Progress Industries Standard Procedures

Subject: Computer Network Security, Mobile Device and Computer Usage Section: G:Procedures – All Agency Cross Ref: G:Policies – All Agency Approved: Dan Skokan, President & CEO Effective date: 1-1-91 Review date: 11-95, 4-00, 8-01, 1-03, 10-04, 3-13 Modified date: 6-06, 8-07, 1-09, 8-09, 7-12

Security Practices: User access to the computer network and all mobile devices is restricted through the use of individual user identification and passwords to prevent unauthorized access. The Information Technology (IT) Department assigns appropriate access according to the employee’s need for information and software applications. If a device is lost/stolen employees are responsible to notify the IT Department immediately so the device can be suspended and wiped.

Passwords Passwords are not to be shared with others and should not be posted where others can find these passwords. Passwords are required for all computers and devices, will be comprised of a combination of alpha numeric characters and symbols and will be changed periodically to maintain security.

When Logged In Computers and mobile devices should not be left unattended when the user is logged onto the network. Users should lock the workstation when leaving their computers unattended for more than 15 minutes. Computers in public areas should be logged off before the user leaves.

Screensavers Screensavers should be configured to automatically lock each computer after a maximum of 15 minutes of inactive use on computers and mobile devices. Only PI approved screensavers and those that come with the operating system are allowed.

Shut Computer Off at Night Computers should be logged off at night unless otherwise instructed by the Information Technology department. Computers should be completely powered down during weekends.

Network All files should be saved to the network: 1. NOT the local hard drive (e.g. C:\ or C:\My Documents) and 2. NOT to removable storage devices (e.g.: flash drives / memory cards)

Saving to the network provides for confidentiality, security, virus protection and disaster recovery (file backup). Hardware-Software-Images Users may not copy or install software or hardware on company computers and may not install company hardware, software, or data on non-company computers without written approval from I.T. Department. This includes downloaded or uploaded screensavers, data capturing software, and other programs or files, including images from the Internet or from disk other media (disks, media cards, flash drives, email, etc). This includes wallpaper/desktop not provided with the operating system. Emails should be sent without use of ‘stationery’ or other images. This is designed to promote the efficient functioning of company computers and protects against virus and spyware, and infection and infringement of copyright and licensing laws.

Storage Devices Use of temporary storage devices such as disks, CDs/DVDs, USB drives etc. must be approved by your Supervisor and I.T. Manager.

Confidential Information Confidential information that is on the computer network must be maintained as confidential. Information on the computers is to be accessed and utilized only on a need to know basis. If a staff finds they have access to another person’s data or e-mail files, it is their responsibility to logoff that computer immediately and to report this immediately to I.T. Department Any act to access, read, print, edit, or delete system, departmental, or another person’s data may result in disciplinary action up to and including discharge.

Data Recovery Data recovery is provided through a rotating backup tape system. The entire computer network is backed up on a daily basis. Weekly backups are maintained for six weeks and monthly tapes are maintained for one year. Back up tapes are maintained both on and off site. Contact the I.T. Department to recover a lost or corrupted file.

Computer Equipment and Software Computer equipment and software may not be removed from the worksite without approval of I.T. Department. Attempts designed to deny the availability of electronic communications resources (e.g. “denial of service attacks and all forms of computer/network hacking) is expressing forbidden and may result in discipline up to and including discharge and criminal charges.

Anti-Virus Protection Disabling of virus scanning software is prohibited. Email users must have Internet email scanning enabled.

Email Attachments Users should not open any email attachment of suspect nature. Attachments should be opened only if you know the person sending the file and the nature of the attachment. Email and attachments are not to be forwarded to others unless related to company business.

Virus Warning If a virus warning appears, it is the responsibility of the staff receiving the warning to discontinue use of that computer and to notify I.T. immediately. Internet and Email Usage Internet use (including email and browsing, and direct dial-up access to other computers) is intended for official Progress Industries business purposes only, except as specified in the “Use of Computers” section below.

Attempts to access non-appropriate internet sites, including but not limited to pornography, gambling, and hate crimes may result in discipline up to and including discharge.

Email Accounts All email accounts are owned by the company and are able to be accessed by management, and may be audited for the protection of the integrity of the network system and of this policy. E-mail communications are not private and can be accessed and disclosed to management, attorneys working both for and against the company, and governmental agencies. Deleted messages may be stored in the system for an indefinite duration. This applies also to all other company information that may be stored in the email/communications systems including, but not limited to, calendar appointments, contacts, notes, and voicemail messages.

Email Messages All messages that may be considered discriminatory, defamatory, offensive, harassing, threatening, romantic, pornographic, breaches of confidentiality or which include attachments that may violate copyright or licensing laws are forbidden and may result in disciplinary action up to and including discharge. All messages, especially those to persons outside Progress Industries should be professional in nature.

Use of Computers Limited personal usage of computers is permitted if: 1. Usage is not on paid time (before work, after work, lunch) 2. Does not interfere with your job function 3. Does not limit others’ access to the computer for business purposes 4. Usage does not add cost to Progress Industries 5. Prior written approval is received from supervisor for that specific usage. 6. Does not breach confidentiality or Progress Industries’ Code of Ethics. 7. Does not place undue burden on the network traffic

Employees may not use computers to communicate confidential and/or client information for non-work purposes. This includes, but is not limited to, disclosing work-related information for personal reasons (including disclosure on social networking sites). Consequences for disclosing confidential information may lead to disciplinary action up to and including termination.

Spamming Spamming (sending unsolicited mass mailings to advance personal interests) is not allowed. Sometimes it is needed to communicate to everyone, but before you send that email, review your recipient list to make sure everyone on the list actually needs that information. For example, the All PI group is for disseminating company information, not to announce personal interests or needs. Perpetuating chain email letters is considered spamming and is prohibited.

Email Web Access Email web access is provided to users on an as needed basis. Users are to use home and public computers according to this policy and are not to store passwords on PCs. General Computer Usage Authorized users are expected to become familiar with and to make the best use of the software installed on the computer. It is the responsibility of staff to enter accurate and timely data and to save data files in the correct manner.

Ownership Progress Industries owns and has full access to all information residing on the company network, individual computers, storage media, and company internet sites.

Technical Problems Users must give written notification to P.I. technical support of technical problems including dialog boxes that ask for user action (e.g. installation), error messages, and other computer problems so that the concern can be logged and resolved as quickly as possible.

Other I.T. Documentation Refer to the P.I. Disaster Recovery Plan: MIS Prevention and Security Practices document for additional technical and security documentation.