Last Updated: January 12, 2025
Acceptable Use Policy
1. Purpose
The purpose of this Acceptable Use Policy is to establish guidelines for the appropriate and secure use of Finpace's information assets and IT resources by all personnel, including employees, contractors, and third-party service providers. This policy is designed to ensure the confidentiality, integrity, and availability of Finpace's information in accordance with ISO 27001:2013 Control A.8.1.3.
2. Scope
This policy applies to all individuals who have access to Finpace's information assets, including but not limited to computer systems, networks, software, and data.
3. Policy Statements
3.1. General Use
Authorized Use:
- All information assets and IT resources provided by Finpace are to be used for authorized business purposes only.
- Personnel must adhere to all applicable laws, regulations, and Finpace policies.
Prohibited Activities:
- Prohibit unauthorized access, use, or distribution of Finpace's information assets.
- Prohibit any activities that may compromise the security or privacy of Finpace's information.
3.2. Data Protection
Data Classification:
- Classify data based on sensitivity and handle it accordingly.
- Ensure that sensitive information is accessed and shared only by authorized personnel.
Confidentiality:
- Safeguard the confidentiality of Finpace's information by not disclosing sensitive data to unauthorized individuals.
3.3. System Access and Usage
User Authentication:
- Use only assigned user accounts and ensure the confidentiality of passwords.
- Report any suspected unauthorized access promptly.
Device Usage:
- Use only authorized devices to access Finpace's information assets.
- Keep personal devices separate from work-related activities unless explicitly allowed.
3.4. Internet and Email Usage
Internet Access:
- Use the internet responsibly and refrain from accessing inappropriate or malicious websites.
- Do not download or install unauthorized software without IT approval.
Email Usage:
- Use Finpace's email system for business purposes only.
- Avoid opening email attachments or clicking on links from unknown or suspicious sources.
3.5. Reporting Security Incidents
Prompt Reporting:
- Report any suspected security incidents or violations of this policy promptly to the IT department.
- Cooperate fully with investigations into security incidents.
4. Responsibilities
Employees:
- Adhere to this policy and use Finpace's information assets responsibly.
- Report any policy violations or security concerns to the appropriate channels.
IT Department:
- Monitor and enforce compliance with this policy.
- Investigate and respond to reported security incidents.
5. Review and Compliance
Regular Review:
- Periodically review and update this policy to address changes in technology, regulations, and business needs.
Compliance:
- Ensure that all personnel comply with the requirements outlined in this policy.
6. Approval and Communication
This Acceptable Use Policy is approved by the current CEO at Finpace: B. Forrest Tuten. The HR department is responsible for communicating this policy to all relevant personnel.