1. INTRODUCTION
This Policy has been established to set out Castle Hill RSL Club Ltd’s (CHRG) expectations regarding the use of Information and Communications Technology (ICT) resources and ensure all users apply the same principles and guidelines when utilising ICT at CHRG.
This policy applies to all team members of CHRG and any external stakeholders that are provided access to any CHRG ICT resources.
This policy applies both during and outside of working hours as well as inside the workplace and in remote locations irrespective if a resource is accessed via a personal device. This policy applies in all situations where an employee or stakeholder can be identified as being associated with the CHRG as is referred to in this policy as a ‘user’ and must be read in conjunction with our PrivacyPolicy
2. DEFINITIONS
In this policy:
‘Confidentialinformation’ includes, but is not limited to, trade secrets of CHRG; non-public information about the business and affairs of CHRG such as: pricing information such as internal cost and pricing rates, marketing or strategy plans; exclusive supply agreements or arrangements; commercial and business plans; commission structures; contractual arrangements with third parties; tender policies and arrangements; financial information and data; sales and training materials; technical data; schematics; proposals and intentions; designs; policies and procedures documents; concepts not reduced to material form; members’ information and habits; information which is personal information for the purposes of privacy law; and all other information obtained from CHRG or obtained in the course of working or providing services to CHRG that is by its nature confidential.
‘ICTmonitoring’ means monitoring by means of human intervention, software or other equipment that monitors or records information inputor output,or otheruse,of CHRG’sICTresources(including, but not limited to, the sending and receipt of emails and the accessing of websites).
‘ICTresources’ includes desktop computers, landline telephones, CCTV, mobile devices (such as laptop computers, mobile phones, smart phones, tablets, USBs and other mobile storage devices) and network resources (such as computer systems, access to the internet, email, servers and software) and any other means of accessing CHRG’s ICT facilities.
‘Intellectualproperty’ means all forms of intellectual property rights throughout the world including copyright, patent, design, trademark, trade name, and all confidential information and including know-how and trade secrets.
3. USE OF ICT RESOURCES
Where use is allowed, users can only use CHRG ICT resources only for legitimate business purposes. Users are NOT permitted to use CHRG’s ICT resources for personal use, unless with specific authorisation from the user’s leader. However, any such authorised personal use still must not impact upon the user’s work performance or CHRG resources or violate this or any other CHRG policy.
CHRG gives no warranty or assurance about the confidentiality or privacy of any personal information disclosed by any user in the course of using CHRG’s ICT resources for the user’s personal purposes.
Users must comply with the following rules when using CHRG’s ICT resources:
Users may only access CHRG ICT resources for the purpose for which the user is authorised. This means that the user must not attempt to access any data or programs that they do not have authorisation to access.
October2023
Users must use their own login and password when accessing resources.
Users must protect their login information at all times and not divulge such information to any other person, unless it is necessary to do so for legitimate business reasons.
Username/login codes and passwords are not to be recorded on or near computer equipment/mobile devices.
Users should ensure that they log off from their account when leaving such equipment unattended and perform weekly shutdown/restartsto ensure all necessary updates are applied in atimely manner.
Where equipment is left out in the open or unattended, for periods of time, machines are to be screen locked.
Mobile devices thatcan be password protected and encrypted musthave this security feature activated at all times. Users are not to remove or modify such security features as configured by CHRG.
All business data is to be stored on CHRG’s servers or cloud-based systems where it can be secured and backed up. Files stored on a desktop are not backed up.
Do not use USB or external hard drives from an unfamiliar source without the device being scanned on a known secure machine that is disconnected from the network.
Use diligence when using public wireless networks. Online transactions are not to be carried out using public wireless networks.
Any CHRG created feature which goes to corporate identity and corporate standardisation (including but not limited to email signatures, email disclaimer, screensaver, desktop backgrounds, colour, font, typeface) must not be altered or removed without the written approval of the Group COO.
