Acceptable Use Policy
1. Purpose
This IT Acceptable Use Policy (AUP) outlines the rules for employees and users who have access to the RFG Holdings (RFG) IT assets. This includes electronic mail, internet usage, personal devices, and organisation data. By using or accessing these resources, individuals are expected to comply with this policy to ensure the security, integrity, and appropriate use of the organisation's IT assets.
2. General Guidelines
2.1. Users must only use the organisation's IT assets for authorised business purposes in accordance with their job responsibilities. The computers, electronic media and services provided by RFG are primarily for business use to assist employees in the performance of their jobs. Limited, occasional, or incidental use for personal, non-business purposes is understandable and acceptable, and all such use must be done in a manner that does not negatively affect the systems' use for their business purposes or bring the organisation into disrepute.
2.2. Users must comply with all applicable laws, regulations, and policies related to the use of electronic resources, data protection, and information security.
2.3. Users must report any suspected or actual security incidents, breaches, or unauthorised access to the appropriate IT personnel or management immediately.
2.4. Users must complete any mandated IT training within the specified timeframe.
2.5. Users must accept the terms and conditions as required in the logon disclaimer before logging on and accessing RFG IT systems.
3. Security/Appropriate Use
3.1. Users are assigned a specific user ID which grants access to authorised applications and data. Users are responsible for safeguarding the relevant authentication mechanisms (eg. password) associated with this user ID.
3.2. Users are prohibited from using any other user’s ID, hacking or obtaining access to systems and accounts that they are not specifically authorised to use.
3.3. Users are responsible for taking reasonable precautions to ensure the security and confidentiality of the organisation's IT assets, including passwords, access credentials, and physical security. This includes ensuring that printed media and desks are cleared at the end of each business day.
3.4. RFG reserves the right to monitor all IT usage for compliance with policies, procedures and legal requirements.
4. Electronic Mail
4.1. Email must be used for business-related communications and must not be used for personal, offensive, or inappropriate content.
4.2. Users must not disclose confidential or sensitive information via email unless authorised to do so.
4.3. Users must exercise caution when opening email attachments and refrain from opening attachments from unknown or untrusted sources.
5. Internet Usage
5.1. Users must use the internet for legitimate business purposes and refrain from accessing or downloading unauthorised, illegal, or inappropriate material.
5.2. Users must not engage in activities that may cause harm to the organisation’s systems, networks, or reputation. This includes accessing or distributing offensive, discriminatory, or copyrighted material.
5.3. To prevent computer viruses from being transmitted through the company's computer system, unauthorised downloading of any unauthorised software is strictly prohibited. Users must report any suspicious websites or downloads to IT support.
6. Personal Devices
6.1. All personal devices that are connected to the RFG corporate network or used for storage or transmission of RFG data or information are subject to the IT Bring Your Own Device (BYOD) standard.
7. Organisational Data
7.1. Users must access and handle organisation data in accordance with their job responsibilities and any applicable data protection laws or regulations.
7.2. Users must maintain the confidentiality of organisation data and must not disclose or share it with unauthorised individuals.
8. Account Access
8.1. Users are required to login to the RFG network with their authorised login details at regular intervals as specified by RFG IT standards. If users fail to do so, their account will be disabled and all data related to it will be deleted after a set period. Exceptions to this rule will be for users who are on maternity leave, sick leave, working offsite or make a special request in writing to the HR department who will inform the IT department.
9. Remote Access
9.1. Remote access refers to access to conduct normal activities from a remote location.
9.2. All RFG owned desktop, portable or mobile computing devices must employ access control and user authentication devices that have been approved by IT Management for access to the RFG network.
9.3. For remote access using non-RFG owned computing devices, access will be controlled through an access account, the granting of which will be coordinated by IT Management. Remote access is prohibited unless it is done through a controlled access account.
10. Third-Party Access
10.1. Any third-party granted access to the organisation’s IT assets must adhere to the same rules and obligations outlined in this policy.
10.2. The organisation reserves the right to revoke or limit third-party access to its IT assets at any time without prior notice.
11. Policy Violations
11.1. Violations of this policy may result in corrective action which may include disciplinary proceedings.
11.2. Users must report any suspected policy violations to the appropriate IT personnel or management.
12. IT Assets
12.1. Users are responsible for safeguarding RFG IT assets assigned to them as part of their job responsibilities. Any loss or damage to IT assets resulting from user negligence or non-compliance with procedures may result in a personal claim. Any loss should be reported to IT management immediately to mitigate risk
13. User Acceptance
13.1. Users will be required to confirm understanding and acceptance of this policy before a user ID is assigned.
13.2. Annual updates will be circulated to users who will need to confirm receipt.
14. Amendment and Review
This policy shall be reviewed annually or as needed to ensure its relevance and effectiveness. Proposed amendments shall be submitted to the IT Steering Committee for consideration and recommendation for approval.