From SJA

Contents 1 Overview 2 Purpose 3 Scope 4 Policy 5 Procedure 6 Unacceptable Use 6.1 System and Network Activities 6.2 Email and Communications Activities 7 Enforcement 8 Forms

Overview

The Electronic Information system of The St. John Council for Alberta (aka St. John Ambulance Alberta, SJA) represents the largest, single asset of SJA. The protection and security of the electronic information systems is critical to the very survival of SJA. These systems are only to be used for business purposes in serving the interests of SJA, and of our clients and customers in the course of normal operations. Effective security is a team effort involving the participation and support of every SJA employee and affiliate who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly.

Purpose

The purpose of this policy is to outline the acceptable use of computer equipment at SJA. These rules are in place to protect the employee and SJA. Inappropriate use exposes SJA to risks including virus attacks, compromise of network systems and services, and legal issues.

Scope

This policy applies to employees, contractors, consultants, temporaries, volunteers, and other workers at SJA, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by SJA, which includes Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and file access. Corresponding documents include the Mobile Network Device Policy, the Information Sensitivity Policy, the Backup Procedure, and the Data Security Guidelines document.

Policy

1. All data created on the SJA Network systems is the property of SJA.
2. SJA Reserves the right to monitor any electronic communication or data transaction to ensure system security and integrity, and compliance with this policy.
3. Personal use of the SJA Network without authorization from the Executive Director or a designate is strictly prohibited.
4. Any addition, deletion, modification, or other changes (whether to software, hardware, or other aspects of the system), to SJA Network systems by persons other than the SJA Network Administrator must be pre-authorized by the Executive Director or a designate..
5. All information stored on the SJA Network is to be properly protected. For guidelines on information classification, see the Information Sensitivity Policy. For guidelines on protecting email and documents, refer to the Data Security Guidelines.
6. Only users authorized by SJA Network Administration may have access to the SJA Network. Information stored on the SJA Network is only to be accessible by users that need to see it.
7. SJA Network Accounts and passwords are issued for the sole use of authorized users.

Procedure

1. All PCs, laptops and workstations must be secured with a password-protected screen lock or logged-off when the machine is unattended.
2. Authorized users must keep passwords secure and not to share accounts. Authorized users are responsible for the security of their passwords and accounts. Authorized users are responsible for any actions committed with the use of their accounts. System level passwords should be changed quarterly; user level passwords should be changed every 40 days.
3. Use necessary protection of information in compliance with Data Security Guidelines.
4. Because information contained on portable computers is especially vulnerable, special care shall be exercised. Protect laptops in accordance with the SJA Laptop Security Policy.
5. Employees must use extreme caution when engaging in the following activities which may expose the SJA network to viruses, e-mail bombs, or Trojan horse code: opening e-mail attachments, downloading files from the internet or other sources, or visiting web pages that may contain hostile scripts. It is the responsibility of the employee to exercise due diligence to protect the SJA network from these threats. Refer to the Network Safety Guidelines document for more information.

Unacceptable Use

The following activities are specifically prohibited.

System and Network Activities

1. Using SJA resources to engage in any activity that is illegal under local, provincial, federal or international law
2. Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not licensed for use by SJA
3. Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal and prohibited.
4. Introduction of malicious programs into the network (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.)
5. Revealing your account password to others or allowing unsupervised use of your account by others. This includes family and other household members when work is being done at home
6. Using a SJA computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws (e.g. pornography) in the user's local jurisdiction
7. Unauthorized personal use of the SJA Network
8. Making fraudulent offers of products, items, or services originating from any SJA account
9. Making statements about warranty, expressly or implied, unless it is a part of normal job duties
10. Unauthorized effecting of security breaches or disruptions of network communication (SJA employees are required to report any known security breach or exploit to Network Administration.)
11. Unauthorized Circumventing of user authentication or security of any host, network or account
12. Providing information about, or lists of, SJA employees and customers to parties outside SJA without pre-authorization
13. Using SJA equipment for business activities not related to SJA without prior written approval from Network Administration

Email and Communications Activities

1. Sending unsolicited email messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (email spam)
2. Any form of harassment via email, telephone or paging, whether through language, frequency, or size of messages
3. Unauthorized use, or forging, of email header information
4. Solicitation of email for any other email address, other than that of the poster's account, with the intent to harass or to collect replies
5. Creating or forwarding "chain letters", "Ponzi" or other "pyramid" activities of any type
6. Use of unsolicited email originating from within SJA's networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by SJA or connected via SJA's network without authorization
7. Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam)

SJA employees are responsible for any consequences that result from their communications.

Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Forms

All SJA network users must sign off on the policy. This sign off is included on the form.

• Link to SJA Alberta Network Access Form