Header
  I I I I  
 
ACCEPTABLE USAGE POLICY

COMPUTER, INTERNET and E-MAIL

Disclaimer
The content of this document is intended solely for the use of individual or entity to whom it is addressed and any others who are specifically authorized to receive it. It may contain confidential or legally privileged information. You are hereby notified that any disclosure, copying, distribution or otherwise placing reliance on the contents of this information is prohibited and may be unlawful in certain legal jurisdictions. The content of the following document are the property of Etihad. It is provided for the users of Etihad to use as a reference as to comply with Etihad’s Information Security policies when necessary. Etihad reserves the right to add and/or delete material from this document at any time.

Document Control

Version Date Issued Status Remarks
1.0 04/02/2008 First Release First Issue

Last Review Date 04/02/2008
Next Review Date 30/01/2009

Distribution list

Department / Group A/C/E
Information Security Steering Committee A
All Staff Members C
IT Security /IT Security Working Group/Business Unit Managers E

A: APPROVAL C: COMPLIANCE E: ENFORCEMENT

POLICY RATIONALE:

The policy outlines acceptable use standards for computer equipment, Internet and E-mail at Etihad Airways.

BACKGROUND:

The Information Security department’s intention in publishing an Acceptable Use Policy is not to impose restrictions contrary to Etihad Airways’ established culture of openness, trust and integrity. The information security department is committed to protecting Etihad Airways' employees, partners and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.

Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of Etihad Airways. These systems are to be used for business purposes in serving the interests of the company and of its clients and customers in the course of normal operations. Effective security is a team effort involving the participation and support of every Etihad Airways employee and affiliate dealing with information and/or information systems. It is the responsibility of every Etihad computer user to be aware of, and comply with this policy.

This policy is in place to protect employees and the organization. Inappropriate use of Etihad provided information assets like computers, Internet and E-mail services, exposes Etihad Airways to risks including virus attacks, compromise of network systems and services and legal issues.

SCOPE:

This policy applies to employees, contractors, consultants, temporaries and other workers at Etihad Airways, including all personnel affiliated with third parties. This policy applies to all equipment owned or leased by Etihad Airways.

POLICY:

COMPUTER USAGE
IT Resources and other messaging services provided by Etihad Airways and its customers should be used primarily for business purposes. The company’s information systems and related data are the property of Etihad Airways and its customers and cannot be considered private. Thus, they cannot be transmitted without explicit approvals. When customers have provided IT resources, the customers’ policies governing their usage must be followed.

It is the responsibility of IT users to ensure that they use no illegal or unauthorized software or hardware. Users must proactively ensure that the latest versions of antivirus software are installed and active at all times.

Objectionable material - sexually explicit, illegal, harassing, offensive, in violation of other company policies, or any other material that would reflect adversely on the company may not be displayed, archived, stored, distributed, edited or recorded using Etihad Airways’ IT resources.

Under no circumstances should users of Etihad Airways resources initiate, forward or access messages containing offensive (political, racist, terrorist, or pornographic) material.

No hardware, including but not limited to USB mass storage media, floppy disks, CD media, and/or software may be brought into or taken out of Etihad Airways’ premises without appropriate authorization.

Illegal transmission of software or any files via data communication circuits is strictly prohibited. Etihad Airways reserves the right to monitor the use or misuse of its resources.

INTERNET USAGE
The Internet affords instantaneous access to information, though without validations or quality assurances. The Internet has the potential to greatly enhance productivity. Nevertheless, the Internet is an unregulated space and holds multiple threats. Consequently, there are security responsibilities for end users.

Etihad Airways has IT systems in place to monitor and record all Internet usage. Etihad Airways reserves the right to block access to sites that identify inappropriate or sexually explicit sites

UNACCEPTABLE USE
The following describe specifically unacceptable usage. They are not necessarily allinclusive:


Internet users are expected to delete any information they may have saved on local machines to prevent unauthorised access to this information.

Firewalls are in place between our network and the Internet to protect our network and systems. Etihad Airways employees should not use any software to circumvent firewall(s) to connect to the Internet.

Authorised users may download only necessary information and are expected to be mindful of the usage of resources (storage space, communication bandwidth etc). Users are solely responsible for software and/or documents that they may have downloaded especially with respect to legality and software copyright. Users are not allowed to download or upload any obscene, political, racist or religious material.

Users are not permitted to share prohibited information with colleagues, even through e-mail.

Subscriptions to newsgroups, if absolutely necessary, should be kept to a minimum and approved by the IT department.

