aup awareness
TRANSCRIPT
-
8/3/2019 AUP Awareness
1/12
1
IPsoft Acceptable Use Policy Awareness Session
-
8/3/2019 AUP Awareness
2/12
2
Background
IPsoft is ethically, legally and contractually required to protect Clientand internal data through an Information Security (InfoSec)program.
InfoSec combines technology and process to safeguard theconfidentially, integrity and availability of information.
The cornerstone of InfoSec is an Acceptable Use Policy (AUP) thatdefines terms, informs Users of restrictions, and describes
appropriate conduct. Users must read and understand the Policy since effective security
is not a factor of security, rather it relies upon the awareness and thecooperation of all Users.
Users must agree to follow the Policy to ensure protection ofinformation and the continued success of IPsoft.
Future audits require verifiable evidence recording InfoSecinitiatives.
-
8/3/2019 AUP Awareness
3/12
3
AUP Drivers
Compliance
Statement of Auditing Standards # 70 (SAS70): As a service
provider, IPsoft must pass periodic audits that inspect ourinternal controls. Specific provisions require documentation,awareness and user agreement to of Acceptable Use ofSystems.
Gramm Leach Bliley Act (GLBA): Title V of GLBA requires
safeguards for privacy which are implemented through the AUP.
Competitive Advantage
Our AUP combined with other InfoSec initiatives differentiate
IPsoft from our competitors. Adherence to standards improves our creditability and value toClients.
-
8/3/2019 AUP Awareness
4/12
4
Confidential Information
A significant portion of the AUP addresses Confidential Information.
Users must protect each of the following from disclosure. Personally Identifiable Information
Social Security Numbers, PANs, other ID Numbers
Drivers License Numbers
Passport Numbers Name/Full Birthdate Pairs
Financial Information
All Client information including Client name
Medical Information
Passwords
-
8/3/2019 AUP Awareness
5/12
5
Agreement to Acceptable Use Policy
The Agreement to the Acceptable Use Policy form is required to
address the following requirements:
- Verifiable Evidence of Deployed Controls
- Confirmation of User awareness of Policy
- To stress the importance of the Policy to Users
-
8/3/2019 AUP Awareness
6/12
6
General Policy
To prohibit the unprofessional, unethical or illegal
use of IPsoft Systems. Incidental personal use of
Systems is permitted if such use does not detractfrom Users responsibilities or otherwise consumeexcessive resources. Actions that negatively
impact privacy, safety, rights or property areforbidden. By using our Systems, each Userassumes responsibility for appropriate use andagrees to comply with this Policy, other IPsoft
Policies, regulations, partner agreements, providerTerms of Service and applicable laws.
-
8/3/2019 AUP Awareness
7/12
7
Key Provisions The unauthorized use, extraction, display, alteration, deletion or
restoration of data, programs, records, credentials or services in anyform is prohibited.
Transferring, viewing, forwarding, storing or serving any materialthat would offend a reasonable person on the basis of gender,sexual orientation, age, religious or political beliefs, national origin,race, citizenship or disability; any material, the possession ortransmission of which is illegal or materials that facilitate illegal
activities; and any material that violates our Policies against sexualharassment. Unprofessional communications including threats,obscenity, intimidation, harassment or defamation are prohibited.
Providing unauthorized goods or services for free or for a fee using
the IPsoft Systems is forbidden. Unauthorized personal, commercialor non-commercial activities, messaging, fundraising, gambling,advertising or the selling of goods/services is not allowed.
-
8/3/2019 AUP Awareness
8/12
8
Key Provisions (continued)
Exceeding your level of authorization is not allowed andmisrepresentation of identity is forbidden.
Attempting to obtain or obtaining confidential information includingcredentials or using any means to circumvent controls, deactivatesafeguards, intercept communications, extend wired or wirelessconnections or ignore security warnings is forbidden.
Infringing on intellectual property rights including plagiarism andunauthorized use or reproduction is prohibited.
Unauthorized scanning of Systems for services and/or security
vulnerabilities is prohibited.
-
8/3/2019 AUP Awareness
9/12
9
Key Provisions (continued)
Any activities that adversely affect the ability of other people ordevices to do their jobs, use Companys Systems or the Internet are
prohibited.
Running any unauthorized service that enables the sharing,forwarding, processing, modification or deletion of information, dataor files is prohibited.
Sending unsolicited information is prohibited. Users may not useIPsofts Systems to distribute unauthorized commercial or non-commercial information.
Monitoring accounts should not be used for interactive access.
-
8/3/2019 AUP Awareness
10/12
10
No Expectation of Privacy
IPsoft Systems and their complete contents are the property ofIPsoft. Users should have no expectation of privacy.
As part of our normal business practices, we periodically inspectactive and archived data, and these data sources may containinformation marked by Users for deletion.
If User data contains item(s) that violate the law or violate thisPolicy, we may take disciplinary action, advise law enforcement ortake other action(s).
-
8/3/2019 AUP Awareness
11/12
11
Compliance
Users who violate the Policy may incur disciplinary actions includingtermination, and civil and/or criminal action(s). Consultants,contractors or service providers in violation of this Policy will beconsidered in breach of their contractual obligation to IPsoft. IPsoftreserves the right to terminate its contract without penalty and topursue any remedies available to it, including civil and/or criminal
action(s) against the offending party.
IPsoft monitors access to our Systems as part of our normalbusiness practices. Should we discover prohibited actions, the
Company may immediately suspend the suspect connection and/orUser and commence a comprehensive investigation
-
8/3/2019 AUP Awareness
12/12
12
Questions