Acceptable Use Policy

SETRAC recognizes the critical importance of information security and is committed to protecting sensitive data. This policy outlines the acceptable use of the devices and services within the organization.

Internet Use

Use the Internet for work-related activities that contribute to the organization's goals.
Do not access or download malicious software, visit unauthorized websites, or engage in illegal or unethical activities.
Adhere to applicable laws and regulations regarding internet usage, data privacy, and copyright infringement.
Avoid public Wi-Fi networks when accessing company resources.

Email Use

Use email for business purposes, such as communication with clients, colleagues, and stakeholders.
Exercise caution and verify the authenticity of email senders when opening email attachments or clicking on links, especially if they are from unknown or suspicious sources.
Do not send or forward confidential or sensitive information via email unless it is appropriately protected.
Double-check email recipients before sending sensitive information to avoid accidental data leakage.

Strategies for Effective Email Communications

Use clear and concise language when composing emails.
Include relevant subject lines and proper formatting to enhance readability.
Use professional language and maintain a respectful tone in all communications.
Protect email accounts with strong, unique passwords and never share them with others.

Passwords and Authentication

Safeguard usernames and passwords and refrain from sharing them with anyone unless assisting IT on an issue or task.
Multi-factor authentication is required for all sensitive systems and critical operations, especially for privileged accounts.
Multi-factor authentication for any account used for work must be registered using your company-issued phone.
Create strong, unique passwords that are not easily guessable.
Periodically change passwords and refrain from using the same password across multiple systems. Password reuse is prohibited.
Utilize the SETRAC's Identity Protection Guidelines.

Personal Use

All company documents, passwords, emails, and other work-related data are to be accessed and stored on company provided devices and services. These devices and services are specifically designated for work purposes and should not be used for personal activities.
Limited personal internet use on company hardware is permitted during non-work hours within reasonable limits defined by management.
SETRAC is also not responsible for personal information on company resources.
Excessive personal use of the internet during work hours is prohibited.

Ethical Use of the Internet

Do not access or disseminate inappropriate, offensive, or discriminatory material.
Respect intellectual property rights and avoid unauthorized downloading, sharing, or distribution of copyrighted content.
Report any unethical or illegal activities encountered while using the internet.
Avoid online activities that may compromise SETRAC's reputation.

SETRAC's Right to Monitor

Routine monitoring of company devices, network traffic and email content may be conducted for security and compliance purposes.
Monitoring will be conducted in compliance with applicable laws and regulations.

Bring Your Own Device (BYOD)

Using personal devices and accounts for work-related activities is highly discouraged.
Using work devices and accounts for personal-related activities is likewise highly discouraged.
SETRAC is not responsible for supporting access to work resources on personal devices.
Employees are responsible for allowing company data protection policies on their personal devices to ensure access to company resources.
Employees are responsible for maintaining the security and integrity of their personal devices with the latest security patches and protect against unauthorized access.
Employees are responsible for maintaining company compliance standards on their personal devices to ensure access to company resources.