ICT Policy Statement
ICT policy statement
BaderOya Oilfield Services and Energy (BOS) provides outstanding products and services that meet customer expectations and requirements. We operate with an ICT Usage Security Policy that covers the security and use of all BOS information. Also includes the use of email, internet, and ICT equipment.
This policy applies to all information, in whatever form, relating to BOS ‘s business activities worldwide, and to all information handled by BOS relating to clients & partners with whom it deals. It also covers all ICT facilities operated by BOS or on its behalf. All BOS ‘s employees, subcontractors, third parties, and client staff (hereafter referred to as ‘individuals’) are obliged to comply with this policy.
Computer Access Control- Individual’s Responsibility
Access to the BOS IT systems is controlled using User IDs and passwords. All User IDs and passwords are to be uniquely assigned to named individuals and consequently, individuals are accountable for all actions on the BOS’s ICT systems.
BOS Username and password are strictly confidential to use by others. The Passwords are valid for 90 days, after which you will be required to reset it to a new one, the last 2 passwords used are stored and cannot be reused. Also, giving or transferring BOS data or software to any person/organization outside BOS without BOS Management Approval is not permitted.
BOS Managers must ensure that individuals are given clear directions on the extent and limits of their authority about ICT systems and data.
Internet and Email Conditions of Use
Use of BOS internet and email is intended for business use. Personal/individuals use is permitted where such use does not affect the individual’s business performance, is not detrimental to BOS in any way, not in breach of any term and condition of employment and does not place the individual or BOS in breach of statutory or other legal obligations. All individuals are accountable for their actions on the internet and email systems.
Clear Desk and Clear Screen Policy
To reduce the risk of unauthorized access or loss of information, BOS enforces a clear desk and screen policy where confidential business information must be protected using security features provided, Computers must be logged off/locked, not leave confidential material on printers or photocopiers and all business-related printed matter must be disposed of using shredders.
It is accepted that BOS laptops and mobile devices will be taken off-site when working away from the office (where remote access is required with approval from BOS Management and ICT section). So, Information should be protected against loss or compromise when working remotely. Laptop encryption must be protected by a password or a PIN.
Mobile Storage Devices
Mobile devices and removable hard drives must be used only in situations when network connectivity is unavailable or there is no other secure method of transferring data. Only BOS authorized mobile storage devices with encryption enabled must be used, when transferring sensitive or confidential data. Use of USB memory devices on company computers is permitted with approval from BOS Management.
Employees must use only software that is authorized by BOS on computers. Authorized software must be used in accordance with the software supplier’s licensing agreements. All software on BOS computers must be approved and installed by the BOS ICT section. End users are not allowed to install any Software on their computers or store personal files such as music, video, photographs, or games on BOS ICT equipment.
The ICT section has implemented centralized, automated virus detection and virus software updates within BOS. All PCs have antivirus software installed to detect and remove any virus automatically. All BOS staff are not allowed to remove or disable anti-virus software or attempt to remove virus-infected files or clean up an infection, other than using approved BOS anti-virus software and procedures.
Resignation & Termination of Contract
All BOS equipment and data, for example laptops and PC’s must be returned to BOS before the approval of the checkout list. In addition to BOS data or intellectual property (Registered in BOS Name) developed or gained during the period of employment remains the property of BOS and must not be retained beyond leaving BOS or reused for any other purpose.
Monitoring and Filtering
All data that is created and stored on BOS computers is the property of BOS and there is no official provision for individual data privacy, however wherever possible BOS will avoid opening personal emails, and when necessary, BOS has the right to do so.
ICT system logging will take place where appropriate, and investigations will be commenced where reasonable suspicion exists of a breach of this or any other policy. BOS has the right (under certain conditions) to monitor activity on its systems, including internet and email use, to ensure the system’s security and effective operation, and to protect against misuse. It is your responsibility to report suspected breaches of security policy without delay to BOS management or the ICT section. All breaches of information security policies will be investigated.
All BOS data/information and application are the property of BOS and considered as confidential Data/information and should not be taken nor copied or transmitted via e-mail to any person outside BOS unless it is mandatory and essential then it is subject to Management approvals.
Any amendments to this policy resulting from its annual reviews, is to be widespread and well introduced to all employees and available, on request, to others and the public.