Acceptable Use Of Technology

The guidelines outlined in this policy apply to all employees of the Foundation who have access to Foundation owned computers, network resources, and Electronic Systems (including services such as SalesForce and Email) and internet connectivity.  Usage of these resources is permitted and encouraged in support of the goals and objectives of the Foundation; however, access to these resources carry responsibilities to safeguard Foundation operations.

Definitions

The following definitions apply for purposes of this policy:

·         “Electronic Systems” include computers, printers, networks, software, electronic mail (“e-mail”), Internet access, instant messaging, telephone, cell phones, PDAs, voice mail and any other technology that facilitates the transmission, receipt or storage of information electronically. 
 
·         “Electronic Communications” are any transmission, message, file, or other data or information created, sent, received, uploaded, downloaded or stored on any Electronic System, including but not limited to electronic mail, instant messaging, internet access, web logs and printed copies of electronic information. 

Ownership and Privacy

All Electronic Systems and Electronic Communications are Foundation property.  They are not the private property of any employee.  Accordingly, users should not maintain any expectation of privacy with respect to usage of Electronic Systems.  All personnel waive any right of privacy in any Electronic Communications, and consent to access by and disclosure of such communications to authorized Foundation management and administrative staff.  These systems are not individually confidential or private, although they may contain information that is confidential or proprietary to the Foundation, and although they may be protected by security measures such as encryption or passwords.  The Foundation reserves the right to read and disclose the contents of Electronic Communications for any purpose consistent with the business interests of the Company, without permission from the employee.  The Foundation may, in its discretion, disclose Electronic Communications within or outside the Company without the permission of the employee.  The Foundation may also block access to certain material or Internet sites in its discretion.  The Foundation reserves the right to retain Electronic Communications for a set period of time and to systematically erase them after that time, or to maintain them in accordance with any applicable document retention policy. Use is a privilege which may be withdrawn at any time.

Guidelines

·         All full-time employees will have administrative rights to the computer assigned to them for usage.  Administrative rights for other machines will be assigned as necessary depending on employee roles and responsibilities.

·         Administrative rights carry a burden of being watchful about harmful influences such as malware, phishing sites, etc.  Applications should only be installed with permission from IT support, and users should be diligent in what applications are installed or updated.  Infections and malware not only take time to clean up, but can cost the Foundation significant time and money, and can result in massive data loss.   

·         No software should be installed without permission from IT support.  Installing software can impact your computer and interfere with other operations.  Limit software installations to those necessary to carry out your roles & responsibilities. 

·         All Foundation Electronic Systems should have an active antivirus software as well as administrative management software (to maintain security policies and patch management).  These are not to be removed except for troubleshooting or with operational management approval.  Remote support tools used by Foundation IT will always notify you when someone is connected remotely and require permission before connection is allowed.

·         Security of the data we use is critical to our operations.  Please make sure that all data is stored in an appropriately secured and backed up environment.  If you have questions about proper handling please contact the IT manager for assistance with data security compliance.

·         Network resources are often limited based on employee roles & responsibilities.  It is expected for employees to safeguard their passwords for these resources and not share passwords.

·         Data security is a significant consideration.  Best efforts are made to organize critical data into specific areas based on sensitivity and importance.  Be aware of saving files into appropriate locations to protect Foundation data.  Address questions to IT management if you are uncertain if data may need a higher level of sensitivity or importance before trying to store it in general areas.

·         While the Foundation presently permits limited personal use of certain Electronic Systems, such use must conform in all respects and is subject to all provisions of this Policy. Users should exercise discretion in the amount of time they spend away from their job duties while using these Electronic Systems.  The Foundation reserves the absolute right, in its discretion, to prohibit use of these systems for non-business related purposes at any time.

·         Remote access to Electronic Systems (for example, accessing Electronic Systems from a home computer) will be considered on a case-by-case basis by the IT Manager.  Any such access must be in accordance with this Policy.  Devices used to access Electronic Systems must have appropriate and current anti-virus and anti-malware software installed, and Users must utilize a secure Virtual Private Network connection to access Electronic Systems.

Prohibited Uses

Users are required to follow the work rules set out below regarding use of Electronic Systems. This Policy lists some examples of inappropriate conduct, but is not all-inclusive.  Violation of the following rules, or other inappropriate behavior not listed here, may result in revocation of access to Electronic Systems, or other disciplinary action up to and including discharge.

·         Inappropriate or Harassing Messages.  Fraudulent, defamatory, harassing, threatening, discriminatory, sexually explicit or obscene messages and/or materials are not to be transmitted, printed, requested or stored.  “Chain letters,” solicitations and other forms of mass mailings, advertisements or political or commercial solicitations are not permitted.  Use of Electronic Systems for other commercial purposes, product advertisement, gambling (such as sports pools) or political lobbying is prohibited.  

·         Use of Encryption.  To maintain and assure Foundation access to data, users are not permitted to use encryption devices on Foundation Electronic Systems without express written authorization.  Any employee authorized to use encryption coding devices and other security protection devices must provide the applicable keys and codes to the appropriate person designated by management where they will be retained in a secure environment. 