If a user receives an email which the user suspects contain a virus or includes content which is in breach of CHRG’s policy, the user should not open the email or attachment to the email and should immediately forward it to the IT team via servicedesk@chrg.com.au
Use of personal resources, in substitution of a CHRG provided ICT resource, for business purposes is strictly prohibited. Note that this includes the use of a personal email for business purposes.
Users in possession of CHRG’s electronic equipment must at all times handle the equipment in a responsible manner and ensure that the equipment is kept secure.
Users must maintain the operational effectiveness of CHRG supplied mobile devices (e.g. keeping the batteries charged) and storing appropriately.
4. PROHIBITED CONDUCT
Users must not send (or cause to be sent), communicate, upload, download, use, retrieve, or access any email or material on CHRG’s ICT resources that:
is obscene, offensive, or inappropriate. This includes text, images, sound, or any other material, sent either in an email or in an attachment to an email, or through a link to a site (URL). For example, material of a sexual nature, discriminatory or sexist indecent or pornographic material.
causes (or could cause) insult, offence, intimidation, or humiliation.
may be defamatoryor could adversely impact the image or reputation of CHRG.A defamatory message or material is a message or material that is insulting or lowers the reputation of a person or group of people.
is illegal, unlawful, or inappropriate.
affects the performance of or causes damage to CHRG’s computer system in any way.
gives the impression of or is representing, giving opinions, or making statements on behalf of CHRG without express authority. Further, users must not transmit or send CHRG’s documents or emails (in any format) to any external parties or organisations unless expressly authorised to do so.
Users must not use CHRG’s ICT resources:
to stream content (including but not limited to video, games, and radio) unless authorised by their leader to do so for legitimate business purposes, such as webinars.
to violate copyright or other intellectual property rights.
in a manner contrary to CHRG’s Privacy Policy.
to create any legal or contractual obligations on behalf of CHRG unless expressly authorised.
to install software or run unknown or unapproved programs or modify existing software or hardware environments on CHRG’s ICT resources.
to gain unauthorised access (hacking) into any other computer within or outside CHRG or attempt to deprive other users of access to or use of any CHRG’s ICT resources.
to send, or cause to be sent, chain or unsolicited commercial (SPAM) emails that is not related to business purposes or activities.
Usersmust not use another user’s ICT resources (including passwords and usernames) for any reason without the express permission of the user or CHRG.
5. PERSONAL USE OF CHRG ICT REOURCES
CHRG ICT resources are provided to support the business activities of CHRG.
Users are permitted to use CHRG ICT resources for limited, incidental, personal purposes, such as paying a bill or sending a short email and other reasonable activities the user are forced to transact during operating hours, provided that such use does not:
Interfere with the efficient business operations of CHRG.
Violate this policy or any other policy of CHRG.
Negatively impact upon the user’s work performance.
Hinder the work of other users.
Damage the reputation, image or operations of CHRG.
Cause noticeable additional cost to CHRG or negatively impact on the performance of the CHRG IT resources.
Use company provided calls for international calls/texts or international roaming activation.
Users must not save personal files on an CHRG IT resource or access social media sites for personal use using an CHRG IT resource.
CHRG accepts no responsibility for: loss or damage or consequential loss or damage arising from personal use of an CHRG IT resource; or loss of data or interference with personal files arising from efforts to maintain the CHRG resources.
6. BRING OUR OWN DEVICE (BYOD)
Where a user has been approved to bring their own device, the device and use of the device must comply with the requirements in the following clause of this policy - 3. USE OF ICT RESOURCES.
Any BYOD must be vetted by the IT dept before being connected to our corporate network to ensure proper malware software is installed and up to date and that the device has all the relevant updates installed.
Where a team member is entitled to a company issued mobile phone as part of their role and has elected to take an allowance rather than be issued a company asset, the team member will be entitled to a tiered weekly allowance suitable for their role as outlined in their employment agreement.
