Acceptable Use Policy

Transcription

1 IT and Operations Section 100 Policy # Organizational Functional Area: Policy For: Date Originated: Date Revised: Date Board Approved: Department/Individual Responsible for Maintaining Policy: IT and Operations 06/25/ /23/ /21/2016 IS Manager Topic: Acceptable Use Section 1

2 Purpose is a critical mechanism for business communications. However, use of electronic mail systems and services are a privilege, not a right, and therefore must be used with respect and in accordance with the goals of Ameris Bank. The objectives of this policy are to outline appropriate and inappropriate use of Ameris Bank s systems and services in order to minimize disruptions to services and activities, as well as comply with applicable policies and laws. Scope This policy applies to all systems and services owned by Ameris Bank, all account users/holders (both temporary and permanent), and all company records. Account Activation/Termination access at is controlled through individual accounts and passwords. Each user of the system is required to read and sign a copy of this Acceptable Use Policy prior to receiving an access account and password. It is the responsibility of the employee to protect the confidentiality of their account and password information. All permanent employees of will receive an account. accounts will be granted to third-party nonemployees or temporary employees on a case-by-case basis as approved of the Chief Information Officer or his designee. Applications for temporary accounts must be submitted to the Ameris Bank Security Department. All terms, conditions, and restrictions governing use are applicable to these temporary users of the systems and must be documented by a signed agreement. access will be terminated when the employee or third party terminates their association with Ameris Bank. Ameris Bank is under no obligation to store or forward the contents of an individual s account after the term of their employment has ceased. General Expectations of End Users Ameris Bank delivers official communications via . As a result, employees with accounts are expected to check their in a consistent and timely manner so that they are aware of important company announcements and updates, as well as for fulfilling business and role-oriented tasks. Users are responsible for mailbox management, including organization and purging of old data records. Users are expected to remember that sent from the company s accounts reflects on the company. Please comply with normal standards of professional and personal courtesy and conduct. Users should also understand that constitutes a legal position on any matter discussed or reviewed in the communication and the information is discoverable in a court of law. 2

3 Appropriate Use Individuals are encouraged to use to further the goals and objectives of Ameris Bank. The types of activities that are encouraged include: Communicating with fellow employees, business partners, and clients within the context of an individual s assigned responsibilities. Acquiring or sharing information necessary or related to the performance of an individual s assigned responsibilities. Participating in educational or professional development activities. Inappropriate Use Ameris Bank s systems and services are not to be used for purposes that could be reasonably expected to strain storage or bandwidth. An individual s use should not interfere with the normal operations of Ameris Bank s system and services. use will comply with all applicable laws, all Ameris Bank policies, and all Ameris Bank contracts. The following activities are deemed inappropriate uses of Ameris Bank s systems and services and are prohibited: Use of for illegal or unlawful purposes, including copyright infringement, obscenity, libel, slander, fraud, defamation, plagiarism, harassment, intimidation, forgery, impersonation, soliciting for illegal pyramid schemes, and computer tampering (e.g. spreading of computer viruses). Solicit non-company business for personal profit or gain. Represent personal opinions as those of the banks when not authorized to do so. Send customer information, such as account numbers, passwords, etc., by unencrypted . These items should be communicated using secure , regular mail or in person. Use of in any way that violates Ameris Bank s policies, rules, or administrative orders, including, but not limited to items not specifically listed. Viewing, copying, altering, or deletion of accounts or files belonging to Ameris Bank or another individual without authorized permission. Sending of unreasonably large attachments. The total size of an individual message sent (including attachment) should be 25MB or less. Opening attachments from unknown or unsigned sources. Attachments are the primary source of computer viruses and should be treated with utmost caution. Sharing account passwords with another person, or attempting to obtain another person s account password. accounts are only to be used by the registered user. Use of third party systems for Ameris Bank business is prohibited. Accessing third party systems from Ameris Bank systems or devices is prohibited. Sending communications to third party systems with the intent of circumnavigating Ameris Bank Acceptable Policy, Acceptable Use policy, Information Security Policy or security procedures is prohibited. Excessive personal use of Ameris Bank resources. Ameris Bank allows limited personal use for communication with family and friends, independent learning, and public service so long as it does not interfere with staff productivity, pre-empt any business activity, or consume resource levels deemed 3

