Effective Date: Oct 04, 2023

Revision History: See End of Document Contact: helpdesk@finleyusa.com

Introduction

This document outlines the acceptable use policy for computers, networks, tablets, cellular phones, servers, software, data storage devices, and other technology assets owned or managed by the company (“Company’s Technology”). All employees, contractors, or other parties who have access to and use Company Technology (“Company Users”) are required to adhere to this policy. Failure to do so may result in disciplinary action, up to and including termination of employment (in the case of employees), contract termination (in the case of contractors), and/or termination of access.

Ownership

Company Technology belongs to Finley Engineering (“Finley” or the “Company”) and any data, files, documents, communications, and/or information created using such technology or stored on such technology also belongs to the Company.

Business Use Policy; Limited Personal Use

All Company Technology are intended for business use. Company Users should not use Company Technology for activities not related to their job functions, except for limited personal use that does not interfere with their work performance or violate other Company policies. All activities using Company Technology should be lawful and align with the values and objectives of the Company. If a Company User uses Company Technology for personal purposes, the Company User has no reasonable expectation of privacy.

Email and Messaging Policy

Email and business messaging applications remain primary tools for business communication. Company Users are expected to use their email and messaging accounts in a responsible and effective manner. Please note that all email and messaging records are considered Company records and are subject to monitoring. Company Users should have no expectation of privacy for any activities conducted on the Company’s email or messaging systems. The use of email or messaging applications to transmit sensitive or confidential information should only occur over secure channels and must comply with Company policies on data protection.

Internet and Web Applications

Internet access is provided to Company Users to facilitate their job performance. Use of the internet should remain professional, ethical, and aligned with the Company's objectives. Unauthorized downloading of software, videos, or voice files is is prohibited. All internet activities should comply with the Company's data and network security policies, as well as the Company’s policies against harassment, discrimination, and unprofessional behavior.

Software Usage Policy

Company Users should only use software that has been officially approved and licensed by the Company. Unauthorized installation or copying of software is strictly prohibited and may result in disciplinary action.

Security Policy

All Company Users are responsible for maintaining the security of Company Technology. This includes adhering to password policies, securing physical assets, and reporting any suspected security incidents to the IT Department.

Privacy and Monitoring

Although Company Users may use log-on identifications, passwords, encryption, and user-specific mailboxes, these passwords and other security devices are for the protection of the Company, not the user. Company Users do not have a reasonable expectation that information sent, received, created, edited, downloaded, or stored (temporarily or permanently) using Company Technology is private or confidential. The Company reserves the right to monitor any such information. Any information a Company User wishes to remain private should not be downloaded, accessed, transmitted, displayed or stored on Company Technology.

In short, Company Users have no expectation of privacy when using Company Technology. The Company reserves the right to monitor usage to ensure compliance with this and other policies. All monitoring will be conducted in accordance with applicable laws and regulations.

Prohibited Uses of Company Technology

Prohibited uses of Company Technology include but are not limited to: accessing (viewing or downloading) sexually oriented materials or content; accessing material that is in violation of any other Company policy, including policies against harassment and discrimination; violating software copyrights and licenses by loading or giving out unlicensed software applications; computer or internet-based gambling; using Company Technology with the intent or purpose of violating local, state or federal laws; downloading and/or installing any application that has not been authorized by the Company (including personal applications such as games); and modifying the hardware configuration (adding or removing peripherals) in any way, except as authorized by the Company.

Non-Compliance

Company Users must notify their supervisor upon learning of any violations of this policy.

Failure to comply with this Acceptable Use Policy may lead to disciplinary action, up to and including termination of employment, contract termination, or termination of access. Severe violations may also result in legal action.

Termination of Employment

Upon termination of employment, a Company User must promptly cease using all Company Technology and return all such technology and all information, files, communications, and documents on such technology, to the Company.

Guidelines for Acceptable and Unacceptable Practices

Acceptable Practices

Unacceptable Practices

Security Guidelines

Password Security:

Choose strong passwords that contain a mix of letters, numbers, and special characters. Do not share passwords with anyone, except as directed by authorized personnel.

Update passwords regularly, in accordance with Company policy.

Multi-Factor Authentication (MFA):

Enable MFA on all accounts that support it, particularly for accessing sensitive or critical systems.

Firewall and Antivirus:

Ensure that firewalls and antivirus software are enabled and updated on all devices.

Software Updates:

Keep all software and systems up-to-date. Apply patches as directed by the IT Department.

Secure Data Transmission:

Always use secure and approved methods for transmitting sensitive data, both internally and externally.

Phishing Awareness:

Be cautious of suspicious emails and links. Report any suspected phishing attempts to the IT Department.

Remote Work Security:

Secure your home network (e.g. strong Wi-Fi password, create a guest network) when working remotely.

Use Company-approved remote desktop solutions for accessing company systems.

Physical Security:

Never leave Company Technology unattended in an unsecure location. Report lost or stolen Company Technology immediately.

Revision History

1. Version 1.0 Jan 15, 2016
2. Version 2.0 Oct 04, 2023

4876-9623-6932, v. 1