IT Acceptable Use Policy 2019 (Important !)

This document set the rules for acceptable use of IT facilities and network infrastructure and services at Sayed Kadhem Aldurazi & Sons group and sub companies.
The rules applicable to all employees and visitors granted access to any device on the network at any time, whether physically present or via remote access. Failure to comply will result in penalties decision.

Computer usage Policy:
1- All users must conform to the regulations of SKD group and policies.
2- All users must conform to any and all requirements set by:
a. Regulation (60), 2014, Regarding Information Technology Crimes.
3- Only company owned devices are permitted to use SKD network. All personal devices including but not limited to: computers, laptops and mobiles are not permitted to connect to any SKD network in all SKD locations unless it has been registered and approved by IT department.
4- Only authorized employees can have access to the company owned devices.
5- The owner/registered is responsible for any use/misuse of the devices he owned or registered on the network.
6- Any authorized connected device to the network must has active, genuine and up to date antivirus protection. Updates must be performed on daily basis.
7- All authorized devices connected to the network must be configured with a host firewall, at minimum the one which comes with operating systems.
8- All authorized users must use devices and computing resources for company work only. It is totally prohibited to use the company resources for personal usage or install/run a program for personal usage.
9- Authorized users must:
a. Use their username and passwords only and not share it with any other person.
b. Use the computers, network and device for company work only.
c. Store files and process company data only in company network designated locations.
10- Authorized users must not:
a. Access devices, files, systems or folders which they are not entitled to access.
b. Cause deletion, corruption or modify files of other users.
c. Share their systems, network, sharing or any application password with others.
d. Access any system using administrators’ password given to them to gain through any methods.
e. Use company devices or network for personal or commercial use other than company usage.
f. Carry any kind of illegal activities from the company computer or network.
g. Allow non-company person to use company IT resources or network.
h. Download or Distribute copies of copyrighted materials.
i. Violate any person privacy or data.
11- All data on any company computing devices are owned by the company, including personal files on company computers, servers and emails. The users are responsible to back up their data.
12- User must not move any company owned device without appropriate approval from IT department.
13- User must log out or lock the system when leaving at any time. No unattended logging is permitted.
14- Any unauthorized copying/deletion/installation/modification of data/configuration/software may result in penalty action.

Software Policy:
Employees must not install any kind of software on any company device or change computer or software configuration without approval from the IT department.
1- Only authorized software can be used on company devices.
2- Any new software introduced to company devices must be first examined and verified by IT department.
3- No change whatsoever to be made to software, operating systems or network configurations by any user.
4- No software can be taken, copied or used from company computers, outside the company without approval by IT department with stamped approval.
5- It is totally prohibited to copy any licensing of any system, software or device.

Social Media Policy
The company does not permit the usage of personal social media networks on company network other than for work related activities. The following guidance is applied:
1- Personal usage is not permitted for social media using company network or devices.
2- It is not permitted to represent company department or subcompany on social media networks.
Network, Internet and Email Policy:
Email, Internet and network access are given to employees for work only.
1- Authorized users can send Emails for company related work only.
2- Send without permission large number of emails or to a large number of recipients is prohibited.
3- Send communication such as emails for bullying or harassment is not allowed.
4- Users must not Impersonate other employees or any other person (e.g. sending an Email which appears not from you)
5- It is not allowed to share Internet usage or Email with any other person.
6- Access to the Internet is allowed for the usage of company related activities such as checking other websites, search engines or others.
7- Causing high volumes of traffic on the internet is prohibited.
8- Access illegal websites is prohibited including but not limited to: website blocked by government, pornography, copy right violation websites and others.
9- It is prohibited to gain or attempting to gain any kind of unauthorized access to any internal or external services or systems.
10- Any registered device either personally or company owned must be used as client only. It is totally forbidden to:
a. Offer any type of network connection including (but not limited to): Share Wireless, Share Bluetooth or others.
b. Offer any type of services including (but not limited to): email, file sharing, web server, ftp or other kind of services.
11- It is prohibited to Perform any kind of illegal activities using emails or Internet.
12- The network allocated a suitable network address, changing IP address to any other IP is not permitted.
13- It is prohibited to use any kind of hardware or software to listen to network traffic or cause network issues.
14- Peer to Peer applications are not allowed to be used on the network.

System monitoring
The company reserve the right to monitor any network usage or computer usage activities. SKD group keeps records of usage and reserve the right to monitor or investigate any kind of activity on its promises or systems.
A. The company reserve the right to access any device data including personal data stored on company devices.
B. Monitor and investigate Email, Network and Internet Activities.
The company reserve the right to hold a person responsible for any kind of violation and:
A- Applied related penalties.
B- Suspend from duty.
C- Report unlawful activities to authorities.

HSE Incentive Program (For Aug & Dep & Oct 2016)