·         Viruses.  Introducing or using software designed to destroy or corrupt the Foundation’s computer system with viruses or cause other harmful effects is prohibited.  Users are required to use the Foundation-provided anti-virus software. 

·         Disruption of Systems.  Use of telecommunications services or networks to disrupt the use of the network by other users is prohibited.  Similarly, because of the difficulty in maintaining non-standard systems, users may not install unauthorized software on the computer networks, or engage in any activities which cause congestion of the network or otherwise interfere with the work of others. 

·         Illegal Use.  Any use of Electronic Systems for illegal, inappropriate, or obscene purposes, or in support of such activities, will not be tolerated.  “Illegal” shall be defined as a violation of local, state, and/or federal laws. For example, use of resources to commit forgery, or to create a forged instrument, will result in disciplinary action. 

·         Copyrighted Materials.  Users may not send or receive copyrighted materials without permission. 

·         Bypassing Security Measures.  Any attempt to bypass or circumvent security and/or authentication measures, either within the Foundation or involving any other organization or person, will result in disciplinary action, up to and including discharge.  Similarly, unauthorized access to another’s resources, programs or data is prohibited. 

·         Disclosure of Confidential Information.  No confidential information, as defined in Policy ______,  may be removed, physically or electronically, from the Foundation’s premises without permission from the Foundation (except in the ordinary course of performing duties on behalf of the Foundation).  Only employees with a business need to access confidential information should do so.  Employees will be subject to appropriate disciplinary action, up to and including dismissal, for revealing information of a confidential nature.

·         Unauthorized Software Downloads. Users may not download software (including shareware or freeware) to Company Electronic Systems without prior written consent of the Information Technology Department.  Authorized downloaded software must be scanned for viruses before installation. 

Cooperation with Investigations

The Foundation will cooperate fully in any investigation which is requested by parties alleging to be impacted by the conduct or use of Electronic Systems by any user, and further reserves the right to turn over any evidence of illegal or improper activity to the appropriate authorities.  If the Foundation becomes involved in any investigation, litigation or any other proceeding which may necessitate the review or production of records, the Foundation may suspend the regular deletion of all or part of e-mail messages for an indefinite period without notice.

Questions

If an employee is unsure about what constitutes an acceptable use please contact Business Operations Manager and/or the IT Manager for further guidance.

 

Social Media And Social Networking

Social media, including personal and professional websites, blogs, chat rooms, and bulletin boards; social networks, such as Facebook, LinkedIn, and My Space; and video-sharing sites, tweets, and e-mail are common means of communication and self-expression.  Because online postings can conflict with the interests of the Foundation and its customers, the Foundation has adopted the following policy.  Breach of this policy may result in counseling and disciplinary action, including termination of employment.

Confidentiality and Privacy

·         Do not disclose confidential or proprietary information, or personal identifying information of any client, customer or the Foundation, in online postings or publications.  Sharing these types of information, even unintentionally, could harm customers, clients, or the Foundation, and result in legal action against a customer, you or the Foundation.

Your Identity Online

·         You are personally liable for all communications and information you publish online.  The Foundation may be liable for online activity that uses its assets, and the Foundation email address or any the Foundation address that can be traced back to the Foundation’s domain, which generally is any internet address affiliated with the Foundation.  Using your name and the Foundation email address may imply that you are acting on the Foundation’s behalf.  Because social media and networking activities are public, your  Foundation email address and the Foundation assets and property should be used only to perform job-related activities, which may include professional networking but do not include personal social networking.


·         Outside the workplace, you have a right to participate in social media and networks using your personal email address.  However, information and communications that you publish on personal online sites should never be attributed to the Foundation or appear to be endorsed by, or to have originated from, the Foundation.

Limitations on Online Publications

·         Never identify a client or customer in an online posting without the client or customer’s prior written permission.

·         Obey the law.  Do not post any information or engage in any online activity that violates applicable local, state or federal laws.

·         Identify all copyrighted or borrowed material with citations and links.  When publishing direct or paraphrased quotes, thoughts, ideas, photos, or videos, give credit to the original publisher or author.

·         Direct all requests for job references or recommendations for current or former Foundation employees to the Business Operations Manager. Comments you post about current and former Foundation personnel can have legal consequences, even if you make the comments personally and not on the Foundation’s behalf.

 

Creating and Managing Content

·         The Foundation must approve any website, blog, chat room, video-sharing site, or bulletin board that promotes the Foundation or work you do for its clients or customers.  Employees should respect intellectual property laws and refrain from improper use of the Foundation’s logo or other intellectual property in a website, blog, chat room, video-sharing site or bulletin board.

·         If you maintain a website, blog, chat room, video-sharing site, or bulletin board that promotes the Foundation or work you do for customers or the Foundation you are responsible for reviewing responses to on-line posts and resolving any concerns about the propriety of the responses before they are posted.

·         Do not post discriminatory or harassing communications in posts involving the Foundation or its employees or customers, including comments based on a person’s race, sex, gender, gender identity, national origin, color, disability, age, sexual orientation, veteran status, marital status, religion, or any other status protected by law.

·         If the media contacts you about an issue relating to the Foundation or its clients or customers, contact the Director of Communications for guidance.