ISUZU MOTORS SOUTH AFRICA EMPLOYEE USAGE POLICY

COMPUTER FACILITIES, ELECTRONIC MAIL AND INTERNET USAGE POLICY

GENERAL

This policy applies to all employees, contractors and temporary personnel (hereinafter referred to as “Users”), who use the Computer Facilities, Email (including internal and internet Email) and Internet with Company and network resources, as well as those who represent themselves as being affiliated with Isuzu Motors South Africa (hereinafter referred to as “IMSAf”) computing.

The purpose of this policy is to communicate responsibility for proper use of the Computer, Email and Internet Facilities.

Disciplinary action may be taken against employees who breach this policy and abuse the network. Access to the computer facilities, electronic mail and/or Internet may be withdrawn from any User who abuses that privilege.

INTRODUCTION

Access to Computer Facilities, Email and the Internet is provided to Users as tools to increase their overall efficiency and effectiveness in the performance of their employment duties.

Computer equipment (hereinafter referred to as “equipment”) provided to the User remains the sole and exclusive property of IMSAf and must only be used for its intended function in employment-related activities. This includes but is not limited to Desktops, Laptops, Tablets, Mobile Devices, Printers, Scanners, Headsets, Monitors/Screens and related power supplies and cables.

Job related uses of the Internet include accessing external databases, libraries, newspapers, newsletters, magazines, bulletin boards or encyclopaedias to obtain reference information or conduct research. Users are reminded that authors of information have copyright and intellectual property rights, unless these are explicitly waived. Permission must be obtained from the author before information is used or duplicated.

It is permissible to use IMSAf’s Computer Facilities, Email and Internet system for incidental personal purposes outside of business hours. This does not include uses requiring substantial expenditure of time, uses for profit and loss or uses that would otherwise violate company policy with regard to User time commitments or equipment.

Users should be cautious about how they represent themselves when using IMSAf’s Computer Facilities, Email and Internet system. In the conduct of IMSAf’s business, a User’s remark or comment may be interpreted as IMSAf’s position or policy.

UNACCEPTABLE USE OF EMAIL AND THE INTERNET

Abuse of, or improper use of the Computer Facilities, Email or the Internet will not be permitted and will result in disciplinary action. Unacceptable usage includes, but is not limited to, the transmitting, retrieving, storage or display of the following:

Material of a discriminatory nature;
Obscene or pornographic materials;
Derogatory or inflammatory remarks of any nature;
Abusive, profane or offensive language;
Chain letters and petitions;
Political or religious viewpoints;
Material or language that might be deemed to constitute harassment; and
Video, voice clips, music clips and/or picture files unconnected to IMSAf’s business.

Users are reminded that deleting Email does not guarantee that it has been erased from IMSAf’s system.

Receipt of indecent or offensive material may not be preventable, but re-transmission of such information is strictly prohibited. A Senior Member of the appropriate Division should be advised of all such occurrences.

Users may not use IMSAf’s Computer, Internet, Email or electronic messaging systems to infringe the copyright or other intellectual property rights of third persons, to distribute defamatory, fraudulent or harassing messages, or otherwise to engage in illegal or wrongful conduct.

Unless specifically authorised by IMSAf, Users may not modify files, data or passwords, access and read messages and files clearly intended for or saved by other persons without their permission. Users may not misrepresent other Users on any network.

No files containing confidential information concerning or belonging to IMSAf may be forwarded to any persons not authorised to receive such information. If any uncertainty exists concerning whether information is confidential or not, it should be treated as confidential, and permission should be obtained before its distribution. No views or information concerning IMSAf and its business may be posted on any electronic boards or any Internet chat rooms, without the proper authorisation.

Users may not use IMSAf’s Computer Facilities, Email or electronic systems to download and/or install software without authorisation of IT Management.

The unauthorised use of Computer Facilities, Internet and electronic messaging systems for purposes of “hacking” (i.e. intruding on the privacy of an individual or organisation without first obtaining the consent of the individual or organisation) is a violation of company policy and will be grounds for dismissal.

Users cannot transmit or download copyrighted electronic media belonging to third parties without the copyright-holder’s permission.

Users may not post web content on IMSAf’s systems, whether company related or private. Any publishing should be strictly coordinated/approved with Corporate Affairs and IT Management, as to the content and structure of the document.

