CIO Signature Approval & Date: IT ACCEPTABLE USE POLICY 1.0 PURPOSE The purpose of this policy is to define the acceptable and appropriate use of ModusLink s computing resources. This policy exists to protect the information assets and systems of ModusLink from potential harm arising from risks such as virus attacks or a compromise of its network systems and services. ModusLink s intentions for implementing such a policy are not to impose restrictions that are contrary to: Statutory laws Ability to conduct business Established culture of openness, trust and integrity ModusLink is committed to protecting its employees, customers and itself from the illegal or damaging activities carried out by individuals either knowingly or unknowingly. 2.0 SCOPE This policy applies to all full-time, part-time, temporary employees, contractors and other agents that work at ModusLink. This policy also applies to all computing resources, including: Computer equipment, peripheral devices and software that is owned, leased or licensed by ModusLink Computer equipment that is owned by a third party when it is connected to the company s systems Logical access accounts Company provided access to the Internet Company telecommunication systems and devices Originator: Art Sebastiano Page 1 of 8
In addition, ModusLink has implemented related HR policies as follows: Code of conduct Company facilities Policy inspections and searches Security in the workplace Employee use of email, Internet and voicemail usage Please refer to the ModusLink Employee Handbook for additional information about these policies. 3.0 RESPONSIBILITIES The Vice-President of Global IT Infrastructure is responsible to address inquiries, revise and ensure compliance with this policy. It is the responsibility of all employees (full-time, part-time temporary, contractors and other agents of ModusLink) to understand and abide by this policy. It is the responsibility of all employees (full-time, part-time temporary, contractors and other agents of ModusLink) to report any suspected violation of this policy to their manager. Management is responsible to escalate any reported violations of this policy to appropriate Senior IT Management as well as HR, Legal and/or law enforcement officials based on the nature and severity of the violation. Senior IT Management is responsible to assist in the communication and implementation of this policy. Senior IT Management, HR and Legal are responsible for escalating and/or investigating and resolving any violations of this policy that have been reported to them. 4.0 DEFINITIONS Acceptable Use: Any company sanctioned use of or access to the computing resources of ModusLink including computer equipment, peripheral devices, software, network devices, applications and data. Originator: Art Sebastiano Page 2 of 8
5.0 POLICY Use of Computer Equipment, Peripheral Devices and Software Company provided computer equipment; peripheral devices and software shall be used for the express purpose of conducting business on behalf of ModusLink and its subsidiaries. Limited personal use of such computer equipment, peripheral devices and software is permitted provided that such use: Is reasonable; Is not done in the conduct of non-company business or other commercial enterprise; Does not negatively impact the functionality and availability of the company s computer systems, enterprise and application systems and network services; Does not hinder other employees or third party workers from performing their job functions. Employees and third parties who work for ModusLink must: Ensure that company provided computer equipment is used properly and maintained; Be accountable for all use and the security of the electronic resources provided to them by the company, including but not limited to computer accounts, passwords, personal computers, electronic data and network access; Make appropriate use of the software, system and network provided protection features and take precautions against others obtaining access to their computer resources; Not use company provided software and electronic materials in accordance with copyright and licensing restrictions and applicable company policies; Not use company networks, equipment and software to violate copyrights or the terms of any license agreements; May not inspect, modify, distribute, or copy proprietary data, directories, programs, files, disks or software owned or licensed to the company without proper authorization; Originator: Art Sebastiano Page 3 of 8
Install upon any company owned computer equipment any copyrighted software for which the company or the user does not have an active user license; Use a company owned computing asset to actively engage in procuring or transmitting material that is in violation of the company sexual harassment or hostile workplace policies as well as laws in the user s local jurisdiction. Furthermore, employees shall not: Violate the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including but not limited to, the installation or distribution of pirated or other software products that are not appropriately licensed for the use by ModusLink or its subsidiaries; Digitize, distribute or otherwise copy material, including photographs, books and music, that is protected by copyright without proper authorization; Export software, technical information, encryption software or technology in violation of international or regional export control laws. 5.1 Use of Logical Access Accounts Employees and third parties who work for the company must: Use only the computer accounts that have been assigned to them and shall not attempt to impersonate the identities of others; Safeguard the security of the accounts and passwords assigned to them; Never allow another individual to use their account and password to access company systems; Never share account passwords; Not supply false or misleading data nor improperly obtain another person s password in order to gain access to computers or network systems, data or information; The unintentional negligence of another person in revealing an account name or password is not considered authorization of use. Use company accounts to make fraudulent offers of products, items or services; Attempt to subvert the restrictions associated with their computer accounts or network access. Originator: Art Sebastiano Page 4 of 8