7. LOST, DAMAGED OR STOLEN RESOURCES
Users are required to use appropriate accessories to protect devices from damage. If damage is sustained, the user is to report this to their leader and the IT department. If such damage is due to the negligence of the user, the user may be responsible for the cost of replacing or repairing the mobile device.
Users must report any loss, theft, or security breach of any ICT resource immediately to their leader and the IT Department in writing to ensure appropriate measures are taken to secure and disable the device. If such loss or damage is due to the negligence of the user, the user may be responsible for the cost of replacing or repairing the resource.
8. RESTRICTING ACCESS OR CONTENT
CHRG reserves the right to prevent (or cause to be prevented) the delivery of an email sent to or from a user, or access to an internet website by a user, if the content is in breach of this or any other CHRG policy.
In the case that an email is prevented from being delivered to or from a user, the user will receive a prevented delivery notice. The notice will inform the user that the delivery of the email has been prevented. The notice will not be given if delivery is prevented in the belief that:
the email was considered to be SPAM, or contain potentially malicious software; or
the content of the email (or any attachment) would or might have resulted in an unauthorised interference with, damage to or operation of any program run or data stored on any of CHRG’s equipment; or
the email (or any attachment) would be regarded by a reasonable person as being, in all the circumstances, menacing, harassing or offensive.
CHRG is not required to give a prevented delivery notice for any email messages sent by a user if CHRG is not aware (and could not reasonably be expected to be aware) of the identity of the user who sent the e-mail or is not aware that the e-mail was sent by the user.
9. ICT MONITORING
On a continuous and ongoing basis during the period of this Policy, CHRG will carry out ICT monitoring of any user at such times of CHRG’s choosing and without further notice to any user.
ICT surveillance may occur in relation to:
storage volumes.
internet sites — every web site visited is recorded including the time of access, volume downloaded and the duration of access.
download volumes.
suspected malicious code or viruses.
emails — the content of all emails received, sent, and stored on the ICT resources (this also includes emails deleted from the Inbox).
computer hard drives — CHRG may access any hard drive on the ICT resources.
CHRG retains logs, backups, and archives of computing activities, which it may audit. Such records are the property of CHRG, are subject to State and Federal laws and may be used as evidence in legal proceedings, or in workplace investigations into suspected misconduct.
CHRG may use and disclose the ICT surveillance records where that use, or disclosure is:
for a purpose related to the employment of any employee or CHRG’s business activities.
to a law enforcement agency in connection with an offence.
in connection with legal proceedings.
is reasonably believed to be necessary to avert an imminent threat of serious violence to any person or substantial damage to property.
For example, use or disclosure of ICT surveillance records can occur in circumstances of assault, suspected assault, theft, or suspected theft of, or damage to, CHRG’s property.
10. UPON TERMINATION
On termination of employment, or at CHRG’s request, users must return all ICT resources to a nominated member of staff.
All information, programs and systems created by employees during the course of their employment with CHRG will remain the property of the CHRG.
11. BREACH OF THIS POLICY
Any breaches of this policy may result in counselling and or disciplinary action, up to and including dismissal, or, for persons other than employees, the termination or non-renewal of contractual arrangements.
Disciplinary action may include restriction or removal of access to CHRG’s ICT resources.
12. REVIEW OF THIS POLICY
This policy will be reviewed every two years to ensure it remains consistent with all relevant legislative requirements, as well as the changing nature of the company or more frequently where legislative requirements are changed or amended.
13. POLICY COMMUNICATION AND EDUCATION
This policy will be stored on CHRG’s intranet site. It will be incorporated into induction/onboarding programs and CHRG will conduct education sessions on the application and operation of this policy as required and when any changes to the policy are implemented.
14. DOCUMENT HISTORY
Preparedby: Approvedby: Date: Version: Comments
Alison Brinkman Head of People & Purpose
David O’Neil Group CEO 1/10/2023 1.0 First issue of standalone policy