Users may not use the Computer, email or the Internet Facilities in such a manner as to disrupt the use of IMSAf’s network by others.

Users may not use the Internet for accessing on-line games, personal interest chat sites, or streaming videos, or any other activities that could cause congestion and disruption of networks and systems.

Users may not generate electronic junk mail. (Junk mail is all unsolicited email, which has little or no value to the recipient).

SECURITY CONTROLS AND PROCEDURES

Users are responsible for the integrity of their password and logon security and are held responsible for any transaction undertaken under their Logon. This password and in addition, the Bitlocker code, are confidential and may not be divulged to anyone other than IMSAf IT when required for the purposes of fault diagnosis, repair, equipment refresh or other IMSAf official business.

Users must respect all license agreements when transferring software and information on the Internet, including all agreements that IMSAf has with third parties, covering the use of software and information. Copyright violation is a serious legal matter. Users must ensure that any software that is used within IMSAf is authorized.

Logon passwords will be changed in line with IT guidelines.

Users are responsible for the accuracy of messages sent and for obtaining confirmation of messages received if there is any doubt about the accuracy of such messages. Taking a “sound business practice” approach, the same principles should apply to email as with other written forms of communication such as facsimile messages or letters.

Maintenance of all mail stored in Personal Folders will remain the responsibility of each User.

When leaving a workstation for a period of time, it is mandatory to ensure the screen is locked or to log out of the system.

Users are responsible for protecting and/or securing the equipment that has been assigned to them against physical or financial loss whether by theft, mishandling or accidental damage by employing reasonable measures to protect and secure the equipment:

When equipment is left unattended at work, Users must use locking devices or store equipment in a locked cabinet.
Users are responsible for the physical security and care of equipment to minimize risk of theft or loss during travel.
When travelling offsite with equipment it must be transported in a laptop bag or suitable container to protect the equipment in transit.
When travelling with equipment in a vehicle, the equipment must be placed in the storage space prior to departure. If no lockable boot exists and the equipment is left unattended in the vehicle, the equipment must be placed out of view and secured to the vehicle, e.g. behind the seat, with a locking device, such as a security cable.
As vehicle remote controls are often jammed, Users must assume the vehicle is not locked until a physical check confirms that it is locked.
Users must not leave portable equipment unattended in public areas, such as airport lounges, hotel lobbies, taxis, restrooms and conference centres.
Users must not put portable equipment in checked baggage when traveling, except as required by law.
Users must keep equipment in their possession whenever possible. If left unattended in a hotel room they must be locked in a safe where available, secured in a suitcase or hidden from view.
If equipment is used at a residence, Users must place the equipment out of easy reach and view of the exterior. Users must secure the equipment with a locking device, such as a security cable.

Equipment must be treated with care, regardless of whether the equipment is assigned to the User or not. Users must employ reasonable means to ensure equipment is neither intentionally nor unintentionally damaged:

Equipment may not be used by anyone other than assigned Users. Family members or friends are not authorized to use equipment.
Equipment may not be modified or altered in any way, including the removal or insertion of internal components.
Users must not place any object, such as papers, pens, a mouse or mobile phone, between the laptop screen and keyboard as this could result in damage to the screen.
Liquids may not be placed within 30cm of equipment. Users must take care to ensure liquids, food and other objects are not in a position where they can spill onto or damage equipment.
Users must ensure equipment is placed on a level, stable surface.
When walking around with a laptop, Users must ensure the screen is closed and the laptop is securely held or safely within a laptop bag.
IMSAf Mobile Devices must have a protective case. When walking around, Users must keep the Mobile Device in a pocket or laptop bag rather than in their hand.
Users must not affix anything to the equipment, including stickers, unless performed by IMSAf IT.

All losses, theft or damage to equipment must be reported to IMSAf Security:

IMSAf Security will conduct an investigation into any lost, damaged or stolen equipment. Employees found negligent, to have misused or abused equipment, or that have committed theft will be subject to disciplinary action. As part of this process, employees may be directed to compensate IMSAf for the losses or damages incurred.

