This Policy applies to anyone who uses the Services, including, without limitation, the legal entity or individual doing business with Eddy Alexander, including resellers, subcontractors, customers, or service providers, and any other third party permitted to use or access the Services (“End Users”). Access providers are required to inform End Users of this Policy. Employees, Vendors, Customers, and End Users are referred to in this Policy as “You.” Additionally, training is imperative to assure all employees understand current best practices, the different types and sensitivities of data, and the sanctions associated with non-compliance.
As a term and condition of employment, partnership, or business relationship, all employees, contractors, vendors, and third-party users must agree to the terms and conditions of their employment/ access, and comply with acceptable use. By accessing or using Eddy Alexander Systems or Services, you agree to the latest version of this Policy.
PROHIBITED USE OF SERVICES
You agree not to use, or to encourage, promote, facilitate or instruct others to use Eddy Alexander provided Systems or Services in any illegal, harmful, offensive, infringing manner, or transmit any content to the Systems or Service that is/are illegal, harmful, fraudulent, infringing or offensive. Prohibited use of the Services or Systems include but are not limited to:
A. No Illegal, Harmful, or Offensive Use or Content
• Do not engage in, promote, or encourage activities in violation of any applicable law, regulation, governmental order or decree, or legal agreement
• Do not violate, or encourage violation of the legal rights of others, including, but not limited to, infringing or misappropriating any intellectual property or proprietary right of another
• Do not use, store, share, host, copy, distribute, display, publish, transmit, or send content that is or may be deemed offensive, inflammatory, hateful, infringing, defamatory, discriminatory, obscene, abusive, invasive of privacy, harmful to others, or otherwise objectionable
• Do not behave or use systems or company assets in a way that could harm the company or impair anyone else’s use of company services. This includes engaging with any activities or content that may damage, interfere with, surreptitiously intercept, modify, or expropriate any system, program, or data.
• Do not use company systems or equipment for any unlawful, invasive, defamatory, infringing, or fraudulent purpose
B. No Security Violations
You agree not to use company services, time, or equipment to commit any security violations, with respect to the Systems or Services provided by Eddy Alexander, its clients, or its business partners, including:
• To access or probe any network, computer or communications system, software application, or network or computing device systems (each, a “System”) without authorization, including, but not limited to, breaches, vulnerability scans, or penetration testing
• To disable, interfere with, or circumvent any aspect of the Service
• To breach any security or authentication measures used by a System or the Service
Do not leave computing devices (including laptops, smart devices, and storage media) used for business purposes, including both company-provided and BYOD devices, unattended in public. Doing so will be considered a breach of security for disciplinary purposes. Do not post any sensitive or confidential data in public forums or chat rooms. If a posting is needed to obtain technical support, data must be sanitized to remove any sensitive or confidential information prior to posting. All data storage devices, files, and media (including printed) must be managed according to the Eddy Alexander Data Classification specifications and Data Handling procedures. All workforce members working either partially or fully remote, or who are asked to travel for work purposes (including but not limited to travel to, or with, clients), are considered to be remote users and therefore must follow all system access controls and procedures for remote access. Additionally, all employees must understand, accept, and adhere to the ‘Remote or Traveling Employee Expectations‘ policy.
C. No Network Abuse
With respect to use of Eddy Alexander provided Systems or Services, you agree not to:
• Damage, disable, overburden, or impair company Services or a Systems
• Store or transmit any content that contains or is used to initiate a denial-of-service attack, software viruses or other harmful or deleterious computer code, files or programs such as Trojan horses, worms, time bombs, cancelbots, or spyware
• Disable, interfere with, abuse, disrupt, intercept, circumvent, or otherwise violate the security of the Services, or to avoid any use limitations placed on a System
• Disable or remove malware detection and/or repair software that is installed on company supplied devices or administered through company-supplied systems or services.
• Use company equipment, including photocopiers, computer, smartphones and other systems, services, or access for unauthorized use
D. No E-Mail or Other Message Abuse
Eddy Alexander, its employees, and its system end-users will take reasonable measures to ensure no private or proprietary corporate data is transmitted through unapproved digital channels. With respect to use of Eddy Alexander provided Systems or Services, you agree not to:
• Distribute or facilitate distribution of unwanted, unsolicited or harassing mass e-mails or other messages, promotions, advertising, or solicitations (“Spam”)
• Alter, forge, or obscure mail headers or assume a sender’s identity without permission
• Collect replies to messages sent from another Internet service provider in violation of this Policy or the Internet service provider’s policies
• Collect, Store, Distribute, or Share proprietary company data including contact information, data or lists. Email messages containing sensitive, confidential, or proprietary data should be sent with an appropriate level of due care to recipients. The sending of email attachments should be avoided where possible & a user should instead default to sending attachments to recipients with a time-limited, file-transfer ‘Share’ link rather than as an email attachment. Additional protections, eg. password-protection & download-restrictions, may also be required when transfering especially sensitive information.
