL-4 Rules of Behavior

APPROVAL AND OWNERSHIP :

Owner Title: William J Rapp Jr / CEO - Bill Rapp Real Estate PLLC (Company X)

Date: 10/1/18

Signature : William J Rapp Jr


Security Policy

“ This site is not a part of the Facebook website or Facebook inc. Additionally, This site is NOT endorsed by Facebook in any way. Facebook is a trademark of FACEBOOK, inc.”