Acceptable Use Policy
Purpose and Scope
Section titled “Purpose and Scope”Security is a shared responsibility across Code Town. All employees are expected to act with professional judgment based on standards and prior experience. In uncertain situations, seek guidance.
This policy applies to all employees, contractors, and third-party users who access Code Town’s information systems and data.
Policy Statements: Our Commitments
Section titled “Policy Statements: Our Commitments”The following sections outline key expectations for protecting Code Town’s data, systems, and security, covering guidelines for handling information, securing accounts, devices, and communications, and maintaining both physical and digital security.
Data Handling, Classification, and Privacy
Section titled “Data Handling, Classification, and Privacy”All employees must handle company data carefully and according to its classification (Public, Internal, Confidential, Secret), including considering these points:
- Confidential or Secret data should never be shared without proper authorization.
- Employees should access only the data necessary for their role, never use it for personal purposes, and report any potential data breaches immediately.
- Misclassification of data should also be reported to supervisors.
Account and Device Security
Section titled “Account and Device Security”Employees are responsible for securing their work accounts and devices. This includes using strong, unique passwords, enabling multi-factor authentication (MFA), and locking workstations when unattended.
Company-approved devices and software must be used, kept up-to-date with the latest security patches, and connected to the company VPN when using public networks.
Report any suspicious activity, lost/stolen devices, or unauthorized software installations immediately.
Communication and Remote Work Security
Section titled “Communication and Remote Work Security”Employees must use caution when handling communications such as emails, attachments, and file-sharing:
- Do not send sensitive information via unencrypted email, and use only company-approved methods for file transfers.
- Be vigilant about phishing attempts and other suspicious communications.
When working remotely, employees must use secure Wi-Fi networks, and ensure that their work environment protects the confidentiality of company data.
Physical Security and Clean Desk Policy
Section titled “Physical Security and Clean Desk Policy”Keep sensitive documents out of plain sight, follow the Clean Desk Policy by securely storing them when not in use, and dispose of sensitive materials through approved methods like shredding. Report any unauthorized individuals or suspicious activities immediately.
Given the fact that we are a remote first company this should apply to any place that you are actively using as your work environment.
Compliance, Reporting, and Social Media
Section titled “Compliance, Reporting, and Social Media”All employees must complete security training on time and stay informed about relevant policies. Report policy violations, security concerns, or breaches to supervisors or the IT department. Cooperate fully with internal or external audits.
Social media activities should not disclose any confidential company information, and employees must avoid speaking on behalf of the company without authorization.
Compliance and Enforcement
Section titled “Compliance and Enforcement”Compliance with this policy is mandatory for all employees, contractors, and third parties with access to Code Town’s data.
In rare cases, business needs, local laws, or regulations may require exceptions. Management will approve any exceptions and define alternative solutions.
Non-compliance may lead to disciplinary action, including termination, as per Code Town’s policies.
Policy Review and Maintenance
Section titled “Policy Review and Maintenance”This policy will be reviewed annually or when significant changes occur to maintain its continuing suitability, adequacy, and effectiveness.
Reviews must consider changes in the regulatory landscape.