Any use of the network for commercial or for-profit purposes is prohibited.
Use of the network for personal or private business is prohibited.
Personal use of Etihad Airways network resources to host personal home pages, FTP sites, Gopher servers, etc. is prohibited.
Any use of the network for product advertisement, political lobbying, or political purposes whatsoever is prohibited.
Network accounts are to be used only by authorised owners for authorised purposes. Theft or copying electronic files without permission is prohibited.

Employees and users may not intentionally seek information on, obtain copies of, or modify files, other data, or passwords belonging to other employees, or misrepresent/impersonate other employees on the network.

Users may not use the network in such a way as to disrupt the use of the network by others; hardware or software may not be destroyed, modified, or abused in any way.

Malicious use of the network to develop programs that harass other employees or infiltrate a computer or computing system and/or damage the software components of a computer or computing system is prohibited. Internet facilities should not be used to deliberately propagate any virus, worm, Trojan horse or trap door program code.

Use of the network to access or process pornographic material, inappropriate text files or files contrary to the integrity of Etihad Airways is prohibited.

E-MAIL USAGE
E-mail is probably the most important application amongst those used in Etihad Airways. However, e-mail is also a possible conduit for viruses and worms, as is evident in the increasing frequency of such attacks. Thus the usage of e-mail demands certain precautions and awareness from users.

All Etihad Airways employees and users are provided with an e-mail ID to indicate the mailing address where information can be transmitted or received. Each e-mail ID is provided with a password that can be changed from time to time by the individual. The password is not transferable and must be kept confidential by the concerned employee.

All messages sent or received through Etihad Airways’ electronic mail system are and remain the property of the company. They are not the private or confidential property of any employee, contractor or agent.

All outbound e-mails sent to external domains must include a company disclaimer automatically: "This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.

Etihad Airways or its employees are not responsible for any auto-generated spurious messages (spam) that you may receive from Etihad e-mail addresses”.

The company retains the right to review, audit, intercept, access and disclose any information created, received or sent via its e-mail systems at any time without prior notice for any business purpose. E-mail, as well as any other hard copy and computer files, may be exposed to disclosure and can be used as evidence in legal proceedings.

Notwithstanding the company's right to retrieve and read all e-mail messages, such messages must be treated as confidential and accessed only by the intended recipient. No one is authorized to retrieve or read any e-mail messages that are not sent to him or her. Any exception to this policy must receive prior approval by management.

Users are responsible for preparedness against virus threats. Awareness of the latest worms and virus attacks, of ‘typical’ subject headings that are most likely viruses, and of the latest anti-virus signature versions, is strongly recommended.

Inappropriate use/distribution of Etihad Airways’ e-mail IDs is also prohibited, as this increases the attack surface area.

E-Mail Etiquette
The following principles are applicable to all e-mail users:

Original messages and attachments should be used in the reply message only when critical to the comprehension of the issue.
Acknowledgement of mail is expected only when the mail is critical or exceptionally important. Typically, a reply for any mail is advised within 24
hours.

E-mail is best for short messages and document exchange. File transfers are more appropriate when sending large volumes of information.
Telephone calls are advisable for discussing issues and/or on occasions which necessitate an immediate response.
Attachments received via e-mail must be scanned for viruses before they are opened.
It is expected that individuals unsubscribe to any mailing lists on the Internet before going onsite/on long leave.
Mails with subjects such as or similar to: “fwd: Joke” or “ILOVEYOU” should not be opened. These messages are virus-infected and should be “shift + delete”d without opening the same.

The latest antivirus updates should be running on users’ equipment. Support and clarifications can be supplied by the IT Help Desk.
Unacceptable Use
The following are specifically unacceptable uses of e-mail:

The use of e-mail for transmission of defamatory / obscene / offensive messages or information disparaging to others based on race, national origin, gender, sexual orientation, age, disability, religion, or political beliefs is not permitted under any circumstances. Unsolicited e-ail messages, including the sending of "junk mail" or other advertising material is prohibited.

The e-mail system may not be used for commercial ventures, religious or political causes, outside organizations, or other non-job-related solicitations.

The e-mail system may not be used in violation of another person's rights. Improperly using someone else’s e-mail account or altering a message from other users without their permission without permission is prohibited. Disparaging or libellous comments must not be made nor may any copyrighted material be used without proper authorisation. Violations could result in liability for the individual as well as the company.

Unauthorised use or forging of e-mail header information is prohibited.
Exchanging proprietary information, trade secrets, or other confidential information with anyone not affiliated with the company and distributing
corporate data to customers or clients without proper authorisation are prohibited.

COMPLIANCE:

Consistent Compliance with this policy is essential by all Etihad staff, contractors, consultants and other third-parties. Non-compliance with these provisions, either wilfully or through neglect, may be ground for disciplinary action.