IPsoft – Acceptable Use Policy Awareness Session

1

rather it relies upon the awareness and the cooperation of all Users. legally and contractually required to protect Client and internal data through an Information Security (“InfoSec”) program. integrity and availability of information. Users must read and understand the Policy since effective security is not a factor of security. Future audits require verifiable evidence recording InfoSec initiatives. InfoSec combines technology and process to safeguard the confidentially.Background • IPsoft is ethically. Users must agree to follow the Policy to ensure protection of information and the continued success of IPsoft. The cornerstone of InfoSec is an Acceptable Use Policy (“AUP”) that defines terms. and describes appropriate conduct. • • • • • 2 . informs Users of restrictions.

– Gramm Leach Bliley Act (“GLBA”): Title V of GLBA requires safeguards for privacy which are implemented through the AUP. awareness and user agreement to of Acceptable Use of Systems. Specific provisions require documentation. – Adherence to standards improves our creditability and value to Clients. Competitive Advantage – Our AUP combined with other InfoSec initiatives differentiate IPsoft from our competitors.AUP Drivers • Compliance – Statement of Auditing Standards # 70 (“SAS70”): As a service provider. • 3 . IPsoft must pass periodic audits that inspect our internal controls.

Confidential Information A significant portion of the AUP addresses Confidential Information. PANs. other ID Numbers • Drivers License Numbers • Passport Numbers • Name/Full Birthdate Pairs – Financial Information – All Client information including Client name – Medical Information – Passwords 4 . Users must protect each of the following from disclosure. – Personally Identifiable Information • Social Security Numbers.

Confirmation of User awareness of Policy .Agreement to Acceptable Use Policy The Agreement to the Acceptable Use Policy form is required to address the following requirements: .Verifiable Evidence of Deployed Controls .To stress the importance of the Policy to Users 5 .

” 6 . unethical or illegal use of IPsoft Systems. partner agreements. rights or property are forbidden. regulations. each User assumes responsibility for appropriate use and agrees to comply with this Policy. Actions that negatively impact privacy. By using our Systems. Incidental personal use of Systems is permitted if such use does not detract from Users’ responsibilities or otherwise consume excessive resources. safety. other IPsoft Policies. provider Terms of Service and applicable laws.General Policy “To prohibit the unprofessional.

citizenship or disability. • • 7 . records. Transferring. national origin. storing or serving any material that would offend a reasonable person on the basis of gender.Key Provisions • The unauthorized use. alteration. sexual orientation. intimidation. and any material that violates our Policies against sexual harassment. deletion or restoration of data. gambling. commercial or non-commercial activities. Unauthorized personal. obscenity. forwarding. any material. display. Providing unauthorized goods or services for free or for a fee using the IPsoft Systems is forbidden. extraction. age. credentials or services in any form is prohibited. advertising or the selling of goods/services is not allowed. the possession or transmission of which is illegal or materials that facilitate illegal activities. viewing. race. Unprofessional communications including threats. programs. fundraising. messaging. religious or political beliefs. harassment or defamation are prohibited.

intercept communications. Unauthorized scanning of Systems for services and/or security vulnerabilities is prohibited. Attempting to obtain or obtaining confidential information including credentials or using any means to circumvent controls. Infringing on intellectual property rights including plagiarism and unauthorized use or reproduction is prohibited.Key Provisions (continued) • • Exceeding your level of authorization is not allowed and misrepresentation of identity is forbidden. • • 8 . deactivate safeguards. extend wired or wireless connections or ignore security warnings is forbidden.

processing. data or files is prohibited. Sending unsolicited information is prohibited. modification or deletion of information. • • • 9 . Monitoring accounts should not be used for interactive access. forwarding. Users may not use IPsoft’s Systems to distribute unauthorized commercial or noncommercial information.Key Provisions (continued) • Any activities that adversely affect the ability of other people or devices to do their jobs. use Company’s Systems or the Internet are prohibited. Running any unauthorized service that enables the sharing.

and these data sources may contain information marked by Users for deletion. we periodically inspect active and archived data.No Expectation of Privacy • IPsoft Systems and their complete contents are the property of IPsoft. • • 10 . If User data contains item(s) that violate the law or violate this Policy. Users should have no expectation of privacy. we may take disciplinary action. advise law enforcement or take other action(s). As part of our normal business practices.

Should we discover prohibited actions. contractors or service providers in violation of this Policy will be considered in breach of their contractual obligation to IPsoft. including civil and/or criminal action(s) against the offending party. the Company may immediately suspend the suspect connection and/or User and commence a comprehensive investigation • 11 . and civil and/or criminal action(s). IPsoft reserves the right to terminate its contract without penalty and to pursue any remedies available to it. Consultants.Compliance • Users who violate the Policy may incur disciplinary actions including termination. IPsoft monitors access to our Systems as part of our normal business practices.

Questions 12 .