5.2 Accessing Company Network Devices and Applications Employees and third parties who work for the company shall access the company s systems using only company approved methods. Employees and third parties who work for the company must not: Make unauthorized attempts to modify company systems, network devices, applications and data; Effect security breaches which includes but is not limited to: Accessing data of which the employee or third party is not an intended recipient; Log onto a server or account the employee or third party worker is not authorized to access; Attempt to temporarily or permanently disrupt routine operation of systems, or modify or extend network resources. This includes, but is not limited to: Tampering with any hardware, networks, applications, system files or other user s files without authorization or permission; Circumventing or altering protections, user authentications or other restrictions placed on computers, networks, software, applications, accounts or files (other than their own files); Implementing network sniffing, pinged floods, packet spoofing, denial of service and forged routing information; Makes resources available to circumvent or alter software protections or other restrictions placed on computers, networks, applications or files (other than their own); Encroach on another s use of computer resources; including but not limited to: Using any program/script/command or sending messages of any kind for the purpose of interfering with or disabling a user s terminal session; Tying up computer and network resources for downloading or piracy or music, movies, non-business related software or other files, or other trivial and non-company related applications; Sending harassing messages; Originator: Art Sebastiano Page 5 of 8
Sending frivolous or excessive messages, including chain letters, junk mail, spam, and other types of broadcast messages, either locally or over the Internet; Using excessive amounts of storage; Launching attacks or probes, or otherwise attempting to subvert the security of any company system, network or application; Intentionally or irresponsibly introducing any computer viruses, worms, Trojan Horses, spy ware, or other rogue programs to company hardware, applications, software, systems or networks; Physically damage computer devices with malicious intent; Execute any form of network monitoring that intercepts data not intended for their host, unless this activity is part of their normal job function. 5.3 Privacy and Ownership While respecting a reasonable level of confidentiality and privacy, all data created and stored within the company s systems remains the property of ModusLink. Because of the need to protect the company s networks and systems, ModusLink does not guarantee the confidentiality of information stored on any of its network devices other than the data that falls within the scope of numerous privacy laws such as Safe Harbor and HIPPA. ModusLink reserves the right to monitor and audit all company owned and operated computer systems and electronic/digital resources at will to ensure compliance with this policy. Additionally, ModusLink guarantees that its wide and local area networks are configured to protect corporate data and its flow from the malicious intent of individuals or entities attempting to disrupt the business operations of the company and/or corrupt its data. ModusLink takes the following steps to enforce its policies: Relating to harassment and the safety of individuals; Preventing unauthorized reproduction of distribution of proprietary technology assets; Safeguarding the integrity of its computers, networks and data; Protecting the company against potentially damaging consequences (upon termination of a user s relationship with ModusLink, the company may find it necessary to examine such resources). ModusLink may restrict the use of its computers and network systems for electronic communications when faced with evidence of a violation of its policies, or federal and/or local laws. ModusLink must comply with, and respond to all Originator: Art Sebastiano Page 6 of 8
validly issued legal process, including subpoenas. ModusLink also reserves the right to limit access to its networks through company owned or other computers, and to remove or limit access to material posted or distributed on company owned computers. Originator: Art Sebastiano Page 7 of 8
DOCUMENT HISTORY ORIGINATED BY: PRINTED NAME TITLE SIGNATURE/DATE Art Sebastiano VP Global IT Infrastructure PROCESS OWNER: PRINTED NAME TITLE SIGNATURE/DATE Art Sebastiano VP Global IT Infrastructure REVISION HISTORY: Revision Section Changed Summary of Change Effective Date A New Document Originator: Art Sebastiano Page 8 of 8