4 excessive by the Information Technology Department. Ameris Bank prohibits personal use of its systems and services for unsolicited mass mailings, non-ameris Bank commercial activity, political campaigning, dissemination of chain letters, and use by non-employees. Monitoring and Confidentiality The systems and services used at Ameris Bank are owned by the company, and are therefore its property. This gives Ameris Bank the right to monitor any and all traffic passing through its system. This monitoring may include, but is not limited to, inadvertent reading by IT staff during the normal course of managing the system, review by the legal team or any of its designees during the discovery phase of litigation, observation by management in cases of suspected abuse or to monitor employee efficiency. In addition, archival and backup copies of messages may exist, despite end-user deletion, in compliance with Ameris Bank s records retention policy. The goals of these backup and archiving procedures are to ensure system reliability, prevent business data loss, meet regulatory and litigation needs, and to provide business intelligence. Backup copies exist primarily to restore service in case of failure. Archival copies are designed for quick and accurate access by company delegates for a variety of management and legal needs. Both backups and archives are governed by the company s document retention policies. These policies indicate that must be kept for up to 10 years. If Ameris Bank discovers or has good reason to suspect activities that do not comply with applicable laws or this policy, records may be retrieved and used to document the activity in accordance with due process. All reasonable efforts will be made to notify an employee if his or her records are to be reviewed. Notification may not be possible, however, if the employee cannot be contacted, as in the case of employee absence due to vacation or if notification would be considered damaging to the investigation. Use extreme caution when communicating confidential or sensitive information via . Keep in mind that all messages sent outside of Ameris Bank become the property of the receiver. A good rule is to not communicate anything that you wouldn t feel comfortable being made public. Demonstrate particular care when using the Reply command during correspondence to ensure the resulting message is not delivered to unintended recipients. Reporting Misuse Any allegations of misuse should be promptly reported to the Information Technology Department. If you receive an offensive , do not forward, delete, or reply to the message. Instead, report it directly to the department listed above. Reporting an Information Breach In the course of preparing and sending communications via systems, there is an inherent risk of an information breach if a communication was sent to an incorrect recipient. If a communication is sent in error that meets any of the following criteria: Contains attachment(s) which have information that can be classified as Personally Identifiable Information, i.e. tax records, client records, financial statements, SSN, credit information, etc. 4

5 Contains information that would be considered intellectual property of Ameris Bank. Contains information that could negatively impact Ameris Bank s results or operations if exposed to competitors or other entities. Contains language or information that could expose Ameris Bank to litigation. Contains information not specifically listed here but which poses a risk to Ameris Bank. Immediate notification of such data breach must be communicated to the Chief Information Officer and Information Security Officer or their designees within 1 hour of discovery of such breach. Disclaimer Ameris Bank assumes no liability for direct and/or indirect damages arising from the user s use of Ameris Bank s system and services. Users are solely responsible for the content they disseminate. Ameris Bank is not responsible for any third-party claim, demand, or damage arising out of use the Ameris Bank s systems or services. Failure to Comply Violations of this policy will be treated like other allegations of wrongdoing at Ameris Bank. Allegations of misconduct will be adjudicated according to established procedures. Sanctions for inappropriate use on Ameris Bank s systems and services may include, but are not limited to, one or more of the following: 1. Temporary or permanent revocation of access; 2. Disciplinary action according to applicable Ameris Bank policies; 3. Termination of employment 4. And/or legal action according to applicable laws and contractual agreements. 5

6 EMPLOYEE CONSENT AND ACKNOWLEDGMENT FORM I, (print name), have read the Ameris Bank. I recognize that this system is the property of the bank and that Ameris Bank reserves the right to monitor usage for any reason at any time. My signature on this document means I have consented to this monitoring. I understand that should I become aware of any misuse of Ameris Bank s systems, I am obligated to inform a member of management of such misuse immediately. I understand that the failure to abide by any of the provisions of this policy may result in disciplinary action up to and including immediate termination, without prior warning or notice. Acknowledged and agreed to by: Signature: Employee s Signature Date: 6