Information Security Policy
This policy contains guidelines for Electronic Communications created, sent, received, used, transmitted, or stored using firm communication systems or equipment and staff member provided systems or equipment used either in the workplace, during working time or to accomplish work tasks.
“Electronic Communications” include, among other things, messages, images, data or any other information used in e-mail, instant messages, voice mail, fax machines, computers, personal digital assistants (including Blackberry, iPhone or similar devices), text messages, pagers, telephones, cellular and mobile phones including those with cameras; Intranet, Internet, back-up storage, information on a memory or flash key or card, jump or zip drive or any other type of internal or external removable storage drives. In the remainder of this policy, all these communication devices are collectively referred to as “Systems.” Staff members may use our Systems to communicate internally with co-workers or externally with clients, suppliers, vendors, advisors, and other business acquaintances for business purposes.
All Electronic Communications contained in firm Systems are firm records and/or property. Although a staff member may have an individual password to access our Systems, the Systems and Electronic Communications belong to the firm. The Systems and Electronic Communications are always accessible to the firm including periodic unannounced inspections. Our Systems and Electronic Communications are subject to use, access, monitoring, review, recording and disclosure without further notice. Our Systems and Electronic Communications are not confidential or private. The firm’s right to use, access, monitor, record and disclose Electronic Communications without further notice applies equally to staff member-provided systems or equipment used in the workplace, during working time, or to accomplish work tasks.
Although incidental and occasional personal use of our Systems that does not interfere or conflict with productivity or the firm’s business or violate policy is permitted, personal communications in our Systems are treated the same as all other Electronic Communications and will be used, accessed, recorded, monitored, and disclosed by the firm at any time without further notice. Since all Electronic Communications and Systems can be accessed without advance notice, staff members should not use our Systems for communication or information that staff members would not want revealed to third parties.
Staff members may not use our Systems in a manner that violates our policies including but not limited to Non-Harassment, Sexual Harassment, Equal Employment Opportunity, Confidentiality of Client Matters, Care of Client Records, Protecting Corporate Information, and Solicitation and Distribution. Staff members may not use our Systems in any way that may be seen as insulting, disruptive, obscene, offensive, or harmful to morale. Examples of prohibited uses include, but are not limited to, sexually explicit drawings, messages, images, cartoons, or jokes; propositions or love letters; ethnic or racial slurs, threats, or derogatory comments; or any other message or image that may be in violation of firm policies.
In addition, staff members may not use our Systems:
- To download, save, send or access any discriminatory or obscene material;
- To download, save, send or access any music, audio or video file;
- To download anything from the internet (including shareware or free software) without the advance written permission of the Systems Supervisor;
- To download, save, send or access any site or content that the firm might deem “adult entertainment;”
- To attempt or to gain unauthorized or unlawful access to computers, equipment, networks, or systems of the firm or any other person or entity;
- In connection with any infringement of intellectual property rights, including but not limited to copyrights; and
- In connection with the violation or attempted violation of any law.
A staff member may not misrepresent, disguise, or conceal his or her identity or another’s identity in any way while using Electronic Communications; make changes to Electronic Communications without clearly indicating such changes; or use another person’s account, mail box, password, etc. without prior written approval of the account owner and without identifying the actual author.
Staff members must always respect intellectual property rights such as copyrights and trademarks. Staff members must not copy, use, or transfer proprietary materials of the firm or others without appropriate authorization.
All Systems passwords and encryption keys must be available and known to the firm. Staff members may not install password or encryption programs without the written permission of the Office Manager. Staff members may not use the passwords and encryption keys belonging to others.
Numerous state and federal laws apply to Electronic Communications. The firm will comply with applicable laws. Staff members also must comply with applicable laws and should recognize that a staff member could be personally liable and/or subject to fine and imprisonment for violation of applicable laws.
Nothing contained herein shall preclude a staff member from engaging in conduct protected by Section 7 of the National Labor Relations Act.
Violations of this policy may result in disciplinary action up to and including discharge as well as possible civil liabilities or criminal prosecution. Where appropriate, the firm may advise legal officials or appropriate third parties of policy violations and cooperate with official investigations. We will not, of course, retaliate against anyone who reports possible policy violations or assists with investigations.
If you have questions about the acceptable use of our Systems or the content of Electronic Communications, ask the Office Manager for advance clarification.