E. No Hazardous Use
• In any application or in a manner where failure of the Service could lead to the death or serious bodily injury of any person, or severe physical or environmental damage.
• Of any system that would put the employee or company at legal risk.
Eddy Alexander maintains restrictions on software installation to protect against malware attacks and ensure valid licensing of all applications. To support these controls:
• Use of personal software for business purposes and vice versa is prohibited.
• Eddy Alexander actively manages what types of software and plug-in installations are permitted and prohibited and makes available appropriate tools on an as-needed basis.
• Employees must seek and receive specific permission to add any new software, browser extensions, or plug-ins to their machines. This access must be signed off on by both their manager and the IT Operations leadership following the principle of least privilege.
• Eddy Alexander will conduct regular reviews of the software and data content of systems supporting critical business processes; and the presence of any unapproved files or unauthorized amendments will be investigated and proper risk mitigation procedures will be implemented where needed.
Monitoring and Enforcement of Policy Violations
Eddy Alexander reserves the right, but does not assume the obligation, to monitor and investigate violations of this Policy or misuse of the Systems or Services. Failure to comply with, or breach of this Policy, constitutes a material breach of the terms and conditions upon which You are permitted to use the Systems or Services, and, at any time, may result in Eddy Alexander taking any and all actions in its sole discretion, including with immediate effect based on Eddy Alexander’s reasonable judgment, up to and including:
• Suspending or terminating access to the Systems or Services
• Removing, or prohibiting access to, or modifying content that violates this Policy or any agreement that Eddy Alexander has with You for use of the Service; and/or
• Legal proceedings against You for reimbursement of all costs on an indemnity basis (including, but not limited to, reasonable administrative and legal costs) resulting from the breach
Without notice to You (unless required by law), Eddy Alexander may report any activity that Eddy Alexander suspects violates any law or regulation to appropriate law enforcement authorities, or regulators. Eddy Alexander’s reporting may include disclosing Your account information and/or content. Eddy Alexander may also cooperate with law enforcement agencies or regulators to help with the investigation and prosecution of illegal conduct by providing information related to alleged violations of this Policy.
Eddy Alexander excludes and disclaims all liability for actions taken in response to breaches of this Policy. The responses described in this Policy are not limited, and other actions may be taken as the company reasonably deems appropriate.
Further, to the extent practicable, Eddy Alexander reserves the right to:
• Conduct background verification checks, or reference checks, on candidates for employment, employees, and contractors as necessary. This process should be carried out in accordance with relevant laws, regulations, and ethics, proportional to business requirements, the classification of the information to be accessed, and perceived risk.
• See that employees to go through an onboarding process that familiarizes them with the environments, systems, security requirements, prohibited activities, and the procedures Eddy Alexander has in place. Employees may also be expected to participate in ongoing security awareness training which may be audited.
• Require employee off-boarding that includes a reiteration of any duties and responsibilities still valid after termination, verifying that access to any Eddy Alexander systems have been removed, and ensuring that all company-owned assets are returned.
• Maintain a list of prohibited activities in the Employee Handbook that will be part of onboarding procedures and have training available if/when the list of those activities changes.
• Ensure media and files containing sensitive/classified information are protected, requiring employees, partners, and clients to use secure communications channels and tools, encrypt sensitive communications, and follow additional precautionary cybersecurity policies as provided
• Mandate that employees should keep a clean desk, use a time-bound screensaver, and remove sensitive materials from printers immediately. Where available, employees should use printer PIN code functionality to ensure originators are the only ones who can get their sensitive printouts, and only when they are physically present at the printer and ready to directly receive them. Due care should be taken by the employee in regard to printed data protection.
Please note: For your convenience, this website contains links to a number of other websites, both inside and outside our company. The policies and procedures described here do not apply to those sites; we suggest contacting those sites directly for information on their data collection and distribution policies.