AUP Awareness

8/3/2019 AUP Awareness

1/12

1

IPsoft Acceptable Use Policy Awareness Session


2/12

2

Background

IPsoft is ethically, legally and contractually required to protect Clientand internal data through an Information Security (InfoSec)program.

InfoSec combines technology and process to safeguard theconfidentially, integrity and availability of information.

The cornerstone of InfoSec is an Acceptable Use Policy (AUP) thatdefines terms, informs Users of restrictions, and describes

appropriate conduct. Users must read and understand the Policy since effective security

is not a factor of security, rather it relies upon the awareness and thecooperation of all Users.

Users must agree to follow the Policy to ensure protection ofinformation and the continued success of IPsoft.

Future audits require verifiable evidence recording InfoSecinitiatives.


3/12

3

AUP Drivers

Compliance

Statement of Auditing Standards # 70 (SAS70): As a service

provider, IPsoft must pass periodic audits that inspect ourinternal controls. Specific provisions require documentation,awareness and user agreement to of Acceptable Use ofSystems.

Gramm Leach Bliley Act (GLBA): Title V of GLBA requires

safeguards for privacy which are implemented through the AUP.

Competitive Advantage

Our AUP combined with other InfoSec initiatives differentiate

IPsoft from our competitors. Adherence to standards improves our creditability and value toClients.


4/12

4

Confidential Information

A significant portion of the AUP addresses Confidential Information.

Users must protect each of the following from disclosure. Personally Identifiable Information

Social Security Numbers, PANs, other ID Numbers

Drivers License Numbers

Passport Numbers Name/Full Birthdate Pairs

Financial Information

All Client information including Client name

Medical Information

Passwords


5/12

5

Agreement to Acceptable Use Policy

The Agreement to the Acceptable Use Policy form is required to

address the following requirements:

- Verifiable Evidence of Deployed Controls

- Confirmation of User awareness of Policy

- To stress the importance of the Policy to Users


6/12

6

General Policy

To prohibit the unprofessional, unethical or illegal

use of IPsoft Systems. Incidental personal use of

Systems is permitted if such use does not detractfrom Users responsibilities or otherwise consumeexcessive resources. Actions that negatively

impact privacy, safety, rights or property areforbidden. By using our Systems, each Userassumes responsibility for appropriate use andagrees to comply with this Policy, other IPsoft

Policies, regulations, partner agreements, providerTerms of Service and applicable laws.


7/12

7

Key Provisions The unauthorized use, extraction, display, alteration, deletion or

restoration of data, programs, records, credentials or services in anyform is prohibited.

Transferring, viewing, forwarding, storing or serving any materialthat would offend a reasonable person on the basis of gender,sexual orientation, age, religious or political beliefs, national origin,race, citizenship or disability; any material, the possession ortransmission of which is illegal or materials that facilitate illegal

activities; and any material that violates our Policies against sexualharassment. Unprofessional communications including threats,obscenity, intimidation, harassment or defamation are prohibited.

Providing unauthorized goods or services for free or for a fee using

the IPsoft Systems is forbidden. Unauthorized personal, commercialor non-commercial activities, messaging, fundraising, gambling,advertising or the selling of goods/services is not allowed.


8/12

8

Key Provisions (continued)

Exceeding your level of authorization is not allowed andmisrepresentation of identity is forbidden.

Attempting to obtain or obtaining confidential information includingcredentials or using any means to circumvent controls, deactivatesafeguards, intercept communications, extend wired or wirelessconnections or ignore security warnings is forbidden.

Infringing on intellectual property rights including plagiarism andunauthorized use or reproduction is prohibited.

Unauthorized scanning of Systems for services and/or security

vulnerabilities is prohibited.


9/12

9

Key Provisions (continued)

Any activities that adversely affect the ability of other people ordevices to do their jobs, use Companys Systems or the Internet are

prohibited.

Running any unauthorized service that enables the sharing,forwarding, processing, modification or deletion of information, dataor files is prohibited.

Sending unsolicited information is prohibited. Users may not useIPsofts Systems to distribute unauthorized commercial or non-commercial information.

Monitoring accounts should not be used for interactive access.


10/12

10

No Expectation of Privacy

IPsoft Systems and their complete contents are the property ofIPsoft. Users should have no expectation of privacy.

As part of our normal business practices, we periodically inspectactive and archived data, and these data sources may containinformation marked by Users for deletion.

If User data contains item(s) that violate the law or violate thisPolicy, we may take disciplinary action, advise law enforcement ortake other action(s).


11/12

11

Compliance

Users who violate the Policy may incur disciplinary actions includingtermination, and civil and/or criminal action(s). Consultants,contractors or service providers in violation of this Policy will beconsidered in breach of their contractual obligation to IPsoft. IPsoftreserves the right to terminate its contract without penalty and topursue any remedies available to it, including civil and/or criminal

action(s) against the offending party.

IPsoft monitors access to our Systems as part of our normalbusiness practices. Should we discover prohibited actions, the

Company may immediately suspend the suspect connection and/orUser and commence a comprehensive investigation


12/12

12

Questions

AUP Awareness

Documents

Transcript of AUP Awareness