ACCEPTABLE USAGE POLICY

1.0 Purpose

The purpose of this Acceptable Usage Policy (AUP) is to establish guidelines for the appropriate use of IT resources, the internet, and electronic communication systems provided by KTMB.

This policy aims to promote productivity, maintain network security, and ensure that all employees understand their responsibilities when using these resources for business purposes.

2.0 Scope

This policy applies to all employees, contractors, and other authorized users who have access to KTMB's IT resources, internet, and electronic communication systems.

This includes all devices and equipment used to access these systems, such as desktop computers, laptops, smartphones, and tablets.

3.0 Policy Guidelines

3.1 General Use and Ownership IT resources are provided primarily for business activities and must be used to enhance KTMB's operational efficiency. KTMB retains ownership and rights to all IT resources.

3.2 Acceptable Use

i. Use resources for intended corporate purposes like job-related activities, communication with clients, and accessing necessary information.

ii. Limited personal use is permissible if it does not interfere with work responsibilities or company operations.

iii. Researching and gathering information relevant to job responsibilities.

iv. Communicating with customers, suppliers, and colleagues.

v. Accessing and sharing information stored on KTMB's internal network and servers.

vi. Participating in online training and professional development programs

3.3 Prohibited Use

i. Engaging in illegal activities, viewing, or distributing offensive material, harassment, piracy, and unauthorized selling/advertising.

ii. Cyberbullying, discrimination, or activities compromising network security.

iii. Accessing, downloading, or sharing inappropriate, illegal, or offensive material, including pornography, hate speech, and illegal drugs.

iv. Any activity harmful to KTMB, its employees, or its reputation, including harassment, bullying, and discrimination.

v. Any activity violating KTMB's code of conduct, ethical standards or Malaysian Laws.

vi. Any activity interfering with the normal operation of KTMB's network and systems, including hacking, malware, and spamming.

3.4 System and Network Activities

i. Users must not compromise system integrity. This includes avoiding unauthorized access, not introducing malware, and adhering to security protocols.

ii. Maintain the confidentiality and integrity of data by following prescribed protocols and accessing only necessary information for job duties.

3.5 Email and Communication Activities

i. Use email and other communication platforms professionally and ethically. Do not send spam, engage in harassment, or share sensitive information carelessly.

ii. Email accounts and communications should primarily be used for business purposes.

iii. Verify the sender before opening emails or attachments, especially from unknown sources.

iv. Avoid attachments from unknown sources and verify the sender before opening them.

v. Use antivirus software to scan attachments and be cautious with links.

3.6 Software and Intellectual Property

i. Only authorized software may be installed on company devices. Respect copyright laws and licensing agreements.

ii. Do not copy, download, or distribute software or content without proper authorization

3.7 Remote Access

i. Use only systems, software, and data for which you have authorization and use them only for official work.

ii. Do not attempt to override technical or management controls (i.e., sensitive data should not be downloaded to any media or removed from remote PC / Server control without prior approval, etc.)

iii. Take precautions to secure government information and information resources. Protect government property from theft, destruction, or misuse.

iv. Do not alter the configuration, including installing software or peripherals, on government equipment unless authorized.

v. Use passwords and encryption on files containing data on persons.

vi. Use virus protection software on off-site systems and keep it up-to-date.

vii. Change passwords frequently or after using remote software.

viii. Protect passwords from access by other individuals, e.g., do not store passwords in login scripts, batch files, or elsewhere on the computer.

ix. Report security incidents or any incidents of suspected fraud, waste or misuse of IT systems to appropriate officials immediately.

x. The remote access user also agrees to and accepts that his or her access and/or connection to KTMB's networks may be monitored to record dates, times, duration of access, etc., in order to identify unusual usage patterns or other suspicious activity. As with in-house computers, this is done in order to identify accounts/computers that may have been compromised by external parties.

3.8 Confidentiality

i. Protect sensitive and confidential company information. Share such information only with authorized personnel or external parties.

ii. Follow all data protection policies to safeguard personal and company data against unauthorized access.

3.9 Data Security

i. Employees must take all reasonable steps to protect the security of KTMB's data and systems, including using strong passwords, updating software and security systems, and reporting any suspicious activity to the IT department.

ii. Implementing email filtering and using encryption for sensitive email communication.

3.10 Monitoring

KTMB reserves the right to monitor employee internet usage to ensure compliance with this policy. This includes inspecting electronic communications, files, and network usage.

3.11 Enforcement

i. Violations of this AUP may result in disciplinary action up to and including termination of employment and legal action.

ii. Reports of misuse or violations should be directed to IT Security Manager, ICT Department.