Acceptable Usage Policy

Purpose

Acceptable usage policies clearly indicate what information system users are and are not allowed to do. The potential exists that, without these policies, information system users could violate information security and avoid punitive actions by claiming to not know about any restrictions in place. This can make it extremely difficult to enforce the measures outlined in the policy and ultimately lead to a complete disregard of the policy.

Scope

This Acceptable Usage Policy applies to all users of all information systems that are the property of Affordable Insurance Alternatives, Inc. and its dba’s. Specifically, it includes:

• All employees, whether employed on a full-time or part-time basis by Affordable Insurance Alternatives, Inc.
• All contractors and third parties that work on behalf of and are paid directly by Affordable Insurance Alternatives, Inc.
• All contractors and third parties that work on behalf of Affordable Insurance Alternatives, Inc.

but are paid directly by an alternate employer.

• All employees of partners and clients of Affordable Insurance Alternatives, Inc.

Policy

1. Affordable Insurance Alternatives, Inc .will issue acceptable usage guidelines covering the following items:
2. Computer and information system usage
3. Software and data usage
4. Internet and e-mail usage
5. Telephone usage
6. Office equipment & materials usage
   1. As a requirement of information system access, and as a component of security awareness training, all information system users, whether employees or third parties, will be required to provided signed acceptance of the acceptable usage guidelines. A copy of the signed document will be provided to the individual with the original being retained by the appropriate Human Resources department.

Procedure 1

Systems, including computers of all kinds, are the property of the organization:

• Access to, and use of, systems and the components that form them will be monitored and controlled at all times.

Procedure 2

The software tools the organization provides and the data they create and manipulate are the property of the organization:

• Software is to be used for its intended purpose only. It is not to be copied, distributed, installed, or deleted without appropriate authorization. Such activities will be monitored and controlled at all times.
• Data is to be used for its intended purpose. It is not to be copied, distributed, edited, appended, or deleted without appropriate authorization. Such activities will be monitored and controlled at all times.

Procedure 3

Internet and e-mail usage must be restricted as both activities make use of public and unsecured networks:

• The Internet is to be used for business purposes only and usage will be monitored and controlled at all times.
• E-mail is to be used for business purposes only and usage will be monitored and controlled at all times.

Procedure 4

The telephone system, including all telephones and fax machines, is the property of the organization:

• The telephone system, including all and analog and digital lines, is to be used for business purposes only and will be monitored and controlled at all times.

Procedure 5

The office materials, furnishings and supplies provided to employees are the property of the organization and are to be used for business purposes only:

• Generic materials (those that do not imply consent of the organization such as pens, blank paper, etc.) may be freely accessed but are not to be removed from those facilities without prior consent.
• Specific materials (those that imply consent of the organization such as letterhead and stamps, etc.) must have restricted access and are not to be removed from the facilities without prior consent.

Non-Compliance

Violation of any of the constraints of these policies or procedures will be considered a security breach and depending on the nature of the violation, various sanctions will be taken:

• A minor breach will result in written reprimand.
• Multiple minor breaches or a major breach will result in suspension.
• Multiple major breaches will result in termination.

Revision History