IMSAf Information is an important asset and must be protected:

IMSAf Information exists in many forms, including but not limited to: text, image, and sound and can be found in numerous locations and storage devices.
IMSAf Information is owned by IMSAf, wherever it exists, e.g. personally owned Computing Equipment, Third Party-owned Computing Equipment, Mobile Devices. (Mobile Devices include both IMSAf tool of trade devices and personal Mobile Devices. If the Mobile Device has IMSAf Applications and/or IMSAf Information, the Mobile Device must be managed by IMSAf IT, must be secured with a password or pin, must be encrypted and IMSAf IT will be in a position to locate the Mobile Device and remotely wipe the Mobile Device if required. IMSAf IT will not manage or have access to the personal data on personal Mobile Devices.)
All users of IMSAf Information must understand its value and their responsibility to protect it.
IMSAf and the Users of IMSAf Information must be able to demonstrate that due diligence has been exercised in protecting IMSAf Information. By performing due diligence, IMSAf can successfully protect its rights to IMSAf Information by, among other actions, taking appropriate legal action including referring the matter to government authorities for civil or criminal prosecution. Illegal, unauthorized, or unethical disclosure, modification, misuse, or disposal of IMSAf Information is prohibited.
Users must ensure IMSAf Information, in any form, is protected from unauthorized access, modification, disclosure or deletion and complies with all applicable laws and regulations (e.g. Data protection law with regulations such as POPIA and GDPR).

Users must not access IMSAf Information in a public place, such as a coffee shop, or on a train, aircraft, or bus, if it can be viewed by others:

Unmanaged personal or public equipment should only be used to access approved IMSAf web based applications.
IMSAf applications must not be downloaded to unmanaged personal or public equipment.
Storing IMSAf Information on public or unmanaged personal equipment is prohibited.
When logging into IMSAf, Users must not check the box that allows the system to remember the equipment, password or username.
When finished using unmanaged personal or public equipment, Users must logoff and close any windows used to access IMSAf networks or IT Resources.

Users must take due care when using removable media and be aware of the associated risks to the IMSAf environment (e.g., Malware, loss / theft of Intellectual Property).

Appropriate Use of Cloud Services (e.g. Dropbox, Google Drive, Onedrive Personal):

Only approved Cloud-based services (e.g. Onedrive Business) can be used to manage, store, transmit, or transfer IMSAf Information or Third Party information which IMSAf is contractually obligated to protect.
If an unauthorized Cloud service is currently being used the service must be reported to IT Management so the service can be assessed.

APPROPRIATE EMAIL USAGE

Personal email must not be used for any IMSAf business purpose.

IMSAf email addresses must only be used to sign up for services required to perform the job.

The following must be evaluated before sending IMSAf Information via email to non-IMSAf email addresses:

Verify information may be shared.
Verify recipients have a need to know and are authorized to receive the information.

EMAIL ETIQUETTE

Users must properly identify themselves when using IMSAf email and Internet services. The use of “handles” or other aliases is not permitted in official activities.

An “Out of Office” message must be activated when Users will be away for a day or longer.

All Email must meet IMSAf’s requirements in terms of Corporate Image and features including spelling/grammar, fonts and accuracy of information should be checked before sending a message to any addressee. Users are representatives of their own division as well as of IMSAf as a whole.

A disclaimer message will automatically be added to all external email.

ACCESS CONTROL

Internet Access/Use will be provided by a dedicated link through a service provider.

Access to the Internet through stand-alone equipment or any other means, except where an approved IMSAf method is used, will not be allowed within or on company premises.

Unless approval of the Divisional Head, Information Technology (IT) has been obtained, Users may not establish equipment, Internet or other external network connections that could allow non-Users to gain access to IMSAf’s systems, networks and information.

IMSAf’s Computer, Email and Internet Facilities and all Computer, Email and Internet documents are the property of IMSAf and not the User’s private communications. Therefore, IMSAf reserves the right to monitor all User use of Computer, Email and Internet Facilities.

Users using IMSAf’s Computer, Email and Internet Facilities acknowledge that they have read and understand the provisions of this policy and that failure to abide by the terms and conditions of this policy may lead to disciplinary action, up to and including dismissal.

Users will be held liable for any claims against IMSAf resulting from any unauthorised actions of such Users in using IMSAf’s Computer, Email and Internet Facilities.