Acceptable Use Policy
Breakout Learning Inc
Purpose
This policy specifies acceptable use of end-user computing devices and technology. It also highlights the importance of training to ensure an understanding of current best practices, data types, and the sanctions associated with non-compliance.
Policy
Breakout Learning Inc. policy requires that:
- Background verification checks on all candidates for employees and contractors should be carried out in accordance with relevant laws, regulations, and ethics, and should be proportional to business requirements, information classification, and the perceived risk.
- Employees, contractors, and third-party users must agree and sign the terms and conditions of their employment contracts and comply with acceptable use policies.
- Employees must undergo an onboarding process to familiarize themselves with the environments, systems, security requirements, and procedures listed in the employee handbook. Additionally, employees will have ongoing security awareness training, which will be audited.
- The offboarding process will include reiterating any duties and responsibilities still valid after termination, verifying access removal to all Breakout Learning Inc. systems, and ensuring all company-owned assets are returned.
- Breakout Learning Inc. will take reasonable measures to ensure no unauthorized corporate data is transmitted via digital communications or posted on social media outlets.
- Breakout Learning Inc. will maintain a list of prohibited activities, included in the onboarding process. Training will be available if these activities change.
- A fair disciplinary process will be used for employees suspected of committing security breaches, considering factors like first offenses, training, and business contracts.
Procedures
Breakout Learning Inc. requires all workforce members to comply with the following acceptable use requirements and procedures:
- All workforce members are primarily considered remote users and must follow system access controls and remote access procedures.
- Breakout Learning Inc. computing systems are subject to monitoring by IT and Security teams.
- Employees may not leave computing devices (including laptops and smart devices) used for business purposes unattended in public, whether company-provided or BYOD devices.
- Device encryption must be enabled for all mobile devices accessing company data (e.g., whole-disk encryption for laptops).
- Employees may not post sensitive or confidential data in public forums or chat rooms. If a posting is needed for technical support, data must be sanitized to remove any sensitive information.
- All data storage devices and media must be managed according to Breakout Learning Inc. Data Classification specifications and Data Handling procedures.
Protection Against Malware
Breakout Learning Inc. protects against malware through detection and repair software, information security awareness, and appropriate system access and change management controls.
Key controls include:
- Restrictions on software installation: only legal and approved software may be used. The use of personal software for business purposes and vice versa is prohibited.
- The principle of least privilege: only users granted privileges may install software.
- Anti-malware protection and monitoring must be installed and enabled on all endpoint systems, including workstations, laptops, and servers.
Revision History
Version |
Date |
Editor |
Approver |
Description of Changes |
1.1 |
2024/10/01 |
Nikita Rogatnev |
Joshua Oster-Morris |
Standardized role titles across all relevant policies, replacing previous variations |
1.0 |
2024/01/01 |
Joshua Oster-Morris |
Jake Shepherd |
Initial version |